>The so-called "transformation" is IBM's problem.
Nothing that can't be fixed with yet more stock buy backs so the executives who caused the mess can cash out one last time. Oh wait that ship has already sailed.
6570 publicly visible posts • joined 7 Apr 2007
Anybody that has ever run Netscape 4.7+ on a UNIX box knows what crushed Netscape (only software I have ever seen crash an IRIX box). A lot of the hate for Microsoft was more that they chose to ignore web standards and foisted IE6 on the world which set the internet back for years.
>Just because it may be internet-capable doesn't mean you actually have to connect it.
Keep thinking companies will let that stop them from data mining you. You are already getting data mined if you have a newish car and you take it into the dealer (through both black box and often GPS/Navigation system). It won't be long until your shit will be connected to data networks whether you like it or not (at least in the US). Guess its time to get to work on those Faraday cages.
>Carl Force, 46, of Baltimore, Maryland, a former US Drug Enforcement Administration agent
>Force's mental health problems and alcoholism
Wow the DEA dodged a bullet there. Luckily their man was addicted to the one drug that is legitimate and legal. What a scandal it would have been on the agency if he was a no good pot head instead.
Thus queue up the age old (in IT dog years) argument that ASLR is simply a bandaid for incorrect code that is fairly easily defeated by a determined adversary. Theo and OpenBSD's philosophy tends to be to try to get your code correct and well audited in the first place (and where they spend their energy) because that is your best defense rather than trying to close the barn door after (especially in regards to grsecurity and SELinux). They were one of the first OS to offer ASLR but even if their implementation is weaker my guess is you are still safer with the OpenBSD code base (especially the base system) and weaker ASLR than you are with strong ASLR bolted on top of the FreeBSD code base.
>Linus does his outbursts to people he knows, Theo does that to everybody.
Clueless poster aside in general what I want in my friends and what I want in the person driving development of the OS I use are two different things. Theo is responsible (with others granted) for just about the most secure modern general purpose open source OS (as well as many valuable side projects like OpenSSH) out there. Personality flaws aside that makes him more valuable to me than billions of other nicer people on this planet.
>The joys of malloc and buffer overflows - the gifts that just keep on giving.
And yet Java just moves the CVEs from the code (where the developer has control and responsibility) into the run time itself (where he/she can't and Larry tends to be one of the worst in the industry at fixing his shit). C++11(+) I guess might be more the happy medium the original poster was implying.
>Wasn't this project started because of the lack of trust in OpenSSL?
I think if you compare the number of CVEs between OpenSSL and LibreSSL it will answer your question. There are significantly more CVEs that affect OpenSSL only than affect LibreSSL only even at this point. This even though LibreSSL is forced into using OpenSSL's often broken design and sad sack API to maintain drop in compatible.
Excellent comment from comment section of that link:
"The solution (on the POSIX front) is to get newer Linux APIs standardized before forcing everyone to switch to them. It is totally unacceptable to say "we're number one, you do it like this". I'm not singling anyone out, but it's just plain wrong to have that attitude. Not only does it hurt portability, but it also makes it increasingly difficult to document how Operating Systems like Linux are supposed to work. Ever wonder why (even given the demise of the publishing industry) there are so few books coming out these days for developers to read? It's because this train is moving so fast that only those riding it have a hope of making the next stop."
Also on that link I give above it was more for the quote than the analysis of the author. He blames BSD way too much for the problem and implies them caring about POSIX (or indeed stability and not constantly breaking APIs) is passe and holding progress back when the truth is Red Hat went out of its way to make sure as many frameworks the FOSS desktop environments would come to depend on, would be near impossible to port to other OS as possible to the point of ripping up and throwing way frameworks that did get ported like HAL. There was definitely a need for some of what Red Hat did but Red Hat completely did it the wrong way (for anybody but their shareholders) which was predictable and its on the rest of the commercial *nix community (who actually do most of the FOSS development) for going along with it. Some may make their bones on Linux and enjoy it now but lets see how they like it as Red Hat starts being able to dictate more and more in the ecosystem with fewer and fewer viable alternatives. Forking is only as viable as your resources and your user base.
People complain systemd breaks the Unix philosophy but not at the highest level. It does serve one purpose to eat other FOSS and force a hard dependency on Linux. FOSS as always has ways of fighting back such as the *BSDs but in large part it becomes like the block chain in bitcoin in which the path the majority take ends up dominating. With Red Hat throwing a massive amount of money (that they now have and will continue to have) and dev time at the problem its looking grim long term for POSIX especially what with commercial UNIX dying.
>"about to turn its back on POSIX."
>@asdf Can you please share a reference?
"Many of my previous projects (including PulseAudio and Avahi) have been written to be portable. Being relieved from the chains that the requirement for portability puts on you is quite liberating. While ensuring portability when working on high-level applications is not necessarily a difficult job it becomes increasingly more difficult if the stuff you work on is a system component (which systemd, PulseAudio and Avahi are).
In fact, the way I see things the Linux API has been taking the role of the POSIX API and Linux is the focal point of all Free Software development. Due to that I can only recommend developers to try to hack with only Linux in mind and experience the freedom and the opportunities this offers you. So, get yourself a copy of The Linux Programming Interface, ignore everything it says about POSIX compatibility and hack away your amazing Linux software. It's quite relieving!"
-- Lennart Poettering (very influential idiot over at Red Hat, the company that just happens to be riding record profits as they strategically pre-empt many other's work over the last two decades by turning GNU/Linux into a Windows like hairball that just happens to causes more and more FOSS to be Linux only, thus causing a profit snowball for Red Hat).
https://lwn.net/Articles/430598/
>Re: FreeBSD
>Also runs very well in a VM for those critical services, DNS/DHCP etc.
If they are really critical you might think of moving those to OpenBSD (though admittedly VMWare support of OpenBSD sucks balls, but VBox supports it well even if it as whole sucks balls). A bit more secure and stable at the cost of perhaps a small bit of performance at least in the server role bare metal. IMHO always the first choice for anything internet facing.
> Mint has it's own issues
Yeah like almost all the rest of the GNU/Linux world its about to turn its back on POSIX. If your are a windows user switching away no worries you will love it as its turning into the hairball you know and love. If you actually care about POSIX, *BSD and the proprietary Unix(s) medium term will be the only game in town.
Correction: I did actually get the source (someone else modified) off the internet and build it myself . I also increased output power from 50mW (17dBm) to 251 mW (23 dBm). Like I said doing this though especially with consumer cheapo radios tends to introduce a lot of noise that ends up hurting more than the signal boost helps.
>Obviously it's not the sort of thing that many will admit to - even if they do it - but I've never heard of anyone re-programming the radio
Its actually not that hard to do and I did it to increase the power output on my 2.4ghz router from 49mW to 249mW or whatever. Of course all I did was get a binary blob someone else modified from the internet that the firmware would load at run time. I only did this for a few hours though because i quickly learned it gave me no advantage reception wise and as I found out later actually usually causes problems because the hardware doesn't handle it effectively (outside its design range).
As an aside could the FCC just do what is done with mobile phones today and force the manufacturers to have two firm wares. An antenna firmware they can lock down very tight with cryptography or whatever that only the manufacturer would be able to update and then a general firmware (on phone would be the the custom rom) that can be overwritten if so desired?
>Status quo - who cares really?
Anybody with a brain. Open source firmware is the only secure firmware for most home routers as all the major manufacturers have massive security fails (and with low margins not much interest in fixing them). It is also some of the only firmware that is regularly updated with security fixes. Getting in the way of open source firmware is the surest way the FCC could gimp internet security.
Lenovo goes it alone. You know what else makes them different from their competitors? They actually make money selling PCs (though now even they are taking the mobile revolution on the chin somewhat). Still I think I might trust their instincts more. Not saying anything about how good or not the Surface Pro is but the annals of business history are lined with the corpses of companies that partnered too closely with or did Microsoft's bidding too much.
https://lorddoig.svbtle.com/heartbleed-should-bleed-x509-to-death
said better than I ever could. Yes much of the problem is implementation but their are plenty of design flaws as well.
"If we tasked ourselves to build web security from scratch today, hell would freeze over and the NSA would willingly disband and incarcerate themselves before we came up with X.509 and said “That’s it! Centralised authority nobody can practically trust and business conditions that will cause everyone to spend a tonne more money than they have to. Fsck me we’ve cracked it! Good job boys, let’s go to the pub."
>But I'm tempted to become a criminal.
Kidding or not it comes down to if you already have money and if you have powerful connections and where you live. If you don't and you get caught say in the US you might wind up in pound you in the butt prison where gang tattoos mean everything.
>Do we want the disparity between CXO-level pay and that of the ordinary salaried peon to be so grotesquely huge
Luckily from what I recently read if true, market forces will soon be correcting this artifact of crony capitalism somewhat. Due to Baby Boomers, India and China joining the global capitalism paradise, the last 30 years have seen a historical glut of labor supply. That is due to change in the next decade in a big way. Simple supply and demand that not even the cronies can overcome completely.
Funny I thought the conversation was about security of the various handsets and not your personal opinion about phones. There is much not to like about Apple but the fact remains they are the only handset maker making any kind of profit on phones today so they are obviously doing something right (and its not all marketing even if the majority, their competitors spend plenty on marketing as well).
Also (bah missed edit period) yes iOS has some vulnerabilities (plus Apple's security record and practices are a mixed bag) as well but the fact that they have a very successful patching system (most handsets supported are kept up to date at a remarkably high level) plus a much better full disk encryption solution means Android (as shipped in vast majority of handsets) has some work to do.
>This Android scareware FUD that is going around at the moment, this is Apple money. Apple have their own problems. Apple device security if you look at it without bias, is actually inferior to Android
Ok let me know when iOS allows an attacker to root your boot locked (non jailbroken) phone without user intervention with an MMS. That is an entirely different class of shit security more of the Windows XP worm kind. Last I heard its still not completely fixed and in all forms is still certainly a vulnerability on the majority of Android phones out there.
And just to clarify I am not being derogative to him. The odds of me even being alive at his age forget so lucid are tiny. Also did a little research and I am assuming he was implying the nuclear industry should have moved more to pool-type reactors like the TRIGA he invented (with others) which require more space and more reactors to generate the same energy as our current energy generating reactors but are inherently safer.
>Freeman Dyson - this man is a REAL scientist!
Not anymore. I heard him speak and though a very very interesting man (like if you had the most interesting grandfather ever) its obvious he has lost a step or two to age. His talking about nuclear power right after WW2 was really interesting to me. His thesis was the move to concentrate power into a very small area as was necessary for the Navy (an early pioneer) affected the direction of the whole nuclear industry and was what help give nuclear power such a bad reputation and limited its growth today (paraphrasing here and might have remembered incorrectly). Just in general listening to him talk about the technologies emerging in 1940s and 50s (space race, nuclear, computing) was very interesting from a historical perspective but pretty sure I wouldn't trust his climate science chops today.
Memristor being the Duke Nukem of memory technologies is hardly some secret at this point, more vaporware pronouncements or not. Also HP today hardly scares anyone in their tracks like Microsoft and Cisco did in their heydays. They only seem to be good at major cull of employees and board dysfunction.
>And this is on the assumption that a dodgy app from an unofficial place is somehow worse than a dodgy app from an official place
I think their assumption is you are still less likely to get dodgy apps from Google play (who do some checking) than the Chinese app store specials. The thing is like I say as far as I know F-Droid has never served up straight up malware (unlike Google) and with all app source available and neck beards who use it if they did it would only live for a few hours more than likely. Now the one type of semi dodgy app on F-Droid is apps like Newsblur whose client is open source but who knows (can check privacy statement but those change) what they do with the server side information they collect on you (stories you read, how long, when, etc).
Honestly its not the malware you have to install that scares me as much as blatant platform weaknesses like a baddy being able to get root on your phone by sending a simple MMS requiring no user intervention (actually requires nerd intervention to prevent by default). But I will agree Android does seem a lot more vulnerable to drive by stuff than it should be so airplane mode only might have merit.
>To avoid an infection, don't download software from unofficial app stores,
Compared to the F-Droid unofficial app store (be smart, get from official site only, check md5 etc) the official Google Play is a den of thieves. Many of which Google even consider legitimate (as opposed to the thousands that aren't but they don't kick out) but if anyone looked at their source code (which you can do on with all F-Droid apps) they would probably strongly disagree.