And the alternative to Java for embedded systems is....?
Pretty much anything. LLVM and similar techniques have taken much of the pain out of embedded runtimes.
5121 posts • joined 16 Apr 2007
And the alternative to Java for embedded systems is....?
Pretty much anything. LLVM and similar techniques have taken much of the pain out of embedded runtimes.
do they not think it beyond the wit/skill of the malware creators to see what version of Android the device is running and use known vulnerabilities for that version to install the payloads?(spelling fixed)
The point he's trying to make is that it is exactly this kind of discovery and targeted exploit that is too expensive to be worthwhile.
This is a "things aren't as bad as some people make out" argument which does seem to be borne out by the facts: millions, or even billions of mobile phones have yet to be compromised. I also wonder what the potential market even for those compromised devices is, assuming that miscreants go for the current favourite attack of ransomware. Even for the technically unskilled a factory reset and reinstall from the cloud shouldn't be too hard, or too expensive if you have to get someone to do it: must be less than cost of a replacement handset.
No reason for Google or the handset makers to rest on their laurels, of course.
It wouldn't surprise me at all to discover that Apple's real agenda here is to create a protected enclave for DRM tools that even root can't violate.
The same thought has crossed several minds…
And how would things get more secure because the machine reboots before implementing the end-user's mistakes?
You seem to fail to understand the point: let a user process download signed stuff from Apple. Everything that is downloaded should be safe. But the installer cannot be hijacked or abused to do anything else because it can never be run by the user process.
He's a nice badge for you.
I think the idea behind SIP is to avoid simple permission escalation attacks from users who also have admin roles (ie. can sudo). As such it's a nice idea as it makes "click this" exploits a little harder without taunting the user with permission requests à la Windows Vista.
However, Apple also privileges certain applications such as the software updater so that can run while the user is logged in. As opposed to forcing the machine to restart in single user mode and install whichever signed packaged have been downloaded. I wonder if this is what Windows does with some of the system updates?
It might be possible to keep SIP around if it is simplified and there are fewer exceptions. Personally, I disabled it because I wanted to downgrade ITunes. And this is an example for one of its flaws – they're trying to protect too much shit. Given how fast MacOS boots with an SSD then they might want to consider forcing more stuff to be done from a restart rather than trying to play security and convenience off each other.
What is this, the 16th century?
Going by Valve's approach to coding it could well be.
Well, he's technically from Salford on the other side of the River Irwell. Mind you, that's the place where Grand Theft Auto isn't just a game…
Ideally I'd like a seamless NoSQL and SQL database where the most appropriate storage method can be used
What, you mean like Postgres? JSON/hstore support, vertical column support, parallelism, etc.
The relational model does have its place, and probably always will, but the big realisation with the NoSQL movement is that one size doesn't fit all, nor does it have to.
Bollocks. In general, an RDBMS is exactly what you want but you'll have to learn how to configure and use it properly. It grew out of Codd's reasoned arguments against the problems associated with the non-relational databases of 1960s, many of which plague the NoSQL systems of today: "consistency, who needs it?".
The NoSQL approach grew out of some niche use cases which the software industry suddenly turned into general problems: volatile document store, time series data.
Traditional database vendors, though, are fighting back. Microsoft's SQL server (as of version 2016) offers a way to store and retrieve JSON data in a relatively painless way, although the data itself is stored in the relational engine.
Does the author only know MS SQL Server? Certainly looks like it.
JSON support has been in Postgres for a while and Postgres 9.5 adds binary support and indexing.
Well, although Vivaldi is using the Chrome browser engine, it's focussing on UX and providing features that users want and use. It ain't there yet, but it's certainly worth a try: http://vivaldi.com
Memory use in browsers is driven by the size of the DOM and cached resources. DOMs for modern websites, especially those with lots of features (web-mail pages and anything that looks like an application) can be astonishingly high.
The Chromium browsers avoid some of the problems by creating a new process for each tab (uses even more memory but reduces the chance of one rogue tab bringing down the whole browser). Firefox is supposed to be moving towards a similar model.
FWIW I don't use Firefox as my main browser, I'm certainly not a fan of either the "sharing" shit nor out of band feature releases.
Might sysadmins notice?
Those that care will be running Firefox ESR which won't be following this practice.
Out of band feature releases breaks the principle of semantic versioning but so what? Users are annoyed by changes, especially UI changes, whichever version they come in.
How does the number of times you tap your screen affect your memory use?
All the browsers switched to using more memory a few years ago. Your computer has it, your OS can manage it and it makes things faster. Get over it.
Hoarding spectrum isn't cool or practical, but if wireless operators everyone wins
I'm obviously too stupid to understand this… please help me.
Lets ban pub car parks as well
In some of the places I've been to recently you don't need to step out into the car park to conduct your illicit activities.
Schaarbeek is full of such places. As are East and North Belfast…
…and all our own secret communications are now longer secret and our secret agents are no longer secret or safe.
Meanwhile, in the real world, the encryption genie is out of the bottle and, like illegal weapons, is being used by people already breaking the law.
In the US it's like gun legislation: virtually never enforced but looks good on telly. You could probably convincingly argue the first amendment makes provision for anonymous phones. But it'll probably never come to that because you'll always be able to pick up a SIM card somewhere.
My hovercraft if full of eels.
My hovercraft is full of eels.
FTFY but have an upvote all the same,
It was the utter incompetence of the Belgian authorities.
To be fair, they're under-staffed and suffer significantly from the fragmented government of the autonomous districts that make up Brussels. Cooperation between the various French and Flemish districts is notoriously poor.
To this you can add the various periods where Belgian has only had a caretaker government which has held up all kinds of projects while making sure that the state keeps ticking along.
Or, we've not been taking security seriously enough for years and hoping that something like this would never happen. I'm sticking my head back under the covers and hoping it goes away. Yeah, that should work.
What do you think an API is apart from a list of method names, their signatures, and their return values?
No (and for good reason).
And while I agree that salt techniques are important, I disagree with a commentor that they were "missing" from this document
An unsalted hash is merely obfuscated and not encrypted, this is why salts are essential and not optional.
… sounds like the first thing worth following on Twitter and they pulled it.
And isn't Dundee on the Tay? How appropriate.
I believe this one is yours, sir. ->
Seeing as most of the article is about the US the swipes against the EU do indeed make little sense. Add to that Germany's manufacturing industry hasn't suffered from being part of the EU. Mind you, Germany's own version of Silicon Valley, dubbed "Silicon Saxony", has been more of a subsidy magnet than a wealth creator.
In summary: Britain's pro-service, anti-industry policy has nothing to do with the EU.
I have a nasty feeling that MS might be claiming royalties from the work others have put into their own implementations of the same requirement.
Well, if that is the case you can't really blame MS but the US patent system which privileges filing even the most spurious patent. Maybe the current dispute over CRISP / CAS9 will help sort out this mess.
However, I can't help thinking that this may be difficult to enforce and invite a raft of claims of prior art. Still, even then the patent could be a useful bargaining chip.
Instances of possible prior that fall out of my addled head: Samsung had a hub function specifically for games; Amazon's WhisperSync across the Kindle/Audible boundary.
I can't comment on the code except that it looks a bit odd. It could be, and probably is, just shitty code but the same logic could be written in any language.
I heartily disagree. The world before jQuery was very unpredictable with lots and lots of slightly differently own-rolled code.
jQuery is helping standardise common use cases that, in turn, help standardise the language development and browser implementations. Indeed in many situations it is becoming a victim of its own success: more and more stuff can be moved into CSS. I'm looking forward to seeing more of this.
Also, £60 to fix not 200 euros, although I did it myself.
I think you may find the S7, especially the Edge, a little more pricey. And, even if you are able to do this kind of repair yourself, many of us aren't. That said, I've not used cases very often and I have yet to break a screen myself. But I see plenty of broken screens when walking around town and my own current phone is someone else's refurbed after they broke the screen…
Out of curiosity, how would a case help with landing screen-down on something sharp, other than if the sharp item is smaller than the case bezel? I'd be surprised if that thin sheet of plastic over the screen would make that much of a difference.
A good case comes with a cover for the screen. As Andrew notes, Samsung does provide some nice cases itself.
But Samsung's are also very easy to root and put Cyanogenmod on, meaning fast security updates for a long period of time.
It's far from ideal but it's better than nothing.
I think the 4:3 will be related both to the CCD but also to letting you do more in software: you can still take 16:9 images, they'll just be cropped from 4:3. OTOH I've always loved the panorama modes.
The reports are that the CCD is much, much better in lower light than the competition. Still, if I wanted a good digital camera I wouldn't necessarily go for a high-end smartphone, the Nokia stunner being the exception.
Heise have tested the always on feature and say it matches expectations: briefly lighting up part of an OLED screen really doesn't take much juice.
I passed my first S7 poster today and, in a world where Apple seems eyeing the mid-market, it was very Apple. The S6 Edge gave Samsung a recognisable visual USP for the first time and hopefully they'll make sure they produce enough of the curved screens this year.
I think most people will love the SD card and not worry too much about the battery, loading up with power packs if they think they're going to be without power.
As for a dark theme, well Android N is supposed to come with one of these.
Anything with a reasonably sized glass screen is very likely to break if it lands screen down on anything sharp. Worth getting some kind of case just to avoid the € 200 cost of a screen replacement.
I think that's pretty much what Samsung said at the launch.
I think the bigger issue is probably: should the BBC be involved in this at all? I think it's a laudable scheme and I'm a big fan of the BBC principle, but I hope that some kind of non-quango will take over the running soon. No need to give the anti-BBC ammo in charter renewal year.
It's better seen as a companion device for a Pi: it can be fitted with a 5V lithium cell and left to run. You could use them to set up a network of sensors all reporting to something running on a Pi.
It's not a physical lock-in but "do everything on the MICROSOFT cloud with MICROSOFT tools" lock-in.
This is hardly going to encourage the tinkering for which the Microbits are ideal. Scratch for the RPi already has the visual introduction to programming angle covered.
Microsoft blocks be damned! That's the typical whale song and bollocks designed to stop anything actually happening.
Works great with MicroPython as we had the privilege to see at our local Python user group meeting in January (in German). Though the restriction to 16 kB does severely limit what you can do with it as you can't really run a program and use the Bluetooth stack at the same time.
The benefit will be the 1 million units should, like the RPi, provide a large enough market and could help standardise IoT components.
Well, if the cap fits, I'll happily ware (sic) it. ;-)
Great thanks to you the grammar police from a dyslexic without the time to have a second person read all my posts ahead of time. Ride that high horse!
In other words: make the Mexicans spell and make them pay for it
Any dyslexic worth their salt knows how important it is to take the time and to use the relevant tools to reduce errors. The problem with your incomprehensible gibberish was not that it was poorly spelt but that it was incomprehensible: no combination of lose/loose lose/loose could ever make sense in the context.
Trying to pass off your ignorance as a medical condition is shameful.
Perhaps if there had remained a single, dominant English-speaking country, in the same way as there has been with French or German, say, then there would have been an opportunity to rationalise the language.
Given the omnishambles that was the German spelling reform and the current storm in France over the dropping of the circumflex, I am more than a little sceptical that this would work.
The fact is that most attempts to prescribe language use fail miserably and its absence possibly one of the reasons for English's success.
Edge doesn't support ActiveX so can't be used for those hideous older Sharepoint sites.
Both Firefox ESR and Chrome can be made be made to work with Group Policy which is why they continue to gain market share in the corporate space.
Good luck with that.
XUL, et al are so 2000 and have always suffered from the NiH syndrome. The Chrome extension API is simpler and promotes interoperability.
They ARE standards though. Chrome is just the only player with the resources to implement them quickly. Firefox always gets them eventually, and the losers never do.
Firefox is pretty good at implementing standards and participating in their development.
As for the new IE 6, well that has to be Safari.
Yes, you do. OS updates that work across a wide range of devices. Unlike – ahem – certain devices where there's barely a 2% uptake rate of the most recent software fixes.
Apple's record of incorporating fixes for known bugs in upstream POSIX stuff (libXML2, openssl, etc.) is shameful. Pointing out the problems with Android does not detract from this.
A shedload of bug fixes in libxml2: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution.
I suspect anyone seriously using XML will have their own up to date install of libXML2 via MacPorts or Homebrew. The same goes for the rest of the POSIX stuff: this should all be managed outside the OS so that it can easily be kept up to date with upstream security fixes.
Get with it Apple!
Actually, using the phone as a replacement for an RSA or similar is quite a nice idea.
Research shows that we all struggle with passwords. Of the various attempts to get rid of them while not reducing security this one seems quite reasonable. Sure: if you lose your phone you might struggle but I think struggling to access Yahoo mail is then probably the least of your worries.
Biting the hand that feeds IT © 1998–2017