Does ICANN stand for...
... Incompetent Cabal of Autocrats, Nincompoops and Nitwits?
639 posts • joined 29 Aug 2010
Really? My 6s+ manages that just fine. It can go 2 days before hitting 50% (which I consider the level where a recharge is necessary) with light use. If I really push it I can stretch to 3. Of course it depends on not making a lot of calls or hammering YouTube but if you stick to listening to music on the device itself for entertainment it's perfectly doable.
As for non-physical SIMs I seem to remember Apple pushing really hard for these but the carriers digging their heels in. I'm sure Apple would love to kill the SIM tray but until the carriers relent it probably won't ever happen.
Doesn't matter if it's Windows or a Mac, there's only so much you can do to defend users against their own utter stupidity. It was a really bad decision putting macros in MS Office but even then it does warn you when you open a file with macros in it. If you still run it anyway then anything that happens next is on your own head.
Eh, Between "cloud", subscriptions, crappy data security and a slew of gimmocky new "features" while bugs that have existed for years go unfixed I've ditched Photoshop in favour of Clip Studio Pro anyway. It's far cheaper and better adapted to an illustrator's needs than Photoshop is these days.
If you can find a tool that does the job you need well enough to ditch an Adobe product I suggest you do so. If Adobe lose enough market share maybe they'll start treating their customers as people again instead of as cash cows.
What do you mean a resurgence? SQL injection never went away. Just look at questions people on Stack Overflow are asking related to database querying from an external program/script. At least 90% of the people asking on that topic are building their queries by concatenating user input into query strings. It's like prepared statements don't even exist for most developers.
Because as far as I'm concerned it's the perfect field test of anti-net-neutrality advocates' claims in the wild. If everything is flowers and rainbows then fine, no problem. If it's not (which given the long and inglorious history of the relationship between American-branded capitalism and its vict^H^H^H^H customers seems far more likely to me) then it will hopefully serve as a cautionary tale to the rest of the world who can then avoid going down that route. Who cares what happens to a bunch of Americans in the meantime? They're just the lab rats as far as I'm concerned. It might even teach them a valuable lesson about just how powerful and dangerous a vote really can be in the hands of the ignorant.
He asked if he needed to disclose. The reply was no. Therefore he didn't disclose. He was told one thing but they actually meant another. That doesn't strike me as very fair.
Having said that I don't think I'd feel the same way had it been something more serious like a violent assault or organised criminal activity or something.
"Some hackers are bored, have the time to spare, and welcome a challenge, and hardened targets are as ostentatious as open doors to them"
No question that there are people like that out there, but the era of the hacker who does it for the challenge being the norm is long past. The vast majority of hacking is done these days for profit, either by installing malware or spamvertising, spreading ransomware, etc. For this breed of hacker the value of hacking a system is inversely proportional to how much effort is needed. You might never be able to slam the door shut but you can make it tough enough to open to make it not worth it for the hacking-as-a-business brigade.
"No, we can't accept that software WILL be vulnerable because that ALSO means we must accept that all software must be COMPLETELY vulnerable"
Like it or not, that's the reality we live in right now.
Pretending it's not so will not change the fact that it is. Everything is vulnerable. Of course every care should be taken to avoid coding practices that lead to vulnerabilities, and of course every time a vulnerability is unearthed it should be fixed, but while we pretend that software isn't all vulnerable we won't design systems to be able to resist attack. When we accept that all software is vulnerable we'll start applying better practices such as compartmentalising it so the damage can be contained when somebody finds a way into a system that they shouldn't have access to for long enough to prevent the attacker gaining further access.
It's like the ant colony that defends itself heavily around its perimeter with warrior ants but if you get past them you have unfitted access to the queen, the food stores, the nursery, etc etc.
The problem is software is complex and with the best will in the world a non-trivial system is always going to contain bugs. You could take every possible precaution in your development process to avoid security holes and still end up with one exploitable bug in the system that may go unnoticed for years. Is it fair to toss people in jail for that? Especially given that most developers are fundamentally creative by nature and struggle to think in the same way a fundamentally destructively-minded hacker would and might not notice that the fantastic new feature they've just implemented could be hijacked and used for nefarious purposes?
No, it's better to simply accept the fact that all software is going to be buggy to some extent and have mitigations in place to limit the damage that said bugs are capable of causing by compartmentalising systems so a compromise in module A doesn't allow you to cause further damage by manipulating the behaviour of module B.
I'd say that'd debatable. Nest might be the best known IoT brand but it's stagnated for years and from what I hear Google are no longer taking it very seriously, in spite of the ludicrous amount of resource they poured into it.
"Due to the way the engines are positioned on the Concorde the whole wing caught fire because the leaking fuel went straight into the afterburner exhaust"
None of the engines on Concorde were ever actually on fire (though the crew did get a false fire alarm on one of them). The deluge of fuel rushing over them basically drowned them - they were deprived of airflow and flamed out. The probable ignition source was a damaged wiring loom for the landing gear retraction mechanism.
My mother won a trip on Concorde (a short circumnavigation of the British Isles and a sprint up to full speed). I was so jealous that I didn't get the ride. I do remember watching the takeoff though, that noise punches you in the chest in a way nothing else does. It was glorious.
The fact that there's pretty much nothing out there that can't be hacked suggests the problem is not a lack of competence, but simply down to the fact that software is hard. Millions of lines of code isn't even considered a big system any more, and no matter how careful you are it only takes one slipup somewhere to introduce a vulnerability. Add in multiple threads of execution opening up the concurrency can of worms and this isn't at all surprising.
Having said that, 4 seconds for Flash is just plain pathetic, the fact it's an old vulnerability that got exploited doubly so.
"Say you live in country A, where the cost of living is $20k a year for basic food and rent. Your salary therefore MUST be greater than $20k a year if you are to afford to live in your country."
This is true, but as far as most of Europe goes, the cost of living is going to be closer to 20k than to 4k so an European worker is going to expect a salary in the same range as a UK worker. Especially if they actually do come over here and have to face the same cost of living as UK residents face. The guys in India may be a hell of a lot cheaper than that, but the guys in India also turn out terrible terrible code that's not worth even the cheap price you pay for it. Trust me, I've made a few quid cleaning up the mess one of these outsourcers left behind.
"Automobile manufacturers didn't leave the Rust Belt because the workers weren't good at their jobs. They left because people in Mexico could do the same job and yet only wanted 1/3rd as much money for it"
Funny, because my understanding of the situation was that the Rust Belt car industry died because they produced shitty gas guzzling unreliable basically disposable cars that would oxidise in six months, and they subsequently got eaten alive by the Japanese when they started making high-quality economical durable products that would still start on a cold day, a situation that the oil crisis only made worse because who wants a gas guzzler when petrol suddenly costs three times as much? The American manufacturers made the wrong product for the time, the Japanese manufacturers made the right one and the free market made its choice.
I'm a tech worker in the UK and never worried about my job security from the EU open borders policy or from international outsourcing. The former is because in my experience tech workers from the EU can match UK workers in terms of talent but also demand the same level of salary, so there isn't a huge advantage to hiring them over the local talent and the meritocracy decides who gets hired. I'm perfectly fine with the best job going to the best candidate. As for development being outsourced to distant lands it's become increasingly apparent that the quality of code you get from these outsourcing development houses is terrible. You pay peanuts, you get monkeys.
If you're good at your job then globalisation shouldn't pose a threat to you.
And here in a nutshell is everything wrong with software development, especially when it pertains to security. Developers are fundamentally creatively-minded and simply cannot think the way a fundamentally destructively-minded hacker will. I also think that in spite of the cynical sense of humour a lot of software guys display, they are at heart too optimistic and assume that most people are basically not malicious. They will come up with what seem like good ideas, even great ideas that make things better for everybody, then some hacker comes along and realises that this great idea that makes things better for everybody can be re-purposed to run down your battery, or spam you with porn ads, or install a keylogger or anything else that ranges from mischief to full blown felony.
I think university courses on software development should contain at least one semester on how to think like a hacker so that developers are taught that no, not everybody out there is a good guy and anything you do with the best of intentions could potentially be used by somebody less noble to wreck mayhem. We did do some engineering ethics studies when I was at university, which is somewhat along those lines, but was more focused on how things done with the best of intentions could lead to accidents rather than how they could be abused.
Ars Technica did an analysis on the pricing and found that once UK VAT (which is included in the list price versus US Sales Tax which isn't) and import duty is taken into account the difference in UK and US pricing is minimal, probably no more than 50 quid.
Of course that statement doesn't generate many clicks and ad impressions.
Now their SSD options on the other hand, there's a legitimate ground for beef. If you select the maxed out SSD option (2TB versus .5TB) the price jumps by more than a grand. I know OEMs don't give good deals on storage or memory upgrades, but that's just plain ridiculous. As I don't know if a user-upgrade is an option or whether this new machine is a sealed unit you can't upgrade yourself that's a very big deal.
Biting the hand that feeds IT © 1998–2018