
They should be required to pay every one of these people back.
1965 publicly visible posts • joined 6 Oct 2008
CVSS ratings have nothing to do with how many instances of it are out there. They are a rating of how easy it is to exploit and what exploiting gets you:
In this case:
It can be exploited remotely
Without difficulty
With no user interaction
To run arbitrary code
As root
That's easily in the 9 - 10 out of 10 range.
As to how widely it is reachable on the open Internet (which again, is beyond the scope of the rating), he got around 400k Linux machines to happily run his benign payload. If I want to build a bot-net, that's not a bad one.
As to not waiting to disclose, he disclosed because someone had leaked it. Once it's out there for bad-actors, full disclosure is the only responsible thing to do.
If you're, for example, AMD, would you trust the separation that's supposedly now here between Intel foundry and Intel design? I wouldn't.
This is useless unless it's a full, Global Foundries-esque spinoff, but Gelsinger wants to MAKE chips... I don't think he has it in him to really do what's required.
Every military on the planet has issued statements about Pokemon GO, including all branches of the US military.
I'm not sure how the theory it's a CIA tool has been debunked. I mean, there's at least enough ties that if I where head of a non-US national intelligence agency I would be not permitting it.
John Hanke, founder and CEO of Niantic was the previous founder of Keyhole, Inc, which was invested in by In-Q-Tel a venture capital firm started by the CIA.
Gilman Louie, board member of Niantic, is on the President's Intelligence Advisory Board, U.S. Department of State’s Foreign Affairs Policy Board, and has been awarded National Geospatial-Intelligence Agency medallion, the CIA Agency Seal Medallion (twice), CIA Director's Award, the Director of National Intelligence Medallion, amongst others.
Does that mean it's a CIA tool? I'll leave that to the reader to decide, but that's some pretty heavy connections with US intelligence.. and of course, the CIA has never lied.
During COVID internet archive stopped enforcing the 1:1 rule. Publishers were afraid to bring a case and get a ruling that 1:1 was legal, but once IA did 1:many, even briefly, the case practically writes itself.
IA should have known this was inevitable, but they misjudged what they could get away with.
This is correct, if you need less then a full server then running on a cloud-providor can result in savings. Once you hit a certain point however, moving your baseline load to privately owned servers is beneficial, only using cloud-providor for peaking-load.
This also has the side effect of helping you stay more vendor neutral, allowing you to put that load on whoever's the cheapest at the time. This has been the case since before "cloud" became a buzzword for "someone else's servers."
Actually, with a sufficiently well designed IPC system, you don't even need hand-coded assembly. Just take a look at what some of the L4 kernels accomplish.
Now, you have to be willing to unshackle yourself from the overheads of the Linux API / ABI. Of course, you can always run the Linux kernel as a usermode process, but trying to build a microkernel that is fully Linux compatible is a fool's errand. I mean, almost all of what Linux provides would have to be provided by user-mode daemons anyway.
"That still leaves one company with a monopoly on Google Search and one company with a monopoly on those paid search ads."
I think it's slightly worse then that, let's say you do break search and ads, how does search make money at that point? Right now search is given away to drive the advertising behemoth, and the same can be said for much of Big G.
I can see splitting off Android, Fi, maybe YouTube (I think they are independently profitable on their own ads now), but the rest? I don't see how it works.
Generally when something can't be found in DNS, the reply is NXDOMAIN.
Unfortunately many ISP have started hijacking this useful response (along with the useful 404).
KSes do not guarantee the project will accomplish it's goals, only that the backers will get their rewards. This becomes an issue when the reward is a copy of the product (the goal). The original intent was cases like the Reading Rainbow kickstarter, where almost all the rewards where things like tee-shirts and mugs, the funding goals where to get a reading-show produced and in the hands of children.
"Both justifications prevent Google and Facebook from exploring new, imaginative and mutually useful (to customer and provider) ways of doing business. Ways that don’t require data collection and hoarding."
I'm not sure this is a solid argument to Google that they shouldn't horde. While I can imagine many businesses that don't require hording, it's only VARY few that the hording actually precludes.
So, as the meme driven kids today say: "Why not both?"
(note: I'm not really suggesting that I want google to track everyone. Just that this argument is not something that they are going to find compelling)
Pretty sure the part that sucks is them buying a bunch of "edgesucks.com" type domains (considering that's what the story was talking about). elReg doesn't just report on MS doing that, there have been numerous articles in the past about companies doing that.
But you want someone to identify something that sucks about it, fine: when you go to type in the address bar, you can't tell how it's going to respond. You can single, double, or triple click it never highlights. Sometimes backspace deletes the entire text, sometimes it it backspaces a single character, and it never gives any indicator as to what it's going to do.
Feel better?