The real news
Is that China doesn't require this already.
Big brother because, China.
1949 publicly visible posts • joined 6 Oct 2008
CVSS ratings have nothing to do with how many instances of it are out there. They are a rating of how easy it is to exploit and what exploiting gets you:
In this case:
It can be exploited remotely
Without difficulty
With no user interaction
To run arbitrary code
As root
That's easily in the 9 - 10 out of 10 range.
As to how widely it is reachable on the open Internet (which again, is beyond the scope of the rating), he got around 400k Linux machines to happily run his benign payload. If I want to build a bot-net, that's not a bad one.
As to not waiting to disclose, he disclosed because someone had leaked it. Once it's out there for bad-actors, full disclosure is the only responsible thing to do.
If you're, for example, AMD, would you trust the separation that's supposedly now here between Intel foundry and Intel design? I wouldn't.
This is useless unless it's a full, Global Foundries-esque spinoff, but Gelsinger wants to MAKE chips... I don't think he has it in him to really do what's required.
Every military on the planet has issued statements about Pokemon GO, including all branches of the US military.
I'm not sure how the theory it's a CIA tool has been debunked. I mean, there's at least enough ties that if I where head of a non-US national intelligence agency I would be not permitting it.
John Hanke, founder and CEO of Niantic was the previous founder of Keyhole, Inc, which was invested in by In-Q-Tel a venture capital firm started by the CIA.
Gilman Louie, board member of Niantic, is on the President's Intelligence Advisory Board, U.S. Department of State’s Foreign Affairs Policy Board, and has been awarded National Geospatial-Intelligence Agency medallion, the CIA Agency Seal Medallion (twice), CIA Director's Award, the Director of National Intelligence Medallion, amongst others.
Does that mean it's a CIA tool? I'll leave that to the reader to decide, but that's some pretty heavy connections with US intelligence.. and of course, the CIA has never lied.
During COVID internet archive stopped enforcing the 1:1 rule. Publishers were afraid to bring a case and get a ruling that 1:1 was legal, but once IA did 1:many, even briefly, the case practically writes itself.
IA should have known this was inevitable, but they misjudged what they could get away with.
This is correct, if you need less then a full server then running on a cloud-providor can result in savings. Once you hit a certain point however, moving your baseline load to privately owned servers is beneficial, only using cloud-providor for peaking-load.
This also has the side effect of helping you stay more vendor neutral, allowing you to put that load on whoever's the cheapest at the time. This has been the case since before "cloud" became a buzzword for "someone else's servers."
Actually, with a sufficiently well designed IPC system, you don't even need hand-coded assembly. Just take a look at what some of the L4 kernels accomplish.
Now, you have to be willing to unshackle yourself from the overheads of the Linux API / ABI. Of course, you can always run the Linux kernel as a usermode process, but trying to build a microkernel that is fully Linux compatible is a fool's errand. I mean, almost all of what Linux provides would have to be provided by user-mode daemons anyway.
"That still leaves one company with a monopoly on Google Search and one company with a monopoly on those paid search ads."
I think it's slightly worse then that, let's say you do break search and ads, how does search make money at that point? Right now search is given away to drive the advertising behemoth, and the same can be said for much of Big G.
I can see splitting off Android, Fi, maybe YouTube (I think they are independently profitable on their own ads now), but the rest? I don't see how it works.
Generally when something can't be found in DNS, the reply is NXDOMAIN.
Unfortunately many ISP have started hijacking this useful response (along with the useful 404).
KSes do not guarantee the project will accomplish it's goals, only that the backers will get their rewards. This becomes an issue when the reward is a copy of the product (the goal). The original intent was cases like the Reading Rainbow kickstarter, where almost all the rewards where things like tee-shirts and mugs, the funding goals where to get a reading-show produced and in the hands of children.
"Both justifications prevent Google and Facebook from exploring new, imaginative and mutually useful (to customer and provider) ways of doing business. Ways that don’t require data collection and hoarding."
I'm not sure this is a solid argument to Google that they shouldn't horde. While I can imagine many businesses that don't require hording, it's only VARY few that the hording actually precludes.
So, as the meme driven kids today say: "Why not both?"
(note: I'm not really suggesting that I want google to track everyone. Just that this argument is not something that they are going to find compelling)
Pretty sure the part that sucks is them buying a bunch of "edgesucks.com" type domains (considering that's what the story was talking about). elReg doesn't just report on MS doing that, there have been numerous articles in the past about companies doing that.
But you want someone to identify something that sucks about it, fine: when you go to type in the address bar, you can't tell how it's going to respond. You can single, double, or triple click it never highlights. Sometimes backspace deletes the entire text, sometimes it it backspaces a single character, and it never gives any indicator as to what it's going to do.
Feel better?
"This almost certainly doesn't affect any other Linux developer or user in the slightest, since there is already a better and more optimal nvidia driver out there for free (nvidias own Linux driver). Yes it doesn't come with source code, but that is mostly if not completely a philosophical rather than practical limitation, since who in the real world ever has an actual need or even desire to dive in and modify video driver code?"
That's not true. Because linux is a monolithic kernel, the nVidia driver potentially has access to the entire memory space. Because of this ANY bug you are experiencing with the kernel cannot be ruled out as a nVidia driver problem (potentially other software too, but usually it's trying to track down a kernel problem).
This isn't just theoretical. nVidia has shipped buggy drivers, and it's much harder to get dev attention if you're running a tainted kernel for this reason.
"I think you're missing the point. The billions of desktops don't know how or <u>don't desire to switch engines</u> tomorrow, that's the problem!"
No, that's not a problem. That's google doing search well enough that it's not worth the time test every piddly competitor. Here's the reality, 94% of my searches put what i'm looking for on the first page, another 4% I have to dig deeper, and the last 1% gives me nothing useful. I only marginally care about that 4%, and only REALLY care about the 1%. The problem is, the competitors don't do them noticeably better.
So, tell me, WHY should I go out of my way to use something that isn't better?
"Have you actually tried to write a competitor site and then tried to actually get it promoted? When Google is the one controlling the views of billions of desktop, how do you think your company, who is a direct competitor, is actually going to fare regarding promotion when Google controls the view and, unchecked, will also stop you from being noticed at all?"
Even when you AREN'T a competitor to Google this is a problem. The already established site is who Google's going to rank higher simply because it's more likely that's what people are looking for. What do you purpose, have Google list in reverse order of relevancy?