Multi-monitor support could perhaps be one area that Eclipse Theia could steal some market share, though I suppose MS could just try and pull in their work.
114 posts • joined 4 May 2010
Visual Studio Code 1.45 released: Binary custom editors and 'unbiased Notebook solution' in the works
20 years later, Microsoft's still hammerin' Xamarin: Bunch of improvements on the way for cross-platform coding toolset
Collabora working on making any DirectX 12 driver able to support open graphics and parallel programming APIs
World's smallest violin to be played for opportunistic sellers banned from eBay and Amazon for price gouging
Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks
I'm not condoning what they're doing with this technique but hats off to them for the approach. I'm curious though as to why the digital certificate wasn't revoked as soon as a replacement driver was released without the vulnerability. I'm not sure if the limitation is that Microsoft doesn't allow you to revoke on a per-binary basis and you need to go through the hassle of getting a new certificate for each version or if Gigabyte were just incompetent.
Rowhammer rides again as FPGA attack, RSA again reportedly up for sale, anti-theft kit to nuke laptops, etc
Re: Proof in the pudding
X years of support just means Microsoft will issue fixes and diagnose bugs for that period of time. If your application runs fine when you build it and you deploy it and you don't mess with it it'll continue to run fine. It's no different from OS support, even Linux distros have EoLs. Minor tweaks every three years if you want to upgrade to use the newer features in the next version or you want to receive potential security upgrades is hardly a big ask.
As for Java, that gets security updates all the time. If you just left it alone on a server and never touched it after release you'd likely be running on an insecure platform.
Section 230 supporters turn on it, its critics rely on it. Up is down, black is white in the crazy world of US law
I don't see what's hypocritical about changing your mind some twenty-four years after making a decision when the entire context has changed and new evidence has come to light. He made a decision that made sense in 1995, he's since come to realise it no longer makes sense. Politicians that are capable of re-evaluating their position on things when presented with new findings is exactly what society needs. You shouldn't penalise them for not steadfastly holding to every opinion they've held or decision they've made.
Newb admits he ran Satori botnet that turned thousands of hacked devices into a 100Gbps+ DDoS-for-hire cannon
Re: Will the right people be punished fairly?
The guilt of the hacker is not in question here. I'm merely pointing out that there's a big difference between failing in your responsibility to lock your own door and then being broken into and having locked your door but unbeknownst to you the lock being faulty allowing anyone to break in with little more than a firm push on your door.
Whether there is currently any laws that hold manufacturers responsible for such failures is also irrelevant. There was a time when hacking into someone's systems was also legal as there was simply no law prohibiting it yet. It was still wrong to do it even if there was no actual penalty. Likewise in this case, the manufacturer of the shoddy IoT gear might not face any civil or criminal case but refusing to patch vulnerabilities in widely deployed equipment is still wrong.
Just because you have a group that handles security doesn't mean you'll never have security issues in live code. Bugs happen, no matter how careful you are.
Also I just checked and first statement is also true -- https://blog.documentfoundation.org/blog/2018/07/25/how-libreoffices-quality-has-improved-thanks-to-automated-tools-and-the-volunteer-contribution-of-security-specialists/
“The combination of Coverity Scan, Google OSS-Fuzz and dedicated fuzzing by security specialists at Forcepoint has allowed us to catch bugs – which could have turned into security issues – before a release,” says Red Hat’s Caolán McNamara, a senior developer and the leader of the security team at LibreOffice.
DRAM, that's cold: Overclockers squeeze out extra Micron DDR4 performance with liquid nitrogen system
This post has been deleted by a moderator
Guess who's addicted to GitHub, busy on Slack, stuck in 2015? No, not another hipster: It's the Slub backdoor malware
It's interesting that such a professional and targeted attack would use such old exploits to infect its victims. That it was successful at all is yet another sad reminder of how piss-poor non-technical user's patching processes are.
I hate the way Windows 10 forcibly updates itself but in the grand scheme of things it's probably doing more good than harm if attacks like these can succeed due to lack of patching.
Who needs malware? IBM says most hackers just PowerShell through boxes now, leaving little in the way of footprints
Wanted – have you seen this MAC address: f8:e0:79:af:57:eb? German cops appeal for logs in bomb probe
Re: Technical Details
As per the article the blackmailer doesn't appear to have been using a randomised MAC address.
Also everybody suggesting that they should just destroy/dispose of the device with said MAC address is probably missing a trick also. The police aren't just looking for someone whose device has that MAC address they want logs indicating when and where the device with that MAC address has been.
With both date and location they can then look through existing CCTV footage in those areas and apply a process of elimination to whittle down the list of people who are present in all/most of the CCTV footage. The blackmailer is likely to be in most if not all of them but random people who happened to be in the area at the time are less likely to appear in all the footage.
There's a lot of moralising going on in this article as though the attacker in question specifically singled this site out knowing full-well it was a charity for seriously ill children when in reality it's likely the entire thing was largely automated. The only thing they'd really care about is that it's vulnerable and it has high traffic.
This is quite literally one of those 'think of the children' type articles you normally make fun of. Quite disappointing really.