If I worked at Apple, I would quit. No way in Hell I would develop sortware that way - that is insulting.
230 posts • joined 5 Apr 2015
Re: Apple and GPL
Without Stallman, we would not have an objective C compiler.
As an aside, when companies say the license is too convoluted, or that the company wouldn't touch X with a ten foot pole, it usually means they could not rind a way to exploit it, and that is not necessarily a bad thing.
If this was my idea...
I would put it on github and offer 10K for each 0-day or info disclosure found.
As such, security barely got a mention. It is an awkward grab of consumer data made by an envious and vain corporation.
Might this be one reason why Bezos stepped away so when this blows up, not to sully his reputation - if that is even possible.
This is really problematic. Who thought this up?
FreedomFi's 5G gateways will mine HNT cryptocurrency for owners who dole out coverage to passing users, IoT devices
39 Post Office convictions quashed after Fujitsu evidence about Horizon IT platform called into question
Exam-monitoring biz Proctorio tried to silence a critic using copyright law. Now EFF sues to put an end to this tactic
University duo thought it would be cool to sneak bad code into Linux as an experiment. Of course, it absolutely backfired
"One last point worth raising, the kernel teams response should probably treat Uni researchers the same regardless of their nationality. Do we really want them setting a precedent that Uni's in China, Iran, and Russia can attempt unauthorized penetrations without sanctions?"
I imagine I would get the same treatment if I submitted the PRs - and I am not a citizen of any of those countries. A mammoth responsibility to police this.
The facts though cannot be ignored:
1) An accredited University actually approved the research. Is this the way research happens these days?
2) The commits made it to the queue. They did not make it to either staging or linus-next. My worries are for any APT crew or some other 3 letter agency - how easy is it to slip in a PR with SE?
It is disappointing on many levels to me.
We seem to have materialized in a universe in which Barney the Purple Dinosaur is designing iPhones for Apple
'There was no one driving that vehicle': Texas cops suspect Autopilot involved after two men killed in Tesla crash
Brit authorities could legally do an FBI and scrub malware from compromised boxen without your knowledge
FBI deletes web shells from hundreds of compromised Microsoft Exchange servers before alerting admins
UK terror law reviewer calls for expanded police powers to imprison people who refuse to hand over passwords
Free Software Foundation urged to free itself of Richard Stallman by hundreds of developers and techies
What am I missing...
"urges them not to give full and complete answers to questions 41-42, 44, and 50."
Thank you for that tidbit of information. With some common sense, I can produce a list of all those folks that you do not want me to know about.
Why would the government publicly release those guidelines?
Microsoft's GitHub under fire after disappearing proof-of-concept exploit for critical Microsoft Exchange vuln
Intel CPU interconnects can be exploited by malware to leak encryption keys and other info, academic study finds
SpaceX small print on Starlink insists no Earth government has authority or sovereignty over Martian activities
Until there is legislation with a true and meaningful penalty clause, this charade will never end - and it will get worse. It is like Google said; view every network and endpoint as an adversary.
I hate to think what the exploit will do that finally spurs action. All sorts of horrors come to mind. If we do not step up to the plate here, it is our fault to bear the burden of failure with the remedies that will follow.
SHAREit app for Android said to share way too much: Billion-download code with holes no one wants to fix
Supermicro spy chips, the sequel: It really, really happened, and with bad BIOS and more, insists Bloomberg
Yet another fine example of police work demonstrating that a back door in the crypto is not needed for enforcement action. Every week I see such examples all over the world. By now there is no shortage of evidence indicating that said back door is needed at all - just good police work.
Severe bug in Libgcrypt – used by GPG and others – is a whole heap of trouble, prompts patch scramble
Not best for every use...
In Rust there is "unsafe" code - just because it is all in one place does not really make it safer or necessarily easier. Rust is not the answer to everything and using Rust doesn't mean your code is OK. As in C, Rust has its share of bad coders too.
Maybe I just got a bad taste of Rust when I saw all these damn crates being assimilated when I built the project. I still have to verify all those crates when I certify my code. With the custom standard C library I have to use with some of my clients; that library has been already certified by the clients that use it. In some circles, Rust still has a ways to go yet.
We'd rather go down in Down Under, says Google: Search biz threatens to quit Australia if forced to pay for news
FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusion
I agree. What corporate does not want to hear is that security is not just a product that you can order and install. Security is a tedious and full time job. The very best that I can provide is for tripwires to be set everywhere and I do mean everywhere (including black lists), combined with firewalls and something like snort. This setup is monitored 24 X 7 with dedicated personnel. No magic, just hard work.