Except when you are trying to debug code where the indents are mixed with Spaces and Tabs.

It is easier with something simpler, not something smaller. When you start doing extreme optimization for size, as in this case, you are going to do it at the expense of many things, checks being one of them. If you want to have good security, particularly for something that can be hit with completely arbitrary and hostile input like something on the network, you want to do good data checking and sanitization. Well guess what? That takes code, takes memory, takes cycles. You start stripping everything down to basics, stuff like that may go away.

What's more, with really tiny code sizes, particularly for complex items like an OS, what you are often doing is using assembly, or at best C, which means that you'd better be really careful, but there is a lot of room to fuck up. You mess up one pointer and you can have a major vulnerability. Now you go and use a managed language or the like and the size goes up drastically... but of course that management framework can deal with a lot of issues.

And also other tradeoffs. It is fashionable for some geeks to cry about the amount of disk space that stuff takes, but it always seems devoid of context and consideration, as though you could have the exact same performance/setup in a tiny amount of space if only programmers "tried harder" or something. However you do some research, and it turns out to all be tradeoffs, and often times the tradeoff to use more system resources is a good one. Never mind just capabilities/features, but there can be reasons to have abstractions, managed environments, and so on.

This is some crappy proprietary firmware library for very low cost network devices. As TFA mentions, we can expect a lot more of these vulnerabilities in the "IoT".

It is about politics.
In the public sector it isn't about your wins, but how bad your losses are.
If you report a problem, it gets escalated all the way to the top, where you get your elected officials who got there because they talk. Where then it goes back down to find the person to fire because of the issue. The general public will not be happy until they fire someone for the issue. Granted the person who made the mistake are probably the one who will not cause it again. But you fire them, shame them, make sure they will not work in that field ever again.

So yes if you see a problem you are better off to claim ignorance, then have fingers pointed at you.

There is little I can do in that regard.

Putting the checksum right next to the binary on the download server only helps to check for bitrot in the download. It does nothing whatsoever to establish provenance of the binary, since whoever put the binary there could generate their own checksum from it. You need a checksum or signature that is more trustworthy than the binary in order to verify it.

It would be nice if every publisher would sign every downloadable blob, and the OS maintainers would countersign the true public keys for all popular projects. Then we wouldn't have to care about whether we're downloading from an "official" site or not.

Because they couldn't overcharge. I'm sure they researched the industry and discovered that it is highly price competitive and that just putting an aluminium frame on it would justify a doubling or tripling in price. So they weren't interested. Apple only likes markets where they can overcharge to a massive degree. They don't want to just make money, they want to make stupid amounts of money.

I think it is a case on where we shouldn't be teaching people how to operate technology. But to use technology to solve their problems.
Technology is a tool. When we are little kids, they show us how to operate the tool. When we get older we learn how to use the tools to create.

Most Information Technology Education is the equivalent of teaching someone how to hammer a nail. Where it should be taught on how to build a birdhouse. Where the hammer is only one of the tools out of many.

I know, only because where I work is using them. Idea is it is a general two factor token. Can be programmed by the end user or their org. Also in theory a lot of companies could all use their platform and you have one two factor device for everything but in reality you use it for whatever your company does and nothing else.

Once programmed it acts like a HID class keyboard. You push the button, it spits out a string of characters, that being the two factor code for your account at the time.

During Phases: Embrace and Extend.

Moore's law cover this security concern. Expect computations to keep doubling this your key that takes a year to crack will take a few hours in the course of a few days in the next decade.

Exactly. Even on a site for Computer Geeks and Nerds, It is silly to think we know of every new fangled device that is released, and their particular marketing claims of the day.
Being the poster contracted for the company, it probably means he is engulfed in the sales and marketing of the company and makes him believe that this is a really popular product. While it just covers a small niche.

I am still trying to figure out why Microsoft hasn't packaged SSH based tools with windows.

Well Uber, is a good way for people to create/supplement their income with a relatively low starting cost.

The problem with today's economy, it is too tough for the average citizen to work to control their income, If they work part time, they get unpredictable hours so they cannot get a second job, If they work full time, they are either salaried or forced to work their hours.

Our IT infrastructure, has created many good Starter jobs (Mail Room) obsolete, So you will need to be skilled in order to get in.

I will need to applaud Uber, as its business model, allows for people to work for their money, the harder they work the more they get paid.