Hackers Demand Automakers Get Serious About Security

I misread the subject line as being about automake systems, like Maven, PIP, and easy_install, and was very excited. All of those are vulnerable to DNS cache poisoning attacks, allowing injection of arbitrary code into software builds.

An enormous first step in improving security is the incorporation of PGP signature checks, but at least in Maven, many of the most popular libraries aren't signed.

Given how many of the people here use these tools on a daily basis, perhaps pointing fingers at the automakers is not warranted until the automakes are not glass houses.

>> Finger print scanners are fooled by gummy bears.

> Where I work, the scanners are quite high.

Aww, come on, now, no need to point fingers. If you had to sit there and check people's fingerprints all day you might spark up a bowl and get tempted by gummi bears once in a while too.

AAAAAAND furthermore, in a purely technical sense IPv6 should be faster than IPv4 connectivity when it comes to routing.

Current IPv4 implementations actually do two state table tracking. Both the NAT table and the firewall's state table. In a dual stack, native configuration; only the firewall state table is required for IPv6 traffic alone; with no NAT table required. Or, in some cases, minimal NAT tables for specific devices when you wish to deploy IPv6 only and are supporting legacy devices that do not support it.

So, in theory, routing performance should be edged up a bit in IPv6 land. Also including the fact that hosts are now doing traffic fragmentation and the router's only involvement in fragmentation is sending an ICMP response (PACKET-TOO-BIG) rather than queuing and fragmenting traffic itself. Router performance should ultimately go up by quite a bit.

Ah, looks like100% of their broadband network is dual stack. Nice achievement for those folks.

"Dual stack takes more resources and complexity."

Yes, it does take labor and sometimes duplication of effort, but it doesn't REALLY negatively impact actual routing performance for most people with the exception of situations where routing for v4 is done in ASICs and v6 is done in the CPU, where v6's performance will ultimately be slower than the equivalent in v4 traffic.

However, this is so rare of a hardware configuration these days in most cases. Modern firewalls/routers/edge devices are doing everything in software with powerful enough CPUs to do both, where the performance would be no different than the equivalent increase in IPv4 traffic. Juniper SRX devices run in this configuration (with BSD running as the base OS), and my Ubiquiti device runs a dual core CPU as well.

If you have any questions, why not talk to Comcast? They've deployed IPv6 in a dual stack configuration across nearly their entire residential network (as the OP noted here). Clearly if there were performance problems that negatively impacted the cost of scalability, they wouldn't have made that move.

You are hurting my head, honestly. You're so flat out wrong it's not even funny.

Nobody's saying go "v6 only". We're saying run the two in parallel. When running 'dual stack', v4 and v6 are independent short of DNS resolution where you'll often receive both A and AAAA responses and your application needs to decide which one it prefers. For sockets that aren't v6 compatible, it will just use the A response and ignore the AAAA response completely.

Just because Skype isn't currently v6 compatible should have no bearing on whether or not you actually deploy IPv6.

Go study for your CCNA.

Don't you remember his implication in the recent TV program during elections in Russia?

I do remember the implication. I do not remember anything I would call substantiation. Implication without substance is propaganda.

The question that remains, of course, is did the Russians use this as leverage over him to get to more information or influence him?

Why is that a question? Has there been any indication that anything like that has happened? No? Well then why does that question come up for you? I believe it is because you know that if you said what you are implying outright, the unanimous response would be, "Citation Needed!"

Don't propagate bullshit suggestive questions that try to make a point you don't have the balls (or the evidence) to present in a forthright manner. Leave that kind of rhetorical crap to the downward spiral that is major media news. Here, you will be held to a higher standard.

The viewing supports the production. Or the production supports the viewing. I am not sure,

Well, let me clear it up for you, since it's a pretty simple one-way cause and effect: Production supports viewing. Viewing, in and of itself, does exactly nothing to support anything else.

Purchasing? That could support production. Page views on a site that runs ads? That could support production. Pulling from a site that keeps a record of the number of downloads, such that the uploader gets some kind of gratification watching the counter go up? That could support production.

But viewing, in itself, does not support production.

The last thing that we need as a society is to encourage others to consume the evidence of that abuse.

Encourage them? How are we as a society encouraging the viewers? I'm pretty sure it is common knowledge that we, the vast majority of society, find this behavior repugnant. I don't think they sit in their greasy basements thinking how proud their city council would be if they only knew.

You would have to basically create an endowment to fund ongoing documentation development.

Agreed that continued funding would be necessary to the extent that renewed documentation is needed. Whether an endowment or repeat crowdfunding is the best mechanism for doing so would probably vary from project to project. Perhaps you make the endowment approach a big stretch goal; like "$18,000 base funding for a one-time project, $250,000 or more creates an endowment with three annual $20,000 update projects until the endowment (invested in broad-based low risk equity funds, 50% domestic, 25% foreign first world, 25% foreign developing nations) is depleted" -- but I digress, you get the idea.

A) the interfaces are bad enough that documentation is even necessary in the first place

As you imply, I find that good documentation often exposes opportunities for improvement in the interface. That could become a channel for providing recommendations to the core development team, or could become the seed for a third-party development effort. Things which have value can get built, either because the developers and their sponsors want them, or through crowdfunding, or through some other motivating mechanism.

In short; you've raised an opportunity to create additional value, not a threat to succeeding in the base objective.

B) documentation is boring, unrewarding and time consuming to do well so nobody wants to bother.

That is a restatement of the original premise for which we are attempting to find potential solutions. I think I am missing your intent in raising it anew as a bullet point.

MOTHERFUCKER, IT DOESN'T WORK LIKE THAT. Fuck you in your goddamn asshole you fucking arrogant fucking pricks...The fact of the matter is the majority of programmers are assholes that have no business operating in normal society. Lock them in the fucking closet and let them read the fucking source until they jizz all over their crusty beards while fantasizing about Stallman's brown pucker.

Just a wild guess here, but hear me out: Is there any chance that your interpersonal skills could have contributed to the lack of communication?

How about crowdfunding some documentation efforts by real technical writers?

The reality, for better or worse, is that writing FLOSS code has sufficient apparent benefits for the software engineers and their sponsors to get the job done. The technical writing of good documentation does not. Whatever the reasons, it is the case; that has been the reality for decades.

But how much would it cost for a first pass at documentation? Take "Installing and Configuring MyCloud" as the example. Contact a few people who have written articles or put up YouTube videos on the subject. Let's get a high estimate; call it $100/hr, one month, three documenters, 10 hours per week each, 50% overhead = $100 * 1 * 3 * (4 * 10) * 1.5 = $18,000.

That seems do-able, and a good opportunity to develop a crowdfunded brand; a team that grows a reputation for getting projects done. Then you could offer a follow-on project to do a deeper dive on the same subject, or put together another team to do Asterisk & Secure VoIP, or whatever is next. Maybe start with the counter-NSA stuff, where there's a sudden broad interest and complex software that, until now, has been run mostly by experts.

A few thousands of people willing to kick in a small amount of money each toward a common goal; crowdfunding documentation seems like a natural fit.

Really that's just assembling but fewer of the parts came preassembled. Until you've smelted your own metal for wires and designed your own processor, you're just plugging in a few more parts

Real engineers initialize a new universe with the appropriate laws of physics to ensure that a life form will evolve that eventually builds the desired computer. Everything else is just building on the big bang.

I really liked my last snarky response, but I just thought of another one:

Those in-app purchases require an account password - that's a parental responsibility. Allowing the kids to know the password is no different than sending them to the toy store with a blank check. Not only are the parents not teaching their children to take responsibility for their actions, the parents themselves aren't being responsible.

I've long been thinking the same thing about crosswalk signals. Children whose parents fail to teach them to look at the vehicular traffic signals to know when it is safe to cross are not giving their children an important life skill. Spending taxpayer money on crosswalk signals, just to protect the children of a few incompetent parents, is grossly wasteful nanny-stateism. If we don't allow natural car-versus-pedestrian fatalities to punish stupid parents by killing their children, how will they ever learn?

If they can do that, those children have much larger issues than a $4 charge - they have stupid and irresponsible parents, who are not only providing inadequate supervision, but are incompetent at teaching their children life skills.

Your observation, whether true or not, does not make the transactions efficient. Inefficient transactions are bad for the economy, regardless of their cause. Do you want American companies to lose money? Do you hate America?