No... that was just Theo's excuse. He called OpenSSL's memory allocation strategy an "exploit mitigation countermeasure."

Actually, that was just a side effect, and what OpenSSL does that "counteracted" the defense is extremely common in software and software libraries.

It's also generally a good idea as far as performance is concerned ---- and with a library such as SSL which needs to process network traffic (HTTPS, for example); adequate performance is pretty darned important.

They run the plate and get the vehicle description. If it matches, odds are its not stolen or switched plates. If it doesn't match, they boot it or tow it.

Towing requires time and dispatch of the proper equipment. They'll probably just find the VIN somewhere else or break in in some manner.

If it's switched plates and they boot it, the boot can likely be removed in about 2 minutes by picking the lock then using a standard ratchet + spark plug socket. Clamps could also be taken off pretty quickly with a hand drill and a $1.00 grinding wheel or a hammer and chisel to cut through some spot welds in the design of these things, but the city authorities might try and bring up some bullshit about "damage" to city property that had to be done by the owner in order to expeditiously recover the essential use of their vehicle.

I'd have a hard time finding it. It'd require me to read the car manual to check on the location of it.

The police know where the manufacturers put the number, which include some additional locations outside and beneath the vehicle which can be read with a flashlight or optically scanned.

But they are all less convenient for the officer than looking down at the dash, or forcing entry to read it off the door frame or pop the hood to read one of the plates off the engine block, major vehicle components, or one of the other dozens of locations where extra hidden VIN plates are placed.

46.2-1074 https://leg1.state.va.us/cgi-b...

Perhaps because, in the USA, don't you physically change the licence plate every year?

No.... the plate is easily removable, and someone could steal it or swap an incorrect or forged plate there, but every year or 2 years you get a new special little sticker to attach to a corner your plate to show the new registration expiration date.

They'll just break out the drill if you make it too hard to pick quickly. Or the screwdriver. It's amazing what a long-handled flat-bladed screwdriver will do to your average pin/wafer tumbler lock...

I suggest the use of a lever tumbler lock design with some defense of the lock surface using hard plate steel containing tungsten-carbide chips, randomization of placement, and false drill points where an entering drill will pierce a pressurized bladder triggering separate re-locking mechanisms to prevent the car from being started or the door from being opened.

Keep your VIN number covered up.

Obstructing VIN = Violation of the law, possible Ticket.

Sufficient probable cause for police to force entry into the vehicle to investigate.

Suspicion of car theft, may result in you being detained.

"Any person who, individually or in association with one or more others, knowingly removes, changes, alters, or conceals any motor number, serial, or other identification number, decal or device affixed to a motor vehicle, trailer, semitrailer or motor vehicle part as required by federal law without the consent of the Department, shall be guilty of a Class 6 felony."

The problem is lost keys. There has to be a mechanism for an automotive dealer or manufacturer to replace lost keys, and it has to function without the original key.

No there doesn't.... they can have a frickin' lock control module mated to the keys which must be physically removed and replaced with a new unit paired to new keys, like various manufacturers have been doing with the immobilizer chips since the 2000s.

The "recovery" mechanism should involved forced entry.

Alternatively... a backup traditional lock on the trunk or a door that can be picked by a qualified locksmith but requires such skill that no ordinary thief could achieve it.

The only reason for needing to know if the police are nearby is if one is a criminal and/or thinking of doing something criminal.

False. This is nothing more than an assumption or your opinion stated as if it were a fact. Someone might want to do something that is perfectly legal, but may be perceived as suspicious or likely to draw ire of the police.

They might also want to know when police are operating nearby so they know to pull out their camera phone and look for something interesting.

They might also like to know what areas police are frequenting, so they can stick to those areas for their protection against thugs, or avoid those areas for protection against vigilante police thugs.

Whatever

Yes, there is also a 5th amendment issue; your bank's debt obligation to you in the form of your bank balance is property, not a thing which may be necessary to be seized in order to investigate a crime; the only reason to want to take someone's $$$ from a bank is to cause harm; hardship, intimidation, and coercion:

nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law

If pwncloud.com wasn't registered by one of those folks just parking domains who probably picked up the domain to try and sell it for $20,000 or so, it would be a cool name for a fork of Owncloud.

I guess in theory, it could also be the name a pentesting service could call their product if they specialize in pentesting services running on cloud-based infrastructure.

Not getting updates for features is perfectly fine. What is a problem is not getting security fixes, and having the security team of Canonical not caring at all about that.

I don't know about you, but if I maintain software; i'm shipping the security fixes and other bug fixes with the combined update. You don't get to pick and choose "security updates but no feature enhancements"

I'm a big fan of how Firefox and others don't have separate major releases nowadays. And no "maintaining old branches"

I vote the software author should provide an update to the Debian package though. The "update" should generate PROMINENT WARNINGS for the user that their software is out of date, that the debian packages are no longer being maintained, and FOLLOW THE FOLLOWING INSTRUCTIONS to switch from a .DEB managed installation to a .TAR.GZ managed installation.

So... how are AT&T able to technically achieve this?

Did Apple screw up in some manner, that accidentally left a venue open for ATT to successfully be able to lock the SIM?

Is there a way Apple can fix this in a future revision, so the customer will be able to unlock their SIM, or ATT won't be able to lock it?

You want to keep the hard drive at 50% or less to maximize performance.

You're talking about short-stroking the drive which is fundamentally a different question --- than what percentage of your space usage is best for performance.

For the sake of argument: Let's assume you create a single partition on your hard drive that only uses the first 30% of the disk drive, AND your partition's starting cylinder is carefully chosen to be in alignment with your allocation units / stripes down all RAID levels to avoid RAID crossing.

What amount of filesystem usage is appropriate?

Is there a point at which you should increase the size of your partition and filesystem for performance reasons, and how do you decide?