Comment Re:We can do that thing you like (Score 1) 230
They're late comers to this party: We already have community repos. Chocolatey and BoxStarter. Why would we need OneGet?
It's Internet Explorer vs Netscape all over again
They're late comers to this party: We already have community repos. Chocolatey and BoxStarter. Why would we need OneGet?
It's Internet Explorer vs Netscape all over again
Let's change that up slightly, to use 3715 bits out of the 7104 available, approximately 50%:
No... that was just Theo's excuse. He called OpenSSL's memory allocation strategy an "exploit mitigation countermeasure."
Actually, that was just a side effect, and what OpenSSL does that "counteracted" the defense is extremely common in software and software libraries.
It's also generally a good idea as far as performance is concerned ---- and with a library such as SSL which needs to process network traffic (HTTPS, for example); adequate performance is pretty darned important.
They run the plate and get the vehicle description. If it matches, odds are its not stolen or switched plates. If it doesn't match, they boot it or tow it.
Towing requires time and dispatch of the proper equipment. They'll probably just find the VIN somewhere else or break in in some manner.
If it's switched plates and they boot it, the boot can likely be removed in about 2 minutes by picking the lock then using a standard ratchet + spark plug socket. Clamps could also be taken off pretty quickly with a hand drill and a $1.00 grinding wheel or a hammer and chisel to cut through some spot welds in the design of these things, but the city authorities might try and bring up some bullshit about "damage" to city property that had to be done by the owner in order to expeditiously recover the essential use of their vehicle.
I'd have a hard time finding it. It'd require me to read the car manual to check on the location of it.
The police know where the manufacturers put the number, which include some additional locations outside and beneath the vehicle which can be read with a flashlight or optically scanned.
But they are all less convenient for the officer than looking down at the dash, or forcing entry to read it off the door frame or pop the hood to read one of the plates off the engine block, major vehicle components, or one of the other dozens of locations where extra hidden VIN plates are placed.
Perhaps because, in the USA, don't you physically change the licence plate every year?
No.... the plate is easily removable, and someone could steal it or swap an incorrect or forged plate there, but every year or 2 years you get a new special little sticker to attach to a corner your plate to show the new registration expiration date.
They'll just break out the drill if you make it too hard to pick quickly. Or the screwdriver. It's amazing what a long-handled flat-bladed screwdriver will do to your average pin/wafer tumbler lock...
I suggest the use of a lever tumbler lock design with some defense of the lock surface using hard plate steel containing tungsten-carbide chips, randomization of placement, and false drill points where an entering drill will pierce a pressurized bladder triggering separate re-locking mechanisms to prevent the car from being started or the door from being opened.
Keep your VIN number covered up.
Obstructing VIN = Violation of the law, possible Ticket.
Sufficient probable cause for police to force entry into the vehicle to investigate.
Suspicion of car theft, may result in you being detained.
"Any person who, individually or in association with one or more others, knowingly removes, changes, alters, or conceals any motor number, serial, or other identification number, decal or device affixed to a motor vehicle, trailer, semitrailer or motor vehicle part as required by federal law without the consent of the Department, shall be guilty of a Class 6 felony."
The problem is lost keys. There has to be a mechanism for an automotive dealer or manufacturer to replace lost keys, and it has to function without the original key.
No there doesn't.... they can have a frickin' lock control module mated to the keys which must be physically removed and replaced with a new unit paired to new keys, like various manufacturers have been doing with the immobilizer chips since the 2000s.
The "recovery" mechanism should involved forced entry.
Alternatively... a backup traditional lock on the trunk or a door that can be picked by a qualified locksmith but requires such skill that no ordinary thief could achieve it.
The only reason for needing to know if the police are nearby is if one is a criminal and/or thinking of doing something criminal.
False. This is nothing more than an assumption or your opinion stated as if it were a fact. Someone might want to do something that is perfectly legal, but may be perceived as suspicious or likely to draw ire of the police.
They might also want to know when police are operating nearby so they know to pull out their camera phone and look for something interesting.
They might also like to know what areas police are frequenting, so they can stick to those areas for their protection against thugs, or avoid those areas for protection against vigilante police thugs.
Whatever
nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law
If pwncloud.com wasn't registered by one of those folks just parking domains who probably picked up the domain to try and sell it for $20,000 or so, it would be a cool name for a fork of Owncloud.
I guess in theory, it could also be the name a pentesting service could call their product if they specialize in pentesting services running on cloud-based infrastructure.
Not getting updates for features is perfectly fine. What is a problem is not getting security fixes, and having the security team of Canonical not caring at all about that.
I don't know about you, but if I maintain software; i'm shipping the security fixes and other bug fixes with the combined update. You don't get to pick and choose "security updates but no feature enhancements"
I'm a big fan of how Firefox and others don't have separate major releases nowadays. And no "maintaining old branches"
Prediction is very difficult, especially of the future. - Niels Bohr