Comment Re:Seamlessly replace keys? (Score 1) 88
Although, in hindsight - you've already authenticated the server, so you are going to treat it as a trusted party anyway...
Although, in hindsight - you've already authenticated the server, so you are going to treat it as a trusted party anyway...
Agreed - this makes sense if you want to display a message to the user: "The server is advertising updated host keys via the trusted channel. Do you want to add them to your local host key list?"; but automatically replacing them without prompting seems overeager...
When will people learn?
Biometrics replace usernames, not passwords/PINs...
... but anybody with a need to drive could pay the $20/gallon to drive...
That's quite a big assumption that everyone who supports the emergency surge pricing idea is making - that those who need the service will be able to afford the hugely-inflated price.
At the very least, large companies need to anticipate short-term stability, which is I think what the quote was getting at.
A small company, for which a day's takings in Bitcoin is only a fraction of the day's Bitcoin-to-local exchange volume can easily cash out immediately, and so has no need to have an expectation of long-term or short-term stability.
A large company typically cannot convert a large amount of Bitcoins to local currency instantaneously without destabilising the exchange rate, so they need to have an expectation of short-term (e.g. month-long) stability in order to manage the transaction volume against the local exchange markets.
Making (largish) loans in a currency implies expectation of decade-long stability.
Also, for a tech site, this lack of comprehension is offensive:
may be remotely exploitable without authentication and can possibly be exploited over a network without the need for a username and password
The two halves of this sentence say exactly the same thing, but present it as two statements.
Iâ(TM)ll wait for something from DPReview.
Samsung NX1 First Impressions Review - September 2014
Real-world test: Going pro with the Samsung NX1 - Nov 27, 2014
Samsung NX1 real-world sample images - Nov 12, 2014
Photokina 2014 Video: The Samsung NX1 - Sep 19, 2014
Enthusiast mirrorless camera roundup (2014) Samsung NX1 - Nov 27, 2014
He never admits that the NSA actually engineered the backdoor into the algorithm, he only states that he regrets supporting the algorithm after other people pointed out it was backdoored.
It's entirely possible that they did not engineer the backdoor - that might have come from the original creator.
It's further possible (although I would hope it's not the case) that they did not find the backdoor before it was publicly disclosed.
Either way, they should have stopped endorsing the algorithm as soon as they knew it was weak, whether that was at public disclosure or earlier.
That they continued to claim it was secure after it was publicly known to be weak is a complete failure on their part, and they are DEFINITELY culpable for that.
We BELIEVE that they probably put it there, in which case, they're even more culpable, but we don't know that for certain...
On the one hand, I agree - I know lots of people our age who don't know how to change their oil or oil filter.
On the other hand, I know many people of all ages (from 16 through 70) who don't know how to do that.
At a guess, I'd average it at about 10% in any age group who could. I'm one of the few my age; my dad is one of the few his age. Only two of my uncles or aunts could; only a couple of my cousins. A few of my friends can, but that's only because I hung out with a bunch of motorheads when I was younger...
How about a USB sd card reader? Most of my SD cards have working write protect switches...
It's Foxtel and Yahoo!7/Ninemsn/Ten, (and the other similar players) who are the instigators here.
And there's something really terrible about that sequence of events, but I don't know how to make it any better...
I agree with most everything you said but:
Oh and of course I use a standard user account. I have that and an admin account which is occasionally annoying with UAC but this helps and puts in another layer of security as now the payload will need to bypass this.
This one is a furphy. The ransomware runs as a low-privilege process, and encrypts your data files - which are exactly the ones your standard user account has access to overwrite. Yes, your system is protected from overwriting critical system files, but this won't stop the ransomware.
Good catch!
Thanks for the tip! I figured it probably could, but the debian build of NM has PolKit as a hard dep, unfortunately. Haven't got around to looking at what it would take to build from source.
In the short term, WiCD is doing 95% of what I need, so I will stick with it.
I hope to be able to contribute something useful, so will either eventually contribute a polkit-averse NM build for debian, or add MBIM support for WiCD.
(And I'm working on making the usb modem use cases work more smoothly...)
Math is like love -- a simple idea but it can get complicated. -- R. Drabek