Comment Re:Well I guess it's a good thing... (Score 1) 203
I'm hoping that advertising dies as a primary revenue stream purely so that sites like Buzzfeed can die.
The world would be a better place.
I'm hoping that advertising dies as a primary revenue stream purely so that sites like Buzzfeed can die.
The world would be a better place.
Phones are getting a bit more memory, somewhat faster CPUs, a bit better screens, and improved cameras but you would expect all of these things. In terms of new and interesting features, it seems like we're in a mature market where we've all decided upon what it means for a device to be a smartphone.
That's a problem phone makers are facing. Amazon's new fire phone, supposed to be revolutionary, is just some parallax graphics (and a bit of rotation magic).
When new ideas fail, you do what Apple did: re-skin it.
Secondly almost the first thing said in the video is that they had to install a driver on the target to force it to emit signals they could pull out of the noise.
At that point it's no longer 'bridging the air-gap' (which typically means exploiting across the air gap), it's communicating between two friendly entities through the air.
Which we've been doing for literally hundreds of millions of years.
And you are dishonest.
You're a jerk, and I hate you. Woohoo, insults, I can do them too.
If you had Windows in 1993, and you pushed ctrl-alt-delete and it brought up your login screen, then you were not normal, and the OS was not an OS many people had. THAT is the truth.
As an aside, in 1993, more people were running Unix than Windows NT.
DISCLAIMER: THIS CODE REVIEW IS A LONG WORK IN PROGRESS, I COULD BE COMPLETELY WRONG IN ANYTHING I SAY.
To do a proper code review, you need to understand the purpose of the code, what all the stakeholders want. From my own perspective, init scripts work fine, but since Unix companies keep trying to create new init systems, they must have different needs than I do.
Most are language-independent.... no surprise to see CWE-89 (SQL injection) and CWE-78 (command line injection) in there, as well as the slough of crypto/authN/authZ-related stuff. But where are the language-dependent bugs coming from? If you drill down on the code examples for CWE-120, -131, -134, and -676, you'll see C and C++ are a re-occurring theme.
Good then we're agreed, buffer overflows are not the most common security vuln.
All we need now is for you to realize that, if someone thinks the language means they don't need to worry about security, then their code will be much more vulnerable, even if they write in Java. Once you realize that, then we will be completely agreed.
Now this book comes out explaining that a SOC is basically just a bunch of smart (expensive) people intelligently mining data?
The hard part is finding the capable (expensive) people, even if you are willing to pay a lot. Programmers and IT guys are not hard to find in America, but capable ones are.
As the thread suggests, one advantage to different coding styles is that you can generally tell who wrote what and, if there seems to be a bug, you can track them down and tell them to fix it in that ugly mess. In our office, we have the rule that if you go around changing code style, you now own that code and are responsible for it. About the only issue we've run into is that people's styles evolve over time. So the guy right out of school may have a certain style that changes as he is exposed to more styles.
git/cvs/svn/mercurial blame can tell you who wrote whatever code. Please tell me you are using some kind of source repository.......
An authority is a person who can tell you more about something than you really care to know.