Why didn't Google package a reasonable update agent within Android, and is this having a deleterious effect upon other Linux markets?

Would it have been possible for Google to deploy an updatable kernel with proprietary vendor modules? If so, why did they not do this?

I am still able to use towelroot to take control of several brands of Android phones (as can any app I load - silently). Should pressure and pain be brought to bear, or should we let Google continue to bring Windows 95-era security to Linux?

Or, should Cyanogen-Microsoft fork AOSP?

The keyboard application launches at boot and regularly downloads .ZIP files of json objects. This download happens as the system user, and is vulnerable to directory traversal. Disabling updates for this .APK will not halt this activity, and it is unlikely that all vendors will bother to patch this.

I am on the Alliance rom that bundles SuperSU, so I can fix this (unlike most unfortunate Samsung users).

I used the "NoBloat" application from the Google Play store to disable the Samsung keyboard (after clearing the cache with the app manager).

After doing so, I see the file /system/app/SamsumgIME.apk_ (note the underscore). I may try to copy the AOSP keyboard over from CM11 so there is a working keyboard in /system.

I would like to congratulate Google and Samsung for their stunning incompetence in Android security. Your only hope of closing exploits on this platform is to root. I would be hard pressed to name a modern, GUI-centric Linux distribution that lacked a system update agent capable of patching all system components.

Except Android.

It is well-known that the Earth is in an unusually cold period with historically low atmospheric carbon dioxide levels.

A transit from an icehouse to a greenhouse phase would likely involve profound (and potentially destructive) changes for human civilization, but the planet has undergone this cycle many times before, and we are profoundly foolish to think that our impact has been significant - it has not.

The initial Verizon warrants were on an air-gapped server. Even with root everywhere on the network, these documents should have been inaccessible.

This situation makes more sense if we posit that the NSA had already been deeply penetrated by Russian intelligence, who learned of Snowden's sentiments and elected to assist him for reasons and costs of their own.

Snowden initially claimed that he was trying to reach Cuba. There are somewhat more direct routes than Hong Kong.

We likely do not know 1/100th of the backstory of the release of these documents.

If this is so, then Nokia can now assert copyright over fork().

Nokia now owns Bell Labs through a long chain of acquisitions. Bell Labs publicly asserted copyright over fork() in the Lions Commentary.

Nokia should now assert infringement over Solaris and the UEK. A sizable portion of Exadata revenues are fairly owed should this decision stand.

A great disaster has been averted!

I am all for fair compensation, but am I truly frightened when U.S. workers make more in one hour than Mexican workers make in a day.

If jobs are to remain, our workforce must be far more productive than our global competition. We should be demanding more worker education, which would likely impact wages far more than legislative mandate. Simply making the workforce more expensive with no realistic improvements will only enlarge the class of the permanent unemployed.

My professors conducted research in areas that were only slightly related (on a good day) to the material that they were assigned to teach. These people carefully preserved overhead transparencies from previous teachers that were cracked and faded. They obviously had little enthusiasm for their teaching duties, and my fellow students mirrored the excitement.

Some became prima donnas that flew into a rage in the wrong circumstances. Some actively preened their students for (low-paid) graduate research (not entirely suppressing a greedy desire to exploit). And some simply took apathy to levels that I had never seen before.

I went through a real circus with a professor going for tenure (who did have basic problems with competence) that had to endure not only the stifled laughter of fellow faculty in our class, but video tape recorders documenting his poor teaching style.

School, at all levels, needs to put people who want to teach in front of people who want to learn, which is diametrically opposed to the structure of a research university. If you don't have both of these types of people in the right place at the right time, the results will be substandard, as indeed they have been for the past century.

Fail the school.

...controversy are condemned to repeat it.

Still nothing to sneeze at.

"Java and C# .Net are now the languages of choice in the projects that the ISBSG receives. COBOL has slumped to 12% (it used to be 38%) and Visual Basic has dropped back to 5% after peaking at 15%."

Did you have directory delete permissions?

http://savannah.gnu.org/projects/gnucobol

...would beg to differ, with this fact from the COBOL wiki:

In 1997, Gartner Group estimated that there were a total of 200 billion lines of COBOL in existence which ran 80% of all business programs.

I would bet you that COBOL environments have had 1/10th, and perhaps 1/100th of the security problems as systems based on C.

In addtion to sending the CSR, and not the key, scan your SSL server with the SSL Labs Scanner and you will see many flaws.

To fix these flaws, apply these cipher best practices to lock out bad ciphers (RC4, export-grade ciphers), and deny the entire SSLv3 protocol which now has critical design flaws.

The key to the best-practice ciphers are these Apache directives (this configuration is also effective on the older 0.9.8 OpenSSL):

SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCompression Off
SSLHonorCipherOrder On

To summarize:

• - Apply vendor patches for your OpenSSL with some degree of haste.
• - Check the best practice cipher page at least once per quarter.

There were several miracle workers in Judea at the time of Yeshua, some who could even raise the dead by contemporary accounts. The main difference is that Yeshua performed his miracles without monetary charge. If this aspect is similar, and rebellion was a common sentiment (i.e. Sepphoris), then we can assume that Yeshua was familiar with the issues, even if he did not share the opinions of all of them.

After the crucifixion, Paul changed Yeshua radically, abandoning Mosaic law and calling himself the "first apostle." James the Just, the head of the whole church, recalled Paul to Jerusalem twice, and censured him for what would amount to heresy. James then dispatched emissaries to all of Paul's congregations to correct the "flawed" teaching, which was largely successful. There is even a story in the memoirs of Clement (Peter's successor) that Paul threw James down a flight of stairs in a rage on his second return.

Paul's teachings would have been discarded, if James had not been murdered, and Jerusalem destroyed. As it was, Paul's writings were the only existing documents after Jerusalem's fall, and all the later gospels included strong influence from his letters.

The rebellious attitude of Yeshua towards the Romans would not serve a new Roman religion, so it was removed, for practical reasons.