I didn't say she's hypocritical, although she would have to be if she was for women's rights or gay rights. I'll leave it up for her to choose which poison she's harboring.

when she was CEO of HP......obviously she must be against women's rights and gay rights. Thanks for letting us know, Carly.

Seriously, Tim should be proud to have brought out the schoolyard bully in Carly.

So the single byte key is derived in some undiscovered manner from the password. Given how weak the encryption is known to be already, I wonder if one out of 256 encryption keys turn out to be a zero byte. In such a case, the encryption would leave the file unchanged. (Could be patched with "key=key?key:1;")

But in this case the key size is 1 byte, and only applied to the first 128 bytes of the file. So there's that.

Well, the OTP was an 8-bit integer, and only applied to the first 128 bytes, if that makes it even more mind-blowingly insecure and even stupider.

There's an outfit in Florida that's advertising your choice of new or restored 1964.5 Ford Mustangs. If you get one "new" they create a VIN that refers to their company - if you get one restored, you get the VIN of the donor car they rebuild. They upgrade safety and emissions to some degree, but I don't know how they meet modern requirements for their "new" cars. (See http://revologycars.com/faqs/ )

The real issue that we're going to be up against is whether 3rd parties will be permitted to continue to manufacture replacement parts. Soon every part incorporates an RFID, and the car refuses to start without all the RFID tags matching the authorization database. Perhaps they'll start with all the parts that they can justify as safety-critical, 'cause, you know, for the children. The government could even push for this in order to make sure that mileage and pollution critical parts are kept unmodified, 'cause, you know, for the environment. Then when the complaints pour in that it's anticompetitive, they'll authorize third parties so long as they tithe back to the original manufacturer, 'cause, you know, for the corporations. Finally, after some number of years, they'll just deauthorize all the parts, so you have to scrap the car, 'cause, you know, you need a new car, or just because they can't be bothered to keep supplying security updates for the buggy software.

If a malevolent SWF file could be copied and hosted elsewhere, how could Adobe reasonably claim to have corrected the vulnerability at all?

I'm not defending the insane assortment of completely unnecessary sizes of barrel connectors. I'd agree that it's all horseshit - it would only make some sense if the sizes were related to the voltage, such as one size for 5v, one size for 12V, one size for 29V, etc. It's hard to imagine that manufacturers really get big money out of continually changing power connectors and battery pack designs - it never takes very long for ebay & amazon to start selling third party supplies and batteries. My personal bugaboo is how far laptops need to be torn apart to replace these connectors - and - stiff connectors that seem designed to stick out just perfectly far enough and stiff enough to maximally damage the receptacle.

In any case, two conductive contacts ought to be enough for any small or mobile device's power and data needs, and neither is there any no good justification having distinct connectors for networks, disk drives, displays and accessories. USB is among the most phenomical kludges of all time, with all the different connectors, profiles, and adapters - and Apple, as well as HP, and others have gunked it up with all manner of proprietary kludges to negotiate high power charging. The USB-C "standard" connector actually has 24 teeny little pins, doubled up from 12 just so the connector can be rotated 180 degrees. I really don't think it's a step forward to use a 24-pin connector to power a laptop.

One connector is enough when the data is wireless. And it seems like you already got started on the insane assortment of completely unnecessary sizes of barrel connectors just by mentioning them.

If you insist on data being passed over a connector, packets of serial data could be passed over the power connector by modulating the power of the supply or the impedance of the device. Think of POE.

There are more than TWO orientations. A simple cylindrical connector could allow "any" orientation (OK, any orientation that's pointing in the right general direction.), in the manner of almost every non-Apple laptop power connector and pre-USB cellphones.

Especially now that there's all number of wireless data connections, going back to a simple "retro" power connector should be easier than any connector that has to handle both power and data.

When the code executing the CPU resides on the hard drive, compromising the hard drive gives you everything. In addition, hard drive controllers and network controllers could be compromised to provide direct leak paths without involving the CPU using DMA.

If you cannot audit the source code of the hard drive firmware, you must keep hard drives outside of your circle of trust. That means that all hard drive traffic should be encrypted with keys not available to the hard drive. Digital signatures and time stamps can also be employed to ensure that the drive isn't utilizing replay attacks or swapping blocks around. As a bonus, this protects against failures in the transmission path, in even stronger ways than ZFS uses checksums. And remember, once you're out, you're out. There's no coming back.

Oh, it's been reported that the headphone jack doesn't turn off the speakers. So there's that. Some were hoping that a firmware update would somehow fix that. Haven't tried that myself, as I'm using the speakers and the headphone jack probably wouldn't kill the OSD.

Seiki 39" UHDs are cheap and can work just fine for text display.