The default is:

  1. Allow User MITM (pinning not enforced if the trust anchor is a user inserted CA, default)

So CAs inserted by the corporate networks will be allowed, only verified for CAs shipped by Mozilla

I wish more people were sued to use a Linux distro

SELinux is another leyer of security people should learn. Is it difficult the first time you use it? true, but that doesn't mean it isn't useful.

Every time someone says that SELinux should be disabled, instead of learining how to use it, I remember the days when Windows changed from FAT to NTFS, and people said "disable NTFS, format FAT, filesystem permissions are difficult" :)

For once we beat Debian packaging then

# yum list java-1.8.0-openjdk
Loaded plugins: langpacks, refresh-packagekit, remove-with-leaves, show-leaves
Installed Packages
java-1.8.0-openjdk.x86_64 ... ...

Input this code I show you on screen with this virtual keyboard, and the OS filter everu other input event from that device that is not targeted to that keyboard, validate the input and accept or reject the device, annoying I know, but not impossible to protect

This kind of attack is not new, the new part are the examples of generic devices with hacked firmware to do that. This can be solved easily requesting user autorization before activating any USB device type, for example, before telling the system that there is a new USB network device, ask the user for confirmation. The trick is with input devices, where the new device could be replacing a broken one (keyboard or mouse), the confirmation can be done requesting the user to type a code displayed on screen or using the mouse to use a on screen keyboard in order to accept the input device for general usage. The other problem is with devices permanently attached, assume that any attached device at boot time is trusted, If someone replaced your USB device when you weren't present other more awful things couls have been done.

http://www.drdobbs.com/archite...

I have seen manufacturers enabling their IPMI implementation by default, sharing the primary network interface, add that many people don't know what IPMI is and you get this problem, lot of IPMI devices accesible from the internet

It is a problem of the Android tools for OS X and Windows, on a Linux distribution with a compiled kernel with KVM virtualization enabled (any modern distro), you only install the x86 image and start it without any other install or configuration needed, who would have said that using Linux would be easier than Windows hehe. The only downside is that if you start using KVM VMs, other virtualization solutions like VirtualBox can not be used at the same time, so if you need a Windows VM for your daily work you must run it inside KVM or not use it at all when running Android x86 images

Who built it isn't more important to who designed and tested it. In Venezuela, the state has partenrships with Chinese manufacturers, I have no plan to buy a Chinese mede car here because we don't have a certification or testing infraestructure, we don't have verified dummy tests like USA and Europe has. Why a Chinese made vehicle that pass USA certifications and tests be any different in quality than one make in Europe, if they are different in quality and both passes the tests, the tests are the problem

Thanks, please mod parent up

Are you repeating what I said?

Firefox already support h.264, go to vimeo with a Windows 7 Firefox or Linux with GStreamer plugins and it will play without plugins

Youtube uses EME for 1080p streams, no EME and you only get 720p or lower

Looks like they fixed the offer