Actually - that their software is open is irrelevant to the problem. Are they running their own servers with openssl/openvpn/??? or using third party appliances? Did THEY create and build the hardware from the ground up or purchase it from a third party? The balance of probabilities may say their inter-DC encryption is done on a secure, up-to-date and built-and-operated-to-best-practices RH server, but it's not a guarantee.
And just like this scenario with Microsoft, how is anyone going to audit the deployment? RH will most certainly not allow twenty million users to tour their datacentres and audit each and every device. So just like Microsoft's environment, and despite RH's code potentially being open, there is absolutely no way to vet the environment. You have to trust the organisation (and each and every person involved in the decision tree). I really don't see a significant and meaningful difference - the open code has no bearing whatsoever on what's actually running (both code-wise and configuration-wise).
I'd guess the potential killers have higher moral standards than the execs, and don't want to inflict the mental pain / sorrow on the not-guilty family members. Sadly this means the morally bankrupt studio execs can't be expunged from the gene pool.
That and there's a huge line of contenders to replace the execs anyway, all with moral compasses permanently set to "screw everyone except me".
Think of it more like a reminder and a chance to begin the education of those who were suckered in by their friends/colleagues (and who aren't/weren't privacy-conscious to start with).
I don't have a Facebook account now because of privacy concerns. But I didn't get one originally (04-05 I guess?) because frankly I'm a bit of a loner and I couldn't think of a group of people I'd rather avoid than those with whom I went to school. Yes, I've missed out on staying connected to people with whom I'd want to continue to associate (Uni friends), but I'm not sacrificing my privacy for it now. I'd rather be detached and a little boring. It's a choice - but I hope an informed one.
True also for Dell, Intel and HP. And the KVM switch vendors (e.g. Avocent). Problem is that while they'll pay for certs for the newer stuff, they're not going to release any new firmware for the older "not supported anymore" stuff. So all those console switches in your datacentre? Worthless, unless you stick with old Java. Same for managed PDUs hosting a little Java applet. Possibly even some rather large web-managed UPS. Same for thousands upon thousands of other supporting appliances of God-knows how many types. Heck, there are companies still rocking servers that are 4, 5 years old; those aren't getting updates to sign the Java applet either, let alone the 10 year old stuff that still hosts the NT4 app that no-one knows how to replace or migrate.
So basically this is going to force companies to replace perfectly good infrastructure or deal with losing remote access to things, as well as screw with hobbyists who have older stuff in their basement/garage/closet/bedroom.
I don't see them actually claim that anywhere and their paper is not out yet.
The GP included a direct link to the paper, and you blindly state that it's not out!? I know it's fashionable to comment fast and defend the almighty Apple, but you might try more reading comprehension first.
The quote from the paper is on page 566 (remember this paper forms part of a greater work, and therefore the page numbers are a little strange) just above Figure 9. (I do note that the quote above is missing a space between "our" and "app", but that's no excuse for not finding it).
Oh sure, that'll be the same build that finally figures out that some organisations have web servers with names that don't end in
It's woefully consistent - type a server name that is a "recognised external" URL (so something ending in
Couple that with the new "requirement" for Chrome if you want to download the Google Talk [wait no it's Hangouts now] on the desktop (they can pry the desktop Talk client from my cold dead fingers) and the continual forcing of Google+ to view an image in a chat, it's clear Google has already turned into Microsoft V2 and is working on digging in deeper. (Hangouts? Seriously? No, it's not a "hangout" when I send an IM to my son to put the damn garbage out!)
Yeah yeah I know, feed the troll.
Even when you do - the available information is out of date or just plain wrong. For example - the day I made an offer on a place I knew the current resident had a stable ADSL2 connection, and that the RIM at the end of the street had spare ports. The day the contracts were exchanged there were no ports and a waiting list for Internet access.
Fact is the telcos have an active disincentive to invest in Australian broadband (with the NBN coming, or not, or maybe, or halfway, or God only knows what - frankly I suspect even (s)he has given up trying to work it out). My new place might get it within 3 years if the plan doesn't change. Or I might never get it. When I apply for a connection, I get to join a hidden waiting list with no ETA for service. Oh, and I WORK for the telco who would have to do something about the problem and I still can't get information.
Many commercial buildings have a lot of steal in the structure / roof
Ah, so that's why I can never figure out where all my money goes!
Probably because it really does happen to some people - my own gmail address is signed up with a period, and someone else, presumably in the UK, signed up without. I still get Dell UK newsletters for him (and I'm in AU, so if I used my gmail address with Dell, I expect he would receive some Dell AU newsletters). Just because it's publicly stated that dots are dropped does not mean there wasn't a period where either the rule did not exist, or the code to enforce the rule was broken.
I've also sent mail to the version of my GMail account without the dot, and it neither bounced nor arrived in my inbox. I therefore deduce that it was delivered somewhere else.
Fast, cheap, good: pick two.