I should also add that what they are doing is at best a "semi-formal specification". Still pretty clunky.
Yes, very much so. Most languages do not have formal specifications.
First, almost nobody can read a formal language specification with any reasonable degree of fluency. And second, an informal (but exact) specification does a much better job.
For example, my keyboard has exactly 256 Bytes of FLASH storage. And if you put malware in there (which it is too small for), it loses its keymap. So "most" is really "some, and in particular devices modified for this" here. In addition, this attack need to be customized for each specific device, which is expensive. And many devices are not even reprogrammable without circumventing MCU protection bits.
This is mostly a non-issue with regular devices.
Not necessarily. In most cases at least respectable researchers have a tech-report variant on the web. Also, who checks quotes in CS?
From a humanitarian perspective, the quandary is "Do we want to allow the weakest among us to make decisions they are unqualified to properly weigh?"
Alternatively we could choose not to treat them like a helpless puppy or small child and accept that their decisions are as valid as yours and mine.
Honestly judging someone's qualifications to make decisions based on their financial state is pretty condescending.
So your rationale for accusing the NSA of something is "They do other bad stuff, clearly they do this as well?"
There is nothing in a packet's headers that will indicate what route it took to get somewhere, no matter what sort of analysis you apply to it. The only 3 clues you have are the TTL, the source MAC address, and the source IP address.
In the firmware development group I work in we actually have a good amount of diversity.
We will hire anyone with talent.
The lack of opportunity is not in the hiring area. It is in the home and education. Hiring someone because of race is bigotry. I doesn't matter if the race happens to be anglo or african descent.
The Vendor will have issues with their product running if you do not configure the firewall correctly and will cost the Vendor support time.
If you get hacked because you let malware onto your POS systems or put a compromised machine on the network it is your problem.
A firewall will just prevent an exploit of a service. So only run the services you need. The real issue for this POS would be an exploit that gains access to the SQL server and a firewall is probably not going to stop that.
Sorry, for the person I have this observation from, 1000 was actually on the lower end of what he needed. And yes, that was the right approach to the problem. He then found Java was a toy pretending to be a professional tool.
He ended up using processes and shared memory, which was a lot more complicated but did not suffer from extreme slowdown above a few hundred threads. Erlang would have been a viable alternative.
I also did say that this capability of Erlang was "special purpose". So what do you complain about?
Which is exactly why this does not use V3.
To be secure you really need to have the option to lock down the hardware and only allow updating with signed modules. It is actually part of the FIPS regulations.
The author really has no clue. He also doe snot understand what static and dynamic typing means and that it is orthogonal to weak and strong typing. Or that whether you have GC or not is not necessarily dependent on the language. You can attach a GC to C and have it working reasonably well.
This article was written by an incompetent wannabe.
You will get no argument from me on that.
Yes, this joker probably meant "has a more complex type system".