Forgot your password?
typodupeerror

Comment: Re:Bruce Perens (Score 1) 222

by QuietLagoon (#48039007) Attached to: Back To Faxes: Doctors Can't Exchange Digital Medical Records

When Bruce Perens was getting questions from slashdot, I asked whether Obamacare should have mandated the use of open source software....

Easy to ask, difficult to do.

.
Obamacare barely passed when Congress considered it. If such an open-source requirement were in the law, then lobbyists from EPIC-type companies would be all over Congress, and Obamacare would have never passed.

Companies pay lobbyists to make sure Congress passes laws that put money into the companies' coffers. Things like cost-efficiency are not part of that equation.

Comment: To be used as a justification... (Score 1) 263

by QuietLagoon (#48027369) Attached to: Microsoft's Asimov System To Monitor Users' Machines In Real Time
Asimov is going to be used by Microsoft to justify what Microsoft wants to do, no more, no less.

.
Microsoft will be the sole collector and interpreter of the data.

Microsoft will release information about the data collected only when such information justifies what Microsoft had wanted to do anyway.

Comment: To summarize: (Score 3, Informative) 302

by QuietLagoon (#48010103) Attached to: Consumer Reports: New iPhones Not As Bendy As Believed
The iPhone 6 Plus, the iPhone 6, and the HTC one (M8) have abnormally low resistance for bending forces (less than 90 pounds).

.
While the iPhone 5, the LG G3, and the Samsung Galaxy Note 3 are much better in this regard (all >= 130 pounds), with the Samsung Galaxy Note 3 at the top of the tests with 150 pounds.

Comment: Re:C# using xamarin (Score 2) 314

If you plan to develop for more than one platform, keep in mind that the greatest amount of effort will be expended as you port the single-platform app to the second platform.

.
So, as the parent suggests, start from the beginning targeting multi-platform in your design stages. A small amount of extra effort in the beginning will save you a large amount of work down the road. And your apps will be less buggy.

+ - Protecting America's Processors

Submitted by aarondubrow
aarondubrow (1866212) writes "The National Science Foundation and the Semiconductor Research Corporation announced nine research awards to 10 universities totaling nearly $4 million under a joint program focused on Secure, Trustworthy, Assured and Resilient Semiconductors and Systems. The awards support the development of new strategies, methods and tools at the circuit, architecture and system levels, to decrease the likelihood of unintended behavior or access; increase resistance and resilience to tampering; and improve the ability to provide authentication throughout the supply chain and in the field.

"The processes and tools used to design and manufacture semiconductors ensure that the resulting product does what it is supposed to do. However, a key question that must also be addressed is whether the product does anything else, such as behaving in ways that are unintended or malicious," said Keith Marzullo, division director of NSF's Computer and Network Systems Division."

Comment: Following the law... (Score 1) 353

by QuietLagoon (#47999781) Attached to: FBI Chief: Apple, Google Phone Encryption Perilous

... "I like and believe very much that we should have to obtain a warrant from an independent judge to be able to take the contents," FBI Director James Comey told reporters. ...

Unfortunately his statement is not reflective of the government's behavior over the past few years.

.
If the government had obtained warrants when they wanted to browse through peoples' emails and conversations (on the phone, on the network, or in the datacenter), then I doubt if google and apple would have seen the need to take this step.

Comment: Re:"could be worse than Heartbleed" (Score 5, Informative) 317

by QuietLagoon (#47996055) Attached to: Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

Outside of malicious HTTP headers landing in environment variable in CGI land, I'm hard pressed to think of another reasonable vector for this bug to be a problem...

This blog post mentions php, c++, python, et alia, as another attack vector.

This means that web apps written in languages such as PHP, Python, C++, or Java, are likely to be vulnerable if they ever use libcalls such as popen() or system(), all of which are backed by calls to /bin/sh -c '...'. There is also some added web-level exposure through #!/bin/sh CGI scripts, calls in SSI, and possibly more exotic vectors such as mod_ext_filter.

Comment: Not just bash... (Score 1) 2

by QuietLagoon (#47994941) Attached to: Significant BASH vulnerability found
There appear to other aspects of this vulnerability.

.
For example, if /bin/sh is symlinked to /bin/bash...

Another good overview is here.

Reports on the latest Bash bug have gone from bad to worse, as damage from the bug spreads and many early patches are proving ineffective. Unlike Heartbleed, Bash attacks allow for remote code execution, allowing an attacker to exploit the vulnerability for malware distribution. Most attacks from the bug will target web servers and network devices, with experts saying that PHP-based web applications will be particularly vulnerable. Connected devices like smart appliances are also expected to be vulnerable in the long-term, since the devices are often slow to be patched, but early reports indicate an alarming number of systems may be at risk. As Kaspersky Lab's David Jacoby put it, "the real scale of the problem is not yet clear."...

Everyone has a purpose in life. Perhaps yours is watching television. - David Letterman

Working...