Thank you for your answer. There is almost no end to the FUD stream, and as I said, it's hard to pick out the signal from the noise.
Many Interneted Thingies work fine on your own cloud. You can find alternatives that don't feed the big Googly database, but you have to shop carefully. Fitbit and Nest don't give you the option; but some of the home automation systems like Vera need no clouds at all.
Password: hedgehog, no doubt.
Would you like your food data shared with your insurance company? How about your weight? Your BMI went above 22 this month. Not good, lower it or else. Your running? You didn't meet your jogging goals for the week. That's it, we're raising your health care premiums. That's a lot of beer you're drinking, and you put a lot of miles on your car, so it looks like we'll have to cancel your auto policy because statistically you're likely a drunk driver.
If you say "OK, share my data", it can go a lot of places you may not intend.
So is there any way to cache Ubuntu upgrades, which would let my large collection of virtual and physical lab machines all fetch them from the LAN instead of the each one having to drag them across its WAN? Might as well fetch the official copy just once, and have everything else update at gigabit speeds.
So if you're still around, and not just drive-by trolling, what do you recommend other than Ubuntu or Mint? (I'm not counting Mint because there's already a thread about that.)
The trouble with these things is that they want to "phone home" too much. For energy conservation, Nest talks to a Nest, Inc. server and tells it too much. The info it needs (outside temp, power grid load status) is freely available from read-only web sites. (Given a ZIP code, the National Weather Service site will return info in XML.) But no, it has to talk to the "cloud" and give out personal information. That's totally unnecessary.
The data gets off it via bluetooth to a more powerful device. So yes, no UI at all.
A computer that has run for three years. That's so cute!
The trick to wearables is not to have a UI. Everyone has a powerful computer with a great UI in their pocket. Wearables should leverage that by providing absolute minimal controls (no more than 1 or 2 buttons/knobs, no more than a small digital watch like display) and should transmit their data to the users phone via BLE. Then an app on the phone should provide more advanced control and display of results. The value of wearables is in providing additional sensors for apps, not in UI.
But we were talking about mitigating measures. That is almost never patch and recompile, it's things like turning off a service, changing the firewall rules, moving servers into a different network - things that are very much within the duties of the sysadmin (with proper clearance and risk acceptance by management, etc. etc.)
Basically, if you have a bug that makes your internal network open to the world, but you can avoid it by disabling feature X in the config file, and your company doesn't require feature X, then that's something the sysadmin can do, and he can do it right now, while the vendor is working on a patch.
The thing is that the manufacturer must not be the one to set the time they get to fix this
I agree on that 100%
most people are not able to do anything without patch.
That depends a lot on the particular problem. In many cases, there are mitigating measures that can be taken until a patch is available, and I'd argue strongly that the people affected should make the call on that, not you or I or anyone else.
By withholding information, you are making decisions for other people. But you are not in a position to make that call, because you are not the one who suffers the consequences.
I advocate for giving everyone all the information so they all can act according to their needs and abilities. I argue for letting people make their own decisions.
I have several Teletype machines from the 1926 to 1940 period. All are in good working order. They're completely repairable; it's possible to take one apart down to the individual parts and put it back together. But they're high-maintenance. There are several hundred oiling points on a Model 15 Teletype. There are things that have to be adjusted occasionally, and manuals and tools for doing that. Every few years, the entire machine has to be soaked in solvent to clean off excess oil, then relubricated and adjusted. This is the price of building a complex machine good for a century or more.
(The Model 33 of the minicomputer era is not one of the long-lived machines. This was by design. The Model 35 was the equivalent long-lived, high-maintenance product; the 33 required little mainenance but had a llimited life.)
The problem is C. Programs in all the languages that understand array size, (Pascal, Modula, Ada, Go, Erlang, Eiffel, Haskell, and all the scripting languages) don't have buffer overflow problems.
It's not an overhead problem. That was solved decades ago; compilers can optimize out most subscript checks within inner loops.
I've proposed a way to retrofit array size info to C, but it's a big change to sell. There are many C programmers who think they're so good they don't need subscript checks. Experience demonstrates they are wrong.
[Just one more reason] to legalize and regulate.
I can see how this kind of story would support legalization (crimes against criminals often go unaddressed), but how would it support regulating? Is theft unusually common with unregulated crops, as opposed to regulated ones?
(Ignorance plea: Heh, it occurs to me that I don't even know what crops are regulated and what isn't. Maybe agriculture is already totally micromanaged by Washington; I sure hear enough stories of corruption (e.g. subsidies) within the topic!)