Forgot your password?
typodupeerror

Comment: Re:Oracle Trashing Java? (Score 2) 88

by muddysteel (#42563225) Attached to: Apple and Mozilla Block Vulnerable Java Plug-ins

I think it's more a matter of the knowledge on how to use Java as an attack vector (and the inclusion into Java exploits into easy-to-use-kits) causing the anti-Java sentiment, not who owns Java.

And some of that sentiment is misplaced: These exploits are largely a client-side problem (e.g., browsers running Java applets or downloaded Java apps) brought on by the servers dishing the Java up not being properly secured and/or managed.

Java's a great language in terms of what it's brought to the forefront of application development - both in terms of standardizing what a language can offer (I still loathe the days of having to decide if I would roll my own containers or memory manager in 'C' vs. picking and paying for someone's 3rd party libraries) as well as the OO aspects it forces you to consider.

Comment: Re:Actually watched Al Jazeera English? (Score 1) 444

by muddysteel (#42496199) Attached to: Al Jazeera Gets a US Voice

Tough to blame the "media" when good old economics + gov't misdirection play a large part of slanted reporting: When you lose the mainstream funding mechanism for solid investigative reporting (newspapers), and the public relies on the Internet style of reporting (skim what's in the news), well, you creating a nice opportunity to paint whatever you want..

Reading bytes of sound bytes @ whenever you boot up the newsreader.

Comment: Re:I've had the opposite experience.... (Score 2) 169

by muddysteel (#42468701) Attached to: Adobe and Apple Didn't Unit Test For "Forward Date" Bugs. Do You?

funny real event: Co-worker could not get his email client to work. Connection is managed using SSL, and the tunnel setup was failing. The reported error was a certificate invalid. That didn't jive with the CA cert - it was issued a year ago and is good for like 20 years.

After looking and looking and looking: He realized his system date was set to 1/1/1980 - his CMOS battery was dead.. Jan 1 1980 is prior to the start of the validity period for the CA cert in use.. ;)

Comment: Re:Bootman (Score 1) 355

by muddysteel (#42433305) Attached to: Free Software Foundation Campaigning To Stop UEFI SecureBoot

You've missed my point: UEFI offers another layer of defense. (And not withstanding, the O/S being adapted to make use of the secure loading, local attestation, etc. etc.) Make sense?

With respect to loading something new - unsigned - depends on how the O/S implements attestation, right? And it does *not* have to exclude one for the other. This is the big deal about UEFI - the difficulty of managing the (trusted) signing keys so that coders can readily deploy a new and/or updated set of code (let alone, test drive it in production!).

And you're absolutely correct on running PHP or Perl or..whatever - unless they do something like Java's sandbox security mechanism (which according to most sources is the #1 attack vector for online attacks). Then you just get another can of worms to defend.

Comment: Re:Bootman (Score 1) 355

by muddysteel (#42426341) Attached to: Free Software Foundation Campaigning To Stop UEFI SecureBoot

It's the "thoroughly written" part that's hard. Secureboot adds another layer of defense to the O/S and applications it loads. Here's what makes it more difficult:

If the BIOS only allows the loading of "trusted" O/S - because it's been signed by a known key, and in turn, the O/S only allows the loading of trusted apps - because they are signed by known keys - then the compromise needs to become trusted in order to run. In other words, unless the compromise is using a trusted key to sign the malware, the O/S will reject loading the stuff.

Thus, just tweaking some bits is no longer adequate - you would now need to re-sign whatever you've changed. And this problem - having to sign code with trusted keys - is at the heart of the petition cited by this poster. It's NOT about secure boot loading (which is actually a good thing); it's about the lack of freely available keys to sign open source code with.

+ - Adafruit to Teach Electronics Through Puppets in New Kids' Show->

Submitted by
coop0030
coop0030 writes "Wired has an article up about how Adafruit, the kit-based electronics retailer and promoter of hobbyist engineering, is aiming to teach electronics to a younger demographic. So young that they’re enlisting the help of puppets. Their new online show, titled Circuit Playground, will teach the essentials of electronics and circuitry to children through kid-friendly dolls with names like Cappy the Capacitor and Hans the 555 Timer Chip. Limor “Ladyada” Fried, Adafruit’s founder and chief engineer (and 2012 Entrepreneur of the Year), will host the episodes, with her team assisting with onscreen and puppeteering duties. Episodes will premiere this March, and Fried holds hope for them to help inspire the next generation of designers and builders."
Link to Original Source

Comment: Issue is BULK (XML) vs. Single (PDF) downloads (Score 1) 194

The recommendation has merit regardless of the political motivation. The heart of the issue is how does one TRUST and verify the INTEGRITY of the download when its transported using XML. What's frustrating is someone's inability to agree to rely on existing standards - there's simply no reason to spend more $$$ reinventing / resolving what's already solved. Doesn't the government currently exchange XML-based information today? Isn't that information secured in such a manner that the provider (say, the contractor of the F-22) can be proven and the validity of the message confirmed? Another side-show and the land of the free where matters such as paying people to entertain us is more important than paying people to educate us.

It is clear that the individual who persecutes a man, his brother, because he is not of the same opinion, is a monster. - Voltaire

Working...