And they use more burp and fart sound effects than all of Hollywood!
I thought the point of the charge was to make the "wooly" side-fibers of the strands wrap around the prey's limbs and/or the microscopic irregularities in the exoskeleton, tangling to it. "Tying" the fibers to the prey would have a similar binding effect to gluing them to it, without the need for glue, and lots of little fibers could make a very strong attachment.
(Stretching fibers made of long chains makes them stronger by aligning the chains along the direction of the stretch.)
Youtube just switched to HTML5 video by default, so perhaps we can uninstall Flash for good now!
But can it play "Badger Badger Badger"?
Why are they still using C to deal with network protocol? Is the performance so critical that it's worth all the troubles?
Also, because there's a lot of C code that has been in heavy use, and tested for correctness, for decades, suitable for reuse with substantial confidence that it's correct (though you check it anyhow...).
Let's see you find code like THAT for a language that hasn't been AROUND for decades. B-)
Why are they still using C to deal with network protocol?
For starters, because it's transparent. The "K&R compliant assembly laguage", as one of my former colleagues once characterized it, translates to object in a clearly understandable way (especially if you turn optimization down or off). Though it gives you more opportunities to create bugs, it makes it hard for the bugs to hide from inspection.
The "higher-level" the language, the more it takes over and inserts its own stuff between you and the metal, and the more opportunity for that to inject an invisible vulnerability - which you might have trouble removing even if you DO discover it.
Meanwhile, many of the things "higher-level" languages protect you from can also be detected and flagged by both modern C compilers and code examination tools - starting with the venerable "lint".
There's a bit more to it than that. My tops would be two points.
First, we're memetically infectuous. Plant a new idea here, and someone will run with it, most likely in some direction you never wished for. Many of our memetic infections are downright dangerous, lethal, destructive, etc. Contact might well be considered irresponsible, no matter how well intended.
Second, there's the thing I mentioned about our reverse-engineering technology. They might accidentally give us more capability than they wanted to. Not that we'd be any threat to them, but we've been sitting here for however long with the Doomsday Clock close to midnight. Give us something new that can be weaponized, (We've been able to turn just about everything into a weapon, perhaps the most resistant invention was the "death ray", the laser - it's had so darned many peaceful uses and has been very hard to make into aweapon.) and we will do so. Perhaps that weapon might be what tips the scale, ticks the clock, or whatever metaphor you like.
The truth is that many firms simply don't have the staff and budget needed to support an internal SOC. They also don't have the budget for an MSSP. With that, Mike Rothman of Securosis noted that these firms are "trapped on the hamster wheel of pain, reacting without sufficient visibility, but without time to invest in gaining that much-needed visibility into threats without diving deep into raw log files".
In my experience it is not the budget but the politics.
Is your company's security worth the expense of an additional tech? Or are office politics the reason you cannot get an additional tech?
Does whomever is in charge of your technology have the authority to say "no" to requests from other departments? And the political capital to make it stick?
I've seen too many examples of companies "suffering" from the problems their own decisions/environment created.
Retrofitting security is not the answer.
Link to Original Source
I can guarantee you that if the Govt. left it up to drivers to get the proper training and instruction on how to operate vehicles safely, people wouldn't do it.
Interesting claim - since it doen't work that way for guns.
Where the government requires training, most gun purchasers take the minimum required, then stop. Where it doesn't, most people start with the course recommended by the gun stores (which is far more comprehensive - and more focussed, with less time spent on political indoctrination B-) ) and also do substantially more range time, until they feel adequately competent. (Then there are those that get interested in shooting as a hobby...)
A similar effect is the reason police normally don't shoot at private ranges simultaneously with civilians. Most police are embarrassingly HORRIBLE shots and pistol-handlers - because they do only the minimum training and practice required by the department (which has lots of other stuff for them to do while they're being paid for their time), and almost never have to actually fire their gun during their work.
Ford F150 Lariat.
For the 5 1/2 ton towing capacity (which also translates to "won't blow the engine head gasket towing a loaded trailer up CA 88 like the van did" - turns out they designed that vehicle's engine with the cylinders too close together so this one pair had a very thin piece of gasket between them,..).
(No time to get the GVR before I have to get to work...)
I'm going on what the dealer told me. If I was led astray the cost of the vehicle has been a couple grand higher than it otherwise would have been.
Link to Original Source
Link to Original Source
As pointed out in the article, the program must use gethostbyname() on a name supplied by the attacker.
A much more mitigating factor is that the bug is only exercised if the name looks like a numerical id, and according to their search most software first checks this using inet_aton() and only calls gethostbyname() if this fails, thus avoiding the bug.
I have yet to have one such buffer overflow bug in my code
Yea, right. You know the authors of this function probably thought that too. They had no counter examples until now, just like you and your code.