As somebody who actually uses ESC in the way it was defined on most GUIs from the 1990-2010, namely "stop this input without commiting the change", I find that sad.
However I came to recognize that the current UI designers seems to like "forwards" and "backwards" pre-defined sequences of things to endure by the user. And so they killed the meanding of the ESC Key in the same way as they already started to make UIs which do not use system/framework element just to look a little better (supposedly) and drop the meaning of the PGUP and PGDOWN key.
Thats the good thing: I did not state that i would define malicious traffic. Then the use has to decide. He/She pays for everything. It's like a car - the gas station does not care if your car uses to much gas due to you driving fast, the car having a problem due to bad service, or the manufacturer lying to you. They bill you for what you use, and it is in your interest to make the best use of it.
If gas would be "free" (a flatrate), people would probably leave the car running 24/7 so that they don't have to wait a few minutes until the AC has cooled it down. They also would not care if that would be the solution proposed by the manufacturer.
The Problem with VW is: They claimed something, whic hthe customers cared about, and they lied about it. As a matter of fact they actually advertised with being environmentally friendly. If the customers did not care about the enviroment it would be a different story.
On which IoT product have seen explicit traceable claims about Security standards on the package or in the advertisements? Have you seen somebody saying: Oh, this setup procedure is safer because I understand i have to type the number on both devices to pair, so i am happily doing that? Or was it more like: "Can you believe I had to press the button for 20 seconds to set it up, worsk so much better if the app just finds everything automatically, and it's cheaper, too"
I hope you get the difference.
As long as data transfer on DSL lines seems to be "free" to the user, the user will not care very much about the possibility that his device is used in a DDOS attack. I believe even the prospect of a minor additional charge (e.g. $10 per year) by malicious traffic for the end user would do much good for the willingness of the user to accept inconveniences which make the IoT devices more secure against arbitrary access.
Good Journalism always means:
* look at the source available to you
* decide which facts you can show by these
* decide which of these facts are of public interest
* summarize these facts
* decide which of your original sources you want to show along with the facts
Well i would think it's ok to treat this like any other insecure channel an transmit challenge and response.
But for sure not a cryptographic key.
It seems that the bug was fixed then, according to the people who did not manage to reproduce the bug on theirs systems (please read trough the comments in the linked bug description to get a impression).
Is Linux "supporting" crappy compiled linux kernels or just "enabling" them?
My experience that there are crappy vendor clones of linux of (i.e. terribly hardware specific, marginally documented, buggy, not maintained), but i have never seen the crap they do being "supported" in the way that it would have made it's way into the mainline (yes, that is what "supporting" means).
Nothing is more admirable than the fortitude with which millionaires tolerate the disadvantages of their wealth. -- Nero Wolfe