An attack is still possible. The attack is on vulnerable clients that are tricked into connecting to a rogue AP that is made to look exactly like your existing AP. Whether your AP is fixed or not doesn't matter as it can't stop the rogue AP from showing up. Once your vulnerable client connects to the rogue AP it can be attacked.

Considering your AP is not often a client too (client side is where the real issue is) and you rarely take your AP to other public places they are not the highest priority. The highest priority at the moment are clients like phones, tablets and laptops. They are more likely to go to places where someone might be running a rogue AP.

For people on LEDE:
As the issue is mainly client side (such as when a router acts as a client of another router), two of the three fixes are in packages that can be updated without updating the whole firmware (or even rebooting the router). Updating wpad and hostapd should update them to version xxx-5 which fixes the issue.

There is also a kernel level fix that is going through the motions and will most likely mean 17.01.4 is out soon.

https://forum.lede-project.org...

Javascript is running the internet.

The 'Computer Fraud and Abuse Act' is an American law and so doesn't apply in Switzerland where ProtonMail is based. It might be that Swiss law also bans 'hacking back' but the 'Computer Fraud and Abuse Act' is not relevant in this case.

This is just typical Assange style attention seeking. He has been out of the news for a while and desperately needs people not to forget about him.

The main reason he won’t be handed over to the US any time soon is because he is not wanted by the US. If Assange was wanted by the US there would have been an arrest warrant and an extradition request.

The best chance for the US, if the US indeed had some interest in him, would have been while Assange was walking around freely in the UK between his extradition hearings trying to stop being extradited to Sweden. The US-UK extradition treaty is extremely one-sided in favour of the US so he could been put on a plane the same day.

Now, considering nobody has ever seen a US arrest warrant for Assange and the US has never attempted to have him extradited it is safe to assume that is not one of his major worries.

Right now, Assange is a fugitive of two police forces. The British justice system wants him for jumping bail, the Swedish justice system wants him for a double rape inquiry.

Assange has always maintained he doesn’t want to go to Sweden because he worries about being extradited to the US (even though that is a very weak argument, see above). If he would now have fewer issues with going to the US, why doesn’t he just go to Sweden and face the rape inquiries if he is so confident he has done nothing wrong?

He missed another, Whatsapp uses FreeBSD. Jan Koum even donated USD 1 million to the FreeBSD Foundation to thank them for all their work. https://freebsdfoundation.blog...

The EU is not performing the audit themselves, they are funding the audit performed by a reputable organisation. My bet is that FOX-IT will get the job.

But why would an American go to Panama if they can just go to Delaware?

The people that use services in Panama do that because their local jurisdiction is on the ball w.r.t. tax evasion...

That was a disingenuous response from Facebook and has no bearing on the legality of their tracking. The viewing of content on Facebook.com by non-logged in users was not part of the legal case. Facebook is fined for tracking non-Facebook users on other sites than Facebook.com and none of their actions so far have been enough to legalise their current operation.

So, they may try the same thing as in Belgium but, just like in Belgium, it is completely irrelevant to the case and won't help them one bit.

The technical solution for Facebook to escape massive fines could be to provide websites with a 'social button' whose image is only allowed to be stored locally at the website. Facebook's servers should then only be contacted if someone clicks on the button. In its current design even viewing the button makes Facebook track everyone and that is clearly illegal.

It's not about what average user of SSL Labs understands about it. That's why it uses just a couple of letter grades to communicate an overview of the findings. The most important part is that ordinary users can go to their hoster or a website owner and ask them why their site gets a 'D'. The people who run those web servers will know more about the detailed findings of SSL Labs and implement them accordingly.

A personal example. I know a thing or two about SSL/TLS but some things on the SSL Labs results page are over my head too. However, when I noticed that my own site got an 'F' (because of some old cyphers that were still accepted) I filed a ticket with my hoster. A week later they had upgraded the entire shared hosting environment and upgraded everything to an 'A'. In one fell swoop many thousands of websites had their security upgraded because I sent my hoster a detailed outcome of the SSL Labs test.

I have been running OpenWRT on my Asus RT-N16 for a while now. First OpenWRT 14.07 (Barrier Breaker) and now OpenWRT 15.05 (Chaos Calmer) and it works like a charm. OpenWRT is the most stable alternative firmware I have ever used (compared to SveaSoft, DD-WRT, Tomato Toastman and Tomato Shibby).

You’re right that Broadcom is a pain in the ass and my next router will have an Atheros chip. But if you don’t mind using closed source drivers the Asus RT-N16 works like a charm with OpenWRT.

For anyone wanting to try OpenWRT 15.05 on an Asus RT-N16 I can recommend this post on the forum: https://forum.openwrt.org/view...

On a related note. Is it really true that even today you can find American engineers not using metric units? That must a royal pain for things such as collaboration, documentation, supply chain management, reducing cost, competition etc.

First of all, keep an eye on the updates. They should automatically install (or at least warn of their availability) by default. Apple can push out a separate EFI upgrade or it can be be a part of the next big update (10.10.5 for instance, which is imminent). I expect some or all of these to be fixed fairly quickly.

In the mean time, make sure that you haven’t disabled Gatekeeper (which is on by default). While Gatekeeper can’t defend against infected peripherals you stick in your Thunderbolt port, it can protect against online attacks trying to infect your machine with the Thunderstrike payload. And the chances of being infected through the internet (malicious ads, drive-by downloads, trojans etc.) are far greater than through a peripheral as it can take months or years before an old-fashioned physical malware spread reaches your machines. That’s one of the downsides of the internet, it has made the spreading of malware incredibly fast.

NRK (the public service broadcaster) and all commercial and private stations are moving off FM in 2017. The only stations staying on FM are local stations. They have asked for a 5 to 7 year extension of FM use while DAB+ for local/smaller stations is being rolled out.

So, the plans for the FM space are fairly straightforward. The only thing not in the plan is the inevitable use by pirate stations.

True, but then FM is not going to banned either. It's just that all the big stations in Norway are leaving FM. You can still use your FM radio to listen to small local stations (and probably pilots). You will also still be able to buy FM radios in Norway but they now carry stickers to warn people that they will be of less use from 2017.