While I generally think Rust (or some other "more secure" language) is better, I do agree very much with the "security guys who happen to like rust" sentiment.

While using Rust can almost inevitably improve a number of other security-related aspects, it does not protect vs. timing and sidechannel attacks that are very important in cryptography. Casual re-implementation of an algorithm might easily reintroduce such issues.

Issues like that might stay buried for a long time, apart from the "three letter agencies" that will most likely do their own private analysis in any case.

The death clock for it is already probably ticking. Gone in a year or few. Investing any time on it would be a waste.

The pessimist in me thinks that if anything is to be learned of past history of Firefox development, the next step after removing a feature from core and into extensions is to deprecate / remove the API(s) this extension relies on to function. Or at least the APIs that enable it to work in a comfortable manner vs. UI experience.

Personally I use RSS feeds of 7 different blogs (wow, blogs still exist?) in order to easily follow when new posts are made. It's not much, but at least I don't have to manually check them out, quick browse through live bookmark menu is enough.

Actually some sources say that it has been in the "North Bridge", e.g. what has been known as "Platform Controller Hub" ( https://en.wikipedia.org/wiki/... ) for some time. For example, see ME references in https://www.intel.com/content/...

However, it is stated in the above Wikipedia article: "Beginning with ultra-low-power Broadwells and continuing with mobile Skylake processors, Intel incorporated the clock, PCI controller, and southbridge IO controllers into the CPU package, eliminating the PCH for a system on a chip (SOC) design." This makes it unclear whether also the ME component has been integrated into the CPU package in SoC style in these newer CPUs (assuming that it has been there in the first place.) ... I sure wish Intel themselves would explain all this. And also state their reasons for pushing this crap.

.. case sensitive filenames by default? :D

Just wondering. I know HFS+ can have case-sensitivity, but not sure if it is on by default. And some people seem to be discouraging that, based on quick googling.

I see that you don't realize that randomizing, etc. just makes your "signature" more unique. And if you give less information, it makes you more unique too.

The best way to be less unique would be to be very average, or at least look like the majority - e.g. probably the average Windows installation with basic fonts, etc. and most common version of Firefox/Chrome (which varies as time goes by).

The first thing that popped out as I glanced through the post was:

And I thought to myself, "slowly? .. well, it's father of Java, after all."

And this surprises you exactly .. how?

TFA and the original source (press release from Forum Nokia, http://blogs.forum.nokia.com/blog/nokia-developer-news/2011/03/25/open-letter-to-developer-community ) reveal that:

And further ..

Finally it is stated:

So there's nothing saying that Nokia will suddenly stop supporting Symbian in 2012. It'll just fade out gradually, and even they don't admit knowing when it will fade out completely.

Uhm, Wine does not work that way. It does not allow access to hardware level any more than any other user-space application gets, there is simply a emulation layer for D3D implemented that "translates" the API to OpenGL. Windows software using OpenGL, on the other hand, gets a much thinner wrapper to pass OGL calls to native OGL.

This won't be an issue anytime soon, as I see it. I doubt Wayland will be _really_ ready for prime-time until, say, 5 years from now on. And Nvidia may just seem disinterested outwards, it is entirely possible they are simply just considering the issue internally and do not want to make any verbal commitments, as is typical for companies.

Umm, excuse me, but FFmpeg project has nothing to do with Xiph.

I remember the "process", or rather the pain, of using Symbian SDK being on about the same level nearly 9 years ago. Which is exactly why Symbian is shit, and how Nokia in general sucks -- they've had a headstart of 10 years to make Symbian development experience better, but it's still the same piece of pigeon poop it was nearly decade ago.

Google and Apple have done better in way lesser time, and seemingly had the sense to avoid at least some of Symbian's mistakes (albeit they seem to have problems of their own, of course), but Nokia hasn't had the sensibility to improve their primary platform. I guess they finally did admit Symbian's inferiority by the partial move to Maemo/Meego.

I'm not even going to start with the often confusing mess that Symbian platform itself is...

And what about those BIOS/EFI[1] firmware-based hypervisor rootkits? If someone is able to gain root access in a given system that is somehow "vulnerable" in such way that a permanent EFI (or similar) rootkit can installed, then you'll be fucked even with the read-only media and all.

Speaking of which, I don't understand why manufacturers are so eagerly adding all this new intelligence into the firmware. What do we need it for anyway? IMO it would be so much simpler from security perspective, if the OS would be at the bottom of it all. Added complexity adds new possibilities for exploitation.

[1] http://en.wikipedia.org/wiki/Extensible_Firmware_Interface