In Arizona, the police routinely have to rescue people [not in bot cars] who drive around roadblocks into flooded arroyos and wind up with their vehicles [stranded]
Most are also anti-vaxxers. Change My Mind!
Of course, I've always said that if you have untrusted users you are fucked. LPEs are a dime a dozen and can break anything, even VMware tenant separation.
The problem is, you're going to be opening connections outward, and you might be compromised that way. Say, through your browser. As long as LPE remains possible then that opens the door to owning your whole system, to say nothing of the damage they can do to your data even without one.
> calling for a much higher cadence of robotic lander missions.
I hope they revive VIPER. It was cancelled for being over-budget, but did important science. They alleged have a nearly completed probe in storage. Cutting edge needs a degree of flexibility.
> Fauci (DOCTOR) says that if you're vaccinated you won't get it.
I did NOT find that clip, please give a time stamp. But several times he used variations of "high degree of protection", and NOT anything implying 100%". He had to speak thousands of times around the US, and maybe out of those thousands he ONCE slipped, I don't know, but WHY do you IGNORE the 999 out of 1000???? That's spinning on your part, Repent to Jesus or bake!
> They knew exactly what they were saying
Apparently YOU and MAGAs don't. Blinded By Bias.
The issue is Microsoft has their own people who have mission and authority similar to CISA but scoped to the organization as do many of the other institutions I see making this class of error.
It isn't that institutionally they don't know better, or even individually they don't know better, it is an operationalization problem and there simply exists to much pressure in terms of time time to be sloppy with a credential, coupled with the near certain knowledge that even if that sloppiness is process or policy violation it is sure to go unnoticed or at least unpunished unless something bad happens and even then it still might not carry much in the way of personal consequences.
Fundamentally SaaS/PaaS/Cloud security is far to reliant on not just everyone knowing what they are supposed to do, but actually doing it dependably and consistently everyitme. It simply does not work at scale.
Zero-trust just isn't a very good model over all because it makes everything about identity and discretionary access management, and people are just not that good at identity management. They are better about DAC, but even then there is a lot of templatation to just say sure give'em repo access.
A trillion pairs of mismatched socks clinging together out of the dryer explains the star system attraction forces mistaken for "dark matter".
simply aren't enough launch customers to justify the valuation and starlink can't make that up because they're only so many people in the world who can afford $100 a month for internet and don't have access to high quality wired internet.
Militaries and wealthy people in bombed-out areas seems to be a growing customer base. Invady McTintface and Bibi McZionbribe are leading the way.
That being said, it's stupid to try to be both an AI company and a space company. Split focus like that has rarely worked well for large companies over the longer run. GM once tried to become an enterprise software company, for example.
That is going to be the practical result here.
Some code will get released, it will be most vanilla foss projects + a driver or two. You might even be able to build it but your won't be able to sign or run it. Version next will ship some generic kernel module, that provides some ioctl hooks or something and they'll move the drivers into use space, so they don't have to share those either.
Maybe if consumers are lucky there will be some groups of discontinued models where thanks to some signature checking flaw it is possible to monkey with the software without destructive or likely to be destructive hardware modining, and you'll have a scene like when people were running around hunting for v1 - wrt54G accesspoints.. for a some years, but as a practical matter not very many people will get anything valuable.
TIVO-isation is a problem manufactures have pretty well solved. I have to say Linus's unwillingness to try to migrate mainline Linux to GPL-3 has really hurt consumers. It was probably the one project with enough technical weight to have forced some hands, but it also probably would mean a lot less Linux out there today as well.
Great, so Vizio is violating the license and has no right to reproduce the software. I believe the statutory damage limit for each infraction is $150k?
The license gives them the opportunity to stop distribution as a remedy instead.
There's another way to mitigate this, and it's ideologically difficult for a lot of Open Source people to accept...
The big problem is not ideological.
but you'll have to diverge from the tried and true path. AI makes this much easier: instead of using $popular_thing_everyone_uses, you use something else - either COTS or roll-your-own. Yes, it might be bugs, and yes, they might be security bugs, but unless they're painfully obvious issues where you didn't do your due diligence, it's going to be a more obscure target which will require more targeted attacks.
Humans are vulnerable to making the same kinds of errors, and security is hard, so you're going to either be highly likely to make predictable errors that are going to be easy to find or you're going to need to pull in some libraries to handle security.
No, this doesn't solve anything and it's 100% "security through obscurity".
IOW it's not a useful suggestion, especially now that there are exciting new tools for finding vulnerabilities rapidly.
I gave up on NoScript a long time ago. Too difficult to use. Too many broken sites.
I have to use Chromium to access a few sites which are important, like for paying certain bills. Those sites don't work in Firefox with or without noscript; even when I enable all scripts, they still don't work. Anything not critically important which doesn't work when I enable all the scripts I'm willing to enable, I just don't go to, and I'm better off.
Yet Microsoft Word requires a maximum of tens of megabytes of RAM per document. And arguably Word is more powerful.
Word can't even draw text while scrolling at speeds above a crawl because its rendering engine is such pathetic trash, so very much no. It also can't keep its UI drawing reliably if left running for a few days, even after windows are forced to refresh some elements won't draw until every window is closed (since they all run under one executable like it's the fucking 1980s because Microsoft doesn't trust their inter-process clipboard functionality to work correctly) and so on. Every part of office is hot garbage, and Word is absolutely not an exception.
We're not living in the 1990s any more. Hell, the 1990s weren't the 1990s, but consolidation
...which was illegal before Bill Clinton signed the CDA...
I miss the instant gratification of those desktop IDE's. It's hard to unsee it as dev tooling grows more bloated and indirect over time.
Maybe Cherokee Nation Will Return. Nobody has mathematically proven the bloat must be in there. I suspect it's resume buzzword crack. YAGNI still means something. Every "desktop IDE's can't do X" claim I've encountered has been debunked. (Not claiming they have it, only that the Laws of the Universe don't forbid it.)
I would have loved to have specialized in Delphi/Lazarus. The web convolutificated UI coding. I miss the days of focusing on domain issues instead of ever-changing buggy layer-filled tooling. DOM sucks the big one. Where's that DeLorean when I need it?...
I cannot draw a cart, nor eat dried oats; If it be man's work I will do it.
