More

fidget · on July 3, 2017

Yeah, we really should rewrite the kernel.

digi_owl · on July 4, 2017

Err, that is not an excuse. That just leads to the question of why there is a second kernel metastasizing in userspace.

drdaeman · on July 3, 2017

Was already done, many times. Device drivers is the issue it never took off.

fidget · on June 21, 2017

That's GRSecurity for you

fidget · on June 15, 2017

Man, I've got some horrible news about your CPU.

was_boring · on June 16, 2017

Sad, but true https://arstechnica.com/security/2013/12/we-cannot-trust-int...

fidget · on June 5, 2017

There are other bad things about ssh. Tofu sucks balls and ssh users are far too comfortable with it.

voltagex_ · on June 6, 2017

Had to look it up. https://en.wikipedia.org/wiki/Trust_on_first_use

What would you replace it with?

transitorykris · on June 6, 2017

Signed keys. Here's an example of how to do it from Digital Ocean: https://www.digitalocean.com/community/tutorials/how-to-crea...

arghwhat · on June 6, 2017

Well, feel free to come up with a better solution. 3rd party trust roots are way worse.

madmulita · on June 6, 2017

The server key can be signed by a trusted authority, no need to trust on first use.

fidget · on May 15, 2017

Doesn't particularly make a difference, given that this issue is about users not upgrading (for whatever reason) their windows XP installations. Would the exploit having being disclosed by the NSA or by someone else have changed the fact that these users would not have upgraded and gotten a patch?

jrimbault · on May 15, 2017

Can I have my cake and eat it too?

People should keep systems under their responsibility up to date.

And people should disclose security vulnerabilities.

bsder · on May 15, 2017

Um, a LOT of drivers broke on the change from XP to Vista.

If you controlled a piece of hardware, you may not have had a choice to upgrade.

The lesson is that closed-source is anathema to a good security policy.

fidget · on May 8, 2017

His arms and influence is also changed the way I view conflict between states.

fidget · on May 3, 2017

It's not strongly coupled beyond requiring that the wrapper implement a `Cause() error` method. I don't really think that could ever be considered strong coupling

fidget · on April 28, 2017

So short it

snarf21 · on April 28, 2017

Exactly, they are still at almost $20B in quarterly ad revenue. Facebook is their only competitor because of its captive and mobile audience. Plus they are already diversifying with more bets on the cloud plus things like Waymo, etc.

Edit: misquoted data thinking it was yearly not quarterly.

mrdodge · on April 28, 2017

More like nearly $80 billion in yearly ad revenue. $20 billion is their profit.

fidget · on April 25, 2017

Please let me know where you work, so I can avoid any product potentially produced by you.

fidget · on April 13, 2017

Are you suggesting that you had a concurrency bug that was solvable without changing your entire storage layer? Heresy..