Can we really trust IT?

Message boards : Politics : Can we really trust IT?
Message board moderation

To post messages, you must log in.

Previous · 1 · 2 · 3 · 4 · 5 · 6 · 7 · 8 . . . 11 · Next

AuthorMessage
Profile Ex: "Socialist"
Volunteer tester
Avatar

Send message
Joined: 12 Mar 12
Posts: 3433
Credit: 2,616,158
RAC: 2
United States
Message 1339463 - Posted: 19 Feb 2013, 22:12:08 UTC

'Cause Java sucks.
#resist
ID: 1339463 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1339564 - Posted: 20 Feb 2013, 5:26:16 UTC - in response to Message 1339463.  

'Cause Java sucks.

It does.

Wonder if the press will report the fact that a website needed to be breached before this Java hole could be exploited? Nah, that might implicate FLOSS as being the source. That doesn't sell advertising space.

Apple has the update available for download.

ID: 1339564 · Report as offensive
Profile Ex: "Socialist"
Volunteer tester
Avatar

Send message
Joined: 12 Mar 12
Posts: 3433
Credit: 2,616,158
RAC: 2
United States
Message 1339611 - Posted: 20 Feb 2013, 7:01:03 UTC - in response to Message 1339564.  

'Cause Java sucks.

It does.

...

Took the IT industry many years to admit that, all the while myself as a lowly end-user could see hands on how junky it was and could watch those updates roll in from Oracle AND MS back in the days I used Windows 24-7...

I used to think, "man, all this for software that usually runs like crap and crashes?"

Fortunately many sane people out there now are recommending to not use it. Their reasons are mainly security related, but the other plus of not using it is not having to deal with software built on it.
#resist
ID: 1339611 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20140
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1339679 - Posted: 20 Feb 2013, 14:31:28 UTC - in response to Message 1339611.  

... I used to think, "man, all this for software that usually runs like crap and crashes?"...

Is that all a question of design for the benefit of Monopoly and Marketing or for producing a good product for the good of the users?

Can you "trust" Marketing?...


IT is what we make it...
Martin


See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1339679 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20140
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1339680 - Posted: 20 Feb 2013, 14:34:01 UTC
Last modified: 20 Feb 2013, 14:34:43 UTC

Another worrying aspect:


Google Play Store's "privacy problem" is taxing

Google Play Store logo Google's Play Store is giving out email addresses, post codes and full names to the seller of an Android application whenever an app is purchased, according to an Australian developer's report. Calling it a "massive, massive privacy issue"...

... other developers had observed the same problem. It was in one of the later discussions that a Google employee explained that the details were handed over because the developer was the merchant of record and had a number of responsibilities legally regarding taxes. ...



Unfortunately, I suspect that opens up a whole host of avenues for abuse...

IT is what we make it...
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1339680 · Report as offensive
Sirius B Project Donor
Volunteer tester
Avatar

Send message
Joined: 26 Dec 00
Posts: 24875
Credit: 3,081,182
RAC: 7
Ireland
Message 1346085 - Posted: 13 Mar 2013, 9:16:51 UTC - in response to Message 1339680.  

Maybe some more of this might wake them up....

Google hit by $7m fine in US
ID: 1346085 · Report as offensive
Profile Bernie Vine
Volunteer moderator
Volunteer tester
Avatar

Send message
Joined: 26 May 99
Posts: 9954
Credit: 103,452,613
RAC: 328
United Kingdom
Message 1346134 - Posted: 13 Mar 2013, 12:17:11 UTC

Most routers are sold new in an unencrypted state.


If you get one from your broadband supplier, BT, Virgin, Talk Talk, etc they have a password already set. From my flat I can see a dozen or more different WiFi routers and only one is not encrypted.

My feeling is if you leave your WiFi wide open you have to suffer the consequences . In my eyes Google did nothing wrong, in fact they performed a public service by highlighting the problem. And now as part of the judgement have to run a publicity campaign to get people to protect their data.
ID: 1346134 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1346269 - Posted: 13 Mar 2013, 19:29:25 UTC

FOSS, can it be trusted?
http://www.networkworld.com/news/2013/031313-opensource-security-267636.html
Security of open-source software again being scrutinized
Network World - A recent round of flaws discovered in open-source software has reignited concerns that security is getting bypassed in the rush to continue expanding the large and extremely popular code base used by millions.

For instance, although the Java-based Spring Framework was criticized by security researchers in January as having a major flaw that allowed remote-code execution by attackers against applications built with it, the updates to Spring this week don't address this security problem.

"Unfortunately, this is the way a lot of open source vulnerabilities go," said Jeff Williams, CEO at Aspect Security, which pointed out two months ago that the "expression-language" feature in Spring should be disabled until the issue related to potential remote code execution is remediated. But the updates to Spring out this week don't address this problem, though they do expand Spring functionality. Spring Framework is managed under SpringSource, a division of VMware.

"They are busy with actual functional stuff and so their incentives are always to minimize the importance of security issues," said Williams.

IT, it is a reflection of humans.

ID: 1346269 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20140
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1346286 - Posted: 13 Mar 2013, 20:06:06 UTC - in response to Message 1346269.  

FOSS, can it be trusted?
http://www.networkworld.com/news/2013/031313-opensource-security-267636.html
... the Java-based Spring Framework ...

"Unfortunately, this is the way a lot of open source vulnerabilities go," said Jeff Williams, CEO at Aspect Security, ... Spring Framework is managed under SpringSource, a division of VMware.

"They are busy with actual functional stuff and so their incentives are always to minimize the importance of security issues," said Williams.

IT, it is a reflection of humans.

That is actually a very good example of commercial compromises.

Also interesting how one non-representative example is being used as a global slur. Is that possibly another commercial concern touting for business in a very tough software area where 3rd party 'Security' is not required?...


Java is certainly suffering a few ongoing problems for the time being. However, that is NOT the entire world of FLOSS.


Meanwhile, as is typical for this time of month:

US-CERT Alert TA13-071A: Microsoft Updates for Multiple Vulnerabilities

National Cyber Awareness System
TA13-071A: Microsoft Updates for Multiple Vulnerabilities

Original release date: March 12, 2013

Systems Affected

* Microsoft Windows
* Microsoft Internet Explorer
* Microsoft Office
* Microsoft Server Software
* Microsoft Silverlight

Overview

Select Microsoft software products contain multiple vulnerabilities.
Microsoft has released updates to address these vulnerabilities.

Description

The Microsoft Security Bulletin Summary for March 2013 describes
multiple vulnerabilities in Microsoft software. Microsoft has released
updates to address these vulnerabilities.

Impact

A remote, unauthenticated attacker could execute arbitrary code, cause a
denial of service, or gain unauthorized access to your files or system.

Solution

Apply Updates...


Plus the pain and anguished users when inevitably a few systems become broken from those updates...

Curiously, other OSes do not feature every month in such critical alerts.



IT is what we allow commercial concerns make it...
Martin

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1346286 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1346294 - Posted: 13 Mar 2013, 20:18:11 UTC - in response to Message 1346286.  
Last modified: 13 Mar 2013, 20:18:21 UTC

That is actually a very good example of commercial compromises.

Precisely the compromise necessary to make any project useful to more than one user.
ID: 1346294 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20140
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1346368 - Posted: 14 Mar 2013, 2:02:48 UTC - in response to Message 1346294.  

That is actually a very good example of commercial compromises.

Precisely the compromise necessary to make any project useful to more than one user.

Nope.

Which is where FLOSS is so powerful.


IT is what we make it,
Martin

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1346368 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1349136 - Posted: 21 Mar 2013, 17:21:36 UTC

ID: 1349136 · Report as offensive
Sirius B Project Donor
Volunteer tester
Avatar

Send message
Joined: 26 Dec 00
Posts: 24875
Credit: 3,081,182
RAC: 7
Ireland
Message 1349599 - Posted: 22 Mar 2013, 20:21:16 UTC - in response to Message 1346134.  

Most routers are sold new in an unencrypted state.


If you get one from your broadband supplier, BT, Virgin, Talk Talk, etc they have a password already set. From my flat I can see a dozen or more different WiFi routers and only one is not encrypted.

My feeling is if you leave your WiFi wide open you have to suffer the consequences . In my eyes Google did nothing wrong, in fact they performed a public service by highlighting the problem. And now as part of the judgement have to run a publicity campaign to get people to protect their data.


Update on router access....

...& eye opening to say the least.....

Hacker's secret Internet census

Internet Census 2012 - Link from the above link
ID: 1349599 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1349611 - Posted: 22 Mar 2013, 21:45:15 UTC

More FOSS http://boinc.berkeley.edu/dev/forum_thread.php?id=2694&postid=48309 that seems to have security holes ...
CPDN main project

I am afraid we have been forced to take the independent climateprediction.net message board (the phpbb forum) offline for investigation and maintenance. On the evening of Wednesday 20th March a hidden iframe redirect was found on a number of pages on that message board. We are currently looking into this security issue. The main portion of the CPDN website is also hosted on this server, and so this portion of the website is also offline. We hope to resolve this issue soon and restore normal services.

This problem does not affect the availability or download of climate models and the upload servers are available as usual.

The CPDN Team


ID: 1349611 · Report as offensive
Sirius B Project Donor
Volunteer tester
Avatar

Send message
Joined: 26 Dec 00
Posts: 24875
Credit: 3,081,182
RAC: 7
Ireland
Message 1350342 - Posted: 25 Mar 2013, 1:32:01 UTC

How long before we all have to stop & think before installing ANY software?

FBI using NSL's
ID: 1350342 · Report as offensive
Profile betreger Project Donor
Avatar

Send message
Joined: 29 Jun 99
Posts: 11358
Credit: 29,581,041
RAC: 66
United States
Message 1350348 - Posted: 25 Mar 2013, 1:44:22 UTC - in response to Message 1349611.  

Sick.
ID: 1350348 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1351290 - Posted: 27 Mar 2013, 22:04:26 UTC

ID: 1351290 · Report as offensive
Profile James Sotherden
Avatar

Send message
Joined: 16 May 99
Posts: 10436
Credit: 110,373,059
RAC: 54
United States
Message 1351469 - Posted: 28 Mar 2013, 12:33:16 UTC

Makes we wonder if maybe N.Korea is behind this to disrupt communication.
[/quote]

Old James
ID: 1351469 · Report as offensive
Sirius B Project Donor
Volunteer tester
Avatar

Send message
Joined: 26 Dec 00
Posts: 24875
Credit: 3,081,182
RAC: 7
Ireland
Message 1351628 - Posted: 28 Mar 2013, 21:01:39 UTC

Biggest attack to date.....

Global Internet slows due to biggest attack in history

....how soon before they really hit it hard?
ID: 1351628 · Report as offensive
Sirius B Project Donor
Volunteer tester
Avatar

Send message
Joined: 26 Dec 00
Posts: 24875
Credit: 3,081,182
RAC: 7
Ireland
Message 1351637 - Posted: 28 Mar 2013, 21:54:30 UTC - in response to Message 1351633.  

It's when not if ...



??? What left field did that come from? I just said how soon, that doesn't sound like an "if" to me.
ID: 1351637 · Report as offensive
Previous · 1 · 2 · 3 · 4 · 5 · 6 · 7 · 8 . . . 11 · Next

Message boards : Politics : Can we really trust IT?


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.