Herold of a dystopian future where individuals isolate themselves, and become increasingly radical in a bubble formed by their personal bias. Is there anything I can use to block Republicans? :-)
Or the herald of a utopian future where human beings have the ability to exercise their free will by using technology to free themselves of the intentionally distracting trash disguised as art that makes up the majority of contemporary popular "culture."
If you want to control the area you threaten the local leaders into submission, this was how the West colonized the world. Then you collect their resources, but does the US still need oil at $20 a barrel?
So, it remains unclear what the objectives are with ISIS.
I agree with your (apparently unpopular) opinion. I'd never heard of this as a named law before, but it's just a restatement of critical path analysis in a computing context.
> I agree with your (apparently unpopular) opinion. I'd never heard of this as a named law before, but it's just a restatement of critical path analysis in a computing context.
I suspect it's one of those things that seems obvious in hindsight or in the context of how computers work today. But when it was first discussed, it may not have been as obvious.
I understand it was used as a marketing punchline. Further, the gripe that systems wouldn't scale turned out to be a challenge rather than a death sentence.
That's not the point. Installing Flash player is, of course, very easy to do; it's just that doing so comes only at the cost of slightly decreased security and stability.
Of course, Adobe could have avoided these issues, had they only chosen to release Flash player under an open source license. At this point it's simply legacy software being phased out in favor of HTML5, and is mostly just a nuisance.
Thankfully, ever since Youtube released their HTML5 player, I can't think of a single time in which I was denied access to critically important content because it was locked inside a SWF.
Whats good for one agency may be bad for another, for example the State Department might like Tor because it facilitates anonymous informants while the NSA might not like it because they can't read your email.
I am not even sure if the NSA's mission extends to defending civilians.
As it reminds us that the pursuit of scientific knowledge can often distract brilliant people from addressing social problems. I wonder if the glut of research scientists is one of the mechanisms by which the status quo is preserved.
I am not convinced scientists' role should be to address social problems. Beside since we are talking about France, most of the scientists that were politically engaged were Stalinists.
Your comment shows a profound misunderstanding of History, as Stalin was born 90 years after the French Revolution (and Karl Marx 30 years). Even while Stalin was alive, few if any French scientists were Stalinists, as by the time he rose to power France was diplomatically closer to the US than they were to the USSR.
During the Revolution, and preceding it, it turns out that many scientists were involved or even instrumental in the social progress that occurred. The simple act of imposing the metric system was meant as a way to eradicate the imperial in "imperial system". The Enlightenment caused the rise of many ideas of equality that can be said to have triggered the Revolution.
Of course, the extremes of the Terror also caused some scientists that were not deemed invested enough to lose their head, such as Lavoisier, the man that proved the conservation of mass. It should be noted that the government apologised a year or so later.
Stalinism is defined by policies of state terror, state centralization, purging the government and maintaining a cult of personality. Those are pretty extreme positions to hold.
Historically, many of Stalin's actions were not seen keenly in France, including Stalin's Gulags, his pact with Hitler, and over the cold war, his territorial aggressivity over the USSR's satellite countries. You may note that France was very decidedly on the other side of the Iron Curtain.
There definitely were quite a few socialists, there were a few communists, there probably were few Leninists, but I doubt there were any Stalinists. I'd be interested in the scientist's name if you found one.
The communist party was the largest political party in France after the war and it was fully and openly aligned to Moscow. You may (and should) interpret being a stalinist as a bad thing today but it wasn't at that time for a large portion of the left.
But my point is rather that being good at math and at creating mathematical representations of nature doesn't qualify someone to make decisions on how other people should live their life.
How is that a problem? They don't have IP protection on the idea. It's quite fair and lawful for another company to copy it. They still need to overcome network effects and actually implement it. As the article shows, this was hard.
The parent comment didn't say they did have IP protection, nor that it was unlawful.
They asked how a company can or should respond in order to compete effectively.
It's a huge problem for most any company anywhere: how to compete when your competition is able to effectively clone you (not to mention if they have other advantages you inherently can't match in the market in question).
Also, it is just Forbes' words that Didi "emulate Uber’s model whole cloth". Fortune has a different perspective "But Didi has some built-in competitive advantages, by virtue of the fact that it was in the market earlier and that it designed its business for the Chinese market, instead of trying to import a template perfected elsewhere." http://fortune.com/2015/09/30/will-china-be-ubers-waterloo/
The Fortune article gave more details about Didi's model.
GP specifically said "Typical Chinese approach". Contrast with what you said "It's a huge problem for most any company anywhere", which is more reasonable.
Additionally, while "it's a huge problem for most any company anywhere", if there were no competition, it would be a huge problem for society.
Lyft realized this and decided to partner with Didi to get market share http://www.wired.com/2015/09/lyft-didi-kuaidi/. It's the old saying that your enemy's enemy is your friend, especially true when you knew you cannot win.
> To exploit a vulnerability in the terminal emulator, an attacker must be able to insert a carefully crafted escape sequence into the terminal stream. For a PuTTY SSH session, this must be before encryption, so the attacker likely needs access to the server you're connecting to. For instance, an attacker on a multi-user machine that you connect to could trick you into running cat on a file they control containing a malicious escape sequence. (Unix write(1) is not a vector for this, if implemented correctly.)
From the sounds of it, an attacker needs to either compromise the machine you intend to ssh into, or mitm before you first ever connect. Once keys are cached you should easily notice if you've been mitmed.
No, it's much much worse than that. If you cat a log file, and the log file contains untrusted binary data (such as raw logging of an invalid request to a webserver or something), this can potentially exploit the vulnerability.
Yes, they need to compromise the server but they also need to compromise the client. With both compromised they will have the same execution privileges as the original Putty.exe, then they will need to ROPgadget? If they have both compromised by the heck do they need to use putty?
An attacker might just need to get something to show up into a log file that is then viewed using PuTTY. Always escape attacker-controlled data before logging or displaying it.
> This might be exploitable if the attacker could arrange for UCSWIDE to be in memory somewhere near a sensitive data structure.
Crashes are very frequently capable of being exploited, to the point that every crashing bug should be treated as a security vulnerability. At the very least, it's a DoS.
Seems like anyone with root on a server can compromise anyone who logs on to it using putty; e.g. by putting a payload in the motd or /etc/issue. Or setting the command prompt to something nefarious. Or putting something into log files that are cat'ed. Or even a regular account with access to put a log file somewhere, or using /wall. Or maybe a filename that is shown when using ls (like if you uploaded a file to a server and that file was stored with the name you entered as a user; this would require very carefully crafted shell code though).
All quite unlikely attack vectors and hard to pull off remotely, but I've seen exploits that looked harder from the outside.
Maybe you could trick the user into clicking on a link to "telnet:evilserver.example.com" and host a telnet-protocol-compatible TCP server on port 23 that just sends the payload without requiring any user login?
