Re: This crap should be fixed in hardware
The 286 supported no-execute segments, etc. It is not for the lack of ideas on implementations in hardware, it is the massive technical debts of decades that is the issue.
5667 publicly visible posts • joined 15 Mar 2007
To do so on the backs of other people's work, some of which was provided for free under the expectation people would not make money off their work directly or indirectly
I don't think anyone using GPL has a problem with folks profiting from their contribution, only folks preventing freedoms that are part and parcel of open source work.
I have contributed in small ways to a project RHEL makes use of, even accepting bug-fixes from their folks, and I have absolutely no issue with them making money on the back of support work. I do think this was a dick move though, and suspect it will backfire in the long run as the incentive to follow the RHEL option becomes less attractive.
Lets face it, when it comes down to the CCP's foreign intelligence operations the dependency of UK (and other) universities on fee-paying students from China is a much bigger problem, no need for long term hiding of agents and many go back home with valuable skills for China (OK, that really is the whole point of the study, but strategically you can see my point).
But for most jobs it is low risk, and most folks from $OTHER_NATION just want a better life. Lets face it, the UK/USA/etc has had plenty of high-up spies that were born there, and we also have hubristic politicians who have done more to damage security than the CCP could ever hope an exiled worker could do.
Very rarely do I root for a USA lawyer, but this is an exception.
Most of the commentards on this forum understand two things:
1) Your email and similar services are business-critical
2) The big providers don't give a rat's arse about you, paying or not.
Hence why we would go with a smaller provider that actually responds to problems and has a face/voice. But maybe if the big provider's get slapped with serious fines they might actually start providing support for their paid services?
Damn, sorry, forgot this is not a joke. no they won't...
These are EXPENSIVE products and they may never support non-RHEL installations.
If you are paying a lot for some special software then paying for RHEL is going to be part of that, so this aspect is not changing anything.
What it changes is folks using the 'free' versions that are aimed to be RHEL compatible, for them jumping to another vendor is easer and makes sense. What this is likely to mean for RedHat/IBM is the community moves away from that version, the Fedora up-stream version is no longer that attractive (why bug-fix a commercial product for free when they are screwing the free community?) and more Linux admins folks will be experienced in the alternatives such as Ubuntu or SUSE and guess what? If they need paid support it ain't IBM getting that deal!
What does it matter who they chose to employ?
It matters because discrimination is a nasty business, and sadly history is full of examples of discriminatory employment on many aspects.
However there are lies, damn lies, and statistics. If a business is genuinely employing the best folks they ought to reflect the population distribution of those qualified for the jobs within sane distance limits, but we know that STEM is under represented by women and that problem is far deeper than the employment market, it goes back to school and society and fixing that takes a lot of time and high-level support (actions, not weasel words from politicians).
Women are also often overlooked on Hired - the the recruitment biz said 38 percent of positions advertised in 2022 only generated interview requests for men.
The report says the same, but no breakdown of those who applied for the jobs by gender and qualifications to be selected for interview.
The quote sounds like a major portion of industry is simply ignoring women but from experience in teaching engineering and occasionally dealing with job interviews we found very few women applied for the jobs, and given that last time I taught electronics (a bit over 10 years ago) I was seeing only 3-4 out of around 20 students were women it need not be a bias against women, just the reality of who is qualified and actually applied for that job locally.
This is an engineering problem. A solved engineering problem.
Care to list a part number for such a device?
Seems there are a lot of folks here quick to assume the designers know nothing as they (a) don't like the idea, and (b) the sub clearly has failed one way or another on this dive (not its first). I know very little about working at such depths but I do know it is REALLY HARD to do and very few folks in the whole world have achieved it. So if you are actually an expert in the please tell us more.
Really?
You are unlikely to be able to bolt it from both sides as then you need a rotating shaft or a few that can sustain 400 bar pressure, so if bolted from the inside and any issue the rescuers can't get in short of cutting the submarine up. So you have to decide what is the more likely scenario - that you are floating in the middle of nowhere undiscovered and can't get out, or you are picked up in distress and they can't get in quickly.
At the ocean surface I would have thought there are many ways to be found - picked up by search and rescue radar, or distress beacon that goes off automatically to report your GPS position. If you are under water, even close to the surface, you need help. Opening the hatch at even a few meters depth is likely to cause a massive rush of water in (assuming you even have the strength to do that) and I doubt folks could get out before all are sinking.
GCHQ did not find that either. They found piss-poor software quality, but others seem to be guilty of that as well (just check high score CVE for any major brand...). I suspect the real issue is further updates and what they could carry if the CCP demands it.
Yes, this could largely be stopped for all leading to better global security by having open source software and audited hardware with just the keys secured, but that ain't going to sit well with vendors from any country in the current market.
these network elements are on a private network *owned and secured by the operator*. This isn’t connected to public internet. To access any kill-switch, you’d have to hack in from outside.
Do the network operators have teams from their suppliers looking after this stuff? Sure it may not be public access, but if your system is auto-patched by the supplier and they are at gun-point its a rather different situation.
There’s literally nothing in Radio Access that you can’t get by sitting a mile away on a park bench with a $50 sniffer.
But if you have remote access you don't need to send agents to sit on hundreds of park benches to sniff the radio traffic. You can look at phone IDs moving and see who works at a given government building, where they go home to, etc. You might not see traffic in plain-text, but you sure can correlate daily life of most of the population, some of whom might be of great interest to you.
The issue is not "Are they currently spying on us?" which is easy to check (to a degree, depending on your tools and ability to wade through a shed-load of legitimate traffic) but "Can the CCP force a change to spy or simply bork $COUNTRY network if there is a major trade dispute or conflict?"
That could be via a simple vulnerability as seen with example after example of ransomware or the attacks on Ukrainian comms, etc, or it could be via an update forced by a Chinese company held at gun-point (figuratively or literally) by the CCP.
Now while it is conceivable one of the Scandinavian suppliers could do the same, the historical and current political reality of CCP versus democracy makes that far, far less likely. And yes, most phones are made in China but that is a far more difficult target to sabotage given the diversity of supply and limited degree of OS updated that are even offered even during good times, etc.
Maybe a reflection of human psyche though?
If you gave us the sort of technological capability to travel between stars, etc, the first thing we would do is see if we could use it to destroy our terrestrial opponents.
Basically, if you have that capability and have not destroyed yourselves and not tried to enslave lesser developed species such as us, you are clearly a step ahead.
Every PLC [programmable logic controller] CPU on the planet effectively. A lot of the critical infrastructure embedded things that we depend on, almost none of them are addressing this kind of attack
If you have physical access to the PLC you don't need this for attack. What it might help with is making signed binaries for remote loading, but really the elephant in the room here is the simple fact you can remotely load a binary. At that point you have a massive security failing already.
Games are a little different, you might want to run your own code on your own hardware and the bastards have locked it down, this allows DRM bypass with a bit of really cool effort.
Yes, my joke is as bad at the other commentard =>
the onus is on the user to make sure they are used safely and properly for the job in hand
And how is a member of the public (in the non-IT expert sense) going to know of, or understand, the limitations?
Most other products are made to, and sold as, specific standards that folks can reasonably expect to take for granted. Do you go to buy a car and have to learn the limits of when the brake pedal will or will not stop the thing?
That the UK should "focus on other ways of encouraging investment, and on removing obstacles – most obviously high energy costs – that put UK-based battery firms at a disadvantage."
How about making trade easier with our nearest (and financially much bigger) neighbouring block of countries?
Oh, forgot, those in charge are the idiots that removed it...
No, it is unacceptable to refer to anyone using that.
However, it is not such a common UK insult against those with African heritage (there are a few more common words which for obvious reasons I won't repeat), and it has been used in the past without such race baggage (e.g. the genuine name of the RAF squadron's dog that later was referenced in the Dambusters film due to it being a black Labrador, and the word's origins from the Latin for black).
What has changed (maybe not for the better) is now simply mentioning the word in any context is unacceptable, where as before you had to use it directed at someone (or some group) for it to be seen as insulting and provocative.
Maybe because the UK is broke and can't afford these high end tools?
"Liz Truss’s disastrous mini-budget cost the country a staggering £30bn – doubling the sum that the Treasury says will have to be raised by Jeremy Hunt this week in a huge programme of tax rises and spending cuts.
The independent Resolution Foundation calculates that the Truss government was responsible for about £30bn of the fiscal hole which the Treasury puts at £60bn, and which Hunt will have to tackle in the autumn statement on Thursday."