|
Thank you - lazynet strikes again!
TTFN - Kent
|
|
|
|
|
It's a language which transpiles to other languages -- You write Kotlin code and it generates Java bytecode or JavaScript (or other).
I only know about it (care about it now) because I'm an Android developer and use Android Studio (also written by JetBrains, the creators of Kotlin) to create apps.
I'm actually learning the language now for future Android development. It's not too bad and it is interesting that it is so very similar to Swift which is Apple's language for creating native iOS apps.
|
|
|
|
|
Researchers found a new vulnerability that impacts the confidentiality of data stored in a computer's memory. Using it, they were successfully able to extract a signing key from an OpenSSH server using normal user privileges. That's it - no one gets to connect to any server any more
|
|
|
|
|
I'm still really skeptical of these types of claims (including Meltdown and Spectre). These reports tend to be long on claims and short on details of their actual experimental setup. If I pointed them to a loaded up server actively running several processes and OpenSSH, would they be able to do what they claim to have done?
|
|
|
|
|
The success measured a rate of 0.3 bits per second and an accuracy of 82%. To obtain the full data, the researchers used a variant of the Heninger-Shacham algorithm that can recover RSA keys from partial information.
A method to reduce the risk of this type of read-side attack is to flush encryption keys from memory immediately after using them. This lowers the chances of learning the secret data because RAMBleed needs it to stay in memory for at least one refresh interval, which is 64ms by default.
I'm not saying that this vulnerability is not real but the article is a bit "click-baity" at least.
Yes, they were able to read memory from out of process space, but if an attacker can get access to the server with enough knowledge of memory mapping and ability to run own programs in address space physically aligned to victim's for so long that 0.3 bits per second will hopefully get them enough portion of the key to figure out the rest… I would say there are definitely easier ways to compromise the server.
--
"My software never has bugs. It just develops random features."
|
|
|
|
|
I agree. In my opinion, the worst part about these things is how they are responded to. The mitigation tactics slow the processor down measurably. I think it would be far better to improve front-end security and prevent malicious code from being launched in the first place.
"They have a consciousness, they have a life, they have a soul! Damn you! Let the rabbits wear glasses! Save our brothers! Can I get an amen?"
|
|
|
|
|
Where else are you going to steal my data from? The CPU, HA!
(wispers: Specture)
Oh.
|
|
|
|
|
There would be a common approach to making tech pay its share. Guaranteed to work until they realize there are more than 20 countries in the world
|
|
|
|
|
|
By combining PowerApps with Microsoft Flow and its new AI Builder tool, it can allow folks building apps with PowerApps to add a layer of intelligence very quickly. Advance warning about something you'll have to fix later this year
|
|
|
|
|
That's just what the world needed: Idiotic artificial intelligence in the hands of idiots.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
.NET Framework? Mono? Xamarin? .NET Core? Blazor? Java interop? And in the IDE, compile them
|
|
|
|
|
Quote: It's more like the .NET Framework except you can have multiple .NET Cores side by side even at the system level.
Am I the only one who's getting fed up with that line? It's perfectly possible to have multiple versions of .NET Framework side-by-side at the system level. It's how things worked prior to .NET 4.5, when they decided to make all future releases in-place upgrades.
The fact that they don't have the resources to make a new side-by-side version of the full framework doesn't mean that it's impossible to do it, or that multiple side-by-side installs is somehow a "new" feature of .NET Core.
Quote: That enables us to service one common component if there's a security vulnerability. ... I don't think we've serviced .NET Core through Windows Update... We haven't made the decision yet.
Again, having one place to patch when there's a security vulnerability isn't some new thing in .NET Core; it's the default behaviour with the full framework. And the full framework gets updated via Windows Updates; it doesn't require developers to recompile every line of code they've ever written every couple of weeks to fix the security vulnerabilities.
And surely I can't be the only one thinking that this sounds like XKCD 927[^]?
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
My question is why did they f*ck around releasing core when it was eventually going to be rolled up into a new version of .Net?
When that happens, confusion will definitely reign.
What's funny is that as long as I'm working where I'm working, we will never see .Net 5 - or even .Net Core - in our dev environment. The federal government is ALWAYS at least five years behind the curve where dev tools are concerned.
In point of fact, our product will probably be end-of-lifed because we can't rewrite it with more modern frameworks, because we don't have the time or the man-power to do it. The problem is that I'm the only contractor on the team, and am therefore the only one who has a vested interest in seeing the app live on. Government employees don't generally care because they can just be shuffled off to new assignments...
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
Blender is Free Software. It is free to use for everyone. Free to use for any purpose, also commercially. Blender is free to share with others, it is free to study Blender’s sources and free to make new versions. So... how much do you want for it?
|
|
|
|
|
But does it blend?
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
And when is this weekend?[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Mozilla’s reportedly set to launch a premium version of its revered Firefox browser this fall. After all, it worked so well for Opera?
|
|
|
|
|
Interesting - it explains why each upgrade makes it less and less likeable. Maybe they'll enable the add-ons they disabled in the pay version.
I'll keep my eye on this - with my WaterFox browser.
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
Seems that they're really selling a VPN service, but worded their press release extremely badly.
|
|
|
|
|
It's not exactly true that it's a paid version.
.. Because sales will be close to zero that they'll probably round down to a negative number.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
In an attempt to analyze the myth -- or not -- of the chubby gamer, scientists reach a simple conclusion. Press the jump button more
some researchers
|
|
|
|
|
Who paid for this study? Belly-wheel[^] manufacturers?
Like Spike Milligan said: Don't worry about falling; it's the ground that kills you.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Python's ascent continues among software developers, bolstered by its usability compared with Java and C. Because lines on graphs always go straight. Forever.
|
|
|
|
|
After years of uncertainty, Microsoft has made the decision to officially hand off control of Windows Workflow Foundation (WF) and server-side Windows Communication Foundation (WCF) to the community. Oh... Uh, thanks?
Anyone else want to re-gift it? Maybe the Java folk could use it?
|
|
|
|