My favorite quote: [[[ Greg Sullivan, lead product manager for Microsoft's Windows client division, says that the computing community as a whole has benefited from the Web's standardization around Internet Explorer. Competing platforms would have meant that developers would have had to duplicate their efforts more often, he said.

"There is benefit to everybody who's involved," Sullivan said. "In general, a standard is very useful, whether it's de facto or du jour. It enables a level of consistency and a level of investment and minimizes some of the redundancy that can occur." ]]]

Most of the trip speed is 25 km/h, while speed limit in Moscow is 60 km/h.

The speed limit on narrow side roads is 60km/hr? I find that hard to believe...

It's the default for urban areas, so unless the limit is specifically lowered it's 60 km/h.

The actual speed "limit" on those streets is definitely no higher than 30km/h, regardless of what the signs say. If I drove 60 there I hope I'd lose my license for reckless driving.

>while speed limit in Moscow is 60 km/h.

Only when you are outside of apartments' territory.

http://pddmaster.ru/pdd/pravila-dorozhnogo-dvizheniya-dlya-z...

Exploit code from original bug report [1]:

  CreateFileW(L”c:\\$mft\\<anything>”, FILE_READ_ATTRIBUTES, 0, NULL, OPEN_EXISTING, 0, NULL);

[1] https://habrahabr.ru/company/aladdinrd/blog/329166/

In fact .zip file contains file header information twice: before every compressed file (local file header) and at the end of the .zip file (central directory). It's possible to omit file size in local file header, but most most compressing utilities doesn't use this option. So most .zip files could be extracted without seeking to the end.

Support for OpenSSL 1.0.1 will cease on 2016-12-31 [1], so distributions need to update anyway.

[1] https://www.openssl.org/policies/releasestrat.html

Just because something is no longer supported upstream does not mean that the distributions won't support it anymore.

As far as I can tell it is more likely the package maintainers will backport fixes to their old version in those cases.

Sure, package maintainers may backport fixes to their old versions. But they need to fully understand all upstream source code and follow all commits. Otherwise they can miss important fixes: following only security fixes for supported branches is not enough. Sometimes project developers fixes bug/security problem in the code, but doesn't flag it as CVE because current code usage doesn't trigger it. But code in old branch could.

That's the current reality. That's how it was for years. Especially CentOS and other RH-based systems are more happy to patch than to upgrade. This caused the kernel 2.6.32-573 situation where lots of patches (over a hundred?) were applied by the distro.

>Sure, package maintainers may backport fixes to their old versions. But they need to fully understand all upstream source code and follow all commits.

Only if they need to do a perfect job. But as history tells us they are just as content of making a ho-hum job.

That's still more than six months away though.

IPv6 introduced several significant changes like dropping IP packet fragmentation.

OS can use Force Unit Access flag with NCQ to control disk buffering: https://en.wikipedia.org/wiki/Disk_buffer#Force_Unit_Access_...

In general this approach should work fine, but devil is in detail: 1. You have to flush change to temporary file before move because otherwise you may get empty file: OS may reorder move and write operations 2. After move you have to flush parent directory of destination file on Posix. Windows have special flag for MoveFileEx() to ensure that operation is done or you have to call FlushFileBuffers() for destination file.

Linked paper mention the many popular programs forgets about (1).

My favorite comment: "Google I hope someday you close your search engine and company at all. Welcome to Google Cemetery."