If the port knocking was obscuring an unauthenticated root shell then you would have a good point, but this is a defence in depth measure that adds to the security. It helps because it's one more hurdle for an attacker to bypass.
Layering two actual security measures makes sense. Layering an obscurity measure on a security measure is not really any safer than just having the security measure, just as obscurity alone is not really any safer than nothing.
It is a security measure, as it involves authentication through the series of knocks. It's a weak security measure on its own, so you obviously wouldn't want to rely on port knocking by itself, but it does have utility in preventing an attacker from discovering the service through a simple port scan.
I don't quite understand why you're saying it adds nothing at all.
In essence, it's the same argument as "everyone should use encryption, even if it's barely non-trivial for state-level actors to break."
You're not defending against the attacker who is targeting you with this. You're defending against the attacker who is targeting "anyone who is trivially accessible."
Linus doesn't view security bugs as a special category of bugs. So he doesn't prioritize them they way most infosec people would like them to. The lack of a strong security advocate in their leadership is largely the reason why Linux isn't the best example.
The other big reason being that it's a giant blob of C and a large attack surface.
All of these factors could be easily avoided or simply don't exist for an Ethereum contract developer.
don't forget the fact that he was approached by the NSA to insert backdoors into linux, a fact his father testified to on the record before EU parliament[0].
> Unfortunately the QR code might be an improvement over Windows 8 and 8.1 if the QR code contains more detailed information.
The QR code shown in the example screenshot is just a link to http://windows.com/stopcode - hopefully they'll improve it to at least include the bug check code.
Most of the commentary here so far is really quite tangential to the actual research done. Everyone commenting on this article should make sure they've read the study first, with particular attention to the 'Limitations' section on page 11: http://m.jmq.sagepub.com/content/early/2016/02/25/1077699016...
One other feature of the study that limits its wider applicability is that it is entirely US-centric. It would be interesting to read follow-up work on samples taken from other cultures and countries.
It does appear to be some encoding issue relating to the Unicode "→" (U+2192). Encoded with UTF-8, this is represented by the three bytes 0xE2 0x86 0x92. In the TeX EC encoding, these correspond to "âĘŠ".
I've submitted a replacement to arxiv that fixes the encoding issues (arxiv unfortunately does not support xelatex, which I use extensively). That will appear Tue 0:00 GMT.
On the topic of work environment: in one job I worked at, we had the Internet machines completely separated from the work machines. If you needed to check something you had to physically walk over to the Internet desk. Great for focussing on the task at hand without distraction, and considering carefully what information you need.
It's common practice in classified environments, as a necessary security precaution.
But it's a true productivity killer imho.
Better to just install an extension that blocks twitter/facebook etc, than completely cripple your ability to search for technical information as you need it.
Also - good luck installing tools and plugins when you have to start copying things from the internet computer to the classified computer.
After the initial period of adaptation, I found it actually increased productivity. Perhaps it was just preventing already-established bad habits that arise from having the internet constantly available.
> Better to just install an extension that blocks twitter/facebook etc, than completely cripple your ability to search for technical information as you need it.
With godoc, man pages, info pages, a local copy of the Common Lisp Hyperspec and Usenet, what more does one need?
At the last place I did sysadmin work, this was basically how I functioned. Just about everything was done to prevent having to use google, stackoverflow, etc. It was absolutely amazing in terms of learning and gaining confidence in the tools and documentation, etc.... but nah. After about 3 months of that, I gave up. It's possible, but it led to so may "time wasting" rabbit holes in trying to figure things out. I thoroughly enjoyed it, but in hindsight, it probably wasn't the best use of time while at work (and should be frowned upon if management ever suggests it)!
I don't think that answers anything. Just because some anonymous poster put code online doesn't make it usable under the MIT license no matter what the ToS of the website says. The poster may have copied that code from a GPL code base...
That's true even if you find code on GitHub explicitly labeled as MIT, CC or Apache.
If you're worried about using code from stack-overflow, use it as inspiration only and write your own code. Or conduct a short search first to see if it WAS copied from another code repository.
There's a big difference between a git contributor explicitly saying their code is a subject to a certain license and SO magically declaring it to be so for all code on their website just because it happens to be in their ToS. I think a better system would be to ask people providing code snippets to specify what license it's subject to.
