|
That would be an interesting graph!
I would think that the two times a Windows version would be most vulnerable are when it’s active, and immediately after it goes off support. That’s when people would dig out the vulnerabilities they were saving for a while.
Probably a year after support ends, the attacks drop off sharply.
TTFN - Kent
|
|
|
|
|
trønderen wrote: for surfing dubious web sites where it could pick up new infections? I would say, that's what VMs are for.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
trønderen wrote: for surfing dubious web sites where it could pick up new infections?
I would say, that's what VMs are for. Or the extended version:
trønderen wrote: for surfing dubious web sites where it could pick up new infections? No, and no.
I would say, that's what VMs are for.
So VMs are for not surfing dubious web sites where it could pick up new infections
Religious freedom is the freedom to say that two plus two make five.
|
|
|
|
|
Programming languages currently offer few defences against supply chain attacks where a malicious third-party library compromises a program. I think they're called, "write everything yourself"
|
|
|
|
|
Which is exactly what's done in any safety relevant industry.
Also, getting any OSS library to pass A-SPICE and MISRA is a pain in the ass, even worse if you must write them with built-in code path validation.
GCS/GE d--(d) s-/+ a C+++ U+++ P-- L+@ E-- W+++ N+ o+ K- w+++ O? M-- V? PS+ PE Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- r+++ y+++* Weapons extension: ma- k++ F+2 X
The shortest horror story: On Error Resume Next
|
|
|
|
|
MSFT has made some subtle improvements to VS here.
One thing is now in the nuget management where you can explicitly source packages. So you can specify exactly where each nuget package should come from so that you lean on internal corporate nuget feeds instead of nuget.org.
You vet/add stuff to the corporate feed as needed. I think there will be more than few bigger orgs pushing to insulate their supply chains like this and keep internal vetted copies of the dependencies that go into their builds. It should've always been that way.
Ancillary to this is protection in VS from source controlled repos being tampered with. Some supply chain attacks have happened because an attacker swapped the code in on the developer's machine so that the developer then committed the malicious code themselves.
You might notice the newish "confirm this repo is legit" dialog. There are a few different "triggers" mostly to do with domains, vpns, and windows security (like if you clone a repo under one account and then try to use it VS with another account).
This doesn't prevent an ever-malicious/compromised pkg from use. It just prevents you from sucking a newly compromised dependency into your build chain by sourcing things from yourself (even if they aren't your things - because you previously grabbed and cached a good copy).
|
|
|
|
|
I must say that I've never understood why people thought it was a good idea to drag in code from libraries (potentially buried multiple levels deep) without validating them. As someone said not too long ago: Do you know what's in your code?
It's exploits all the way down.
The whole thing of automated library imports that some language tooling pretty much seems to demand is beyond bizarre to my mind.
|
|
|
|
|
You mean we can’t trust that hyper-valuable is-odd library forever and ever? (1.7 million downloads/month, 108 depending libraries)
TTFN - Kent
|
|
|
|
|
You'd need a 122-key terminal keyboard to invoke the right keyboard combo. Because what else are you going to use it for?
|
|
|
|
|
As NASA noted on its 2017 eclipse website, the myth that eclipses will poison "any food that is prepared during the event" is prolific enough to require debunking. Why we need to go extinct. An argument in one headline.
|
|
|
|
|
If there is a total eclipse during Lent / Ramadan / Fast / ..., and your religion allows you to eat after sunset, are you then allowed to eat during a total eclipse? Are you safe against the anger of your god if you choose to eat?
To eat, or not to eat, that is the question.
Religious freedom is the freedom to say that two plus two make five.
|
|
|
|
|
The Sun hasn't set; it's simply been hidden by another object.
It would make just as much sense to ask "if one is in the shade of a building during Lent / Ramadan / Fast ...".
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
Or if you are in the shade of the Earth? I do believe that the Earth count as 'another object', although a large one.
Religious freedom is the freedom to say that two plus two make five.
|
|
|
|
|
Then they can simply not eat. I think the only creatures who think they'll starve during an eclipse are domestic cats.
|
|
|
|
|
Does this superstitious nonsense also apply to crops growing during an eclipse? How do I know that the food that I bought is Eclipse-free?
/s
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
I thought that Eclipse[^] was particularly poisonous to certain types of coffee[^].
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Maybe the dropoff in gamma radiation causes a sort of radiological vacuum which flips the molecules of banana bread to their other chiral forms and suddenly you're better off eating yellowcake.
|
|
|
|
|
The scathing report concludes that Microsoft’s security culture needs an overhaul. Coulda, woulda, shoulda
But in their defense: AI!
When in doubt, AI!
|
|
|
|
|
Microsoft and Quantinuum correct problems when entangling pairs of qubits. Uhm...good? Time to break out the gold stars and participation awards
|
|
|
|
|
|
Each of the six floors of Building 41 is themed after a stage in the development of computing. They'll have to add a new floor for AI
I know I'm obtuse, but I never did notice that about the walls
|
|
|
|
|
Kent Sharkey wrote: They'll have to add a new floor for AI They should make it build itself.
|
|
|
|
|
David O'Neil wrote: They should make it build itself.
Not a good idea. It'll probably hallucinate its own building code.
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
Adobe has been testing new AI features in its apps for Windows 11, 10 and other platforms. It will scan them for stuff and giggles (you know, the usual reasons)
|
|
|
|
|
Generative AI promises to be transformative for software development, but only if we ensure that all code is analyzed, tested, and reviewed. What could possibly be a way of avoiding the dangers of AI-generated code?
|
|
|
|