Hey! I’m one of the authors of this blog post. We (the GitHub Security Lab) developed an open-source AI-framework that supports security researchers in discovering vulnerabilities. In this blog post we show how it works and talk about the vulnerabilities we were able to find using it (including viewing PII of other users in online shops and logging into a popular chat application service using ANY password)
The relevant part being: "But it has become so dire that large industrial companies are buying washing machines in order to rip out the chips and repurpose them, according to ASML CEO Peter Wennink."
Well, Microsoft often uses suspicious looking URLs for their services.
E.g. Office/OneDrive connects to hosts like "oneclient.sfx.ms" and "auth.gfx.ms".
So as a user you have to trust these domains and you also have to trust the domain management of the island of Montserrat.
>Signed HTTP Exchanges (or SXG) enables loading Web contents signed by the content publishers from anywhere, e.g. from a fast server, as if they came from the original publishers.
Correct me if I'm wrong, but this seems to be part of a greater vision (as heard before). Not only is the transported content protected by TLS, the content is also signed by the publisher and can be loaded from other servers. E.g. makes sense in an AMP context. (As you still know that the content was produced by your newspaper)
I don't like this comparison of death toll numbers.
At the same time I think the death toll of 9/11 is unfortunately much higher as an alarmingly big number of first responders were diagnosed with cancer and many of them died already.
I think the project is really needed, but I'm not sure it's quite ready yet. The OpenJDK 10 build shows 25 November 2017 as it's build date and is Linux and macOS only.
Is it really needed? Maybe I don't understand what it does, but what's the point of downloading openJDK there instead of directly from a package manager?
They're different builds. As far as I can tell, the openjdk builds by Debian for example are not and will not be TCK certified (due to a licensing problem if I understood correctly), whereas AdoptOpenJDK claims some builds are certified https://adoptopenjdk.net/support.html.
In my case the certification probably won't matter, we've been running with OpenJDK from debian for a long time without problems, but I'm curious to test the OpenJDK builds that use OpenJ9 to see if it can outperform Hotspot on some workloads.
Correct, the AdoptOpenJDK builds will pass the TCK as well as other industry test suites. We'll build both OpenJ9 and Hotspot derivatives (and some other esoteric ones as well). We hope to work with the distros to unify the OpenJDK stories there somewhat (but we have a lot of work to do first).
The submitted title was “GNU Unifont updated to Unicode version 9”, which was more informative and not misleading. Often I don’t know why the titles are changed.
The titles are changed to be like the title is in the link. This is to prevent biasing by submitters. Unfortunately, the mods have to be quite ruthless to keep it fair and to avoid adding their own bias.
