Switch

There are extremely poisonous and delicious mushrooms. You can buy them in a grocery store here in Finland. They need to be boiled multiple times, discarding the water, to be safe to eat.

You’re right there is a difference in effort. That said source code can also be obscure if you are trying to hide something. Behavioural analysis at runtime is effective no matter what, but it typically doesn’t tell anything about code coverage.

MAINITTU

I really enjoy the discussion here. Refreshing! Most of the time I as a relative non-expert have no idea what I’m doing, but I do read things as much as I can. Otherwise I’m a fallen sysadmin who got a job managing cyber because bills need to be paid.

Open, closed, it’s all object code in the end which can be examined in disassembly, or the behaviours observed during runtime. Open makes some processes easier in this area. I think the real strengths in this have been beyond security, to enhance cooperation and reuse so we don’t waste time constantly reinventing.

At least there have been attempts to subvert open standards for cryptography through the standards process. And occasional suspicious pull requests in critical places - I assume those are done through cut-out proxies so we don’t know who tried.

I think the more interesting question has long been: what’s (or who is) your threat? Against a sufficiently motivated and resourced adversary, there are few real obstacles. Conversely, some people are just not interesting because there’s little or nothing to gain from attacking them.

No hypothesis needed https://en.wikipedia.org/wiki/EternalBlue can’t have been a one-off either.

Selection bias though. We don’t know how many have not yet been caught.

Enterprise software inventory can unfortunately be quite chaotic, and understanding the exposure to this kind of vulnerability can take weeks if not longer.

“given enough eyeballs, all bugs are shallow” …but sometimes there is a profound lack of eyeballs.

Copyright has evolved from a limited monopoly on a work of a handful of years, into an entitlement which has diverged sharply from the original intent of the law. It’s time to bring the law back into balance with its intentions of promoting the creation of new works, while granting the public free access to those works after a reasonable time. Lifetime plus seventy years is not reasonable.

Edited to add - consider the number of great artists whose works never commercially benefited them. Not because of “piracy”, but because their work was not known or recognized. Still, they made their great works because they were compelled to do so by their existence.

I get connection refused. EU thing?

Edit: It works now. Temporary failure it seems.