|
lol google released 0-day exploits of OS X, all of them requiring physical access to the machine. some google guy showed up in the comments on Ars and someone pointed out a bug in chrome, to which he says "oops forgot to assign that ticket to someone" then there's a big fight about the quality of chrome. i gotta laugh that apple's "don't talk to the press, or for that matter the loving comments section" policy would have served him well here http://arstechnica.com/security/2015/01/google-drops-three-os-x-0days-on-apple/
|
#
?
Jan 23, 2015 05:49
|
|
|
|
| # ? May 28, 2024 09:21 |
|
|
qirex posted:endemic corruption? broadband at best schmidt is dangerously naive
|
|
#
?
Jan 23, 2015 05:50
|
|
|
scroogled again!
|
|
#
?
Jan 23, 2015 05:51
|
|
|
with the talk of google becomin ga virtual network carrier there really should be some antitrust attention [spoiler]lol the regulatory apparatus is dead[/spoiled]
|
|
#
?
Jan 23, 2015 05:51
|
|
|
PleasureKevin posted:lol what's up with google releasing zero days for both windows and os x lately, that seems like a dick move
|
|
#
?
Jan 23, 2015 05:52
|
|
|
duTrieux. posted:with the talk of google becomin ga virtual network carrier there really should be some antitrust attention being an mvno seems pretty close to being the opposite of a trust-abusing monopoly tbh especially on the two worst "major" cell carriers
|
|
#
?
Jan 23, 2015 05:57
|
|
|
Pinterest Mom posted:what's up with google releasing zero days for both windows and os x lately, that seems like a dick move especially given android lol
|
|
#
?
Jan 23, 2015 06:03
|
|
|
Pinterest Mom posted:what's up with google releasing zero days for both windows and os x lately, that seems like a dick move it seems to be some kind of "fix yo' poo poo" project where they discover the bug, report it to Apple/Microsoft/whomever, and then set an automatic full disclosure countdown timer to force a rapid response or something I don't really get it either
|
|
#
?
Jan 23, 2015 06:06
|
|
|
pseudorandom name posted:it seems to be some kind of "fix yo' poo poo" project where they discover the bug, report it to Apple/Microsoft/whomever, and then set an automatic full disclosure countdown timer to force a rapid response or something yeah especially because microsoft does the fixed release date thing to make it easier to coordinate updating a billion computers
|
|
#
?
Jan 23, 2015 06:14
|
|
|
i dunno, i think it's fair discover the bug, report it to the developer, give them three months to fix it (you have to admit this is plenty of time to fix it and roll it out in the next patch -- if it's a critical vulnerability they should have it fixed within a week) after that time, publish it so that other developers can study the method, find similar bugs in their programs, etc keeping security holes secret doesn't really help anyone except the people trying to abuse them
|
|
#
?
Jan 23, 2015 06:21
|
|
|
Sagebrush posted:i dunno, i think it's fair microsoft's scheduled patch that included it was day 92, on the previous update cycle they hadn't tested it fully enough to push out as an update.
|
|
#
?
Jan 23, 2015 06:33
|
|
|
ok so that sounds like either microsoft failed (if it was a critical vulnerability that shold have been patched immediately) or they correctly evaluated the risk and balanced it with the amount of testing they felt was necessary (if it wasn't)
|
|
#
?
Jan 23, 2015 06:40
|
|
|
PCjr sidecar posted:ennui? broadband
|
|
#
?
Jan 23, 2015 12:47
|
|
|
Cold on a Cob posted:why would you use ios? it's always been bad
|
|
#
?
Jan 23, 2015 12:56
|
|
|
Cold on a Cob posted:why would you use computers? they've always been bad
|
|
#
?
Jan 23, 2015 14:23
|
|
|
PleasureKevin posted:lol lmao
|
|
#
?
Jan 23, 2015 23:27
|
|
|
Cold on a Cob posted:why would you use chrome on ios? it's always been bad it has some of my bookmarks plus safari's private browsing mode was terrible. i haven't actually checked if it's better these days because i was so accustomed to opening chrome
|
|
#
?
Jan 25, 2015 11:40
|
|
|
i loving hate eric schmidt so loving much goddamn
|
|
#
?
Jan 25, 2015 11:57
|
|
|
Sagebrush posted:i dunno, i think it's fair hi, we're google. we discovered your vulnerability a month before your next scheduled update when all of your poo poo is in lockdown for testing. you should add this fix in. too late? well, after you're done with that you can roll it into a quick update and send it out. yeah, this is a flaw in a central component and will require a full QA cycle of the entire OS, how long can that take? oh another month and it will tie up all of your QA resources to take away from development of your upcoming scheduled releases? and your employees were on vacation for half of last month so they couldn't work on it anyway? we don't care about that, we're google. we think you should release this now. you say a million computer janitors just spent all of last week updating their company's machines and there is no reason for them to do it now when they will be doing it again when the next update hits? that sounds like their problem. we just think you need to fix this thing that we found because we found it and we are Google. you know what, we're just gonna release this zero day with sample code and force you to do it. yes, we do ship broken poo poo all of the time, why do you ask? we're google.
|
|
#
?
Jan 25, 2015 21:28
|
|
|
The Management posted:hi, we're google. we discovered your vulnerability a month before your next scheduled update when all of your poo poo is in lockdown for testing. you should add this fix in. too late? well, after you're done with that you can roll it into a quick update and send it out. yeah, this is a flaw in a central component and will require a full QA cycle of the entire OS, how long can that take? oh another month and it will tie up all of your QA resources to take away from development of your upcoming scheduled releases? and your employees were on vacation for half of last month so they couldn't work on it anyway? we don't care about that, we're google. we think you should release this now. you say a million computer janitors just spent all of last week updating their company's machines and there is no reason for them to do it now when they will be doing it again when the next update hits? that sounds like their problem. we just think you need to fix this thing that we found because we found it and we are Google. you know what, we're just gonna release this zero day with sample code and force you to do it. maybe you should've fired everybody in middle management instead of your entire QA department.
|
|
#
?
Jan 25, 2015 21:33
|
|
|
The Management posted:hi, we're google. we discovered your vulnerability a month before your next scheduled update when all of your poo poo is in lockdown for testing. you should add this fix in. too late? well, after you're done with that you can roll it into a quick update and send it out. yeah, this is a flaw in a central component and will require a full QA cycle of the entire OS, how long can that take? oh another month and it will tie up all of your QA resources to take away from development of your upcoming scheduled releases? and your employees were on vacation for half of last month so they couldn't work on it anyway? we don't care about that, we're google. we think you should release this now. you say a million computer janitors just spent all of last week updating their company's machines and there is no reason for them to do it now when they will be doing it again when the next update hits? that sounds like their problem. we just think you need to fix this thing that we found because we found it and we are Google. you know what, we're just gonna release this zero day with sample code and force you to do it. google's been notifying them 90 days before their public disclosure deadline if you can't update a vulnerability in 90 days, maybe you shouldn't make an operating s-  realtalk though: google uses these products at least as much as anybody, finding flaws and having them patched benefits them too, and it's a good way for them to get infosec cred
|
|
#
?
Jan 25, 2015 21:36
|
|
|
The Management posted:hi, we're google. we discovered your vulnerability a month before your next scheduled update when all of your poo poo is in lockdown for testing. you should add this fix in. too late? well, after you're done with that you can roll it into a quick update and send it out. yeah, this is a flaw in a central component and will require a full QA cycle of the entire OS, how long can that take? oh another month and it will tie up all of your QA resources to take away from development of your upcoming scheduled releases? and your employees were on vacation for half of last month so they couldn't work on it anyway? we don't care about that, we're google. we think you should release this now. you say a million computer janitors just spent all of last week updating their company's machines and there is no reason for them to do it now when they will be doing it again when the next update hits? that sounds like their problem. we just think you need to fix this thing that we found because we found it and we are Google. you know what, we're just gonna release this zero day with sample code and force you to do it.  we are google, we need things to make us rich
|
|
#
?
Jan 25, 2015 21:37
|
|
PCjr sidecar posted:ennui? broadband this but for real
|
|
|
#
?
Jan 25, 2015 21:40
|
|
? 
|
The Management posted:hi, we're google. we discovered your vulnerability a month before your next scheduled update when all of your poo poo is in lockdown for testing. you should add this fix in. too late? well, after you're done with that you can roll it into a quick update and send it out. yeah, this is a flaw in a central component and will require a full QA cycle of the entire OS, how long can that take? oh another month and it will tie up all of your QA resources to take away from development of your upcoming scheduled releases? and your employees were on vacation for half of last month so they couldn't work on it anyway? we don't care about that, we're google. we think you should release this now. you say a million computer janitors just spent all of last week updating their company's machines and there is no reason for them to do it now when they will be doing it again when the next update hits? that sounds like their problem. we just think you need to fix this thing that we found because we found it and we are Google. you know what, we're just gonna release this zero day with sample code and force you to do it.
|
|
#
?
Jan 25, 2015 22:37
|
|
|
The Management posted:hi, we're google. we discovered your vulnerability a month before your next scheduled update when all of your poo poo is in lockdown for testing. you should add this fix in. Microsoft apologists use a 90-day month calendar, maybe with Windows 10 you can upgrade to a decimal calendar for a nice round 100-day month, because ...
|
|
#
?
Jan 25, 2015 22:45
|
|
|
MrMoo posted:Microsoft apologists use a 90-day month calendar, maybe with Windows 10 you can upgrade to a decimal calendar for a nice round 100-day month, because ... the management as a ms apologist lol
|
|
#
?
Jan 25, 2015 22:58
|
|
|
The obvious thing to do now is to make it incredibly petty, like next time microsoft finds a google exploit, to release it 30 days afterwards with no warning, sample code, and a working implementation. that'll learn em good
|
|
#
?
Jan 26, 2015 00:32
|
|
|
Wild EEPROM posted:The obvious thing to do now is to make it incredibly petty, like next time microsoft finds a google exploit, to release it 30 days afterwards with no warning, sample code, and a working implementation. i unironically hope this happens because it's about fuckin time we had our corporations starting cyber-wars on each other like the prophet gibson (pbuh) has foreseen
|
|
#
?
Jan 26, 2015 00:39
|
|
|
Cocoa Crispies posted:google's been notifying them 90 days before their public disclosure deadline Cocoa Crispies posted:realtalk though: google uses these products at least as much as anybody, finding flaws and having them patched benefits them too, and it's a good way for them to get infosec cred
|
|
#
?
Jan 26, 2015 00:43
|
|
|
LastInLine posted:tbf google does patch android but carriers and oems dont see the value in ensuring consumers have access to them the dumping of KitKat or whatever updates is pretty much the only passive aggressive way google can bring users to complain upon vendors and carriers continually pushing old garbage versions.
|
|
#
?
Jan 26, 2015 00:50
|
|
|
MrMoo posted:the dumping of KitKat or whatever updates is pretty much the only passive aggressive way google can bring users to complain upon vendors and carriers continually pushing old garbage versions. also google is actively working around these issues but if youve got verizon fighting you on one side and samsung on the other they can only do so much. like in lollipop theyve made the webview updatable on the play store so they can push security fixes to it without carrier or oem involvement but ofc that only helps moving forward and through attrition its def. a reason to avoid the platform but its not googles fault
|
|
#
?
Jan 26, 2015 01:33
|
|
|
Tangra posted:this but for real broadband is my ennui
|
|
#
?
Jan 26, 2015 01:52
|
|
|
LastInLine posted:its def. a reason to avoid the platform but its not googles fault google might not be doing it directly but if they cared about providing end users with a good experience they would have limited carriers and vendors ability to gently caress up their POS operating system.
|
|
#
?
Jan 26, 2015 02:17
|
|
|
LastInLine posted:tbf google does patch android but carriers and oems dont see the value in ensuring consumers have access to them if Chinese companies steal and support google software they'll be the first
|
|
#
?
Jan 26, 2015 02:43
|
|
|
fleshweasel posted:google might not be doing it directly but if they cared about providing end users with a good experience they would have limited carriers and vendors ability to gently caress up their POS operating system. you could argue that consumers would prob. better off without android giving a large insecure platform spanning every smartphone manufacturer save one for malware to target but after carriers were sidelined by apple there is no loving way theyd ever let that happen to them again by anyone also it should be noted that google doesnt care about the users experience beyond it not being so terrible that it threatens android as a viable commercial option for oems. they care only about access to users data and that depends on oems using android and carriers selling the devices so android gets improvements that help the user but only because it needs to remain viable. considering their competition for not-apple smartphones id say theyre doing far better at supporting android than they really need to from a business perspective
|
|
#
?
Jan 26, 2015 02:57
|
|
|
Cocoa Crispies posted:if Chinese companies steal and support google software they'll be the first If Chinese companies support any software it will be a first. Ship it and forget it is quite widespread.
|
|
#
?
Jan 26, 2015 03:31
|
|
|
LastInLine posted:considering their competition for not-apple smartphones id say theyre doing far better at supporting android than they really need to from a business perspective i don't think it's at all clear that google makes money on android mobile advertising is a farce
|
|
#
?
Jan 26, 2015 17:54
|
|
|
Notorious b.s.d. posted:i don't think it's at all clear that google makes money on android that said its what google is trying and failing to make money doing right or wrong. cremnob was right
|
|
#
?
Jan 26, 2015 17:57
|
|
|
Notorious b.s.d. posted:i don't think it's at all clear that google makes money on android i think it's clear by how cagey google is about it that they don't make money on android compare this mealy-mouthed poo poo about advertising on google and network partner sites: https://investor.google.com/financial/tables.html to "we make a fuckload of money from these products in these territories: http://images.apple.com/pr/pdf/q4fy14datasum.pdf
|
|
#
?
Jan 26, 2015 18:01
|
|
|
|
| # ? May 28, 2024 09:21 |
|
|
reminder that the SEC wanted google to disclose their mobile advertising numbers but google said no because they knew it was non-existent and made up a garbage excuse so they could avoid the inevitable comparisons to facebook http://searchengineland.com/google-tells-sec-reporting-mobile-cpcs-clicks-meaningful-confusing-192215
|
|
#
?
Jan 26, 2015 18:03
|
|