You don't really "prove" statements like that. You get some "expert witnesses" to testify one way or another, and your opposition gets some "expert witnesses" to testify the opposite, and then the judge/jury decides who they think was more credible.
I imagine the way to do this effectively would be to get some well-regarded infosec firms to audit both OSes (from source as much as possible), and also compile lists of vulnerabilities found, fixed, not-fixed, etc. over time. Then you need a witness who can explain all of it in a way that's accessible to and likely to sway a jury.
> if the supermarket or pub would accept it, then it's effectively money, right?
Only long as you both accept the same shared understanding of what it is. If one of you believes it's counterfeit and the other doesn't (whether it actually is or isn't!)... then it's not effectively money, no. For example, I don't know about you, but I sure as hell wouldn't knowingly pass off a counterfeit on the basis that the supermarket would accept it.
I think it depends... if everyone else was treating the counterfeits same as genuine coins, so you're continually getting a mix in change, and no-one is rejecting them when you pass them on, then I think most people would just do the same. If you are not going to get in trouble by spending one (assuming you even noticed in the first place - probably not), and can be pretty much 100% assured it'll be accepted, then it'd be a bit perverse to squint at every coin you handle.
Fiat currency has no inherent value - it's just a system of communal acceptance. If everyone accepts the fake coins then they ARE money. As you note, the system only breaks down if some people stop accepting it.
It'd be interesting if someone from the UK could chime in: Were you aware of all the fake pounds circulating (1 in 30!) ? Did you notice if you got one? Did you care?
> I think it depends... if everyone else was treating the counterfeits same as genuine coins, so you're continually getting a mix in change, and no-one is rejecting them when you pass them on, then I think most people would just do the same.
I think you're directly affirming this: it's fine as long as you both accept the same shared understanding of what it is.
It was a part of our Windows build process when I was at Microsoft. I only assumed that they would keep doing it, but they might have as well dropped the practice.
> Everyone seems to think they are doing the right thing
I like to think people would agree more on the appropriate method if they saw the risk as large enough.
If you could convince everyone that a nuclear bomb would get dropped on their heads (or a comparably devastating event) if a vulnerability gets in, I highly doubt a company like #2 would still believe they're doing things optimally, for example.
If you expose people to the true risks instead of allowing them to be ignorant, the conclusion that they might come to is that they shouldn’t develop software at all.
The assumption was obviously that they have a compelling need to develop the software. For the sake of illustration: you imagine exposing them to whatever the highest level of risk is that still makes them wiling to develop software.
What part of "We reviewed all relevant CVEs as they came out to make a call on if they apply to us or not and how we mitigate or address them" gave you that impression?
If that's what it is, then -- regardless of whether it should be punished or not -- this is manifestly not statistical murder.
Your story is describing a situation where one person's decision so strongly and clearly affects numerous unrelated people's lives that it's statistically guaranteed that some of them died as a result. Moreover, there's no plausible argument presented that the decision was in any sense intended to prevent unintended/unpredictable harm to those who would be ultimately affected by it. It's for the "joy of the game".
Whereas the article is describing a situation where one person's decision is increasing the risk of death of one person (their own child). There's no statistical guarantee of anyone's death at the time of the parent's decision to not inject their child. Nor is the parent's decision affecting numerous people. Nor is the parent's decision affecting unrelated people - it's affecting exactly the people they have the most connection to & responsibility over: their own child. Nor are they refusing this "for sport" or "for the joy of the game"...
Keeping quiet about it. You are only hearing about it now because it is part of a court case.
Now they will need 1000 canary entries, and each list skipping just one, so abusers will miss the remaining canaries if they have just a few copies of the list.
just whatever the leaker snuck out, or whatever the breacher was able to get off the system / pull through someone else's account. even if it's a hack by the NSA or Russia to help drive separatist movements, every extra download generates more noise and alerts.
Yes and also stable isn't the only maintained branch of Chromium, there's also extended stable (currently 146.x). LTS exists too (144.x), but I believe it's meant only for ChromeOS.
In a perfect world, there would be a stable version of chrome, that would get fixes, but would crucially not get the new features that introduce new vulnerabilities. Not a fun job, I know, but with today’s coding agents it wouldn’t even be an unreasonable ask.
> IANAL, but anti-competition lawyers/bodies should have a field day with this, but nobody seems to care
I'm gonna take a wild guess that proving the above statement in court (and then its necessary impact) might be a significant obstacle here?
reply