Whatever it is, we have been dealing with this and a host of other issues from them for years.

Absolutely love the boards, and some of the staff is really cool, but the company really is abusive when it comes to this sort of stuff.

A spaghetti

FUD over Huawei?! I thought it was politics, but I did some digging...

After *five years*, Huawei still haven't been able to address severe security concerns the UK had (below is just a subset of problems from the report I link, any one of which would make infosec get up and leave the room). I would imagine *all* agencies have access to a Huawei device within seconds of access.

And note: This is just looking at their cell-tower switch product, with their cooperation:

The report analyzed the use of the commonly used and well maintained open source component OpenSSL. OpenSSL is often security critical and processes untrusted data from the network and so it is important that the component is kept up to date.

  In the first version of the software, there were 70 full copies of 4 different OpenSSL versions, ranging from 0.9.8 to 1.0.2k (including one from a vendor SDK) with partial copies of 14 versions, ranging from 0.9.7d to 1.0.2k, those partial copies numbering 304.
  Fragments of 10 versions, ranging from 0.9.6 to 1.0.2k, were also found across the codebase, with these normally being small sets of files that had been copied to import some particular functionality.
  There were also a large number of files, again spread across the codebase, that had started life in the OpenSSL library and had been modified by Huawei.

And then the bit about memcopy... holy heck...
  There were over 5000 direct invocations of 17 different safe memcpy()-like functions and over 600 direct invocations of 12 different unsafe memcpy()-like functions. Approximately 11% of the direct invocations of memcpy()-like functions are to unsafe variants.
  There were over 1400 direct invocations of 22 different safe strcpy()-like functions and over 400 direct invocations of 9 different unsafe strcpy()-like functions. Approximately 22% of the direct invocations of strcpy()-like functions are to unsafe variants.
  There were over 2000 direct invocations of 17 different safe sprintf()-like functions and almost 200 direct invocations of 12 different unsafe sprintf()-like functions. Approximately 9% of the direct invocations of sprintf()-like functions are to unsafe variants.

These numbers do not include any indirect invocation, such as through function pointers and the like. It is worth noting these unsafe functions are present in the binary and therefore pose real risk.

  Analysis of relevant source code worryingly identified a number pre-processor directives of the form “#define SAFE_LIBRARY_memcpy(dest, destMax, src, count) memcpy(dest, src, count)”, which redefine a safe function to an unsafe one, effectively removing any benefit of the work done to remove the unsafe functions in the source code. There are also directives which force unsafe use of potentially safe functions, for example of the form “#define ANOTHER_MEMCPY(dest,src,size) memcpy_s((dest),(size),(src),(size))”

https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fassets.publishing.service.gov.uk%2Fgovernment%2Fuploads%2Fsystem%2Fuploads%2Fattachment_data%2Ffile%2F790270%2FHCSEC_OversightBoardReport-2019.pdf

... I'm thinking Stardust gives that a run on the money? It was cheaper, sure ($0.2 billion), but it returned a *total* mass of just 0.000000000000001g (source). Which means that material is worth 10^16 more than OSIRIS-REx's material.

I'm not understanding the flippant comments here. It certainly seems significant that children were receiving at least 600 *times* the radiation guidelines.

Like it or not, the future of education is Virtual Reality. The better it gets, the more real the brain feels it is, and putting every kid in a headset will always be cheaper and more effective than constant field trips. Plus, the number of immersive environments and subjects that can be taught this way are endless.

My field is psychology, and the research being done backs up the statement that students learn as well, or better, in a virtual reality system compared to a typical classroom.

Hey wow, look at these well-upvoted anonymous cowards who don't know that Slashdot comment history doesn't go back that far, but Google does. Here I am all young and shiny, in a thread from 2004.

Yes, in fact, on all social media (almost) the only thing I talk about is the Putin-Trump bromance. But I also like puppies, Mediterranean cuisine, late-night talks, long walks on the beach, and visiting Saint Petersburg to make new friends.

Here's an old story you might find apolitically interesting. We knew way before the election that Kaspersky was KGB trained and a Putin loyalist. You can read my comment history of you're an actual skeptic rather than a Russian botnik. But I also recommend anyone who doubts Putin's viciousness to hear the story of how he murdered his way into office from this PBS Documentary.

As a sidenote, I'm a slashdot reader from more than a decade ago, and I've been really disappointed to see the amount of denialism present on this issue. I remember this as a place for pragmatic, intelligent, realistic people. And here's the reality: Putin is at war with you, he doesn't give a shit about you or your family or even his own citizens' families, and he actively hopes that you are confused about what he is doing, or denying it entirely.

Mazeltov old friend.

So please, at long last, stop with this silliness. We are doing nothing. Nothing, nothing, nothing.

So please do nothing in response, it will all be over soon.

Hallo fellow internet commentators! I am here to assuring you that of course the Kremlin is having nothing to do with such nonsense. Why would a vengeful former world power that does this kind of thing all the time and is run by a KGB agent, do this kind of thing at *this* time, and I assure you I am no agent! I and my and my fallow detractors simply grow tired of such conspiracy theories, I ask them because they are sitting right next to me at the Internet Research Agency, a perfectly normal office building in St. Petersburg where 'journalists' such as myself and Mischa pass along the 'news' to your 'Democracy'.

I notice that you didn't check the date on the NYTimes story.

I don't necessarily agree with Obama's response (though, to be clear, it wasn't a non-response--he expelled 39 Russian diplomats and closed their compound, which he accused them of using as a base of operations for espionage), but the Obama administration has said publicly that their reasoning was, if they made statements about an ongoing attack which they were still trying to figure out, it would have been seen as an attempt to sway the outcome of the election. And they aren't wrong, it would have.

Since you seem like a reasonable person who's curious about the issue, I'd suggest reading my other post in this thread.

The Times article literally describes a real world hoax fabricated by Russia that you can look up and verify yourself on Wikipedia, in local news stories, wherever you'd like. It also has a sit down interview with a troll who worked in one of these buildings, outside of the building itself--followed by an interview with one of the 'editors' of the Kremlin's fake news outlets that employ these trolls. So let me say this, whether you're a troll yourself or a skeptic who's been duped, it doesn't matter--the truth is the truth.