Especially when statistics are used like this. You pick several statistics, search for correlation and then "prove" that whatever was done was bad (or good). It does not work that way!
You migh answer some questions first, like how many women did carry a gun and how many rapes did it prevent, before and after. Same with assaults and robberies.
"I'm all for investigation into these technologies... but none of them are mature enough yet to be used in criminal investigations responsibly."
Are you claiming that police cannot use those responsibly? Why not? If they know the technolgy is 99% effective they can question most if not all, but detain only those whose questioning and/or other evidence gives reason for that.
Even with 99.9% detaining and humiliating them would be a horrible thing to do, kids in prison for no reason...
This reminds me of the two unknowns: how can a black hole be created if the matter falling to it can never get there? The another one is of course: how can gravitons escape event horizon and attract anything?
I think good theorists can answer both - I cannot either.
You seem to forget how secure boot works: it checks the signature of the boot image (OS loaders & drivers). I propose protecting the boot image and how it is found, by listing the important LBAs or partitions (i.e. the places where the OS loaders and drivers reside and how they are read during boot).
The firmware does not access a "file" as it does not undestand the file system you use. So you do not need to protect "a file", you can protect whatever the firmware loads, no matter if it is MBC, MBR, GPT, secondary GPT also, or even a list of (thousands of) LBAs - if you really want.
Are you still claiming this cannot be done? Why not?
The problem is that there is no advantage to anyone to have "secure boot".
The "secure boot" does not prevent viruses from writing to the (pre)bootloader, it just notices if it has happened. Then the "notification" or "failure mode" is DoS, your computer won't boot. I'd rather boot with a virus than not boot.
How about a better solution, something that *prevents* viruses from writing over the prebootloader? Something which will not brick your computer at an important meeting?
Solution: There is an unclearable security bit in the disk controller which prevents writing to sector 0. The (pre)bootloader would set the bit in the boot, unless the boot is from USB (or a key was pressed), thus allowing OS installers to write the sector 0. All the advantages of "secure boot" and none of the disadvantages.
1. What does it secure against? Viruses in (pre)bootloader, nothing else. 2. How does it secure? By DoS (disabling the boot).
1. Hugely better way would be the disk controller to disable writing to the first sector of any drive. 2. That would prevent viruses from writing into the disk in the first place.
This would work as follows: the (pre)bootloader would set an uncleareble security bit in the disk controller which prevents writing to the sector 0. If the boot is from USB (or a key was pressed, etc.) then it would not set the bit, thus allowing OS installers to write the sector 0.
Two or three, or seven, computers do not help if there is a SW bug. And don't give me "separate teams making different SW" bullshit, it has been proven that they all make the same mistakes.
Formal proving? It is neither necessary and the assumptions the proof takes are usually far too lenient.
The web browser, while complex, should not be designed so that every line of code is potential security breach - so big a hole that just looking at a textual input will give attacker whole access to your computer. Are you really claiming that using proper runtimes (managed, "jail", unprivileged,...), proper compartment (only minor amount of code can have security effect, ect.) a safe browser cannot be done relatively easily? It might require twice the effort to write, but then it would require half the effort to keep up.
You will never secure a computer as long as you use C/C++ - that I agree.
What they did wrong with Java, I don't know, have not been following. It must have been huge architectural and desing and programming culture flaw.
From the other side: houses are still being build lousily because the builders don't give a damn. Sam applies for software. I have never seen a single piece of code that has been well written. Well, perhaps one or two exceptions in the millions of software packages there are.
A decent architecture, whether SW or a building, can make a huge difference. Now code is written so that in practice every line in the whole browser or Java or any other runtime is potential security hole. It shouldn't be that way. There should be insulation+moisture barrier / firewall-kinda-IF to the Internet.
There is something fundamentally flawed with Java - it has all the required systems in it to make it safe - but it apparently is completely opposite. I have no clue where they (designers and programmers of the crap) went wrong.
Same with the Mozilla - it once claimed to be safer than IE because it uses C++ Strings. That was a revelation to me, I realised it isn't a bit safer - as can be seen right now.
Check Olkiluoto 3. The delays are not due to "abuse of legal system" nor due to "leadership vacuum" - unless you consider Areva as not having enough leadership.
My boss, ages ago, told me that he lost time doing university. I didn't.
Only years later I understood what he meant. It really does not matter if you got a degree if you have a remotest sense of decency (the list you mention). University degree is neither needed or quarantees that.
200 resumes... that would take me less than a day. Screening question - sorry no, that most likely is insinuating, deprivating and can be answered dishonestly. Why should I bother?
If you want to know can I program I can show it: gimme a problem!
Who cares. CIA #1 or #2 priority is spying for USA companies - I ain't american. China has it maybe #3. Russia, I wouldnt' know but probably top ten. Which one should I fear more?. Oh, about North Korea... hahahaha, you've got to be kidding!
Since I moved to another port I have had exactly zero attempts. Would a hole be found from openssh, I'd be much less likely to be succesfully attacked than with port 22.
How? What the UEFI does to "secure my PC"? I claim the positive effect is infinitesimal and hugely shadowed by negative effects.
What UEFI secures is the pre-booloader. Nothing more, it has nothing to do with bootloader, kernel, drivers, system programs or set-up data, user programs or user data. The likely palce for trojan is perhaps the system programs and their settings - as long as a trojan can change your sshd_config you really do not care whether pre-bootloader is OK or not. The number of security exploits released weekly is astounding, there is no lack of them so there will be trojans and viruses, etc. and the UEFI does nothing to prevent those. How does the UEFI "secure"? By causing total DoS - you cannot even boot your machine. I'd much rather boot with knowledge my machine is compromised than not boot at all. Most damning, the pre-bootloader sector could be secured by disk-controller "TPM" much better than with UEFI, e.g. with unclearable flag to prevent writing to sector 0.
So how does the UEAFI "go towards securing your PC"? It does not.
The most worrying thing is that now the banks make deals and pay fines so that the executives can walk away with their bonuses. Instead of going into jail as they should. This means this will happen again.
Are you really claiming there is no economic interest in the "alternatives"? They see an immense amount of subsidies to mitigate the "pain". That is why they are willing to delude themselves at believing GW is going to kill us all. Unless of course we pay the ransom... I mean subsidies to save the Earth as we know it.
This is why you never see a single advantage of the GW mentioned anywhere. Are you really claiming there is no advantages? Or that the advantages are so small as to be totally ignored?
Every single nature program on TV at least once claims some "huge problem" (coral dying, amount of rain increasing or decreasing, species die or spread[1],...) due to global warming. But this far the warming has been so small that is is hugely overwhelmed by random fluctuations so the *major* cause for the "huge problem" cannot be global warming - as of now. Still as a fact they say "due to GW huge problem". There likely are some problems *due to GW* in 100 years, but not today.
This kind of dishonesty must be stopped. It does a big disservice for you. For example I don't give a shit about GW as I am confident "cheaper to mitigate" actually means "more subsidies" to you, i.e. more taxes to me.
Besides, during my remaining life the GW won't have any effect on my daily life. None whatsoever.
[1] Somehow always those spreading are "harmfull" and those dying are "cute". Without a single exception (I know there are, but they are never mentioned).
Why is a web loaded javascript code allowed to fill the entire memory in the first place? Isn't it effectively a DoS, as the machine will swap for the next quite a few minutes?
Slashdot Mirror
AAARGH! Correlation is not causation!
Especially when statistics are used like this. You pick several statistics, search for correlation and then "prove" that whatever was done was bad (or good). It does not work that way!
You migh answer some questions first, like how many women did carry a gun and how many rapes did it prevent, before and after. Same with assaults and robberies.
"I'm all for investigation into these technologies... but none of them are mature enough yet to be used in criminal investigations responsibly."
Are you claiming that police cannot use those responsibly? Why not? If they know the technolgy is 99% effective they can question most if not all, but detain only those whose questioning and/or other evidence gives reason for that.
Even with 99.9% detaining and humiliating them would be a horrible thing to do, kids in prison for no reason ...
"But it is not a behavioral norm to attack our peers."
That is trivial to circumvent. Zimbardo, Millgram, The Third Wave, ...
This reminds me of the two unknowns: how can a black hole be created if the matter falling to it can never get there? The another one is of course: how can gravitons escape event horizon and attract anything?
I think good theorists can answer both - I cannot either.
007 destroyed his sanity.
Last I checked, the time will slow down so much that you'd never hit the black hole (event horizon), that is, before the universe will end.
But that was "sometime bronze age" so I might be wrong.
XFCE would be enhanced a lot if Compiz would work with it. Ubuntu 10.04 is much nicer looking than Xubuntu 12.04.
You seem to forget how secure boot works: it checks the signature of the boot image (OS loaders & drivers). I propose protecting the boot image and how it is found, by listing the important LBAs or partitions (i.e. the places where the OS loaders and drivers reside and how they are read during boot).
Besides, the EFI is overly complicated.
The firmware does not access a "file" as it does not undestand the file system you use. So you do not need to protect "a file", you can protect whatever the firmware loads, no matter if it is MBC, MBR, GPT, secondary GPT also, or even a list of (thousands of) LBAs - if you really want.
Are you still claiming this cannot be done? Why not?
Er ... why? Why cannot you write protect the MBR in GPT/UEFI disks?
The problem is that there is no advantage to anyone to have "secure boot".
The "secure boot" does not prevent viruses from writing to the (pre)bootloader, it just notices if it has happened. Then the "notification" or "failure mode" is DoS, your computer won't boot. I'd rather boot with a virus than not boot.
How about a better solution, something that *prevents* viruses from writing over the prebootloader? Something which will not brick your computer at an important meeting?
Solution: There is an unclearable security bit in the disk controller which prevents writing to sector 0. The (pre)bootloader would set the bit in the boot, unless the boot is from USB (or a key was pressed), thus allowing OS installers to write the sector 0. All the advantages of "secure boot" and none of the disadvantages.
There is NO security in "secure boot"
1. What does it secure against? Viruses in (pre)bootloader, nothing else.
2. How does it secure? By DoS (disabling the boot).
1. Hugely better way would be the disk controller to disable writing to the first sector of any drive.
2. That would prevent viruses from writing into the disk in the first place.
This would work as follows: the (pre)bootloader would set an uncleareble security bit in the disk controller which prevents writing to the sector 0. If the boot is from USB (or a key was pressed, etc.) then it would not set the bit, thus allowing OS installers to write the sector 0.
I disagree with you whemently.
Two or three, or seven, computers do not help if there is a SW bug. And don't give me "separate teams making different SW" bullshit, it has been proven that they all make the same mistakes.
Formal proving? It is neither necessary and the assumptions the proof takes are usually far too lenient.
The web browser, while complex, should not be designed so that every line of code is potential security breach - so big a hole that just looking at a textual input will give attacker whole access to your computer. Are you really claiming that using proper runtimes (managed, "jail", unprivileged, ...), proper compartment (only minor amount of code can have security effect, ect.) a safe browser cannot be done relatively easily? It might require twice the effort to write, but then it would require half the effort to keep up.
You will never secure a computer as long as you use C/C++ - that I agree.
What they did wrong with Java, I don't know, have not been following. It must have been huge architectural and desing and programming culture flaw.
From the other side: houses are still being build lousily because the builders don't give a damn. Sam applies for software. I have never seen a single piece of code that has been well written. Well, perhaps one or two exceptions in the millions of software packages there are.
A decent architecture, whether SW or a building, can make a huge difference. Now code is written so that in practice every line in the whole browser or Java or any other runtime is potential security hole. It shouldn't be that way. There should be insulation+moisture barrier / firewall-kinda-IF to the Internet.
There is something fundamentally flawed with Java - it has all the required systems in it to make it safe - but it apparently is completely opposite. I have no clue where they (designers and programmers of the crap) went wrong.
Same with the Mozilla - it once claimed to be safer than IE because it uses C++ Strings. That was a revelation to me, I realised it isn't a bit safer - as can be seen right now.
Check Olkiluoto 3. The delays are not due to "abuse of legal system" nor due to "leadership vacuum" - unless you consider Areva as not having enough leadership.
My boss, ages ago, told me that he lost time doing university. I didn't.
Only years later I understood what he meant. It really does not matter if you got a degree if you have a remotest sense of decency (the list you mention). University degree is neither needed or quarantees that.
Yes, he is smarter than me.
200 resumes ... that would take me less than a day.
Screening question - sorry no, that most likely is insinuating, deprivating and can be answered dishonestly. Why should I bother?
If you want to know can I program I can show it: gimme a problem!
Who cares. CIA #1 or #2 priority is spying for USA companies - I ain't american. China has it maybe #3. Russia, I wouldnt' know but probably top ten. Which one should I fear more?. ... hahahaha, you've got to be kidding!
Oh, about North Korea
It is for security.
Since I moved to another port I have had exactly zero attempts.
Would a hole be found from openssh, I'd be much less likely to be succesfully attacked than with port 22.
So it does improve my security.
"UEFI goes some way towards securing your PC."
How? What the UEFI does to "secure my PC"? I claim the positive effect is infinitesimal and hugely shadowed by negative effects.
What UEFI secures is the pre-booloader. Nothing more, it has nothing to do with bootloader, kernel, drivers, system programs or set-up data, user programs or user data. The likely palce for trojan is perhaps the system programs and their settings - as long as a trojan can change your sshd_config you really do not care whether pre-bootloader is OK or not.
The number of security exploits released weekly is astounding, there is no lack of them so there will be trojans and viruses, etc. and the UEFI does nothing to prevent those.
How does the UEFI "secure"? By causing total DoS - you cannot even boot your machine. I'd much rather boot with knowledge my machine is compromised than not boot at all. Most damning, the pre-bootloader sector could be secured by disk-controller "TPM" much better than with UEFI, e.g. with unclearable flag to prevent writing to sector 0.
So how does the UEAFI "go towards securing your PC"? It does not.
The most worrying thing is that now the banks make deals and pay fines so that the executives can walk away with their bonuses. Instead of going into jail as they should. This means this will happen again.
Take bribes? Collude with others for personal gain?
Yea, sure.
Are you really claiming there is no economic interest in the "alternatives"? They see an immense amount of subsidies to mitigate the "pain". That is why they are willing to delude themselves at believing GW is going to kill us all. Unless of course we pay the ransom ... I mean subsidies to save the Earth as we know it.
This is why you never see a single advantage of the GW mentioned anywhere. Are you really claiming there is no advantages? Or that the advantages are so small as to be totally ignored?
Every single nature program on TV at least once claims some "huge problem" (coral dying, amount of rain increasing or decreasing, species die or spread[1], ...) due to global warming. But this far the warming has been so small that is is hugely overwhelmed by random fluctuations so the *major* cause for the "huge problem" cannot be global warming - as of now. Still as a fact they say "due to GW huge problem". There likely are some problems *due to GW* in 100 years, but not today.
This kind of dishonesty must be stopped. It does a big disservice for you. For example I don't give a shit about GW as I am confident "cheaper to mitigate" actually means "more subsidies" to you, i.e. more taxes to me.
Besides, during my remaining life the GW won't have any effect on my daily life. None whatsoever.
[1] Somehow always those spreading are "harmfull" and those dying are "cute". Without a single exception (I know there are, but they are never mentioned).
Why is a web loaded javascript code allowed to fill the entire memory in the first place? Isn't it effectively a DoS, as the machine will swap for the next quite a few minutes?