The U.S. has plenty of taxes and stealth taxes (see "tobacco settlement") on cigarettes as well, it's just that if you actually get a smoking related illness, you're on your own even though in theory you already paid for it with your taxes.
See New York for attempted regulation of sugar minus actual healthcare being provided.
The correct way to protect the BIOS is a jumper that has to be set to enable writing/erasing the flash. End of story.
The old BIOS already managed to init the CPU, init the memory controller, init the memory, and provide enough setup of PCI devices to find the boot loader or jump to PXE.
I have actually written boot firmware. Most of those complex things beyond what I mentioned above are complex because they don't belong in the boot firmware at all.
Those functions (when wanted) should be provided by a bootloader like object that gets loaded by the BIOS. So far, the biggest use of secure boot seems to be making sure your computer doesn't do things you want it to if the *IAA don't want it to.
Meanwhile, other architectures don't use EFI and I see no signs that any want to, so that makes platform independant boot ROMS a bit pointless. If wanted, that could be bolted on as well.
Unfortunately, UEFI appears to be insecure by design. So, step one, shred UEFI and secure wipe it's source.
CoreBoot has a nice modern design that works. The only thing holding it back is lack of vendor support.
A minimalist extension of the old BIOS system to go to flat 32 bit mode ASAP, and load a bootloader the same way old BIOS does comes to mind. If necessary, expand the CMOS a bit, but under no circumstances allow it to contain code, just settings. And like the old BIOS, if the CMOS doesn't pass a checksum, write sane defaults to it. Writing to the flash should never be needed for normal operation, write should need to be enabled ONLY if a BIOS update is needed, and that should be a very rare event.
A wishlist item is that all of the "secret sauce" that requires vendor support and NDAs should be packed into one section and when it is complete, it should simply jump into a well known location to take care of loading the boot loader. Do NOT implement a memory allocator, filesystem, word processor or Eliza in BIOS. Rule 1, the system must operate normally if writing to flash is disabled.
As another (former) BIOS writer, why not pop it into flat-32 and go from there? Implementing a complex API complete with a file system seems a bit much for something that will run just long enough to call a boot loader.
IIRC, a number of BIOS do, in fact, go into flat-32 mode. The big catch to using C is not the size of the flash chip, it's the need to have space for the stack before you get memory up. That is handily solved by configuring the CPU to use it's cache as a temporary RAM long enough to get the actual RAM up.
CoreBOOT + SeaBIOS manage to be implemented mostly in C and work just fine. Most server boards still manage to implement "Legacy boot mode".
Because NEW is seen as a virtue in itself. Rather than just make a needed improvement to old, we throw away the years of debugging and testing and jump into making something NEW. Often the argument is that the NEW can be much simpler. Alas, then a zillion corner cases pop up that explain well why OLD was as complex as it was. But now we have NEW, so OLD must go!
So here we are with NEW and decades less debugging and testing behind it, no discernible benefit over OLD, and bugs are coming out of the wood work.
Don't get me wrong, new has it's place, just not in fundamental code that everything else depends on.
This. Unlike old BIOS that only needed a few bytes to maintain configuration (commonly battery backed CMOS, but eeprom could be used) the latest abomination from Intel needs a full fledged read/write flash file system. To make it worse, unlike old BIOS where clearing the CMOS would recover from any mis-configuration, some implementations of EFI can be bricked.
Now, from TFA, it turns out UEFI makes a dandy platform for persistent malware.
So, NOW can we go back to BIOS and just make it unstand GPTs?
And as the other AC points out, we'll be paying for them AND the useless wall if Trump gets his way. The cost of the illegals is irrelevant to this discussion because they will be here with or without the wall.
As for the drugs, those come in by submarine, tunnels, and catapult. The wall won't do much for any of those routes.
So, time for Trump to fulfill the whole promise and get Mexico to pay for it if he wants it so bad. Otherwise, if you want it so bad, pony up.
It's time for the government to start issuing electronic money. Right now, the option is legal tender and corporate scrip that more or less freely exchanges with dollars (subject to fees and conditions).
Even most Libertarians agree that issuing currency is the government's job.
Cash is a great way to manage things like shopping or "little extras" when that pile of cash is gone, you're done shopping. If your resolve may weaken, leave the card at home or locked up in the car so going over will be a pain in the ass.
But what's really happening is congrespeople not wanting to flush 5 billion dollars down the toilet on a plan that only works in the imagination of a small child.
Send me $200,000 and I will visualize a safe border every day for the next 5 years. You want a safe border, don't you? $200,000 is quite a bargain compared to $5 billion!
Related, they didn't bother to pre-arrange for emergency backup generators with compatible hookups and didn't have anyone available who could work around that. On the greed side, they delayed using sea water to cool the reactors because they were still irrationally hoping they could get away from the problem cheap.
I'm not sure TMI should even be counted. It was scary, but in the end it didn't kill anyone or even release significant radiation. For that matter much of the panic was a result of the unfortunate timing with the release of "The China Syndrome" and the media being anxious to connect the two.
The idea is right though, it's a matter of where the cutoff might lay.
CEO says "we can only make 1 billion this year. The measures we could take to make 1.1 billion would be unethical and probably illegal". Major shareholders say "get us that 1.1 billion or we'll replace you with someone who will someone who will".. Why aren't those major shareholders on the hook when the company takes those questionable measures and people die?
Perhaps the punishment should be proportional. Let's say the corporation is found to have murdered 1000 people. At 50 years per murder, that's 50,000 years in prison. The guy who held 10/480,000,000 of the company gets 50,000years/48,000,000 = 9 hours in prison (so spends a Saturday picking up trash in an orange jumpsuit).
More realistically, the guy with 10 shares probably didn't get an invite to the annual meeting where the CEO was pressured to set ethics aside, so nothing happens to him.
Perhaps it is time to recognize that the liability that is limited is financial liability, not criminal.
An alternative would be a huge increase in the multiplier converting prison time to an equivalent financial penalty. Make the risk of total loss from holding stock in an unethical corporation way too high to be worthwhile.
So in that case, 1000 counts of murder equals the death penalty, so company gets parted out and if there's anything left after paying creditors, it goes to employees as extra severance.
In the case of mercury, we've exceeded it already. That's quite easy to do when something bioaccumulates up the food chain. There's a reason women who are or might be pregnant are advised to avoid tuna.
Ever heard the expression "don't shit where you eat"? Trump wants to take a big ol' dump on your plate.
So the lug nuts couldn't be removed due to the wrench not fitting. Obviously, we cannot just get the correct wrench, we will instead use our teeth in the future.
The investigation is a reactive measure. A proactive measure would be requiring CenturyLink to have and follow a procedure that would both provide adequate review and offer a rapid backout if this sort of crap happens.
Slashdot Mirror
The U.S. has plenty of taxes and stealth taxes (see "tobacco settlement") on cigarettes as well, it's just that if you actually get a smoking related illness, you're on your own even though in theory you already paid for it with your taxes.
See New York for attempted regulation of sugar minus actual healthcare being provided.
The correct way to protect the BIOS is a jumper that has to be set to enable writing/erasing the flash. End of story.
The old BIOS already managed to init the CPU, init the memory controller, init the memory, and provide enough setup of PCI devices to find the boot loader or jump to PXE.
I have actually written boot firmware. Most of those complex things beyond what I mentioned above are complex because they don't belong in the boot firmware at all.
understand
Seconding the other AC, the page comes up for me. I'm still on the mailing list and it looks to be quite active.
Those functions (when wanted) should be provided by a bootloader like object that gets loaded by the BIOS. So far, the biggest use of secure boot seems to be making sure your computer doesn't do things you want it to if the *IAA don't want it to.
Meanwhile, other architectures don't use EFI and I see no signs that any want to, so that makes platform independant boot ROMS a bit pointless. If wanted, that could be bolted on as well.
Unfortunately, UEFI appears to be insecure by design. So, step one, shred UEFI and secure wipe it's source.
CoreBoot has a nice modern design that works. The only thing holding it back is lack of vendor support.
A minimalist extension of the old BIOS system to go to flat 32 bit mode ASAP, and load a bootloader the same way old BIOS does comes to mind. If necessary, expand the CMOS a bit, but under no circumstances allow it to contain code, just settings. And like the old BIOS, if the CMOS doesn't pass a checksum, write sane defaults to it. Writing to the flash should never be needed for normal operation, write should need to be enabled ONLY if a BIOS update is needed, and that should be a very rare event.
A wishlist item is that all of the "secret sauce" that requires vendor support and NDAs should be packed into one section and when it is complete, it should simply jump into a well known location to take care of loading the boot loader. Do NOT implement a memory allocator, filesystem, word processor or Eliza in BIOS. Rule 1, the system must operate normally if writing to flash is disabled.
As another (former) BIOS writer, why not pop it into flat-32 and go from there? Implementing a complex API complete with a file system seems a bit much for something that will run just long enough to call a boot loader.
IIRC, a number of BIOS do, in fact, go into flat-32 mode. The big catch to using C is not the size of the flash chip, it's the need to have space for the stack before you get memory up. That is handily solved by configuring the CPU to use it's cache as a temporary RAM long enough to get the actual RAM up.
CoreBOOT + SeaBIOS manage to be implemented mostly in C and work just fine. Most server boards still manage to implement "Legacy boot mode".
Because NEW is seen as a virtue in itself. Rather than just make a needed improvement to old, we throw away the years of debugging and testing and jump into making something NEW. Often the argument is that the NEW can be much simpler. Alas, then a zillion corner cases pop up that explain well why OLD was as complex as it was. But now we have NEW, so OLD must go!
So here we are with NEW and decades less debugging and testing behind it, no discernible benefit over OLD, and bugs are coming out of the wood work.
Don't get me wrong, new has it's place, just not in fundamental code that everything else depends on.
This. Unlike old BIOS that only needed a few bytes to maintain configuration (commonly battery backed CMOS, but eeprom could be used) the latest abomination from Intel needs a full fledged read/write flash file system. To make it worse, unlike old BIOS where clearing the CMOS would recover from any mis-configuration, some implementations of EFI can be bricked.
Now, from TFA, it turns out UEFI makes a dandy platform for persistent malware.
So, NOW can we go back to BIOS and just make it unstand GPTs?
And as the other AC points out, we'll be paying for them AND the useless wall if Trump gets his way. The cost of the illegals is irrelevant to this discussion because they will be here with or without the wall.
As for the drugs, those come in by submarine, tunnels, and catapult. The wall won't do much for any of those routes.
So, time for Trump to fulfill the whole promise and get Mexico to pay for it if he wants it so bad. Otherwise, if you want it so bad, pony up.
Yeah, well us paying for it is still better than no wall.
Speak for yourself, or better yet, pony up on the gofundme and leave the rest of us out of it.
Also, we could easily make Mexico pay for it by not giving them anymore money.
Cool, so do that then and quit monkeywrenching.
The pile of cash is something you take out of the ATM on the way to shopping you intend to do anyway.
It seems to work for a lot of people, but everyone is different.
It's time for the government to start issuing electronic money. Right now, the option is legal tender and corporate scrip that more or less freely exchanges with dollars (subject to fees and conditions).
Even most Libertarians agree that issuing currency is the government's job.
Cash is a great way to manage things like shopping or "little extras" when that pile of cash is gone, you're done shopping. If your resolve may weaken, leave the card at home or locked up in the car so going over will be a pain in the ass.
But what's really happening is congrespeople not wanting to flush 5 billion dollars down the toilet on a plan that only works in the imagination of a small child.
Send me $200,000 and I will visualize a safe border every day for the next 5 years. You want a safe border, don't you? $200,000 is quite a bargain compared to $5 billion!
Related, they didn't bother to pre-arrange for emergency backup generators with compatible hookups and didn't have anyone available who could work around that. On the greed side, they delayed using sea water to cool the reactors because they were still irrationally hoping they could get away from the problem cheap.
I'm not sure TMI should even be counted. It was scary, but in the end it didn't kill anyone or even release significant radiation. For that matter much of the panic was a result of the unfortunate timing with the release of "The China Syndrome" and the media being anxious to connect the two.
The idea is right though, it's a matter of where the cutoff might lay.
CEO says "we can only make 1 billion this year. The measures we could take to make 1.1 billion would be unethical and probably illegal". Major shareholders say "get us that 1.1 billion or we'll replace you with someone who will someone who will".. Why aren't those major shareholders on the hook when the company takes those questionable measures and people die?
Perhaps the punishment should be proportional. Let's say the corporation is found to have murdered 1000 people. At 50 years per murder, that's 50,000 years in prison. The guy who held 10/480,000,000 of the company gets 50,000years/48,000,000 = 9 hours in prison (so spends a Saturday picking up trash in an orange jumpsuit).
More realistically, the guy with 10 shares probably didn't get an invite to the annual meeting where the CEO was pressured to set ethics aside, so nothing happens to him.
Perhaps it is time to recognize that the liability that is limited is financial liability, not criminal.
An alternative would be a huge increase in the multiplier converting prison time to an equivalent financial penalty. Make the risk of total loss from holding stock in an unethical corporation way too high to be worthwhile.
So in that case, 1000 counts of murder equals the death penalty, so company gets parted out and if there's anything left after paying creditors, it goes to employees as extra severance.
It's a requirement not removed by the license.
They still need to credit the original source.
In the case of mercury, we've exceeded it already. That's quite easy to do when something bioaccumulates up the food chain. There's a reason women who are or might be pregnant are advised to avoid tuna.
Ever heard the expression "don't shit where you eat"? Trump wants to take a big ol' dump on your plate.
This. A license allows you to use it, but it doesn't allow you to remove the creator's name from it.
So the lug nuts couldn't be removed due to the wrench not fitting. Obviously, we cannot just get the correct wrench, we will instead use our teeth in the future.
There are plenty of cases where regulations go too far, but that is not at all in evidence in TFA or in the situation it covers.
The investigation is a reactive measure. A proactive measure would be requiring CenturyLink to have and follow a procedure that would both provide adequate review and offer a rapid backout if this sort of crap happens.