NAT provides "security" because it is actually impossible to hack a computer behind a NATing router, without A) hacking into the router (in which case a firewall doesnt matter), or B) having the end user poke a hole / port forward through the NAT (which they could do with a firewall).
I suppose if you were MITMing the connection and could see what ports got opened for outbound connections, and you could spoof inbound traffic, you could perhaps exploit something-- but this will not affect the majority of users. In that sense it certainly DOES provide security, unless your ISP or someone similarly equipped is out to get you.
Except that you cant predict the future, so you dont know how many will be reported by the end of 2014. Extrapolation only works when you have a reason to justify it; neither you, nor the article does, and the original paper does not make that (dumb) extrapolation.
I can think of no technical reason that someone with access to dump the RAM would not get those registers; the RAM used in the CPU is much less volatile than normal DRAM (its called "static RAM" for a reason).
For example, lets say you manage to catch a VMWare vMotion. You have A) the RAM, B) the current CPU instructions, C) the CPU registers. Ditto with Fault Tolerance.
Lets say you ice the RAM and dump it. If you have access to do that, you could in theory do the same for the CPU; and since CPU memory decays like 1000x slower than DRAM, it would almost certainly be less corrupted than the RAM.
There WAS no 100% increase. The article misinterprets the graph, and the report that it references contradicts its analysis. IE rose from some ~130 vulns to some 140 vulns; thats not 100%, its like 5%.
Like Mugato, I feel like Im taking crazy pills here. Almost noone bothered to fact check the original report, but everyone has an opinion on it. Keep doing what you do, slashdot.
IE had fewer vulnerabilities last year than Chrome, or Firefox. This year it has more. Thats not a slam dunk, or an indication that IE is a dogs breakfast.
Ie has been substantially rewritten since the IE6 days, and is a sort-of-decent browser these days. These days its firefox thats the dogs breakfast; the only saving grace it has is its low userbase and its strong extension support that can plug some of the glaring holes (like its crappy 1-process architecture, its lack of sandboxing for anything, etc).
Firefox was "more vulnerable" in 2013, and actually for several years post IE9, I believe it was generally considered LESS secure than MSIE due to its lack of common protections (like reduced privlege, sandboxing, etc).
The real surprise here is that people on a tech site continue to use awful metrics for judging things ("works for me", "everyone else hates it, must be bad").
The summary is absolute garbage; it implies that the number of vulnerabilities is doubled (it isnt), that IE security is worse (but public exploits are reduced from last year, and mean time to patch is vastly reduced), and that its always been worse (last year, Chrome and Firefox had more exploits than IE).
Encrypted RAM would be utterly worthless. The encryption key would have to be in RAM or in the CPU registers, so a RAM dump would get the data either way.
SSD performance boosts are 95% due to the massively reduced seek times, which are on the order of 1000x faster than traditional platter latency. The throughput is higher too, but only on the order of 2x-3x.
Meanwhile, AES encryption is generally accelerated by AES-Ni so that a typical supporting processor can hit ~2000MB/s, which is easily 5x faster than your average SSD can output.
Linux is case sensitive, Windows is not, and you're using a third-party NTFS driver that may or may not contain bugs that allows it to write nonsense to disk.
Its not about being insensitive to them, any more than people are insensitive to the weather. At some point you realize that its a part of reality and its not going away. Nothing anyone can do short of a police state is going to stop people from being horrid on the internet for kicks.
Why do you feel you have to defend yourself against accusations like this? Have they been leveled at you?
Why do women assume that the comments they get need to be taken seriously? Why is one concern more valid than the other?
Because it's pretty easy to avoid being a condescending sexist asshole, when you stop behaving like every woman is put here for the sole purpose of your sexual gratification.
I dont view women that way either, but when someone posts a blog post saying that "Many men believe women have no worth in the games industry beyond appearance...", its pretty clear that thats meant to be aimed broadly at men. How am I supposed to respond to that?
If there is a problem with specific people, take it up with them. The complaint here seems to be "people on the internet are jerks". Congratulations on the detective work, let me know if you come up with a solution for it. Till then, please dont level accusations so broadly.
Melodramatic? Have you ever listened to the audio chats of FPS co-op games when women are playing with men? I've heard guys who threatened to hunt down their female opponents so they could rape them and murder them just because they got their ass handed to them in a game. That is not juvenile "boys will be boys" behavior.
Have you seen the average chat where girls ARENT present? People being obnoxious jerks is par for course-- to include rape threats on you, your mom, and your sister, requests that you Die In A Fire, threats to kill you in various ways, threats to DDOS you, etc.
If you're getting upset by that and thinking its about you or your gender-- its not, and you have the blinders on if you think its about sexism.
The first paragraph is written in a way that sounds like its disqus or reddit comments to that effect. And while its crude and mean, this is the internet, and if you learn nothing else from it its that you really need to not take it personally. People are jackasses on the internet, it has nothing to do with the world being sexist and everything to do with the general level of scumminess of your average anonymous troll.
Addendum-- its also worth noting that those tests from phoronix are done on linux using ntfs-3g, which (IIRC) is a third-party userland driver competing with native kernel-mode drivers, so its not even a fair comparison. Do a benchmark of NTFS on the latest NT OS, compare to ZFS or EXT4, and I think you'll see that its a wash.
Symbolic links are used, just not often-- theres rarely a need. I have myself used them, however. File locks are supported by many filesystems, and generally its not Windows doing the locking, its an application. Read speed-- even on Linux with ntfs-3g-- is apparently better than both ext3 and HFS+. Generally, as a journalled filesystem, NTFS isnt going to be quite as fast as unjournalled systems like ext2 and FAT32, but AFAIK its actually one of the faster filesystems out there: http://www.phoronix.com/scan.p... NTFS @ 127MB/s vs EXT3 @ 75 and EXT4 @ 130
It really sounds like you dont know what you're talking about (and Im not sure what you mean by "stat"). There are some things NTFS does well, some it does less well, but all around its a pretty decent filesystem, and if you think its horrendously slow you're doing something very wrong.
Sounds like you have an unreasonable axe to grind. Everything I've read indicates that Google and Microsoft programmers both tend to be highly skilled.
You're doing it wrong. Filesystems are largely invisible to userland applications. The only reason FAT32 would send a program for a loop is if the characteristics of FAT32 made it unsuitable for that use (ie, file name support).
Im pretty sure Microsoft can choose to hire or not hire whomever they wish. If they want to instruct HR not to hire former employees, thats their prerogative.
Yea, thats not what I said. My comment was apolitical; it was a comment on a poor line of reasoning. Any political angle you read into that is created wholly in your imagination.
You do realize that authorities have ALWAYS been able to "look in medicine cabinets and underwear drawers", if they had probable cause and were issued a warrant by the courts?
Yall need to go home, this isnt the "government overreach" story you're looking for.
Slashdot Mirror
NAT provides "security" because it is actually impossible to hack a computer behind a NATing router, without A) hacking into the router (in which case a firewall doesnt matter), or B) having the end user poke a hole / port forward through the NAT (which they could do with a firewall).
I suppose if you were MITMing the connection and could see what ports got opened for outbound connections, and you could spoof inbound traffic, you could perhaps exploit something-- but this will not affect the majority of users. In that sense it certainly DOES provide security, unless your ISP or someone similarly equipped is out to get you.
Except that you cant predict the future, so you dont know how many will be reported by the end of 2014. Extrapolation only works when you have a reason to justify it; neither you, nor the article does, and the original paper does not make that (dumb) extrapolation.
Its perhaps misleading to say that NAT is security, but it undoubtedly provides security.
I can think of no technical reason that someone with access to dump the RAM would not get those registers; the RAM used in the CPU is much less volatile than normal DRAM (its called "static RAM" for a reason).
For example, lets say you manage to catch a VMWare vMotion. You have A) the RAM, B) the current CPU instructions, C) the CPU registers. Ditto with Fault Tolerance.
Lets say you ice the RAM and dump it. If you have access to do that, you could in theory do the same for the CPU; and since CPU memory decays like 1000x slower than DRAM, it would almost certainly be less corrupted than the RAM.
There WAS no 100% increase. The article misinterprets the graph, and the report that it references contradicts its analysis. IE rose from some ~130 vulns to some 140 vulns; thats not 100%, its like 5%.
Like Mugato, I feel like Im taking crazy pills here. Almost noone bothered to fact check the original report, but everyone has an opinion on it. Keep doing what you do, slashdot.
IE had fewer vulnerabilities last year than Chrome, or Firefox. This year it has more. Thats not a slam dunk, or an indication that IE is a dogs breakfast.
Ie has been substantially rewritten since the IE6 days, and is a sort-of-decent browser these days. These days its firefox thats the dogs breakfast; the only saving grace it has is its low userbase and its strong extension support that can plug some of the glaring holes (like its crappy 1-process architecture, its lack of sandboxing for anything, etc).
Have you considered reading the article before criticizing someone else's analysis of it?
Apparently not.
Firefox was "more vulnerable" in 2013, and actually for several years post IE9, I believe it was generally considered LESS secure than MSIE due to its lack of common protections (like reduced privlege, sandboxing, etc).
The real surprise here is that people on a tech site continue to use awful metrics for judging things ("works for me", "everyone else hates it, must be bad").
Neither can IE. It has a ~5-10% increase.
The summary is absolute garbage; it implies that the number of vulnerabilities is doubled (it isnt), that IE security is worse (but public exploits are reduced from last year, and mean time to patch is vastly reduced), and that its always been worse (last year, Chrome and Firefox had more exploits than IE).
Unsurprisingly, everyone here took the bait.
Encrypted RAM would be utterly worthless. The encryption key would have to be in RAM or in the CPU registers, so a RAM dump would get the data either way.
Not really.
SSD performance boosts are 95% due to the massively reduced seek times, which are on the order of 1000x faster than traditional platter latency. The throughput is higher too, but only on the order of 2x-3x.
Meanwhile, AES encryption is generally accelerated by AES-Ni so that a typical supporting processor can hit ~2000MB/s, which is easily 5x faster than your average SSD can output.
Linux is case sensitive, Windows is not, and you're using a third-party NTFS driver that may or may not contain bugs that allows it to write nonsense to disk.
Its not about being insensitive to them, any more than people are insensitive to the weather. At some point you realize that its a part of reality and its not going away. Nothing anyone can do short of a police state is going to stop people from being horrid on the internet for kicks.
Why do you feel you have to defend yourself against accusations like this? Have they been leveled at you?
Why do women assume that the comments they get need to be taken seriously? Why is one concern more valid than the other?
Because it's pretty easy to avoid being a condescending sexist asshole, when you stop behaving like every woman is put here for the sole purpose of your sexual gratification.
I dont view women that way either, but when someone posts a blog post saying that "Many men believe women have no worth in the games industry beyond appearance...", its pretty clear that thats meant to be aimed broadly at men. How am I supposed to respond to that?
If there is a problem with specific people, take it up with them. The complaint here seems to be "people on the internet are jerks". Congratulations on the detective work, let me know if you come up with a solution for it. Till then, please dont level accusations so broadly.
Melodramatic? Have you ever listened to the audio chats of FPS co-op games when women are playing with men? I've heard guys who threatened to hunt down their female opponents so they could rape them and murder them just because they got their ass handed to them in a game. That is not juvenile "boys will be boys" behavior.
Have you seen the average chat where girls ARENT present? People being obnoxious jerks is par for course-- to include rape threats on you, your mom, and your sister, requests that you Die In A Fire, threats to kill you in various ways, threats to DDOS you, etc.
If you're getting upset by that and thinking its about you or your gender-- its not, and you have the blinders on if you think its about sexism.
The first paragraph is written in a way that sounds like its disqus or reddit comments to that effect. And while its crude and mean, this is the internet, and if you learn nothing else from it its that you really need to not take it personally. People are jackasses on the internet, it has nothing to do with the world being sexist and everything to do with the general level of scumminess of your average anonymous troll.
Addendum-- its also worth noting that those tests from phoronix are done on linux using ntfs-3g, which (IIRC) is a third-party userland driver competing with native kernel-mode drivers, so its not even a fair comparison. Do a benchmark of NTFS on the latest NT OS, compare to ZFS or EXT4, and I think you'll see that its a wash.
Symbolic links are used, just not often-- theres rarely a need. I have myself used them, however.
File locks are supported by many filesystems, and generally its not Windows doing the locking, its an application.
Read speed-- even on Linux with ntfs-3g-- is apparently better than both ext3 and HFS+. Generally, as a journalled filesystem, NTFS isnt going to be quite as fast as unjournalled systems like ext2 and FAT32, but AFAIK its actually one of the faster filesystems out there:
http://www.phoronix.com/scan.p...
NTFS @ 127MB/s vs EXT3 @ 75 and EXT4 @ 130
It really sounds like you dont know what you're talking about (and Im not sure what you mean by "stat"). There are some things NTFS does well, some it does less well, but all around its a pretty decent filesystem, and if you think its horrendously slow you're doing something very wrong.
It is the point. You are not entitled to employment by anyone. They dont need a contract to "not hire you".
Sounds like you have an unreasonable axe to grind. Everything I've read indicates that Google and Microsoft programmers both tend to be highly skilled.
You're doing it wrong. Filesystems are largely invisible to userland applications. The only reason FAT32 would send a program for a loop is if the characteristics of FAT32 made it unsuitable for that use (ie, file name support).
You'd probably get laid off again for calling Mr Nadella "Ballmer"-- sort of a big screw up when you get the CEO's name wrong.
Im pretty sure Microsoft can choose to hire or not hire whomever they wish. If they want to instruct HR not to hire former employees, thats their prerogative.
Yea, thats not what I said. My comment was apolitical; it was a comment on a poor line of reasoning. Any political angle you read into that is created wholly in your imagination.
You do realize that authorities have ALWAYS been able to "look in medicine cabinets and underwear drawers", if they had probable cause and were issued a warrant by the courts?
Yall need to go home, this isnt the "government overreach" story you're looking for.