A system built around certificate authorities is broken by design. Self-signed certs are much more secure than anything stamped by a CA. And can we start using client certs, please? I should be able to walk into my bank and hand them a unique cert that they attach to my account and use for verification. Additionally, I should be able to request a unique cert on their end that they use only for my account so I can do my own verification. Since this is all self-signed shit, it can be easily automated.
For revocation, all either party has to do is stop using/trusting the cert. No one can regenerate the bank's unique cert that I trust because there is no authority with that power. No one can regenerate mine. If the bank wants to issue a new cert, I have to go in and get the new cert and trust it. You can dumb down your trust if you want - the bank could mail you the cert, mail you a letter saying it's going to be changed, post the thumbprint of the cert on their site, to their support phone line, whatever. If I want to issue a new cert, I have to get them to trust me in a similar fashion.
Doing it this way is more work, but you have ACTUAL trust, negotiated equally by both parties. You can choose convenience over security if you want, but you're not subject to some government/CA MITMing everything on a whim.
PCIe-connected flash drives have been around in the PC space for years, and M.2 slots (which for high-end storage devices are nothing but connectors tied to X lanes of gen Y PCIe) have been increasing in popularity significantly over the past year.
M.2 slots and SSDs are now fairly common place in laptops.
For desktops, direct PCIe flash drives have been around for years. PCIe adapters also exist if you want to use an M.2 drive now and your motherboard doesn't have an M.2 slot. Newer desktop boards ship with SATA Express ports, and drives should show up this summer offering the speed benefits of M.2 (running off PCIe lanes) as well as the benefits of NVMe, along with the possibility of being thrown into RAID (depending on your controller, of course). Many newer boards also feature a M.2 slot if you hate cables or are very space constrained.
I'm referring to the privacy and security risks to the user, not the people in public places.
"IoT" devices like these have their own embedded radios and are full IP hosts, have far less user-facing control than webcams, mics, cell phones, are designed to be always-on, are designed around remote operation, and are under the ultimate control of the world's largest datamining corporation.
Google Glass and everything Nest are useless fucking trash. Even if they somehow becomes useful in the future, they'll never be worth the invasion of privacy and security risks. Take your "IoT" and show up back up your own fucking asses.
Typically the power button automatically locks the phone, making it trivial to lock the phone in a hurry.
The whole fucking point of this feature is to "lock" the phone but not really lock it until the gyros determine the phone has been set down. Letting the phone time or hitting the power button will "soft lock" the phone. You won't need a pin/face/password to wake it up until the gyros determine the phone has been set down.
The Radeon HD 4890 launched early 2009, not in 2011 as you claim. Further, if an OS that comes later doesn't support older hardware, I'm going to blame the OS, not the hardware or its drivers. That's what everyone did during the XP->Vista transition, right?
Free speech. If the indirect consequences matter, then we should be holding charlie hebdo responsible for getting several people killed.
You cannot have it both ways.
There's a difference between speech and the consequences of it, idiot. There's no having it both ways here. Someone who swats someone is free to do so, and is free to do so until they die. They have an inalienable right to that speech. They do not have a free pass when someone is shot, when the cops decide to send him a bill for all the wasted time, when someone else couldn't get help because the cops were at the swatting victim's house, etc.
Not letting them on the road seems a little extreme but do they have to have a brand new car? What happened to having a beater to putt around in for the first few years?
What does it matter to you? Sure I drove a beater like most of us but if a parent puts their kid in a new(er) car, there is nothing fundamentally wrong with that unless the kid develops an entitlement complex from it. If the money isn't an issue to them it really shouldn't matter to us either.
Getting a shiny new car for your first car is typically a symptom of being a spoiled brat. (And yes, if the parents can afford a shiny new car to give their kid as their first car, they're likely very well off and thus the kid is likely a spoiled brat.) Spoiled brats don't have to deal with consequences. Spoiled brats will drive like assholes. A shiny new car enforces this mentality, and it encourages driving with friends and doing stupid shit.
They got greedy, and the spineless, scrupleless generation of "parents" caved.
Billy gets an F in 6th grade English and still gets a new XBOX with the latest Call of Duty. Tammy gets knocked up at 14 and still gets a new iPhone with the latest apps. Chris is caught using drugs behind the school and still gets a new car that the parents can't really afford.
Because then you'll have shithead 20somethings on the road instead, with no parental supervision whatsoever.
The only way to learn to drive is to drive.
The difference is teens are much more shithead-like than 20-somethings (not that I haven't noticed the increasing prevalence of 20-something shitheads), and teens are often not held responsible (legally or financially) for their actions (further enabling shithead behavior).
Hell, in Southern California we have kids who murder other kids and off themselves because the brand new BMW, large allowance, college tuition, and rent weren't enough.
Browsers happily execute what the page commands it to before considering what you the user commanded it to do. There are poorly-documented restrictions on things you can do during beforeunload or unload, all varying across browsers. I don't think you can alert(), you can return 'Some Shit' but it always displays a stock message ("Do you want to leave this page?"), IE will block window.open calls, etc. There's still plenty of room for you to fuck the user's experience over, however.
Eventually the browser's long-running script timer will grant you, the pitiful user, the option to fucking do what you want.
They can revoke it all they want, but they can't get devices to accept the revocation without an update mechanism. If an update mechanism is in place for any particular device, it can be used by the end user just as it can be by MS, once any obscurity is peeled away. Of course, any such update mechanism isn't going to function for shit if you've replaced Windows 10 with Linux unless you've a got a full, independent stack backed into the EFI capable of going over the internets, fetching a revocation list, and updating itself without any user interaction.
Slashdot is bloated shit. It's nowhere near as bloated and shitty as many other major sites, but it's bloated fucking shit. The fact that it tracks every fucking pixel you click on or drag across, or phones home when you try to close a tab is fucking absurd. The fact that browsers ALLOW this behavior is utter horseshit.
Go ahead, watch the bottom of the page when you close a Slashdot tab. When Slashdot is slow (and it often is) you'll see the "Working" indicator with the shitty little spinny wheel before your browser actually complies and closes the tab.
The cert is as secure as the cryptography and implementation.
The trust is up to you, not some web of "authorities".
If you can't establish trust in a secure manner, then you cannot trust them.
Welcome to actual security.
We should. We won't.
A system built around certificate authorities is broken by design. Self-signed certs are much more secure than anything stamped by a CA.
And can we start using client certs, please? I should be able to walk into my bank and hand them a unique cert that they attach to my account and use for verification. Additionally, I should be able to request a unique cert on their end that they use only for my account so I can do my own verification.
Since this is all self-signed shit, it can be easily automated.
For revocation, all either party has to do is stop using/trusting the cert. No one can regenerate the bank's unique cert that I trust because there is no authority with that power. No one can regenerate mine. If the bank wants to issue a new cert, I have to go in and get the new cert and trust it. You can dumb down your trust if you want - the bank could mail you the cert, mail you a letter saying it's going to be changed, post the thumbprint of the cert on their site, to their support phone line, whatever. If I want to issue a new cert, I have to get them to trust me in a similar fashion.
Doing it this way is more work, but you have ACTUAL trust, negotiated equally by both parties. You can choose convenience over security if you want, but you're not subject to some government/CA MITMing everything on a whim.
PCIe-connected flash drives have been around in the PC space for years, and M.2 slots (which for high-end storage devices are nothing but connectors tied to X lanes of gen Y PCIe) have been increasing in popularity significantly over the past year.
Pretty much.
M.2 slots and SSDs are now fairly common place in laptops.
For desktops, direct PCIe flash drives have been around for years. PCIe adapters also exist if you want to use an M.2 drive now and your motherboard doesn't have an M.2 slot. Newer desktop boards ship with SATA Express ports, and drives should show up this summer offering the speed benefits of M.2 (running off PCIe lanes) as well as the benefits of NVMe, along with the possibility of being thrown into RAID (depending on your controller, of course). Many newer boards also feature a M.2 slot if you hate cables or are very space constrained.
I'm referring to the privacy and security risks to the user, not the people in public places.
"IoT" devices like these have their own embedded radios and are full IP hosts, have far less user-facing control than webcams, mics, cell phones, are designed to be always-on, are designed around remote operation, and are under the ultimate control of the world's largest datamining corporation.
Google Glass and everything Nest are useless fucking trash. Even if they somehow becomes useful in the future, they'll never be worth the invasion of privacy and security risks.
Take your "IoT" and show up back up your own fucking asses.
Typically the power button automatically locks the phone, making it trivial to lock the phone in a hurry.
The whole fucking point of this feature is to "lock" the phone but not really lock it until the gyros determine the phone has been set down.
Letting the phone time or hitting the power button will "soft lock" the phone. You won't need a pin/face/password to wake it up until the gyros determine the phone has been set down.
99% of all Google Authenticator use is via the app on the fucking phone.
The Radeon HD 4890 launched early 2009, not in 2011 as you claim.
Further, if an OS that comes later doesn't support older hardware, I'm going to blame the OS, not the hardware or its drivers. That's what everyone did during the XP->Vista transition, right?
Free speech. If the indirect consequences matter, then we should be holding charlie hebdo responsible for getting several people killed.
You cannot have it both ways.
There's a difference between speech and the consequences of it, idiot.
There's no having it both ways here. Someone who swats someone is free to do so, and is free to do so until they die. They have an inalienable right to that speech. They do not have a free pass when someone is shot, when the cops decide to send him a bill for all the wasted time, when someone else couldn't get help because the cops were at the swatting victim's house, etc.
Knock on the door like a normal human being?
If you don't trust your kids, don't lend them your car.
Trust, but verify. :-)
"Trust but verify" is a joke. If you feel the need to verify, then you don't trust.
Not letting them on the road seems a little extreme but do they have to have a brand new car? What happened to having a beater to putt around in for the first few years?
What does it matter to you? Sure I drove a beater like most of us but if a parent puts their kid in a new(er) car, there is nothing fundamentally wrong with that unless the kid develops an entitlement complex from it. If the money isn't an issue to them it really shouldn't matter to us either.
Getting a shiny new car for your first car is typically a symptom of being a spoiled brat.
(And yes, if the parents can afford a shiny new car to give their kid as their first car, they're likely very well off and thus the kid is likely a spoiled brat.)
Spoiled brats don't have to deal with consequences. Spoiled brats will drive like assholes. A shiny new car enforces this mentality, and it encourages driving with friends and doing stupid shit.
Have you ever even met a teenager?
They got greedy, and the spineless, scrupleless generation of "parents" caved.
Billy gets an F in 6th grade English and still gets a new XBOX with the latest Call of Duty.
Tammy gets knocked up at 14 and still gets a new iPhone with the latest apps.
Chris is caught using drugs behind the school and still gets a new car that the parents can't really afford.
Because then you'll have shithead 20somethings on the road instead, with no parental supervision whatsoever.
The only way to learn to drive is to drive.
The difference is teens are much more shithead-like than 20-somethings (not that I haven't noticed the increasing prevalence of 20-something shitheads), and teens are often not held responsible (legally or financially) for their actions (further enabling shithead behavior).
Hell, in Southern California we have kids who murder other kids and off themselves because the brand new BMW, large allowance, college tuition, and rent weren't enough.
Not letting your shithead teens on the fucking road in the first place?
window.onbeforeunload = function(){while(1);}
Throw that on a page, close the tab, and lol.
Browsers happily execute what the page commands it to before considering what you the user commanded it to do. There are poorly-documented restrictions on things you can do during beforeunload or unload, all varying across browsers. I don't think you can alert(), you can return 'Some Shit' but it always displays a stock message ("Do you want to leave this page?"), IE will block window.open calls, etc. There's still plenty of room for you to fuck the user's experience over, however.
Eventually the browser's long-running script timer will grant you, the pitiful user, the option to fucking do what you want.
They can revoke it all they want, but they can't get devices to accept the revocation without an update mechanism. If an update mechanism is in place for any particular device, it can be used by the end user just as it can be by MS, once any obscurity is peeled away. Of course, any such update mechanism isn't going to function for shit if you've replaced Windows 10 with Linux unless you've a got a full, independent stack backed into the EFI capable of going over the internets, fetching a revocation list, and updating itself without any user interaction.
Slashdot is bloated shit. It's nowhere near as bloated and shitty as many other major sites, but it's bloated fucking shit.
The fact that it tracks every fucking pixel you click on or drag across, or phones home when you try to close a tab is fucking absurd. The fact that browsers ALLOW this behavior is utter horseshit.
Go ahead, watch the bottom of the page when you close a Slashdot tab. When Slashdot is slow (and it often is) you'll see the "Working" indicator with the shitty little spinny wheel before your browser actually complies and closes the tab.
I speak for many here on Slashdot by saying GET THE FUCK OUT. Nobody wants to see your incessant stalking and bitchfest.
I speak for myself and I love seeing idiots like you and dave420 call out APK only to get totally destroyed.
Nice try, dipshit. Facebook users are not a protected class.
There have also been cases of paint being green.
The ESRB is not a regulatory agency. Regardless, video games represent speech and are thus not to be regulated in such a way.