Encryption is nothing new. All that's changed is that now ordinary people are using it too - not just people with something to hide. Odd that it's suddenly a problem - it's almost like the FBI has some ulterior motive.
* the local and state govts are allowed to kill the "papers please" acts - like RealID.
That example doesn't belong in your list. Preventing fraud and setting standards are both legitimate functions of government, if you're not an outright anarchist. We'd all be better off at this point with some national alternative to SS numbers for every company to use as their database key - something with at least some attempt at fraud prevention.
The weak-sauce of that attack is hilarious in hindsight, as prominent lefty after prominent lefty is denounced for one variety of sexual assault or another.
It looks like the text-only browsers have vanished, though I guess you can do like RMS and surf with wget and emacs. Links has very-little grafted-on crap, though.
Once a machine has a root kit installed , the game is lost. You can't remove rooted malware from the same machine. You might be able to clean the disk from a different machine, maybe, if it's low-rent malware. Of course, the Snowden leaks included NSA malware that lives in the BIOS of the drive, so it might just root the second system. Thanks NSA.
This is just not an attack-vector that computer architects are used to reasoning about.
That's security in a nutshell. But, really, CPU-behavior-related side-channel attacks are old hat. Any behavior in a core/thread that depends on the behavior of other cores/processes is the basis for some side-channel attack.
The current mental model of isolation is clearly just the wrong one from a security perspective. Architects need a much broader view here.
But who am I kidding, this is the company that added a whole extra OS worth of attack vector to their CPUs (a feature that very few customers were asking for, or even see positively).
I was on the standards committee for SCSI once upon a time, and we never had this problem. This is a recurring problem with W3C that other standards bodies usually avoid. It's worth noting that the HTML standards body isn't run in the normal way, under the umbrella of ANSI or ISO, which have stuff like mandatory training for people leading the many associated standards bodies, and specific requirements on running meetings, meeting minutes, patent disclosures, and so on.
The HTML standard comes off as trying to dictate the standard to the vendors, rather than documenting what the industry practice currently is, as most standards do.
Also worth noting: every technical standard is obsolete by the time it's officially adopted. It's normally the latest published draft standard that's the "real" standard (and for a long time the draft was freely available to all, while you had to pay a fee for the published one - one thing the W3C does better).
Oh, yes, it's the obvious gap between Rust Hype and Rust. My only point was that a language could actually be pretty safe, but then it wouldn't get wide adoption, and it still wouldn't be perfect.
You can fix this threat (Meltdown) for each specific OS, in the OS.
If the attacker has a root kit installed, he doesn't need this attack in the first place. If the attacker doesn't have root, the kernel can prevent this attack from gaining access to memory for other processes.
Sure it can, but you might not like it. If the static analysis doesn't find code that does the size check, the build fails. If it uses a file read API that doesn't accept a size bound, the build fails. You can do this for all the well-known vulnerabilities: if the tool can't prove the correct check exists, fail. It wouldn't be a fun environment to code in, but you could do it.
None of the means of production are owned by squirrels, as far as I know, all by people. Of course, concentration matters. The nice thing about Capitalism is that it's fully compatible with the means of production being owned very broadly by the people: it's just a matter of stock ownership. Before the '08 crash around 2/3s of Americans owned stock (directly or indirectly), which is a pretty good distance down that road.
But the Pareto Principle is going to happen with any economic system in which people are free to buy, sell, and work to the limits of their desire and ability. You expect 80% of the wealth to be concentrated in 20% of the people in a free system. The problem today is that wealth is even more concentrated than that.
There's already too much Chrome-specific stuff and the point is: it's growing. Sure, Chrome started as fully standards-based, but then so did IE in the (very) early days when it was the best browser around. Then the years went on, and the IE-specific stuff grew until we had the world of IE6.
Chrome is starting to look like it's on that trajectory. Sure, it's still mostly standards-based, but its trajectory is away from that, and in fact looks very much like the trajectory from IE3 to IE6.
It is verified "safe" by the compiler statically at compile time.
Static analysis is nice and all, but can only do so much. There are whole categories of problems that static analysis tools are blind to. For example: Spectre. Anything below the language layer, or any sufficiently clever runtime funny business won't be detected (Spectre is both).
As is SIP, it's just that somehow the app was marked as a system file (technically, installed to a system directory). That latter part is the problem: seems like a malware magnet. It makes sense for parts of the kernel, but for apps?
No sign in, no tracking, just pics and text about characters, weapons, levels, etc...now how EXACTLY is forcing all those sites to go to HTTPS gonna make my life any safer?
So you're researching weapons, eh? On the list with you!
Do you somehow not understand what HTTPS is? It in no way aids anyone in tracking you (and the days of it being expensive are long gone). It does make it cost-prohibitive for the government to track the contents of everyone's internet activity. It only people doing "interesting" things use encryption, well, on the list with them!
Until you speak out politically. Until you're photographed at a protest. Until you're a nuisance to those in power. Then you may find that you want the government to not have low-effort ways to attack you.
Remember, there's no telling what topics that are innocuous today will become reputation-wrecking or outright illegal in 20 or 40 years, and the government has a habit of keeping everything in case it might be useful one day.
Never assume that because the government has no interest in you today, that because you're not doing anything sketchy today that today's actions can't be used against you. And never assume that the government isn't recording everything.
Anyhow, https is nearly free - why shouldn't it be used everywhere all the time? Low cost for potentially massive benefit.
So, they were Germans alive in the late 30s or early 40s who participated in the political party? Actual Nazis? Seems unlikely.
Perhaps you meant "neo-Nazis" or "white supremacists" or some-such? Or perhaps you're the very problem at hand, and anyone who disagrees with you is a "literal Nazi"?
Rosenberg wasn't looking to be banned, he was looking for ways to automatically warn people
When you find yourself just making shit up that your hope might be true, it's best to just stop typing. Unless, of course, this is actually Rosenberg's/. account, you're just making assumptions that concur with your world view and then stating them as fact.
Neo-Nazis are a different thing than Nazis. Nazis killed 6-10 million of their own people. Some of them are still alive. Neo-Nazis chant slogans and generally make asses of themselves in public, but they are (thankfully) missing half the Nazi ideology that made it popular with mainstream Germany.
If you mean "Nazi" as something beyond "person I disagree with", the distinction is important.
You mean we do not need to clearly determine who is what and just act on a group in a group punishments sort of way? Wait have we not had that before?
Remember: whenever the Left start throwing "Nazi" around, they're trying to distract you from how bad Communism was. Sure, Hitler was remarkably evil, killing 6-10 million of his own people (whether he thought of them that way or not). Stalin killed 60 million. Mao killed 100 million. Hitler was 2nd tier.
Communism is objectively (measured by the number of citizens of its own nation an ideology killed) the most evil ideology in mankind's history. Yet Twitter cares not how often an account praises Communism and wished for it's return.
Arrogant twaddle. If you get a CS degree and can't code well, you've wasted quite a pile of money, and you certainly won't find a job related to your major.
Most students get a CS degree because they want a related job. A university that fails to deliver that is engaging in outright fraud.
They likely provided relevant industry experience. Coding at university is very different to doing it in a commercial environment.
We're talking about Ballmer and Zuckerberg here. Zuckerberg may have actually written some code while he was at university, but the closest Ballmer ever can to coding was throwing a chair at a developer. Neither has ever coded "in a commercial environment".
But then, no one goes to Harvard to learn to code; you go there to meet people like Ballmer and Zuckerberg. Harvard is about developing your social network, not any skills that might let you contribute to society.
There is no right to privacy in the Constitution. But there really needs to be, and not just in the bedroom. Good thing there is a means to amend the Constitution. I remember when we used to use that.
Classifying ISPs a Title II common carriers is just the wrong approach, IMO. Just make the last mile a public utility. Just do that - it's that simple. Then ISPs have no natural monopolies and the market will work just fine to sort out any nonsense.
Slashdot Mirror
Encryption is nothing new. All that's changed is that now ordinary people are using it too - not just people with something to hide. Odd that it's suddenly a problem - it's almost like the FBI has some ulterior motive.
* the local and state govts are allowed to kill the "papers please" acts - like RealID.
That example doesn't belong in your list. Preventing fraud and setting standards are both legitimate functions of government, if you're not an outright anarchist. We'd all be better off at this point with some national alternative to SS numbers for every company to use as their database key - something with at least some attempt at fraud prevention.
The weak-sauce of that attack is hilarious in hindsight, as prominent lefty after prominent lefty is denounced for one variety of sexual assault or another.
I'd almost rather surf in pure text mode.
It looks like the text-only browsers have vanished, though I guess you can do like RMS and surf with wget and emacs. Links has very-little grafted-on crap, though.
Once a machine has a root kit installed , the game is lost. You can't remove rooted malware from the same machine. You might be able to clean the disk from a different machine, maybe, if it's low-rent malware. Of course, the Snowden leaks included NSA malware that lives in the BIOS of the drive, so it might just root the second system. Thanks NSA.
This is just not an attack-vector that computer architects are used to reasoning about.
That's security in a nutshell. But, really, CPU-behavior-related side-channel attacks are old hat. Any behavior in a core/thread that depends on the behavior of other cores/processes is the basis for some side-channel attack.
The current mental model of isolation is clearly just the wrong one from a security perspective. Architects need a much broader view here.
But who am I kidding, this is the company that added a whole extra OS worth of attack vector to their CPUs (a feature that very few customers were asking for, or even see positively).
I was on the standards committee for SCSI once upon a time, and we never had this problem. This is a recurring problem with W3C that other standards bodies usually avoid. It's worth noting that the HTML standards body isn't run in the normal way, under the umbrella of ANSI or ISO, which have stuff like mandatory training for people leading the many associated standards bodies, and specific requirements on running meetings, meeting minutes, patent disclosures, and so on.
The HTML standard comes off as trying to dictate the standard to the vendors, rather than documenting what the industry practice currently is, as most standards do.
Also worth noting: every technical standard is obsolete by the time it's officially adopted. It's normally the latest published draft standard that's the "real" standard (and for a long time the draft was freely available to all, while you had to pay a fee for the published one - one thing the W3C does better).
Oh, yes, it's the obvious gap between Rust Hype and Rust. My only point was that a language could actually be pretty safe, but then it wouldn't get wide adoption, and it still wouldn't be perfect.
You can fix this threat (Meltdown) for each specific OS, in the OS.
If the attacker has a root kit installed, he doesn't need this attack in the first place. If the attacker doesn't have root, the kernel can prevent this attack from gaining access to memory for other processes.
Sure it can, but you might not like it. If the static analysis doesn't find code that does the size check, the build fails. If it uses a file read API that doesn't accept a size bound, the build fails. You can do this for all the well-known vulnerabilities: if the tool can't prove the correct check exists, fail. It wouldn't be a fun environment to code in, but you could do it.
None of the means of production are owned by squirrels, as far as I know, all by people. Of course, concentration matters. The nice thing about Capitalism is that it's fully compatible with the means of production being owned very broadly by the people: it's just a matter of stock ownership. Before the '08 crash around 2/3s of Americans owned stock (directly or indirectly), which is a pretty good distance down that road.
But the Pareto Principle is going to happen with any economic system in which people are free to buy, sell, and work to the limits of their desire and ability. You expect 80% of the wealth to be concentrated in 20% of the people in a free system. The problem today is that wealth is even more concentrated than that.
There's already too much Chrome-specific stuff and the point is: it's growing. Sure, Chrome started as fully standards-based, but then so did IE in the (very) early days when it was the best browser around. Then the years went on, and the IE-specific stuff grew until we had the world of IE6.
Chrome is starting to look like it's on that trajectory. Sure, it's still mostly standards-based, but its trajectory is away from that, and in fact looks very much like the trajectory from IE3 to IE6.
It is verified "safe" by the compiler statically at compile time.
Static analysis is nice and all, but can only do so much. There are whole categories of problems that static analysis tools are blind to. For example: Spectre. Anything below the language layer, or any sufficiently clever runtime funny business won't be detected (Spectre is both).
As is SIP, it's just that somehow the app was marked as a system file (technically, installed to a system directory). That latter part is the problem: seems like a malware magnet. It makes sense for parts of the kernel, but for apps?
No sign in, no tracking, just pics and text about characters, weapons, levels, etc...now how EXACTLY is forcing all those sites to go to HTTPS gonna make my life any safer?
So you're researching weapons, eh? On the list with you!
Do you somehow not understand what HTTPS is? It in no way aids anyone in tracking you (and the days of it being expensive are long gone). It does make it cost-prohibitive for the government to track the contents of everyone's internet activity. It only people doing "interesting" things use encryption, well, on the list with them!
Until you speak out politically. Until you're photographed at a protest. Until you're a nuisance to those in power. Then you may find that you want the government to not have low-effort ways to attack you.
Remember, there's no telling what topics that are innocuous today will become reputation-wrecking or outright illegal in 20 or 40 years, and the government has a habit of keeping everything in case it might be useful one day.
Never assume that because the government has no interest in you today, that because you're not doing anything sketchy today that today's actions can't be used against you. And never assume that the government isn't recording everything.
Anyhow, https is nearly free - why shouldn't it be used everywhere all the time? Low cost for potentially massive benefit.
seem to have been actual Nazis
So, they were Germans alive in the late 30s or early 40s who participated in the political party? Actual Nazis? Seems unlikely.
Perhaps you meant "neo-Nazis" or "white supremacists" or some-such? Or perhaps you're the very problem at hand, and anyone who disagrees with you is a "literal Nazi"?
Rosenberg wasn't looking to be banned, he was looking for ways to automatically warn people
When you find yourself just making shit up that your hope might be true, it's best to just stop typing. Unless, of course, this is actually Rosenberg's /. account, you're just making assumptions that concur with your world view and then stating them as fact.
Neo-Nazis are a different thing than Nazis. Nazis killed 6-10 million of their own people. Some of them are still alive. Neo-Nazis chant slogans and generally make asses of themselves in public, but they are (thankfully) missing half the Nazi ideology that made it popular with mainstream Germany.
If you mean "Nazi" as something beyond "person I disagree with", the distinction is important.
You mean we do not need to clearly determine who is what and just act on a group in a group punishments sort of way? Wait have we not had that before?
Remember: whenever the Left start throwing "Nazi" around, they're trying to distract you from how bad Communism was. Sure, Hitler was remarkably evil, killing 6-10 million of his own people (whether he thought of them that way or not). Stalin killed 60 million. Mao killed 100 million. Hitler was 2nd tier.
Communism is objectively (measured by the number of citizens of its own nation an ideology killed) the most evil ideology in mankind's history. Yet Twitter cares not how often an account praises Communism and wished for it's return.
If you think CS majors are programmers
Employed CS majors are programmers. I'm sure there are a few barristas as well, of course, though not so many as most degrees.
Arrogant twaddle. If you get a CS degree and can't code well, you've wasted quite a pile of money, and you certainly won't find a job related to your major.
Most students get a CS degree because they want a related job. A university that fails to deliver that is engaging in outright fraud.
They likely provided relevant industry experience. Coding at university is very different to doing it in a commercial environment.
We're talking about Ballmer and Zuckerberg here. Zuckerberg may have actually written some code while he was at university, but the closest Ballmer ever can to coding was throwing a chair at a developer. Neither has ever coded "in a commercial environment".
But then, no one goes to Harvard to learn to code; you go there to meet people like Ballmer and Zuckerberg. Harvard is about developing your social network, not any skills that might let you contribute to society.
There is no right to privacy in the Constitution. But there really needs to be, and not just in the bedroom. Good thing there is a means to amend the Constitution. I remember when we used to use that.
Classifying ISPs a Title II common carriers is just the wrong approach, IMO. Just make the last mile a public utility. Just do that - it's that simple. Then ISPs have no natural monopolies and the market will work just fine to sort out any nonsense.