Each and every time I referred to a Spectre-based attack via Javascript I very intentionally used past tense or qualified what I said to make it clear I was talking about what had been possible or what could potentially be possible with any systems that hadn’t yet been updated. I never once suggested it was still exploitable via Javascript in any current browser, nor was that something I was ever arguing about with you. My use of present tense was limited to other exploits.
Hopefully that alone clears up a lot of our seeming disagreements.
As for banking, you’ll recall that you brought it up as part of an assertion that certain tasks are unsuitable for smartphones. While you’re correct that the hypothetical scenario involving Javascript that I laid out to illustrate potential problems is not a concern today (not that I ever suggested otherwise, again), you conveniently failed to address any of the actual ongoing concerns I specifically raised in response to your assertion, namely hijacked extensions, a lack of scrutiny for installed apps, and an app’s ability to have essentially unfettered access to your system, all of which remain points of concern for your laptop that (likely) don’t apply to your smartphone.
Perhaps you intended to confine your assertion to the sorts of exploits we were already discussing, but the way it was phrased that didn’t seem to be your intent. It seemed as if you were speaking in broad generalities about the relative security of laptops and smartphones.
And you go right back into these nonsense assertions about being able to read computer memory through a web site, it is a bunch of "blah blah blah" that doesn't even convince me you know what a website is. You say things like, "Without proper mitigations" and then list things that there were mitigations to protect against back in Netscrape Navigator.
A) Did you miss that I linked to sample code already? Yes, it was literally possible for the JavaScript on a site to read the contents of your memory by utilizing Spectre (which was mentioned by name earlier in this thread). I’m genuinely befuddled at how someone here doesn’t already understand that and, upon seeing the code I linked, immediately recognize that code as an implementation of such an exploit.
B) No, these mitigation’s didn’t exist until recently in browsers. Why would they? Protecting system memory hasn’t been their job. Up to now, all they’ve really needed to worry about was protecting sites from each other.
C) Yes, this is Slashdot, and I should hope that people understand the words I’m using. Likewise, the nature of these exploits have already been explained to death here so I assumed that you were already familiar with them, hence why I didn’t spell things out clearly. Sadly, it seems you’re not as familiar with them as I should hope. If you’d like me to clear up anything, I’d be happy to do so, but I suspect you’ve already made up your mind about anything I’m saying...
With the possible exceptions of dealing with clients, firing employees, and accusing people of crimes, the cumulative number of exclamation points you should ever use in your business e-mails is exactly 0.
For social e-mails, the appropriate number of exclamation points is also 0. If you're the sort of person who gets excited when you see a video of a cat falling off a countertop and feel compelled to use an exclamation point, your feelings have misled you. Resist the urge to use one. If you find you are having to use more than one exclamation point to convey the immensity of your enthusiasm when you discover that the cat is named Mr. Wiggles and that there's a second video where he's wearing a silly hat, that's a problem of your own creation. First, stop using so many exclamation points and people will come to stop expecting them, making it all the more emphatic when you deign to use even a single one. Second, stop watching those videos. Life is too short to waste it like that.
If you have a private key to load, and you're allowed to do that from javascript, you can just do it directly, there is no need to play games with this. Also, is it true that these services give you some sort of enhanced access where you'd be able to do something special by using your own key from a device that had already logged in with a user account? Wouldn't the key need to be the right key anyways? And if you have my key to load into memory, why would you also need to run the code on my mobile device?
I think something got lost in translation, because from what I can tell, very little of this relates back to anything I was talking about.
[...] and you're allowed to do that from javascript
I wrongly assumed that it would be clear we weren't talking about Javascript once I switched to discussing AWS and other hosted systems. What language you use actually doesn't matter, so long as you're able to run code on someone else's susceptible system with some guarantees regarding timing. Javascript can be used against everyday users via their browser, but with a shared system, you generally have much more direct control. And the sidechannel attack on a shared system wouldn't be directed at other users. Rather, you'd use a sidechannel attack against the host system to gain the host's keys, and then would use those keys to elevate your access in such a way that it would affect other users. Is that clearer?
If you have a private key to load, [...] you can just do it directly, there is no need to play games with this.
Again, I think there was some confusion here, though perhaps you may be thinking of private API tokens? Users wouldn't have anything analogous to the sorts of keys I'm talking about. What I'm talking about are capturing and using the host's private encryption keys (i.e. the keys used to establish encrypted communication, among other things). To get them, you might run a process that monitors memory on the host machine (via one of these sidechannel exploits) while initiating a secure connection to that same host from another machine. As the host loads its private key into memory in order to decrypt the handshake you sent from the other machine, your process on their machine would log the host's memory and hopefully capture their private key, thereby allowing you to potentially do any number of things you shouldn't be able to do. For instance, you may be able to forge app signatures and then push your own software updates to their machines, allowing you to escape your sandbox on their system. Or you may be able to act as a MITM with the full ability to decrypt traffic of other users, as well as any encrypted-at-rest data that might be on the system. And the list goes on, none of which would be possible if you simply provided a private key you already owned.
That said, I wouldn't install an app onto a mobile device that was capable of doing something to harm me [...] get a laptop, or any other portable device that runs a full OS if you have those responsibilities!
Whether we're talking about a laptop or a mobile device doesn't matter, so long as the conditions I mentioned earlier are met. Without proper mitigations, it would be possible for any site you visit on your laptop (or mobile device) to grab the contents of your memory as you you log into your bank in a different tab/window/browser/app, allowing that site to capture the shared encryption key and session ID you're using with that connection, thus enabling them to pose as you from another computer and empty your account. They could do that without even chaining together exploits to escalate their permissions on your system. Likewise, without proper mitigations the same could potentially be done by any app on your mobile device, regardless of how benign it might look. Or what about browser extensions that the bad guys buy from good people? It's already a common practice. You may have bee
Point of order: Americans don't use Imperial units and never have. The American colonies broke away prior to the switch to Imperial units, so we derived our United States Customary units from the then-in-use English units. Several decades later (in the 1820s) the Brits overhauled their own units, resulting in the creation of Imperial units. As such, both US Customary and Imperial units share a common heritage in English units, but neither is based on the other.
Because they share that common heritage, there are a number of similarities, but there are also a few significant differences. For instance, "tons" are confusingly dissimilar, since Americans generally only talk about a "ton" (i.e. 2000 pounds), whereas the British would refer to 2000 pounds as a "short ton" because they also have a "long ton" (i.e. 2240 pounds, a.k.a. an "Imperial ton" in the US, which I've never actually heard used in practice). Likewise, some other units of weight can have different meanings, such as a "hundredweight", which is defined as 100 pounds in the US but 112 pounds in Britain. Perhaps more importantly, 1 Imperial pint is roughly equal to 1.2 US pints, with quarts, gallons, and other units of liquid measure being affected similarly.
As to your question, 46 US House votes is roughly equal to 2.4 pennies dropping as someone takes the piss, if I did my math/maths correctly.
Unless you can show an exploit that involves a browser visiting a malicious URL in a real-world scenario, I think this is a lot of smoke.
A number of proofs of concept were published that demonstrated how the exploits could be abused using Javascript. For instance, here's a simple example that could be used to provide a script with access to the contents of your memory if your browser/system/chip hasn't been updated to prevent such an attack. This may not impact everyday users much, but if you're on a known, shared system (e.g. AWS, Azure, WordPress, Squarespace, etc.) it becomes far easier to abuse, since you could do something like, say, initiate a request that would load a private key into memory, use a sidechannel attack of these sorts to log the memory out to file, and then suddenly have the keys to the kingdom, which very much so would affect everyday users at that point.
Rowhammer is less directly useful, but it can be used to get a foot in the door. All you need is for the right bits in a page table to flip in just the right way one time to be able to gain complete control of an application with root access. Sure, it's more likely to crash the device than grant you control, but Android users represent a large enough collective target that there'd be plenty of successful exploits accomplished across the user base, and for the remainder of the users it would constitute a major annoyance and frustration as their memory routinely became corrupted, resulting in reboots.
Exactly. A blogger I follow has a kid with a dairy allergy. When he was four, they took him to the doctor's office to do a controlled test to gauge the severity of the allergy. The doctor started with a single teaspoon of milk. After swallowing it, the kid apparently had time to say, "Mommy, I feel weird", before immediately passing out and going into anaphylactic shock. To say the least, he has a severe allergy.
As I said in my original post, I don't appreciate people who make my wife's life difficult by falsely claiming allergies, and having heard stories like that blogger's, the last thing I or my wife want to do is make the lives of anyone with allergies any harder. While we appreciate the concern that those wait staff are demonstrating when they react so strongly, if there is any confusion whatsoever we do our best to clarify that she has an intolerance, NOT an allergy, and to explain what that means, that way we don't leave anyone with the false impression that people with allergies can actually have a little butter without issue.
For my wife, simply leaving the dairy out is more than enough. Even taking it off after the fact is just fine in most cases. All we need from them is an assurance that there isn't a hidden source of it somewhere, or else that they'll remember to leave it off. We have no need for them to jump through hoops or go to extreme measures, and we want to make sure they know that so that if a person with an actual allergy shows up, they'll understand the distinction.
But the truth is that tech jobs can be stressful too. I imagine people in blue collar jobs believe we are living high on the hog with not a care in the world, but it's not really that way.
I was pulling long hours one week to try and finish a software update in time. The deadline was fast approaching and the outlook was grim. As usual, the cleaning lady came by to collect the trash that evening and we got to chit-chatting like we usually did (I arrived late and stayed late back then, so my being there when she did her rounds was perfectly normal). Part way through the conversation she paused for a moment, then said something to the effect of, "You know, before I started working here I used to think that you guys all had it easy with your cushy jobs and nice offices. But then I see people here with the look that you have in your eyes right now and I realize I was wrong. It's just as tough. Different, but just as tough, if not tougher."
I think I mustered a tired "Thanks?" in response.
I don't make any claim to having it tougher than anyone else (I have a MASSIVE appreciation for manual workers, among many other fields, since I couldn't do that work), but the only people I find suggesting that tech work is easy are those who either aren't in the field and have no awareness of what it entails, or those who are a burden on everyone else around them in the field.
I hear you. While I'm fortunate enough not to have any dietary restrictions, I know what it feels like to have them assume things after someone else orders first. We found that places would often omit the dairy ingredient from both of our dishes, even though I said nothing on the topic when placing my order. They simply assumed that I didn't want cheese on my tacos or dressing on my salad because my wife asked them to leave it off hers. These days, she oftentimes makes a point of jestfully feigning envy at my ability to eat cheese/cream/etc. after I order something containing dairy, that way it's clearer to the staff that I'm fine having the food as it's typically prepared.
And yeah, on more than one occasion my wife has asked whether a particular dish contains dairy, been told that it does, explicitly ordered a different dish to avoid dairy, and then has the dish she ordered come out covered in a dairy ingredient that wasn't mentioned anywhere on the menu, exactly like what you're talking about. Almost without fail the wait staff have this moment of the lights coming on upstairs as they realize what happened, since it's almost always because they simply went through the motions without thinking, rather than because they were clueless.
You can't prevent lactose intolerance by drinking more milk -- if that worked then I wouldn't be lactose intolerant today. By the same token, you can't induce lactose intolerance by removing lactose.
So, yes and no. You're right that you can't prevent it by drinking milk, but drinking milk does indeed prevent one cause of it. Swap "lactose intolerance" for "malnutrition" or some other condition that can be caused by a deficiency. If I suggested that failing to eat regularly could result in malnutrition and you rebutted that you knew someone suffering from malnutrition despite them eating regularly, it'd be fallacious to conclude that I was wrong about a lack of eating causing malnutrition based on what you mentioned. Rather, we'd suggest that multiple causes may be possible (e.g. not eating the right things, not eating enough of them, other factors).
Which gets to the other cause you brought up:
It's normal for humans to lose it right around the beginning of adulthood, which is right about the time your girlfriend stopped being able to drink milk too.
I agree that age is a primary cause for lactose intolerance, but: A) She's my wife, not my girlfriend. B) You're a few decades off the mark. I have no idea where you got the incorrect notion that she was entering adulthood when it occurred.
Exactly this. They aren't withholding anything central to the game from players. They're simply charging for inessentials. The AC's take on the analogy is significantly more apt than the GP's.
Oh, the waitress was fine. I just thought it was funny that a waitress was clueless enough to not know there was cream in a dish with cream in the name, that's all. Plus, had they offered to make something specifically for my wife, she'd have turned them down anyway. She'd feel guilty eating something like that if she caused them an undue burden. In that particular situation, she resolved it by simply ordering a nice glass of port instead, which she enjoyed while I had dessert.
Good question. We haven’t checked explicitly for it, but from what I understand I don’t think that’s the problem. Lactaid milk works for her even though the pills didn’t, and she’ll still react to baked goods that contain enough (normal) milk, though she’s fine with any quantity of sheep and goat milk products.
A) It’s just my wife. Not me. I rather enjoy dairy.
B) She’s tried Lactaid pills on more than one occasion. At least so far, they haven’t worked for her for some reason. If you have any additional advice we might be able to try, I’m all ears. She’d love to be able to eat real pizza and ice cream again.
C) What ridiculous requests? I said that she asks if a dish contains milk or cream. That’s all I mentioned. What she usually does with that info is simply choose a different dish if necessary. Nothing more. If you think that’s ridiculous or “terrorizing” anyone...well, you’re wrong, plain and simple. The only request she might make is to ask if it’s easy to put the cheese/cream sauce/dressing on the side instead of on top, but she knows that it isn’t always easy (e.g. pre-made salads), so she’ll simply choose a different dish if it isn’t. She’s not one of those people who asks the wait staff to hand-pick shreds of cheese from pre-made salads or demands that the chef invent a dairy-free version of a dish that requires dairy.
We’re neither apologizing for you, nor do we have an issue with you making a choice to not consume dairy. That’s perfectly fine. And I’m fine with people being lactose intolerant too, regardless of the reason. What I have an issue with are people who claim to have a condition when they don’t, since it makes it harder for people with actual conditions to be taken seriously. If having issues with liars who make my wife’s life more difficult than it needs to be makes me an asshole, I’ll proudly wear that label.
While I agree that age can explain many issues, including some cases of food intolerance, I fail to see the relevance here. As I said, the one issue (a beef intolerance) went away as soon as she left the region, which would serve as a contraindication to age being the cause, and the other (a lactose intolerance) has a well-established cause that applied to her: she didn’t ingest lactose for several years.
Really, I’d suggest that your quote is a false truism. Rephrased, it’s saying nothing more than that if age might be the cause, we should assume that age is the cause, which is obviously false.
That fact that something can be explained by age doesn’t mean that it should be, particularly when there are applicable external factors that are known to cause that issue. If someone’s memory is going, age can certainly explain that problem, but if they’ve had a recent traumatic head wound that was immediately followed by the memory loss, maybe we might consider that external factors are at play? Likewise, when it’s well-established that a continual ingestion of lactose is necessary to maintain a lactose tolerance, and the person is known to have not ingested lactose for several years, perhaps we should assume that their lack of ingestion is most likely to have been responsible for the resulting intolerance, rather than jumping to the assumption that age is the cause merely because it might be?
My wife spent a few years working in Southeast Asia. While there she started having symptoms like what you'd expect with lactose intolerance, except that she had always been able to drink milk without issue. She tried cutting milk out, but the symptoms continued. After talking with a local doctor, she found out that there was something different about the way they raised cows there, that the symptoms she was experiencing were not uncommon among Westerners who moved to the region, and that the reason the symptoms were persisting was because they could be caused by any cow-based product, not just milk.
She had to cut out all beef, milk, and other cow-based products while she was there for a few years. By the time she got back to the West, she hadn't had cow's milk in over two years, so her body had lost the ability to process lactose entirely, leaving her well and truly lactose intolerant at that point. As for the issues with beef? So far as we know they disappeared as soon as she got back, though she was understandably gun shy about eating it for a few years. It wasn't until nearly a year into our marriage (three years after she had gotten back to the States) that I could convince her to even try beef again.
Anyway, it's interesting to see how different establishments respond when she mentions she's lactose intolerant. She'll usually try to avoid the topic by simply asking if a dish contains milk or cream, rather than trying to explain things. If they ask why and she has to say the words "lactose intolerance", half of them react as if she had said she could die at any moment, at which point she needs to clarify that, no, she doesn't have an allergy and they don't need to scrub the kitchen down. The other half reacts dismissively, at which point she rattles off this line about loving milk and cream even though they don't love her, which usually convinces the wait staff that she isn't one of those people falsely claiming an intolerance for ideological/nutritional reasons.
But, by far, my favorite reaction from a wait person was this time that we were ordering dessert at a decent restaurant and my wife asked if there were any desserts she'd be able to have, having mentioned earlier in the meal that she was lactose intolerant. After rattling off the list of desserts and acknowledging that each had cream, the waitress finished the list by saying, "I'll need to check on the creme brûlée, since I don't think it has cream in it." We didn't have the heart to tell her that it literally had "cream" in the name, and the waitress even asked "are you sure?" when we told her it definitely had cream in it.
While I agree you (i.e. I see value in copyrights existing, though I'll admit to not liking the direction things are going with effectively infinite terms), it's worth pointing out that there's a fundamental difference between the two situations: creating a copy of music doesn't affect whether the music is public or not, whereas creating a copy of Tesla's proprietary data affects whether that data is public. Put differently, when it comes to music, the genie is already out of the bottle; the data is already out there. Making one copy doesn't change anything fundamental to that truth. When it comes to Tesla's internal data, the genie was not out of the bottle, so exfiltrating a copy of that data changes the fundamental privacy of that data.
Again, I don't think that any of what I just said is a valid excuse for making illicit copies of media, but I can see how someone can (reasonably, though errantly) suggest that music piracy isn't a problem while still seeing the wrong in what happened here.
Except Apple is not 100% renewable. Purchasing renewable credits is not the same thing as being 100% renewable.
Actually, Apple doesn’t purchase renewable energy credits (REC). They specifically addressed that topic, in fact, when they announced that they had hit 100%. Good thinking, since Google and others are using that trick to claim 100%, but Apple isn’t one of them.
Apple didn’t just announce it. They completed the transition to 100% renewable energy earlier this year, and now they’re forcing their suppliers—Samsung included—to do the same as well as a condition for retaining their contracts with Apple.
Talk is cheap, literally. I hope Samsung does as they say they will, but they say a lot of things (like claiming innocence as yet another of their chiefs is indicted of bribing government officials), so I’ll wait for action before believing them.
So the US is in a first to file mode now and prior art doesn't mean a thing to invalidate a patent. Only a previous patent can.
Wow. You really need to read your own link, because that’s not at all what first-to-file means. From your linked article’s second paragraph:
[...] early disclosure under the FITF provisions is an absolute bar to later EPO patent.
Or, in English, an inventor who discloses their own invention before filing will never be able to patent that invention in Europe. Their own (non-patented) disclosure acts as prior art that invalidates the application.
First-to-file deals with who has the right to the patent, but most nations lack any form of grace period, so if the invention was already disclosed they will say that no one has the right, regardless of who did the disclosing and whether it was patented. Moreover, had you read your link, you’d have realized that the page spends quite a bit of time describing the distinctions between the first-inventor-to-file system that the US uses, which extends some grace to inventors who disclose their own inventions before filing, and the systems used in most of the rest of the world. Either way, however, filers aren’t protected from anyone else’s prior art.
Prior art can only invalidate a patent if said prior art was itself patented.
That’s patently (pun intended) false. Prior art, patented or not, can be used to invalidate a patent. You can’t patent an existing invention, regardless of if you’re the first to file. If nothing else, that should be patently obvious (pun oh-so-intended) on account of the filing’s failure to pass the “non-obvious” test. If someone else has already invented it, the idea is obvious at that point, particularly so if the inventor verifiably disclosed it to you prior to your filing.
They’re talking about the API that was used by device manufacturers back before standalone Facebook apps were available on different platforms. The user still had to sign in and grant access for the API to be useful. The summary sounds as if it was written by someone who had the idea of an API explained to them, didn’t really understand it, and so they tried to explain it in less technical terms by referring to it as a “data sharing agreement”, giving it a very different connotation.
Slashdot Mirror
Wait a sec. Let’s back up.
Each and every time I referred to a Spectre-based attack via Javascript I very intentionally used past tense or qualified what I said to make it clear I was talking about what had been possible or what could potentially be possible with any systems that hadn’t yet been updated. I never once suggested it was still exploitable via Javascript in any current browser, nor was that something I was ever arguing about with you. My use of present tense was limited to other exploits.
Hopefully that alone clears up a lot of our seeming disagreements.
As for banking, you’ll recall that you brought it up as part of an assertion that certain tasks are unsuitable for smartphones. While you’re correct that the hypothetical scenario involving Javascript that I laid out to illustrate potential problems is not a concern today (not that I ever suggested otherwise, again), you conveniently failed to address any of the actual ongoing concerns I specifically raised in response to your assertion, namely hijacked extensions, a lack of scrutiny for installed apps, and an app’s ability to have essentially unfettered access to your system, all of which remain points of concern for your laptop that (likely) don’t apply to your smartphone.
Perhaps you intended to confine your assertion to the sorts of exploits we were already discussing, but the way it was phrased that didn’t seem to be your intent. It seemed as if you were speaking in broad generalities about the relative security of laptops and smartphones.
And you go right back into these nonsense assertions about being able to read computer memory through a web site, it is a bunch of "blah blah blah" that doesn't even convince me you know what a website is. You say things like, "Without proper mitigations" and then list things that there were mitigations to protect against back in Netscrape Navigator.
A) Did you miss that I linked to sample code already? Yes, it was literally possible for the JavaScript on a site to read the contents of your memory by utilizing Spectre (which was mentioned by name earlier in this thread). I’m genuinely befuddled at how someone here doesn’t already understand that and, upon seeing the code I linked, immediately recognize that code as an implementation of such an exploit.
B) No, these mitigation’s didn’t exist until recently in browsers. Why would they? Protecting system memory hasn’t been their job. Up to now, all they’ve really needed to worry about was protecting sites from each other.
C) Yes, this is Slashdot, and I should hope that people understand the words I’m using. Likewise, the nature of these exploits have already been explained to death here so I assumed that you were already familiar with them, hence why I didn’t spell things out clearly. Sadly, it seems you’re not as familiar with them as I should hope. If you’d like me to clear up anything, I’d be happy to do so, but I suspect you’ve already made up your mind about anything I’m saying...
With the possible exceptions of dealing with clients, firing employees, and accusing people of crimes, the cumulative number of exclamation points you should ever use in your business e-mails is exactly 0.
For social e-mails, the appropriate number of exclamation points is also 0. If you're the sort of person who gets excited when you see a video of a cat falling off a countertop and feel compelled to use an exclamation point, your feelings have misled you. Resist the urge to use one. If you find you are having to use more than one exclamation point to convey the immensity of your enthusiasm when you discover that the cat is named Mr. Wiggles and that there's a second video where he's wearing a silly hat, that's a problem of your own creation. First, stop using so many exclamation points and people will come to stop expecting them, making it all the more emphatic when you deign to use even a single one. Second, stop watching those videos. Life is too short to waste it like that.
If you have a private key to load, and you're allowed to do that from javascript, you can just do it directly, there is no need to play games with this. Also, is it true that these services give you some sort of enhanced access where you'd be able to do something special by using your own key from a device that had already logged in with a user account? Wouldn't the key need to be the right key anyways? And if you have my key to load into memory, why would you also need to run the code on my mobile device?
I think something got lost in translation, because from what I can tell, very little of this relates back to anything I was talking about.
[...] and you're allowed to do that from javascript
I wrongly assumed that it would be clear we weren't talking about Javascript once I switched to discussing AWS and other hosted systems. What language you use actually doesn't matter, so long as you're able to run code on someone else's susceptible system with some guarantees regarding timing. Javascript can be used against everyday users via their browser, but with a shared system, you generally have much more direct control. And the sidechannel attack on a shared system wouldn't be directed at other users. Rather, you'd use a sidechannel attack against the host system to gain the host's keys, and then would use those keys to elevate your access in such a way that it would affect other users. Is that clearer?
If you have a private key to load, [...] you can just do it directly, there is no need to play games with this.
Again, I think there was some confusion here, though perhaps you may be thinking of private API tokens? Users wouldn't have anything analogous to the sorts of keys I'm talking about. What I'm talking about are capturing and using the host's private encryption keys (i.e. the keys used to establish encrypted communication, among other things). To get them, you might run a process that monitors memory on the host machine (via one of these sidechannel exploits) while initiating a secure connection to that same host from another machine. As the host loads its private key into memory in order to decrypt the handshake you sent from the other machine, your process on their machine would log the host's memory and hopefully capture their private key, thereby allowing you to potentially do any number of things you shouldn't be able to do. For instance, you may be able to forge app signatures and then push your own software updates to their machines, allowing you to escape your sandbox on their system. Or you may be able to act as a MITM with the full ability to decrypt traffic of other users, as well as any encrypted-at-rest data that might be on the system. And the list goes on, none of which would be possible if you simply provided a private key you already owned.
That said, I wouldn't install an app onto a mobile device that was capable of doing something to harm me [...] get a laptop, or any other portable device that runs a full OS if you have those responsibilities!
Whether we're talking about a laptop or a mobile device doesn't matter, so long as the conditions I mentioned earlier are met. Without proper mitigations, it would be possible for any site you visit on your laptop (or mobile device) to grab the contents of your memory as you you log into your bank in a different tab/window/browser/app, allowing that site to capture the shared encryption key and session ID you're using with that connection, thus enabling them to pose as you from another computer and empty your account. They could do that without even chaining together exploits to escalate their permissions on your system. Likewise, without proper mitigations the same could potentially be done by any app on your mobile device, regardless of how benign it might look. Or what about browser extensions that the bad guys buy from good people? It's already a common practice. You may have bee
Point of order: Americans don't use Imperial units and never have. The American colonies broke away prior to the switch to Imperial units, so we derived our United States Customary units from the then-in-use English units. Several decades later (in the 1820s) the Brits overhauled their own units, resulting in the creation of Imperial units. As such, both US Customary and Imperial units share a common heritage in English units, but neither is based on the other.
Because they share that common heritage, there are a number of similarities, but there are also a few significant differences. For instance, "tons" are confusingly dissimilar, since Americans generally only talk about a "ton" (i.e. 2000 pounds), whereas the British would refer to 2000 pounds as a "short ton" because they also have a "long ton" (i.e. 2240 pounds, a.k.a. an "Imperial ton" in the US, which I've never actually heard used in practice). Likewise, some other units of weight can have different meanings, such as a "hundredweight", which is defined as 100 pounds in the US but 112 pounds in Britain. Perhaps more importantly, 1 Imperial pint is roughly equal to 1.2 US pints, with quarts, gallons, and other units of liquid measure being affected similarly.
As to your question, 46 US House votes is roughly equal to 2.4 pennies dropping as someone takes the piss, if I did my math/maths correctly.
Unless you can show an exploit that involves a browser visiting a malicious URL in a real-world scenario, I think this is a lot of smoke.
A number of proofs of concept were published that demonstrated how the exploits could be abused using Javascript. For instance, here's a simple example that could be used to provide a script with access to the contents of your memory if your browser/system/chip hasn't been updated to prevent such an attack. This may not impact everyday users much, but if you're on a known, shared system (e.g. AWS, Azure, WordPress, Squarespace, etc.) it becomes far easier to abuse, since you could do something like, say, initiate a request that would load a private key into memory, use a sidechannel attack of these sorts to log the memory out to file, and then suddenly have the keys to the kingdom, which very much so would affect everyday users at that point.
Rowhammer is less directly useful, but it can be used to get a foot in the door. All you need is for the right bits in a page table to flip in just the right way one time to be able to gain complete control of an application with root access. Sure, it's more likely to crash the device than grant you control, but Android users represent a large enough collective target that there'd be plenty of successful exploits accomplished across the user base, and for the remainder of the users it would constitute a major annoyance and frustration as their memory routinely became corrupted, resulting in reboots.
Exactly. A blogger I follow has a kid with a dairy allergy. When he was four, they took him to the doctor's office to do a controlled test to gauge the severity of the allergy. The doctor started with a single teaspoon of milk. After swallowing it, the kid apparently had time to say, "Mommy, I feel weird", before immediately passing out and going into anaphylactic shock. To say the least, he has a severe allergy.
As I said in my original post, I don't appreciate people who make my wife's life difficult by falsely claiming allergies, and having heard stories like that blogger's, the last thing I or my wife want to do is make the lives of anyone with allergies any harder. While we appreciate the concern that those wait staff are demonstrating when they react so strongly, if there is any confusion whatsoever we do our best to clarify that she has an intolerance, NOT an allergy, and to explain what that means, that way we don't leave anyone with the false impression that people with allergies can actually have a little butter without issue.
For my wife, simply leaving the dairy out is more than enough. Even taking it off after the fact is just fine in most cases. All we need from them is an assurance that there isn't a hidden source of it somewhere, or else that they'll remember to leave it off. We have no need for them to jump through hoops or go to extreme measures, and we want to make sure they know that so that if a person with an actual allergy shows up, they'll understand the distinction.
But the truth is that tech jobs can be stressful too. I imagine people in blue collar jobs believe we are living high on the hog with not a care in the world, but it's not really that way.
I was pulling long hours one week to try and finish a software update in time. The deadline was fast approaching and the outlook was grim. As usual, the cleaning lady came by to collect the trash that evening and we got to chit-chatting like we usually did (I arrived late and stayed late back then, so my being there when she did her rounds was perfectly normal). Part way through the conversation she paused for a moment, then said something to the effect of, "You know, before I started working here I used to think that you guys all had it easy with your cushy jobs and nice offices. But then I see people here with the look that you have in your eyes right now and I realize I was wrong. It's just as tough. Different, but just as tough, if not tougher."
I think I mustered a tired "Thanks?" in response.
I don't make any claim to having it tougher than anyone else (I have a MASSIVE appreciation for manual workers, among many other fields, since I couldn't do that work), but the only people I find suggesting that tech work is easy are those who either aren't in the field and have no awareness of what it entails, or those who are a burden on everyone else around them in the field.
I hear you. While I'm fortunate enough not to have any dietary restrictions, I know what it feels like to have them assume things after someone else orders first. We found that places would often omit the dairy ingredient from both of our dishes, even though I said nothing on the topic when placing my order. They simply assumed that I didn't want cheese on my tacos or dressing on my salad because my wife asked them to leave it off hers. These days, she oftentimes makes a point of jestfully feigning envy at my ability to eat cheese/cream/etc. after I order something containing dairy, that way it's clearer to the staff that I'm fine having the food as it's typically prepared.
And yeah, on more than one occasion my wife has asked whether a particular dish contains dairy, been told that it does, explicitly ordered a different dish to avoid dairy, and then has the dish she ordered come out covered in a dairy ingredient that wasn't mentioned anywhere on the menu, exactly like what you're talking about. Almost without fail the wait staff have this moment of the lights coming on upstairs as they realize what happened, since it's almost always because they simply went through the motions without thinking, rather than because they were clueless.
You can't prevent lactose intolerance by drinking more milk -- if that worked then I wouldn't be lactose intolerant today. By the same token, you can't induce lactose intolerance by removing lactose.
So, yes and no. You're right that you can't prevent it by drinking milk, but drinking milk does indeed prevent one cause of it. Swap "lactose intolerance" for "malnutrition" or some other condition that can be caused by a deficiency. If I suggested that failing to eat regularly could result in malnutrition and you rebutted that you knew someone suffering from malnutrition despite them eating regularly, it'd be fallacious to conclude that I was wrong about a lack of eating causing malnutrition based on what you mentioned. Rather, we'd suggest that multiple causes may be possible (e.g. not eating the right things, not eating enough of them, other factors).
Which gets to the other cause you brought up:
It's normal for humans to lose it right around the beginning of adulthood, which is right about the time your girlfriend stopped being able to drink milk too.
I agree that age is a primary cause for lactose intolerance, but:
A) She's my wife, not my girlfriend.
B) You're a few decades off the mark. I have no idea where you got the incorrect notion that she was entering adulthood when it occurred.
Exactly this. They aren't withholding anything central to the game from players. They're simply charging for inessentials. The AC's take on the analogy is significantly more apt than the GP's.
Oh, the waitress was fine. I just thought it was funny that a waitress was clueless enough to not know there was cream in a dish with cream in the name, that's all. Plus, had they offered to make something specifically for my wife, she'd have turned them down anyway. She'd feel guilty eating something like that if she caused them an undue burden. In that particular situation, she resolved it by simply ordering a nice glass of port instead, which she enjoyed while I had dessert.
Good question. We haven’t checked explicitly for it, but from what I understand I don’t think that’s the problem. Lactaid milk works for her even though the pills didn’t, and she’ll still react to baked goods that contain enough (normal) milk, though she’s fine with any quantity of sheep and goat milk products.
A) It’s just my wife. Not me. I rather enjoy dairy.
B) She’s tried Lactaid pills on more than one occasion. At least so far, they haven’t worked for her for some reason. If you have any additional advice we might be able to try, I’m all ears. She’d love to be able to eat real pizza and ice cream again.
C) What ridiculous requests? I said that she asks if a dish contains milk or cream. That’s all I mentioned. What she usually does with that info is simply choose a different dish if necessary. Nothing more. If you think that’s ridiculous or “terrorizing” anyone...well, you’re wrong, plain and simple. The only request she might make is to ask if it’s easy to put the cheese/cream sauce/dressing on the side instead of on top, but she knows that it isn’t always easy (e.g. pre-made salads), so she’ll simply choose a different dish if it isn’t. She’s not one of those people who asks the wait staff to hand-pick shreds of cheese from pre-made salads or demands that the chef invent a dairy-free version of a dish that requires dairy.
We’re neither apologizing for you, nor do we have an issue with you making a choice to not consume dairy. That’s perfectly fine. And I’m fine with people being lactose intolerant too, regardless of the reason. What I have an issue with are people who claim to have a condition when they don’t, since it makes it harder for people with actual conditions to be taken seriously. If having issues with liars who make my wife’s life more difficult than it needs to be makes me an asshole, I’ll proudly wear that label.
While I agree that age can explain many issues, including some cases of food intolerance, I fail to see the relevance here. As I said, the one issue (a beef intolerance) went away as soon as she left the region, which would serve as a contraindication to age being the cause, and the other (a lactose intolerance) has a well-established cause that applied to her: she didn’t ingest lactose for several years.
Really, I’d suggest that your quote is a false truism. Rephrased, it’s saying nothing more than that if age might be the cause, we should assume that age is the cause, which is obviously false.
That fact that something can be explained by age doesn’t mean that it should be, particularly when there are applicable external factors that are known to cause that issue. If someone’s memory is going, age can certainly explain that problem, but if they’ve had a recent traumatic head wound that was immediately followed by the memory loss, maybe we might consider that external factors are at play? Likewise, when it’s well-established that a continual ingestion of lactose is necessary to maintain a lactose tolerance, and the person is known to have not ingested lactose for several years, perhaps we should assume that their lack of ingestion is most likely to have been responsible for the resulting intolerance, rather than jumping to the assumption that age is the cause merely because it might be?
My wife spent a few years working in Southeast Asia. While there she started having symptoms like what you'd expect with lactose intolerance, except that she had always been able to drink milk without issue. She tried cutting milk out, but the symptoms continued. After talking with a local doctor, she found out that there was something different about the way they raised cows there, that the symptoms she was experiencing were not uncommon among Westerners who moved to the region, and that the reason the symptoms were persisting was because they could be caused by any cow-based product, not just milk.
She had to cut out all beef, milk, and other cow-based products while she was there for a few years. By the time she got back to the West, she hadn't had cow's milk in over two years, so her body had lost the ability to process lactose entirely, leaving her well and truly lactose intolerant at that point. As for the issues with beef? So far as we know they disappeared as soon as she got back, though she was understandably gun shy about eating it for a few years. It wasn't until nearly a year into our marriage (three years after she had gotten back to the States) that I could convince her to even try beef again.
Anyway, it's interesting to see how different establishments respond when she mentions she's lactose intolerant. She'll usually try to avoid the topic by simply asking if a dish contains milk or cream, rather than trying to explain things. If they ask why and she has to say the words "lactose intolerance", half of them react as if she had said she could die at any moment, at which point she needs to clarify that, no, she doesn't have an allergy and they don't need to scrub the kitchen down. The other half reacts dismissively, at which point she rattles off this line about loving milk and cream even though they don't love her, which usually convinces the wait staff that she isn't one of those people falsely claiming an intolerance for ideological/nutritional reasons.
But, by far, my favorite reaction from a wait person was this time that we were ordering dessert at a decent restaurant and my wife asked if there were any desserts she'd be able to have, having mentioned earlier in the meal that she was lactose intolerant. After rattling off the list of desserts and acknowledging that each had cream, the waitress finished the list by saying, "I'll need to check on the creme brûlée, since I don't think it has cream in it." We didn't have the heart to tell her that it literally had "cream" in the name, and the waitress even asked "are you sure?" when we told her it definitely had cream in it.
Chili's = fake bland Tex-Mex food.
It’s fake Southwest food, not fake Tex-Mex. For fake Tex-Mex, try your nearest On The Border.
While I agree you (i.e. I see value in copyrights existing, though I'll admit to not liking the direction things are going with effectively infinite terms), it's worth pointing out that there's a fundamental difference between the two situations: creating a copy of music doesn't affect whether the music is public or not, whereas creating a copy of Tesla's proprietary data affects whether that data is public. Put differently, when it comes to music, the genie is already out of the bottle; the data is already out there. Making one copy doesn't change anything fundamental to that truth. When it comes to Tesla's internal data, the genie was not out of the bottle, so exfiltrating a copy of that data changes the fundamental privacy of that data.
Again, I don't think that any of what I just said is a valid excuse for making illicit copies of media, but I can see how someone can (reasonably, though errantly) suggest that music piracy isn't a problem while still seeing the wrong in what happened here.
Except Apple is not 100% renewable. Purchasing renewable credits is not the same thing as being 100% renewable.
Actually, Apple doesn’t purchase renewable energy credits (REC). They specifically addressed that topic, in fact, when they announced that they had hit 100%. Good thinking, since Google and others are using that trick to claim 100%, but Apple isn’t one of them.
Apple didn’t just announce it. They completed the transition to 100% renewable energy earlier this year, and now they’re forcing their suppliers—Samsung included—to do the same as well as a condition for retaining their contracts with Apple.
Talk is cheap, literally. I hope Samsung does as they say they will, but they say a lot of things (like claiming innocence as yet another of their chiefs is indicted of bribing government officials), so I’ll wait for action before believing them.
Ehh, I can't say that it sounds particularly interesting to me. The ability to look people up via whois kinda destroys any dramatic tension, ya know?
So the US is in a first to file mode now and prior art doesn't mean a thing to invalidate a patent. Only a previous patent can.
Wow. You really need to read your own link, because that’s not at all what first-to-file means. From your linked article’s second paragraph:
[...] early disclosure under the FITF provisions is an absolute bar to later EPO patent.
Or, in English, an inventor who discloses their own invention before filing will never be able to patent that invention in Europe. Their own (non-patented) disclosure acts as prior art that invalidates the application.
First-to-file deals with who has the right to the patent, but most nations lack any form of grace period, so if the invention was already disclosed they will say that no one has the right, regardless of who did the disclosing and whether it was patented. Moreover, had you read your link, you’d have realized that the page spends quite a bit of time describing the distinctions between the first-inventor-to-file system that the US uses, which extends some grace to inventors who disclose their own inventions before filing, and the systems used in most of the rest of the world. Either way, however, filers aren’t protected from anyone else’s prior art.
Prior art can only invalidate a patent if said prior art was itself patented.
That’s patently (pun intended) false. Prior art, patented or not, can be used to invalidate a patent. You can’t patent an existing invention, regardless of if you’re the first to file. If nothing else, that should be patently obvious (pun oh-so-intended) on account of the filing’s failure to pass the “non-obvious” test. If someone else has already invented it, the idea is obvious at that point, particularly so if the inventor verifiably disclosed it to you prior to your filing.
They’re talking about the API that was used by device manufacturers back before standalone Facebook apps were available on different platforms. The user still had to sign in and grant access for the API to be useful. The summary sounds as if it was written by someone who had the idea of an API explained to them, didn’t really understand it, and so they tried to explain it in less technical terms by referring to it as a “data sharing agreement”, giving it a very different connotation.