that was probably what they were trying to find......and of course, if it was good, probably leave it running for a few hours^H^H^H^Hdays^H^H^H^Hweeks^H^HOHHH.MY.WE.ARE.RICH^W^Cquit^Wabort^C^Ccccccc... (sh*t the police is here)
also, with the value always climbing, everyone wanted to keep the bitcoins for a few more weeks, so they value would increase... now they do not want to sell because they are probably losing money and spend it is still to expensive
"Because of the lack of intrinsic value, the currencies that don't survive will most likely trade to zero."
No shit Sherlock! If a currency have no intrinsic value, it is set to disappear... that applies to all currencies, not only to crypt-currency
and anyone could see that the crypt-currency high prices was a bubble, specially with the transactions costs and technical problems in bitcoins.. and like all bubbles, only the strongest/healthiest survive
So basically this is useless, he not say anything important or new... maybe it is just a warning for stupid bubble investors
true, but most of the info is mostly useless by itself, firefox only sends some selected info, when it wants and without other extra info (cookies and likes)... this is very far from tracking all requests, all with tracking cookies.
The 2 most problematic info is the email and the url in safebrowsing. The email, there is nothing to do, that is the way email work, every server that the mail uses can see your email and use it to do spam, even if illegal in many places. The url in safebrowsing, may be used to track that your ip access that url, but it not clear at all if it is always the same person, as it can be a gateway or dhcp from the isp can screw things for tracking... but that one you can disable if you feel it is still too much
You may thing that the "google ads id" is important, but too little and mostly useless info is send and google already knows that id is using firefox... unless you block all google servers and ads!
most people probably do not use any of the 10000 top sites, as that is just a small fraction of all the sites in the internet. Also, how to determine the 10000 top sites? check what IE reports? then it would probably not map what firefox users see, but what IE users see. That info does not show up by magic.
example: how many people use webm ? is it ok to support that, or is just trash being bundled in the browser? do they use the alternatives to it? or do not use anything? Is feature XYZ slowing down sites? or consuming more ram? have we more crashes since last release?
if you remove all this, you start developing blindly and then get users to complain that the browser is old, slow, eats too much ram or always crashing
The fact that mozilla tried to really list all the data that it takes and where to send it is good and your post looks like scary, but all of those items have a reasons:
> Google’s SafeBrowsing service duh! if you want to know if the site/file is in a blacklist, you do need to sent it to some place to be checked. It can be disabled, but of course most people want this enabled
>Location data to Google's geolocation service duh again, if you see a pop-up from firefox asking that the site wants to see your location, if you press "allow", your IP is sent to some place to map the IP to a location... you can press "not allow" and you will not share anything
>On iOS and Android: Firefox by default sends mobile campaign data to Adjust, our analytics vendor "Adjust" tracks firefox installs and usage platforms, so firefox can see what works and not works (tables vs cheap phones vs expensive phones, or country, or mobile OS preference)... it is not for tracking what people do online. Yes, that "Google advertising ID" is scary, but thats the way tracking in mobile works, specially if related with other marking campaigns... and this is for mozilla data analyzes, not to be shared to google. Think this as a newrelic, but instead of performance and errors, place mozilla campaign Id, so they know what campaign pays the most and where/in what devices
>On iOS and Android: Firefox by default sends data about what features you use in Firefox to Leanplum, our mobile marketing vendor,
"Leanplum" looks its like Adjust/Newrelic, but for the internal firefox features. probably tells how many people uses webgl, pocket, add-ons, movies, audio, so they can understand better how differently people uses the mobile vs the desktop... again, not for tracking you, but to track features usage or lack of usage
>Your email address is sent to our email vendor, SalesForce Marketing Cloud,
"SalesForce Marketing Cloud" is their email provider for the marketing and email announcements... so it basically sends email... and yes, any email server will see your email! most companies do not even list this in their "privacy policy"... because its is the way email works! If you disable email notifications, they probably do not even share your email with then.
All this telemetry is there to help mozilla develop the browser, not to track you. Without it, how they would know if people use many tabs or few tabs? if after releasing a new feature, the memory usage increased everywhere and that they should try to track some leak? if people still use flash and how important is is (ads or the full site in flash). All those "privacy problems" you listed are really needed
When one reads the privacy policy, ones needs to try to understand how and why it is used, not simply cry "wolf" and start spreading FUD
teach in several of then, then do the "exams" in one that they didn't used in the class... that is the best way to tell if someone learned to think instead of just memorizing buttons locations. yes, interfaces changes, the the concepts are always there, just learn how to search for the feature you need
It is exactly the same as problem solving, you should solve new problems in the exam, not exactly the same problems you have done in class
Notice that when the case started, Assange and the 2 girls did went to the police for questioning and the case was closed and he was clear to leave the country... some week later it was reopen and they tried to capture him instead of call him again to questioning. Even the girls where surprised about the case reopen. That was what trigger the alarm about something strange with the sudden case reopen
Actually in sweden sex without a condom without direct agreement between the two is "rape" and they all agree that there was no condom was used... even better, "rape" charged are public, even if the girls do not want to file charges, the police can still file the charge anyway... so the police used that as the rape charge. The girls clearly said several times it was not a rape (in the common meaning of the word), both agreed in the sex. what parts disagree is if they requested the condom used and Assange lied about using one or if they simply assumed what the other partner intentions where the ones they wanted (he may have think that no condom was fine, the girls thinking that he would of course use a condom). Even when the girls talk in public, there was really no much info on what happen... probably they were all drunks and they mix all the facts
I think if she really reported that she was raped, people would not support Assange, but all this "condom rape" charges and the pressure to take him to personally to "inquiry", not allowing video inquiry, makes everyone suspect the real motives.
Just ask only for everyone to dress exactly the same way, cut the air the same way and look as much as possible as him... then everyone goes to the Ecuador embassy and leave all at same time. Do this several times, but only once of then Assange MAY really leave the embassy
The police could not track so many people and after several attempts, they will give up or agree in a valid solution... or he MAY leave in one of the attempts
Better yet, ask everyone to use a burka, that will be easier to hide as everyone is the same, be either men, women, white, ginger, black, asian, etc... it may also requires women police (i do not really know how someone with burka is identified by a police)
the ubuntu based puppy are the 686, so pentium pro or pentium 2 the slackware based one, as its from 2015, it should still have the 486 support, so that should be the one...
the plain 386 support was removed from the kernel and glibc some years ago, IIRC, to a 486 SX should be the minimum
I had a 486 since 1993 that i kept upgrading as much as i could, using other people cheap parts, when everyone started to use pentiums
i finally upgraded to a amd 486-dx5@133MHz, with a vesa local bus card and performed similar to a pentium 75 (except in FPU, where the pentium was more powerfull). I then manage to grab some 8MB EDO SIMMS and upgraded to 16MB, one year later, to 32MB RAM. The MB only supported max of 16MB of ram and testing i found that with 16MB, the L2 cache helped a little, but with 32MB, it would only cache the first 16MB and then much slower to the second 16MB range. If i disable the L2, the first 16MB were just a little slower, but the remaining 16MB would be still the same speed... as the L2 gain was too small compared to the lost on the second 16MB range, i kept it disable. Then i manage to grab some SCSI HDs and CD-RW burner from a friend with a Macintosh and got myself a SCSI card and replaced the old IDE disks. I also overclocked the bus from 33MHz to 40MHz, that put the 486Dx5@160MHz, a performance similar to a pentium 100Mhz (again, minus the FPU). i could boot with a bus of 50MHz, having a 200MHz cpu, but the sound card and SCSI, using PCI, started to act weird (as it was way overclocked from the spec 33MHz), but if i used the IDE drivers and the vesa local bus graphic card, it was stable... as i wanted the sound and scsi card, i kept the bus to 40MHz and they worked fine.
I run slackware on that machine and kept upgrading the OS until about 2005, where i finally got a new opteron64. It was my main machine, i use fluxbox, claws-mail and mutt, lynx, dillo and only when really needed (as in the end took 2 minutes to startup), firefox. I compiled the latest kernel during the night and used it for everything, it was my server, my desktop, my learning machine... and of course, i also played some games... not windows games, but the linux ones, so most of they were light enough to run. that 486 did run windows 3.11 and even windows 95 for a few months, but then i switch 100% to linux.
12 years using the same machine... that is a long time, specially for a old machine as that... now its easier to run a 12 year old machine, they are way more powerful.
Slackware was one of the last distros capable of booting old CPUs and only in 2015 if was forced to drop support for those old CPUs, but it requires now still i586 or above, so still be able to boot old machines. Check the slackware changelog at that time:
# Some more notes, Mon Aug 3 19:49:51 UTC 2015: # # Changing to -march=i586 for 32-bit x86 as several things (Mesa being one of # them) no longer work if constrained to -march=i486. We're not going to use # -march=i686 since the only additional opcode is CMOV, which is actually less # efficient on modern CPUs running in 32-bit mode than the alternate i586 # instructions. No need to throw i586 CPUs under the bus (yet).
If you still pick up the last slackware capable of booting the 486 and then compile the kernel, you may still boot a recent kernel... and if you ignore mesa and some other programs, still be able to upgrade userspace too:)
RPI3 with kodi (OSMC) It is fast, cheap and very flexible. Kodi 18 will support netflix, but it not yet released... but should be near. Open, No lock-in, always being updated and improving
memory encryption is a protection against physical attacks, will not protect from any of this bugs. but yes, right now the best protection is to use a AMD cpu... AMD stock value is rising while intel stock value drops... and i bet that (finally) server and laptop builders will rush AMD based hardware
it was already a test case using javascript, so simply browsing the web with javascript is enough (to grab passwords or any other info in the browser) the meltdown bug allows any app read any memory range, so even "valid" apps may want to do dirt tricks (just think how many apps already tried to install adware, rootkits and steal info) you are not even safe in games, DRM people will love to find new ways to f*ck you machine
lastly, not all programs will lose performance, for a initial linux tests, games are little affected, as they talk little to the kernel after all the initial GPU initialization. Apps that talk a lot with the kernel or do heavy IO (disk and network) may be more affected
unless you have a good reason to bypass this fixes, it is recommended to install the fix
The KPTI is a security design that may help in other bugs... so he is sort of right, a way to turn it on could be useful and quicker if later a new bug is found, instead of waiting for a kernel patch... but of course, this was never implemented before because of the performance problem and complexity
Intel CPU hardware check if the code branch is invalid AFTER it is loaded to the cache. AMD CPU hardware check if the code branch is invalid BEFORE it gets loaded to the cache
you can not move a hardware part in software, AMD build it right, intel build it wrong and can't be fixed without replacing the hardware. The workaround requires that the cache is clear every time that the kernel switch to to userland, and without the cache you fix the problem, but also have to reload all the userland code from RAM... just to be throw away next time the app calls the kernel
actually the intel linux kernel developers are the ones that build most of the meltdown fix... and all other OS should having a similar fix and performance lost, so i assume that intel also helped in the other OS (windows, macos)
they probably tried several ways to workaround this and this 30% performance lost was the best one they could find and, of course, they want all the OS to implement the "best" fix as possible to avoid even bigger performance lost
The meltdown fix is basically removing the kernel address from the userspace and impose checks on what the userland is trying to access, so it can not even reference it. Also it will flush the cache on every switch from the kernel to userland and from the userland to the kernel (not sure about this one), so the cache is empty if someone tried to read any data from it. This will fix the meltdown problem, but impose a big performance lost...
sprectre fix is still unknown, but it probably should fix this method, but later someone find a alternative method of doing the same attack... that is why they say that it may haunt you again...
Slashdot Mirror
that was probably what they were trying to find ... ...and of course, if it was good, probably leave it running for a few hours^H^H^H^Hdays^H^H^H^Hweeks^H^HOHHH.MY.WE.ARE.RICH^W^Cquit^Wabort^C^Ccccccc... (sh*t the police is here)
THIS!!
also, with the value always climbing, everyone wanted to keep the bitcoins for a few more weeks, so they value would increase... now they do not want to sell because they are probably losing money and spend it is still to expensive
"Because of the lack of intrinsic value, the currencies that don't survive will most likely trade to zero."
No shit Sherlock! If a currency have no intrinsic value, it is set to disappear ... that applies to all currencies, not only to crypt-currency
and anyone could see that the crypt-currency high prices was a bubble, specially with the transactions costs and technical problems in bitcoins.. and like all bubbles, only the strongest/healthiest survive
So basically this is useless, he not say anything important or new ... maybe it is just a warning for stupid bubble investors
true, but most of the info is mostly useless by itself, firefox only sends some selected info, when it wants and without other extra info (cookies and likes)... this is very far from tracking all requests, all with tracking cookies.
The 2 most problematic info is the email and the url in safebrowsing. The email, there is nothing to do, that is the way email work, every server that the mail uses can see your email and use it to do spam, even if illegal in many places.
The url in safebrowsing, may be used to track that your ip access that url, but it not clear at all if it is always the same person, as it can be a gateway or dhcp from the isp can screw things for tracking... but that one you can disable if you feel it is still too much
You may thing that the "google ads id" is important, but too little and mostly useless info is send and google already knows that id is using firefox... unless you block all google servers and ads!
most people probably do not use any of the 10000 top sites, as that is just a small fraction of all the sites in the internet. Also, how to determine the 10000 top sites? check what IE reports? then it would probably not map what firefox users see, but what IE users see. That info does not show up by magic.
example: how many people use webm ? is it ok to support that, or is just trash being bundled in the browser? do they use the alternatives to it? or do not use anything? Is feature XYZ slowing down sites? or consuming more ram? have we more crashes since last release?
if you remove all this, you start developing blindly and then get users to complain that the browser is old, slow, eats too much ram or always crashing
many of the telemetry they got is in this site: https://telemetry.mozilla.org/ ... you can see it too!
The fact that mozilla tried to really list all the data that it takes and where to send it is good and your post looks like scary, but all of those items have a reasons:
> Google’s SafeBrowsing service
duh! if you want to know if the site/file is in a blacklist, you do need to sent it to some place to be checked. It can be disabled, but of course most people want this enabled
>Location data to Google's geolocation service
duh again, if you see a pop-up from firefox asking that the site wants to see your location, if you press "allow", your IP is sent to some place to map the IP to a location... you can press "not allow" and you will not share anything
>On iOS and Android: Firefox by default sends mobile campaign data to Adjust, our analytics vendor
"Adjust" tracks firefox installs and usage platforms, so firefox can see what works and not works (tables vs cheap phones vs expensive phones, or country, or mobile OS preference)... it is not for tracking what people do online.
Yes, that "Google advertising ID" is scary, but thats the way tracking in mobile works, specially if related with other marking campaigns... and this is for mozilla data analyzes, not to be shared to google. Think this as a newrelic, but instead of performance and errors, place mozilla campaign Id, so they know what campaign pays the most and where/in what devices
>On iOS and Android: Firefox by default sends data about what features you use in Firefox to Leanplum, our mobile marketing vendor, ... again, not for tracking you, but to track features usage or lack of usage
"Leanplum" looks its like Adjust/Newrelic, but for the internal firefox features. probably tells how many people uses webgl, pocket, add-ons, movies, audio, so they can understand better how differently people uses the mobile vs the desktop
>Your email address is sent to our email vendor, SalesForce Marketing Cloud,
"SalesForce Marketing Cloud" is their email provider for the marketing and email announcements... so it basically sends email... and yes, any email server will see your email! most companies do not even list this in their "privacy policy"... because its is the way email works! If you disable email notifications, they probably do not even share your email with then.
All this telemetry is there to help mozilla develop the browser, not to track you. Without it, how they would know if people use many tabs or few tabs? if after releasing a new feature, the memory usage increased everywhere and that they should try to track some leak? if people still use flash and how important is is (ads or the full site in flash). All those "privacy problems" you listed are really needed
When one reads the privacy policy, ones needs to try to understand how and why it is used, not simply cry "wolf" and start spreading FUD
teach in several of then, then do the "exams" in one that they didn't used in the class...
that is the best way to tell if someone learned to think instead of just memorizing buttons locations. yes, interfaces changes, the the concepts are always there, just learn how to search for the feature you need
It is exactly the same as problem solving, you should solve new problems in the exam, not exactly the same problems you have done in class
Actually f-droid improved a lot in the last years... no, it will not replace google store yet nor in anytime soon, but it is going in the good path
can it be possible that they are ...
https://imgflip.com/i/22zals">img src="https://i.imgflip.com/22zals.jpg
Notice that when the case started, Assange and the 2 girls did went to the police for questioning and the case was closed and he was clear to leave the country... some week later it was reopen and they tried to capture him instead of call him again to questioning. Even the girls where surprised about the case reopen. That was what trigger the alarm about something strange with the sudden case reopen
http://www.abc.net.au/news/201...
Actually in sweden sex without a condom without direct agreement between the two is "rape" and they all agree that there was no condom was used... even better, "rape" charged are public, even if the girls do not want to file charges, the police can still file the charge anyway... so the police used that as the rape charge. The girls clearly said several times it was not a rape (in the common meaning of the word), both agreed in the sex. what parts disagree is if they requested the condom used and Assange lied about using one or if they simply assumed what the other partner intentions where the ones they wanted (he may have think that no condom was fine, the girls thinking that he would of course use a condom). Even when the girls talk in public, there was really no much info on what happen... probably they were all drunks and they mix all the facts
I think if she really reported that she was raped, people would not support Assange, but all this "condom rape" charges and the pressure to take him to personally to "inquiry", not allowing video inquiry, makes everyone suspect the real motives.
Just ask only for everyone to dress exactly the same way, cut the air the same way and look as much as possible as him... then everyone goes to the Ecuador embassy and leave all at same time. Do this several times, but only once of then Assange MAY really leave the embassy
The police could not track so many people and after several attempts, they will give up or agree in a valid solution... or he MAY leave in one of the attempts
Better yet, ask everyone to use a burka, that will be easier to hide as everyone is the same, be either men, women, white, ginger, black, asian, etc ... it may also requires women police (i do not really know how someone with burka is identified by a police)
In that case, slackware also have almost all the old distro versions available since release
https://mirrors.slackware.com/...
notice that the 1.0.1 have the 2009 date because it was re-uploaded at that time... the release notes are from 1993-08-04 08:33:56 PST
being one of the oldest distros and the oldest still alive... it will be hard to beat that :D
the ubuntu based puppy are the 686, so pentium pro or pentium 2
the slackware based one, as its from 2015, it should still have the 486 support, so that should be the one...
the plain 386 support was removed from the kernel and glibc some years ago, IIRC, to a 486 SX should be the minimum
Why should people be forced to send perfectly usable hardware to a landfill simply because it's not the latest shiny thing on the market?
just use linux, you can use the PC for many years!
forgot to mention... it still boots... but i stop really using in around 2017, when i also got a cheap HP microserver to replace it as a server
I had a 486 since 1993 that i kept upgrading as much as i could, using other people cheap parts, when everyone started to use pentiums
i finally upgraded to a amd 486-dx5@133MHz, with a vesa local bus card and performed similar to a pentium 75 (except in FPU, where the pentium was more powerfull).
I then manage to grab some 8MB EDO SIMMS and upgraded to 16MB, one year later, to 32MB RAM. The MB only supported max of 16MB of ram and testing i found that with 16MB, the L2 cache helped a little, but with 32MB, it would only cache the first 16MB and then much slower to the second 16MB range. If i disable the L2, the first 16MB were just a little slower, but the remaining 16MB would be still the same speed... as the L2 gain was too small compared to the lost on the second 16MB range, i kept it disable. Then i manage to grab some SCSI HDs and CD-RW burner from a friend with a Macintosh and got myself a SCSI card and replaced the old IDE disks.
I also overclocked the bus from 33MHz to 40MHz, that put the 486Dx5@160MHz, a performance similar to a pentium 100Mhz (again, minus the FPU). i could boot with a bus of 50MHz, having a 200MHz cpu, but the sound card and SCSI, using PCI, started to act weird (as it was way overclocked from the spec 33MHz), but if i used the IDE drivers and the vesa local bus graphic card, it was stable... as i wanted the sound and scsi card, i kept the bus to 40MHz and they worked fine.
I run slackware on that machine and kept upgrading the OS until about 2005, where i finally got a new opteron64.
It was my main machine, i use fluxbox, claws-mail and mutt, lynx, dillo and only when really needed (as in the end took 2 minutes to startup), firefox. I compiled the latest kernel during the night and used it for everything, it was my server, my desktop, my learning machine... and of course, i also played some games... not windows games, but the linux ones, so most of they were light enough to run.
that 486 did run windows 3.11 and even windows 95 for a few months, but then i switch 100% to linux.
12 years using the same machine... that is a long time, specially for a old machine as that... now its easier to run a 12 year old machine, they are way more powerful.
Slackware was one of the last distros capable of booting old CPUs and only in 2015 if was forced to drop support for those old CPUs, but it requires now still i586 or above, so still be able to boot old machines. Check the slackware changelog at that time:
# Some more notes, Mon Aug 3 19:49:51 UTC 2015:
#
# Changing to -march=i586 for 32-bit x86 as several things (Mesa being one of
# them) no longer work if constrained to -march=i486. We're not going to use
# -march=i686 since the only additional opcode is CMOV, which is actually less
# efficient on modern CPUs running in 32-bit mode than the alternate i586
# instructions. No need to throw i586 CPUs under the bus (yet).
If you still pick up the last slackware capable of booting the 486 and then compile the kernel, you may still boot a recent kernel... and if you ignore mesa and some other programs, still be able to upgrade userspace too :)
RPI3 with kodi (OSMC)
It is fast, cheap and very flexible. Kodi 18 will support netflix, but it not yet released... but should be near.
Open, No lock-in, always being updated and improving
memory encryption is a protection against physical attacks, will not protect from any of this bugs.
but yes, right now the best protection is to use a AMD cpu... AMD stock value is rising while intel stock value drops... and i bet that (finally) server and laptop builders will rush AMD based hardware
wrong thread maybe?! :D
this thread is important!
it was already a test case using javascript, so simply browsing the web with javascript is enough (to grab passwords or any other info in the browser)
the meltdown bug allows any app read any memory range, so even "valid" apps may want to do dirt tricks (just think how many apps already tried to install adware, rootkits and steal info)
you are not even safe in games, DRM people will love to find new ways to f*ck you machine
lastly, not all programs will lose performance, for a initial linux tests, games are little affected, as they talk little to the kernel after all the initial GPU initialization. Apps that talk a lot with the kernel or do heavy IO (disk and network) may be more affected
unless you have a good reason to bypass this fixes, it is recommended to install the fix
The KPTI is a security design that may help in other bugs... so he is sort of right, a way to turn it on could be useful and quicker if later a new bug is found, instead of waiting for a kernel patch... but of course, this was never implemented before because of the performance problem and complexity
Intel CPU hardware check if the code branch is invalid AFTER it is loaded to the cache.
AMD CPU hardware check if the code branch is invalid BEFORE it gets loaded to the cache
you can not move a hardware part in software, AMD build it right, intel build it wrong and can't be fixed without replacing the hardware. The workaround requires that the cache is clear every time that the kernel switch to to userland, and without the cache you fix the problem, but also have to reload all the userland code from RAM... just to be throw away next time the app calls the kernel
actually the intel linux kernel developers are the ones that build most of the meltdown fix... and all other OS should having a similar fix and performance lost, so i assume that intel also helped in the other OS (windows, macos)
they probably tried several ways to workaround this and this 30% performance lost was the best one they could find and, of course, they want all the OS to implement the "best" fix as possible to avoid even bigger performance lost
The meltdown fix is basically removing the kernel address from the userspace and impose checks on what the userland is trying to access, so it can not even reference it. Also it will flush the cache on every switch from the kernel to userland and from the userland to the kernel (not sure about this one), so the cache is empty if someone tried to read any data from it. This will fix the meltdown problem, but impose a big performance lost...
sprectre fix is still unknown, but it probably should fix this method, but later someone find a alternative method of doing the same attack... that is why they say that it may haunt you again...