It's not what/. needs. I like ragging on the guberment any chance i get, but wtf does this story have to do with technology (other than using a computer to write it maybe).
The chief reason cited for the delay is that the information infrastructure is not ready to handle the new processes and products yet. It is basically an IT project running 12 months behind (at 18 months out) and probably a few billion over budget, and we can all relate to that amiright?
I work for Red Hat. Not for the NSA. SELinux code does not go from me through the NSA, it actually goes the other way around. The NSA asks me to put code in the Linux kernel and I pass it to Linus. I have reviewed each and every line at one point or another.
The NSA may have some magic backdoor somewhere in the Linux kernel, but I'll stake my name that it isn't in the SELinux code.
So, not that I doubt your understanding of the code or your intentions on keeping it secure, but is it viable that NSA-email-holding "M: Stephen Smalley <sds@tycho.nsa.gov>" has enough to do with the code to submit something nefarious that went unnoticed? Asking for a friend.
Is there a question in there about something specific or are you throwing pasta against the wall to see what sticks? Take AES for example. A pretty open selection process evaluating a number of known ciphers among many smart eyes. Are you saying No Such Agency pulled a fast one in broad daylight in front of multitudes or is your line of question non-specific and open ended?
It seems fair; can someone not related to the government attest to the viability of SEL? Has anyone read/understood enough of it to know for sure? Is it right to presume that someone from the OSS community would have certainly caught on to a trick by the NSA, or is it hubris?
It should not be possible for a website to know where my mouse moved, except for the cases where I click on a link or a submit button. It should not be possible for a website to know my keystrokes, except for the information that I intentionally entered into form fields and submitted to that site.
Then hopefully you have Javascript turned off. Some users like mouse-overs, pre-validation, ajax, etc (not that it makes them good).
"The murder suspect is currently sitting in their Java 152 lab, trying to figure out the difference between a Jbutton and a Jtogglebutton... Their mood is 'mad enough to kill someone' so we are pretty sure they did it. Lets go pick them up!"
When people can track what you are doing while sitting in front of the computer, it's a VERY BIG security issue.
Yes, JS is scary, but that bit of marketingspeak is a bit over the top: they can't see *every* click/keystroke/etc; just the ones that involve interacting with their site content. And, if you have to worry about them watching you use their site, you hopefully will leave before giving them any important information anyway.
Firefox has never disabled JS by default or offered any sort of whitelisting (although Noscript does and is so good that parts of it ought to be built in). In loosely controlled systems, there will always be risk at the edge between what a versatile feature (like a client side programming language) is not allowed to do, and what the user wants it to do. Sandboxing is the way to balance it, because users *want* by default and they secure by exception. You are suggesting the opposite, which is good on paper, but unfortunately no one would use your browser.
Workplace safety has improved because employers have found that it is more valuable to have healthy employees and that injuries have a huge cost associated with them. At least in my industry, safety is driven so hard from the top of the company that it actually frustrates the guys doing the dangerous work, union or not.
As far as the working hours, what if an individual wants to work extra hours and overtime, but the union rules don't allow it. What exactly are "reasonable working hours"? Why should the workers be able to dictate what the most efficient and optimal working shift is?
Not every industry today (and certainly very few in the past) valued safety as highly as yours does, and you would be hard pressed to come up with an explanation for why that changed so much in the 20th century aside from the pressure of Unions. But, you are welcome to try.
I do about half of my browsing with javascript disabled. Why? Because it's much snappier. What am I missing? Nothing, because out of simple experience, I already know how each website I use behaves with it turned off.
For example, the only useful thing javascript gives me on slashdot is the ability to "open" hidden posts directly within the thread. Everything else is useless to me, and for that reason, I browse slashdot with javascript turned off except in the case of a more interesting discussion.
I basically use javascript "as necessary", with my default being "off". If firefox makes it impossible to do this, I will simply stop upgrading.
I used to leave Javascript off by default (with noscript). About the 5th time that I spent 10 minutes filling in an eCommerce form only to find out that it had an external script dependency that was blocked and required me to reload the whole page with scripts enabled and hence fill it out all over again, i threw a brick at my monitor out of rage. Now, I just shop at the mall.
As long as it doesn't break Noscript, I'm ok with this. It really IS folly to try to use the modern web without any javascript at all, but with Noscript I can still pick and choose which sites are allowed to run it in my browser.
The one thing that NoScript is missing is the option to say "if the site imports scripts from fewer than X domains, just run them all". That would smooth the process out quite a bit. Sites that import from 25 different domains just for the privilege of taking over my monitor to display ads don't even deserve the CPU cycles that Adblock Plus will spend on them.
Are there still security issues with having JS enabled?
One of the main reasons I switched to Firefox in the beginning was because they seemed to understand that NOT doing something stupid was preferable to layers and layers of patches for the stupidity.
IE had ActiveX and such. It was stupid. It was a security issue. It was almost impossible to avoid.
Firefox avoided the entire security issue by allowing functionality to be disabled. While you cannot be 100% certain that XYZ feature had no security issues (or even that there were security issues) you knew that disabling it rendered the question moot.
If your site requires JavaScript or Flash or whatever then I can temporarily enable them just for your site if you can convince me that the risk is worth your content.
What exactly was "stupid" about ActiveX aside from potential malicious code (either directly or via overflows) that was either enabled by default or presented to the user with a "just click yes so the website will work" style input box? Firefox "avoided" this by not implementing ActiveX but most or all of the functionality was recreated in Javascript, giving it basically the exact same level of "stupid" with the benefit of having learned from about 10 years of exploits.
That being said, I do see where the FireFox team is coming from and it is probably a good move, I just hope that the change is superficial (deleting the option in the config screen) and that NoScript continues to work the same fantastic, paranoid way it always has.
Kind of pointless too, since from what I read Bitcoin transaction hashes are designed to identify exactly where the money came from, so it would be very difficult for him to convert the money into a fiat currency without it being extremely traceable.
There are laundries where this is possible (For a fee). Not every exit to BTC is guarded by the US or its extraditing allies.
Yeah, it is, but at the same time, it feels like the legitimate intent of those laws is still doing more harm than good. We could, in theory, be facing a revolution(I don't personally think so because engineering is complicated), and instead we'll get the complete and utter inability to refine the new technology since only one organization is allowed to do so.
Do you? People poured money into the kickstarter for Form1, and they did the right (according to patent law) thing and entered into a licensing agreement with the patent holder, in order to offer the technology to their customers. If 3d Systems had refused to license it and instead just taken them to court to seize all their revenue, that would have been the "complete and utter inability to refine the new technology" since Formlabs would have gone out of business. If Formlabs had a "refined technique" they could have gotten their own patent on it (and perhaps they will after learning from their first run).
The first Xbox ran on an Intel Celeron. No one has the Xbox OS running on a PC or vice-versa. The CPU is just a little part of the whole package that is a computer. Hell, the 360, Wii and Gamecube are all on fairly typical Power processors; at least not far from COTS chips.
Mac computers, on the other hand, are just like Windows computers running standard UEFI instead of BIOS.
The reason the old Xbox 1 OS never made it to PC land was in part due to the distinct lack of need/motivation. With used consoles in the $100 range for most of its run, you were much better off just leaving the software on the Xbox. Pretty much all games that were released for Xbox also made it to PC, so hacking the OS just to pirate on a different platform was a waste when you could just pirate directly. The bazillion consoles, controllers, and accessories that they made were just too numerous to bother competing with on the PC side.
So how trivial will it be to slurp the OS out onto a AMD card enabled PC and have our own "HackStation4"? Or... how would one modify FreeBSD to run PS4 software?
I'm sure there'll be encryption up the wazoo anyway... and potentially software could specifically check that the graphics chip is not some off-the-shelf AMD card......but it begs the question.
Given the tendency to sell console hardware at ridiculous margins (often, even losing money early on) why would you want to buy your own hardware when they will just about give you theirs? My though is, how long before a full BSD will run on it with native CPU/GPU support making it a low cost number crunching powerhouse (anything from DVD ripping to VPN hosting would be VERY efficient on it).
Yes, it has been shown that women tend to spend more time having and raising children rather than developing expertise in a career. It has also been found that Women who don't follow that biological plan typically do better than men it is just much more rare.
Over one third of women (in the US at least) never have a single child, so the population is small but not what I would call "Rare".
Nope, they *really* don't, current spikes (and causes the lamp to emit light) twice per cycle, resulting in 120hz light. But let's post a wikipedia article that does nothing to back up your claim anyway! How about this white paper from Philips (they know a little bit about lighting) to settle the issue. Make no mistake, there are people sensitive to 60Hz strobing, and people sensitive to 120Hz strobing, but you are not witnessing 60Hz strobing when you look at conventional tube fluorescent lights.
Simple, because the 10% of people who legitimately have issues are hijacked by the 90% who are just pushing pseudoscience or hypochondria. And if informed questioning is "shouting it down" to you, you might want to get your hearing checked.
Ok, build a bunch of drum heads into a wall and notice they act just like, well, drum heads. Brilliant. An acoustic diaphragm.
Can't think of a single use for this other than eves dropping where no electronics were allowed.
NSA Jokes, apartment sex jokes, etc. aside this is apparently a potential way to increase the precision of ultrasound scanning for medical diagnosis. As medical imaging is being used extensively to diagnose early cancer (among many other things), advances like this could have really profound effects on healthcare.
Turning up the duty cycle will reduce both the time that they're on and the time that they're off, but the ratio will remain the same.
lolwat? How would it reduce the time on and the time off? At least, without bending spacetime? I didnt know we were dealing with relativistic physics just to get our monitors to light up. PWM works by holding the signal high for a fraction of time corresponding to the duration (1/frequency) times the duty cycle, so a higher duty cycle will see more ON time and less OFF time.
It used to be that the burden of encryption was only placed on the most sensitive of data, like a banking session or a protected site log-in [but there are] websites that dont have the need (encrypting your google searches? come on, they are spying on you anyway)
If you allow users to log in at all but don't encrypt everything, an attacker who can see a user's packets can snoop the user's session cookie and issue requests as that user for several minutes to several hours. The "Firesheep" plug-in, which allowed cloning the Facebook sessions of other users connected to the same wireless network, was the first widely reported incident of this.
Technically you could do it with a lightweight hashing algorithm (have the login session put a private key in RAM and use it to sign whatever is sent back) but yes switching to all SSL is an easier and more complete way to prevent MITM attacks. Good thing SSL is ubiquitous now that we have so many important things to do on Facebook...
In general the answer is no. Courtesy of a general counsel briefing on ACP:
Communications in the Presence of a Third Party
The privilege extends only to communications that the client intends to be confidential. Communications made in non-private settings, or in the presence of third persons unnecessary to accomplish the purpose for which the attorney was consulted, are not confidential and are not protected by the privilege.
We have a user here who got a new laptop last summer, it had a LED backlit LCD. Within 20 minutes she was calling saying it was making her feel sick/headache. We tried adjusting refresh rate, brightness, no help. Put a CFL backlit LED laptop in front of her and she was fine. Tried LED standalone monitor, it also bugged her though not as much.
So, we had to find a laptop that had a CFL backlit screen, wasn't junk,and met our other requirements (docking connector mostly). Ended up getting a previous year model Toshiba Tecra with a Core2Duo.All the rest of the laptops we bought had i5's in them by that point.
What was the DPI on the new laptop vs the old one? Dollars to donuts the new one was higher, in the 220 range, and the older one was under 200 (the point at which you can still make out pixels at typical use distance). She was getting eyestrain from trying in vain to focus on the screen, high DPI monitors take a lot of "user calibration" before they are comfortable to use.
The diffusion of the screen blocks the blatant flicker that's likely occurring.
OK you had me going with your "my ninja eyes are so fucking fast", until you got to this little gem. How does diffusion block flickering again? Do they use diffusion material with special, slow electrons that mozy up and down the shells to smooth out the peaks of light? Or maybe they bake them with butter to get the texture *just right*?
Slashdot Mirror
It's not what /. needs. I like ragging on the guberment any chance i get, but wtf does this story have to do with technology (other than using a computer to write it maybe).
The chief reason cited for the delay is that the information infrastructure is not ready to handle the new processes and products yet. It is basically an IT project running 12 months behind (at 18 months out) and probably a few billion over budget, and we can all relate to that amiright?
I can attest to the lack of backdoors in SELinux. I am the SELinux maintainer. I'm the guy responsible for it.
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/MAINTAINERS#n7166
I work for Red Hat. Not for the NSA. SELinux code does not go from me through the NSA, it actually goes the other way around. The NSA asks me to put code in the Linux kernel and I pass it to Linus. I have reviewed each and every line at one point or another.
The NSA may have some magic backdoor somewhere in the Linux kernel, but I'll stake my name that it isn't in the SELinux code.
So, not that I doubt your understanding of the code or your intentions on keeping it secure, but is it viable that NSA-email-holding "M: Stephen Smalley <sds@tycho.nsa.gov>" has enough to do with the code to submit something nefarious that went unnoticed? Asking for a friend.
Is there a question in there about something specific or are you throwing pasta against the wall to see what sticks? Take AES for example. A pretty open selection process evaluating a number of known ciphers among many smart eyes. Are you saying No Such Agency pulled a fast one in broad daylight in front of multitudes or is your line of question non-specific and open ended?
It seems fair; can someone not related to the government attest to the viability of SEL? Has anyone read/understood enough of it to know for sure? Is it right to presume that someone from the OSS community would have certainly caught on to a trick by the NSA, or is it hubris?
It should not be possible for a website to know where my mouse moved, except for the cases where I click on a link or a submit button. It should not be possible for a website to know my keystrokes, except for the information that I intentionally entered into form fields and submitted to that site.
Then hopefully you have Javascript turned off. Some users like mouse-overs, pre-validation, ajax, etc (not that it makes them good).
LEOs could and would abuse it.
"The murder suspect is currently sitting in their Java 152 lab, trying to figure out the difference between a Jbutton and a Jtogglebutton... Their mood is 'mad enough to kill someone' so we are pretty sure they did it. Lets go pick them up!"
Not to nitpick either, but they're both.
When people can track what you are doing while sitting in front of the computer, it's a VERY BIG security issue.
Yes, JS is scary, but that bit of marketingspeak is a bit over the top: they can't see *every* click/keystroke/etc; just the ones that involve interacting with their site content. And, if you have to worry about them watching you use their site, you hopefully will leave before giving them any important information anyway.
Firefox has never disabled JS by default or offered any sort of whitelisting (although Noscript does and is so good that parts of it ought to be built in). In loosely controlled systems, there will always be risk at the edge between what a versatile feature (like a client side programming language) is not allowed to do, and what the user wants it to do. Sandboxing is the way to balance it, because users *want* by default and they secure by exception. You are suggesting the opposite, which is good on paper, but unfortunately no one would use your browser.
Workplace safety has improved because employers have found that it is more valuable to have healthy employees and that injuries have a huge cost associated with them. At least in my industry, safety is driven so hard from the top of the company that it actually frustrates the guys doing the dangerous work, union or not.
As far as the working hours, what if an individual wants to work extra hours and overtime, but the union rules don't allow it. What exactly are "reasonable working hours"? Why should the workers be able to dictate what the most efficient and optimal working shift is?
Not every industry today (and certainly very few in the past) valued safety as highly as yours does, and you would be hard pressed to come up with an explanation for why that changed so much in the 20th century aside from the pressure of Unions. But, you are welcome to try.
I do about half of my browsing with javascript disabled. Why? Because it's much snappier. What am I missing? Nothing, because out of simple experience, I already know how each website I use behaves with it turned off.
For example, the only useful thing javascript gives me on slashdot is the ability to "open" hidden posts directly within the thread. Everything else is useless to me, and for that reason, I browse slashdot with javascript turned off except in the case of a more interesting discussion.
I basically use javascript "as necessary", with my default being "off". If firefox makes it impossible to do this, I will simply stop upgrading.
I used to leave Javascript off by default (with noscript). About the 5th time that I spent 10 minutes filling in an eCommerce form only to find out that it had an external script dependency that was blocked and required me to reload the whole page with scripts enabled and hence fill it out all over again, i threw a brick at my monitor out of rage. Now, I just shop at the mall.
As long as it doesn't break Noscript, I'm ok with this. It really IS folly to try to use the modern web without any javascript at all, but with Noscript I can still pick and choose which sites are allowed to run it in my browser.
The one thing that NoScript is missing is the option to say "if the site imports scripts from fewer than X domains, just run them all". That would smooth the process out quite a bit. Sites that import from 25 different domains just for the privilege of taking over my monitor to display ads don't even deserve the CPU cycles that Adblock Plus will spend on them.
One of the main reasons I switched to Firefox in the beginning was because they seemed to understand that NOT doing something stupid was preferable to layers and layers of patches for the stupidity.
IE had ActiveX and such. It was stupid. It was a security issue. It was almost impossible to avoid.
Firefox avoided the entire security issue by allowing functionality to be disabled. While you cannot be 100% certain that XYZ feature had no security issues (or even that there were security issues) you knew that disabling it rendered the question moot.
If your site requires JavaScript or Flash or whatever then I can temporarily enable them just for your site if you can convince me that the risk is worth your content.
What exactly was "stupid" about ActiveX aside from potential malicious code (either directly or via overflows) that was either enabled by default or presented to the user with a "just click yes so the website will work" style input box? Firefox "avoided" this by not implementing ActiveX but most or all of the functionality was recreated in Javascript, giving it basically the exact same level of "stupid" with the benefit of having learned from about 10 years of exploits.
That being said, I do see where the FireFox team is coming from and it is probably a good move, I just hope that the change is superficial (deleting the option in the config screen) and that NoScript continues to work the same fantastic, paranoid way it always has.
Kind of pointless too, since from what I read Bitcoin transaction hashes are designed to identify exactly where the money came from, so it would be very difficult for him to convert the money into a fiat currency without it being extremely traceable.
There are laundries where this is possible (For a fee). Not every exit to BTC is guarded by the US or its extraditing allies.
$1M worth of BTC bought back on Sept 2, 2012 would be valued over $10M today and closer to $25M during the peak a few months ago. What blackmail!
Yeah, it is, but at the same time, it feels like the legitimate intent of those laws is still doing more harm than good. We could, in theory, be facing a revolution(I don't personally think so because engineering is complicated), and instead we'll get the complete and utter inability to refine the new technology since only one organization is allowed to do so.
Do you? People poured money into the kickstarter for Form1, and they did the right (according to patent law) thing and entered into a licensing agreement with the patent holder, in order to offer the technology to their customers. If 3d Systems had refused to license it and instead just taken them to court to seize all their revenue, that would have been the "complete and utter inability to refine the new technology" since Formlabs would have gone out of business. If Formlabs had a "refined technique" they could have gotten their own patent on it (and perhaps they will after learning from their first run).
The first Xbox ran on an Intel Celeron. No one has the Xbox OS running on a PC or vice-versa. The CPU is just a little part of the whole package that is a computer. Hell, the 360, Wii and Gamecube are all on fairly typical Power processors; at least not far from COTS chips.
Mac computers, on the other hand, are just like Windows computers running standard UEFI instead of BIOS.
The reason the old Xbox 1 OS never made it to PC land was in part due to the distinct lack of need/motivation. With used consoles in the $100 range for most of its run, you were much better off just leaving the software on the Xbox. Pretty much all games that were released for Xbox also made it to PC, so hacking the OS just to pirate on a different platform was a waste when you could just pirate directly. The bazillion consoles, controllers, and accessories that they made were just too numerous to bother competing with on the PC side.
So how trivial will it be to slurp the OS out onto a AMD card enabled PC and have our own "HackStation4"?
Or... how would one modify FreeBSD to run PS4 software?
I'm sure there'll be encryption up the wazoo anyway... and potentially software could specifically check that the graphics chip is not some off-the-shelf AMD card... ...but it begs the question.
Given the tendency to sell console hardware at ridiculous margins (often, even losing money early on) why would you want to buy your own hardware when they will just about give you theirs? My though is, how long before a full BSD will run on it with native CPU/GPU support making it a low cost number crunching powerhouse (anything from DVD ripping to VPN hosting would be VERY efficient on it).
Yes, it has been shown that women tend to spend more time having and raising children rather than developing expertise in a career. It has also been found that Women who don't follow that biological plan typically do better than men it is just much more rare.
Over one third of women (in the US at least) never have a single child, so the population is small but not what I would call "Rare".
Reactive Ballasts do
Nope, they *really* don't, current spikes (and causes the lamp to emit light) twice per cycle, resulting in 120hz light. But let's post a wikipedia article that does nothing to back up your claim anyway! How about this white paper from Philips (they know a little bit about lighting) to settle the issue. Make no mistake, there are people sensitive to 60Hz strobing, and people sensitive to 120Hz strobing, but you are not witnessing 60Hz strobing when you look at conventional tube fluorescent lights.
Simple, because the 10% of people who legitimately have issues are hijacked by the 90% who are just pushing pseudoscience or hypochondria. And if informed questioning is "shouting it down" to you, you might want to get your hearing checked.
Ok, build a bunch of drum heads into a wall and notice they act just like, well, drum heads.
Brilliant. An acoustic diaphragm.
Can't think of a single use for this other than eves dropping where no electronics were allowed.
NSA Jokes, apartment sex jokes, etc. aside this is apparently a potential way to increase the precision of ultrasound scanning for medical diagnosis. As medical imaging is being used extensively to diagnose early cancer (among many other things), advances like this could have really profound effects on healthcare.
Turning up the duty cycle will reduce both the time that they're on and the time that they're off, but the ratio will remain the same.
lolwat? How would it reduce the time on and the time off? At least, without bending spacetime? I didnt know we were dealing with relativistic physics just to get our monitors to light up. PWM works by holding the signal high for a fraction of time corresponding to the duration (1/frequency) times the duty cycle, so a higher duty cycle will see more ON time and less OFF time.
It used to be that the burden of encryption was only placed on the most sensitive of data, like a banking session or a protected site log-in [but there are] websites that dont have the need (encrypting your google searches? come on, they are spying on you anyway)
If you allow users to log in at all but don't encrypt everything, an attacker who can see a user's packets can snoop the user's session cookie and issue requests as that user for several minutes to several hours. The "Firesheep" plug-in, which allowed cloning the Facebook sessions of other users connected to the same wireless network, was the first widely reported incident of this.
Technically you could do it with a lightweight hashing algorithm (have the login session put a private key in RAM and use it to sign whatever is sent back) but yes switching to all SSL is an easier and more complete way to prevent MITM attacks. Good thing SSL is ubiquitous now that we have so many important things to do on Facebook...
In general the answer is no. Courtesy of a general counsel briefing on ACP:
Communications in the Presence of a Third Party
The privilege extends only to communications that the client intends to be confidential. Communications made in non-private settings, or in the presence of third persons unnecessary to accomplish the purpose for which the attorney was consulted, are not confidential and are not protected by the privilege.
We have a user here who got a new laptop last summer, it had a LED backlit LCD. Within 20 minutes she was calling saying it was making her feel sick/headache. We tried adjusting refresh rate, brightness, no help. Put a CFL backlit LED laptop in front of her and she was fine. Tried LED standalone monitor, it also bugged her though not as much.
So, we had to find a laptop that had a CFL backlit screen, wasn't junk,and met our other requirements (docking connector mostly). Ended up getting a previous year model Toshiba Tecra with a Core2Duo.All the rest of the laptops we bought had i5's in them by that point.
What was the DPI on the new laptop vs the old one? Dollars to donuts the new one was higher, in the 220 range, and the older one was under 200 (the point at which you can still make out pixels at typical use distance). She was getting eyestrain from trying in vain to focus on the screen, high DPI monitors take a lot of "user calibration" before they are comfortable to use.
The diffusion of the screen blocks the blatant flicker that's likely occurring.
OK you had me going with your "my ninja eyes are so fucking fast", until you got to this little gem. How does diffusion block flickering again? Do they use diffusion material with special, slow electrons that mozy up and down the shells to smooth out the peaks of light? Or maybe they bake them with butter to get the texture *just right*?