if you have 2 minutes of physical access to the machine
Meh... if you have less than 30 seconds of physical access to the machine, you can plug the keyboard into a tiny hardware keylogger that plugs into the back of the machine. Those are cheap, readily available, don't require any assumptions about what's under the hood, and a cleaner reaching into the dusty area behind a PC will look a helluva lot less suspicious than a cleaner booting from USB (which, BTW, would be disabled by any remotely competent admin working in a high-security environment).
The point being not so much this specific attack vector, but the fact that that an adversary with physical access has nearly infinite ways to compromise a machine. If your organisation handles info that is that confidential, you'd better screen your cleaning personnel, or lock them out of certain rooms.
... and the point about small vs. large countries is incidentally why TFA is not such a big issue as it would seem through North American eyes (and the grid providers largely got away with it). On a historical time scale, Europe used to consist of a bunch of small, totally independent countries not so long ago. At least some of them used to keep the grid frequency "somewhere close to 50Hz", but you wouldn't be able to run a clock off it. Accordingly, clocks that use the grid as a frequency source simply were not in common use, and still aren't today. If you'd do something like described in TFA in the US, there would be clocks running behind (and people cursing) in every household/business, but in those European countries, I don't think a lot of people noticed anything out of the ordinary (I didn't).
The problem is not so much propaganda that can readily be identified as state-sponsored, but propaganda that is paid for (often in difficult-to-trace ways) by people (not necessarily state actors) with a vested interest in pushing a political agenda. Something like the "this message is paid for by..." on TV would be good, though the latter is increasingly powerless against ingenious funding schemes and lax regulation...
You must have had a better experience with Crouton than I did. I've been using it on a laptop that saw roughly 6 hours of use per week, but in the end, it required manual intervention a little bit too often to keep running correctly - largely due to ChromeOS updates breaking things, but Google arguably can't be faulted for breaking an unsupported 3rd party hack by trying to take their ChromeOS product in a given direction.
Anyhow, I eventually got rid of the thing and bought a wintel laptop (on which I did a proper Linux install) for the same purpose. The replacement cost easily 3x as much as the chromebook, but my time has value too.
While true, that's not the only, or even the most important problem with really big nukes. The bigger problem is overkill. You can destroy a tank with a direct hit from a ~50 kg hellfire missile or with a 900kg dumb bomb impact in its general vicinity. Only the latter is far more likely to result in collateral damage and political pressure to stop throwing bombs.
While nukes are generally more of a strategical than a tactical weapon, similar principles do apply. Hiroshima and Nagasaki were both mostly obliterated by bombs with ~20kt yields - that's kilo, not mega. At some point, hitting an urbanized area with a stronger nuke will not increase its strategic impact - only the international outrage at the barbaric mindset that caused so much more loss of life than necessary to attain a given goal, and hence the risk of retaliatory strikes. And in an all-out nuclear war scenario where retaliation is already a given, hitting the enemy's missile silos with an unnecessarily strong nuke instead of a MIRV of weaker warheads is pretty much a self-defeating strategy. Recognising this, the US at some point all but disposed of its warheads with yields above 150~300kt-ish - still roughly 10 Hiroshima/Nagasaki bombs.
Any talk about reviving higher-yield nukes is pretty much bluster. The Tsar Bomba was exactly that (even so long ago), and so is this tsunami bomb, causing a ton more "collateral" damage than a "clean moderate-yield strike" on a city center. (Also considering the source - Russia has a rich history of developing oversizedweapons with debatable battlefield utility.) Granted, one could spin it as an attempt at "no sir, this was not a nuclear strike, just an undersea demolition with unforeseen circumstances for our enemy's coastal cities nearby." But that excuse almost certainly won't fly, especially when attacking an enemy that has a track record of overreacting on provocation, like the US.
TL;DR: this doomsday torpedo is nothing but political brinkmanship with the goal of provoking a response rather than being used, and the document is just an attempt to trigger this very response - because there are always parties that will gain from it. We've seen this show over and over.
OK, that part is clear now. But then what's with waiting for the car behind to come to a complete stop? Is this still under the assumption that you have to stop too short to save insurance money? But since doing so will fail to trigger the sensors, you need to eventually pull up? If so, why the heck wait for the car behind you to come to a complete stop?
- You'll sustain less damage when rear-ended if your breaks are not engaged (and you're coasting forward slowly), so stopping short and then just standing there waiting for the car behind you is a recipe to (a) increase the chance of being rear-ended in the first place and (b) maximize damage if it happens.(*)
- Waiting for the car behind you to stop makes everyone in your lane wait longer, and more generally decreases the capacity of your stretch of road.
- You're forcing the person behind you to stop and then move forward again to close the newly created gap. This adds extra annoyance on top of the above, and is a needless waste of fuel.
To state the obvious, the best way to both prevent getting rear-ended and minimize damage is to start breaking as soon as an obstacle (red traffic light) pops up ahead, even if it's still much further away than your minimum safe stopping distance. It also decreases the risk of slipping if road conditions are unexpectedly bad (oil slick, black ice,...), is generally safer when something unexpected happens, is gentler on the brakes, saves fuel, allows you to take off faster when the obstacle clears (light turns green),... For all these reasons, it's part of the driving manual in my home country, and people do fail their driving exam when not putting it in practice. When coming to the US, I was amazed at how almost everyone just keeps on pushing their accelerators until they really *have* to start breaking. (Admittedly, my view may be skewed by driving in the city; my friends kept on telling me that people drive better elsewhere, and I can see city driving is bad pretty much everywhere in the world.)
(*) Granted, if your breaks are not engaged, you'll be pushed forward a bit further too, but since you're in front of a traffic light, there's no car in front of you to begin with. And you'd have to get rear-ended pretty damn hard to be pushed all the way into the stream of traffic. Most rear-ends at traffic lights are fender benders.
She doesn't understand how demand lites work. I've stopped trying to convince her that the right move is to pull up once the car behind her has come to a complete stop.
Complaining that programming code is "too geeky" is like complaining that a steamroller is "too flatty".
... or water is too wet, yes. I'd even go one step further and say there's a contradiction hidden in Cook's reasoning. So he sets out to create a good programming language (that's pretty much a given, unless he's into esoteric languages) that is not geeky. To meet the "not geeky" design goal, he could make it either:
- appeal to the general public but not to geeks. But, geeks are the ones who program - if it doesn't appeal to them, chances are it's just not a good language.
- appeal to not only geeks but also the general public. Fine, but if it appeals to geeks, using it becomes a "geeky" activity, so it ends up being perceived as "geeky" anyway.
Conclusion: Swift is actually an esoteric language.
Disclaimer: this post is largely a word game and may contain logical fallacies. We accept no responsibility for any harm resulting from thinking about it.
Also, I can play your silly hypocritical game of words too. Here it goes: you cherry-picked 6 sentences, out of which the first 2 are wrong not because the inverse is true but because Mexico simply does not "send" people; people decide to flee from Mexico. As for the remaining 4 sentences, I'm pretty sure a huge majority of Mexican immigrants are not drug traffickers and the proportion of rapists will not even be that much higher than the general population because the economical immigrants outnumber the criminals fleeing the police by a large factor. And yes, *some* are definitely not good people; that's what his awful generalization is based on to start with.
All in all, I'm counting him as plain wrong on 3 accounts (2x "mexico sends" + the "rapists" thing) and as "misleading" on another one ("bringing drugs"; there surely is a problem with drugs coming from Mexico but the issue is largely separate from economical migration, and this is a blatant attempt to conflate the two).
TL;DR: for a cherry-picked statement purported to demonstrate Trump's truthfulness, this is a rather abysmal showing.
OK, my bad, let's dumb it down a bit for you. If I say "there's a better than even chance that an ordinary 6-sided die will throw a 3 or higher", then you can't disprove that by throwing a 2.
So what the heck do you expect? The guy is a pathological liar; blindly contradicting any given statement of his gives you a better than than even chance of being right. "Don't need any fancy reasoning skills for that."
Those brown people brought their anarchy ways with them and don't want to change Many don't respect the rule of law and the rights of others and are outright racist. Rotherham, hundreds of cars burned in France, especially on New Years Eve, the rape capital of the world, Finland. Most on welfare and do not want to work. They brought their shithole with them.
*facepalm*
First of all get your xenophobic talking points correct. I'm a Finn. The 'rape capital' -card is thrown about regarding Sweden, and is not even correct..
Oh man, epic burn! Imma bookmark this one for when I'm in need of a good laugh.
And I guess we'll be free of MellowBob's nattering for a while while he's being treated in the burn ward.
The sad reality is that nuclear turns out to be not all that profitable anymore once you factor in
- (Some of) the costs of disposal of nuclear waste, which are not as "external" anymore as during the "golden age", and are exacerbated by trouble finding proper sites for it without running afoul of public opinion
- (Real) proliferation concerns preventing adoptation of (currently mature) closed-cycle "technology", which would otherwise solve a large part of the waste problem
- High demand for, and thus cost of fuel (again, with a closed cycle, we wouldn't be having this problem, but proliferation...)
- Skyrocketing insurance costs (yeah, that one is kinda what you said), especially when keeping waste on-site
- Alternative energy sources dropping in price and thus rising in competitiveness
I truly wish we'd still have that easy nuclear solution, because it is quite appealing from a carbon point of view, but other factors seem to be conspiring against it. For now, our best hope is alternative energy, and in the long run, fusion.
That and political willingness of course - such as to leave readily buried (relatively) pure carbon where it belongs. It's not the 1800s anymore and its present economical significance is far lower than some people seem to think - so it's time to move on.
Never mind that, my 1-year-old moto^H^H^H^HLenovo handset still hasn't been patched for the 3-months-old Krack vulnerability, which is way more readily exploitable. And the irony is that I bought that particular brand specifically because it used to have a good track record with patching (before it was taken over...)
Is it even possible to a buy mobile phone with a close-to-vanilla android install that has a realistic prospect of lasting more than a couple of years and get timely patches? I guess this whole industry is waiting for its "early 2000s" moment before changing its attitude...
Makes one wonder who on earth is willing to pay similar fees as international wire transfers for the privilege of doing the transaction in a woefully unstable currency. One would start to think that some attribute of bitcoin (like, say, some degree of anon^H^H^H^Hpseudonymity) must be essential to some kind of money-making business in order to justify the expense. This would almost lead to the suspicion that people still using bitcoin for actual payments have something to hide - something profitable.
Oh well, I'm sure it's just jerks paying for their perfectly legal pr0n in a way their nosy conservative wives cannot find out. Yeah, that must be it.</sarcasm>
You keep on using that word... Are you telling me that nobody knows that in the default Ubuntu boot menu, on can select an older (non-freezing) kernel image with a few keypresses in an extremely user-friendly fashion. This isn't even remotely close to "bricking". Heck, "bricking" resides in another galaxy.
"Major security flaw" is relative. IMHO, the kernel component of the recent speculative execution flaws doesn't come close to heartbleed, shellshock or even krack in terms of being an imminent thread to online safety. It's more in the league of a local privillege escalation, of which close to a dozen get patched per year in the average distro. Sure, it's serious and needs to be patched ASAP, but the sky won't come falling down because of spending a couple more days testing the patches on different machines.
I speculate (obligatory pun) that this panicky response is more driven by be the fear that a major cloud vendor will switch to the competition.
Slashdot Mirror
if you have 2 minutes of physical access to the machine
Meh... if you have less than 30 seconds of physical access to the machine, you can plug the keyboard into a tiny hardware keylogger that plugs into the back of the machine. Those are cheap, readily available, don't require any assumptions about what's under the hood, and a cleaner reaching into the dusty area behind a PC will look a helluva lot less suspicious than a cleaner booting from USB (which, BTW, would be disabled by any remotely competent admin working in a high-security environment).
The point being not so much this specific attack vector, but the fact that that an adversary with physical access has nearly infinite ways to compromise a machine. If your organisation handles info that is that confidential, you'd better screen your cleaning personnel, or lock them out of certain rooms.
... and the point about small vs. large countries is incidentally why TFA is not such a big issue as it would seem through North American eyes (and the grid providers largely got away with it). On a historical time scale, Europe used to consist of a bunch of small, totally independent countries not so long ago. At least some of them used to keep the grid frequency "somewhere close to 50Hz", but you wouldn't be able to run a clock off it. Accordingly, clocks that use the grid as a frequency source simply were not in common use, and still aren't today. If you'd do something like described in TFA in the US, there would be clocks running behind (and people cursing) in every household/business, but in those European countries, I don't think a lot of people noticed anything out of the ordinary (I didn't).
Oh look, Ivan and Mikhail are at it again. What's the matter - Facebook and Twitter delete your accounts?
The problem is not so much propaganda that can readily be identified as state-sponsored, but propaganda that is paid for (often in difficult-to-trace ways) by people (not necessarily state actors) with a vested interest in pushing a political agenda. Something like the "this message is paid for by..." on TV would be good, though the latter is increasingly powerless against ingenious funding schemes and lax regulation...
You must have had a better experience with Crouton than I did. I've been using it on a laptop that saw roughly 6 hours of use per week, but in the end, it required manual intervention a little bit too often to keep running correctly - largely due to ChromeOS updates breaking things, but Google arguably can't be faulted for breaking an unsupported 3rd party hack by trying to take their ChromeOS product in a given direction.
Anyhow, I eventually got rid of the thing and bought a wintel laptop (on which I did a proper Linux install) for the same purpose. The replacement cost easily 3x as much as the chromebook, but my time has value too.
While true, that's not the only, or even the most important problem with really big nukes. The bigger problem is overkill. You can destroy a tank with a direct hit from a ~50 kg hellfire missile or with a 900kg dumb bomb impact in its general vicinity. Only the latter is far more likely to result in collateral damage and political pressure to stop throwing bombs.
While nukes are generally more of a strategical than a tactical weapon, similar principles do apply. Hiroshima and Nagasaki were both mostly obliterated by bombs with ~20kt yields - that's kilo, not mega. At some point, hitting an urbanized area with a stronger nuke will not increase its strategic impact - only the international outrage at the barbaric mindset that caused so much more loss of life than necessary to attain a given goal, and hence the risk of retaliatory strikes. And in an all-out nuclear war scenario where retaliation is already a given, hitting the enemy's missile silos with an unnecessarily strong nuke instead of a MIRV of weaker warheads is pretty much a self-defeating strategy. Recognising this, the US at some point all but disposed of its warheads with yields above 150~300kt-ish - still roughly 10 Hiroshima/Nagasaki bombs.
Any talk about reviving higher-yield nukes is pretty much bluster. The Tsar Bomba was exactly that (even so long ago), and so is this tsunami bomb, causing a ton more "collateral" damage than a "clean moderate-yield strike" on a city center. (Also considering the source - Russia has a rich history of developing oversized weapons with debatable battlefield utility.) Granted, one could spin it as an attempt at "no sir, this was not a nuclear strike, just an undersea demolition with unforeseen circumstances for our enemy's coastal cities nearby." But that excuse almost certainly won't fly, especially when attacking an enemy that has a track record of overreacting on provocation, like the US.
TL;DR: this doomsday torpedo is nothing but political brinkmanship with the goal of provoking a response rather than being used, and the document is just an attempt to trigger this very response - because there are always parties that will gain from it. We've seen this show over and over.
OK, that part is clear now. But then what's with waiting for the car behind to come to a complete stop? Is this still under the assumption that you have to stop too short to save insurance money? But since doing so will fail to trigger the sensors, you need to eventually pull up? If so, why the heck wait for the car behind you to come to a complete stop?
- You'll sustain less damage when rear-ended if your breaks are not engaged (and you're coasting forward slowly), so stopping short and then just standing there waiting for the car behind you is a recipe to (a) increase the chance of being rear-ended in the first place and (b) maximize damage if it happens.(*)
- Waiting for the car behind you to stop makes everyone in your lane wait longer, and more generally decreases the capacity of your stretch of road.
- You're forcing the person behind you to stop and then move forward again to close the newly created gap. This adds extra annoyance on top of the above, and is a needless waste of fuel.
To state the obvious, the best way to both prevent getting rear-ended and minimize damage is to start breaking as soon as an obstacle (red traffic light) pops up ahead, even if it's still much further away than your minimum safe stopping distance. It also decreases the risk of slipping if road conditions are unexpectedly bad (oil slick, black ice,...), is generally safer when something unexpected happens, is gentler on the brakes, saves fuel, allows you to take off faster when the obstacle clears (light turns green),... For all these reasons, it's part of the driving manual in my home country, and people do fail their driving exam when not putting it in practice. When coming to the US, I was amazed at how almost everyone just keeps on pushing their accelerators until they really *have* to start breaking. (Admittedly, my view may be skewed by driving in the city; my friends kept on telling me that people drive better elsewhere, and I can see city driving is bad pretty much everywhere in the world.)
(*) Granted, if your breaks are not engaged, you'll be pushed forward a bit further too, but since you're in front of a traffic light, there's no car in front of you to begin with. And you'd have to get rear-ended pretty damn hard to be pushed all the way into the stream of traffic. Most rear-ends at traffic lights are fender benders.
She doesn't understand how demand lites work. I've stopped trying to convince her that the right move is to pull up once the car behind her has come to a complete stop.
Hmm, can't parse this. Could you kindly explain?
Complaining that programming code is "too geeky" is like complaining that a steamroller is "too flatty".
... or water is too wet, yes. I'd even go one step further and say there's a contradiction hidden in Cook's reasoning. So he sets out to create a good programming language (that's pretty much a given, unless he's into esoteric languages) that is not geeky. To meet the "not geeky" design goal, he could make it either:
- appeal to the general public but not to geeks. But, geeks are the ones who program - if it doesn't appeal to them, chances are it's just not a good language.
- appeal to not only geeks but also the general public. Fine, but if it appeals to geeks, using it becomes a "geeky" activity, so it ends up being perceived as "geeky" anyway.
Conclusion: Swift is actually an esoteric language.
Disclaimer: this post is largely a word game and may contain logical fallacies. We accept no responsibility for any harm resulting from thinking about it.
In Microsoft Russia, you track data.
Wait, that's not how it went...
Also, I can play your silly hypocritical game of words too. Here it goes: you cherry-picked 6 sentences, out of which the first 2 are wrong not because the inverse is true but because Mexico simply does not "send" people; people decide to flee from Mexico. As for the remaining 4 sentences, I'm pretty sure a huge majority of Mexican immigrants are not drug traffickers and the proportion of rapists will not even be that much higher than the general population because the economical immigrants outnumber the criminals fleeing the police by a large factor. And yes, *some* are definitely not good people; that's what his awful generalization is based on to start with.
All in all, I'm counting him as plain wrong on 3 accounts (2x "mexico sends" + the "rapists" thing) and as "misleading" on another one ("bringing drugs"; there surely is a problem with drugs coming from Mexico but the issue is largely separate from economical migration, and this is a blatant attempt to conflate the two).
TL;DR: for a cherry-picked statement purported to demonstrate Trump's truthfulness, this is a rather abysmal showing.
OK, my bad, let's dumb it down a bit for you. If I say "there's a better than even chance that an ordinary 6-sided die will throw a 3 or higher", then you can't disprove that by throwing a 2.
Also, "better than even" may have involved a bit of hyperbole. But you have to admit that he does have serious issues distinguishing truth and fantasy, at the very least.
What part of "better than even chance" did you not understand?
So what the heck do you expect? The guy is a pathological liar; blindly contradicting any given statement of his gives you a better than than even chance of being right. "Don't need any fancy reasoning skills for that."
Set up the parameter, [emphasis added] then give that phone a call and simply inform that they need to come out or die.
By reference or by value?
*facepalm*
First of all get your xenophobic talking points correct. I'm a Finn. The 'rape capital' -card is thrown about regarding Sweden, and is not even correct..
Oh man, epic burn! Imma bookmark this one for when I'm in need of a good laugh.
And I guess we'll be free of MellowBob's nattering for a while while he's being treated in the burn ward.
The sad reality is that nuclear turns out to be not all that profitable anymore once you factor in
- (Some of) the costs of disposal of nuclear waste, which are not as "external" anymore as during the "golden age", and are exacerbated by trouble finding proper sites for it without running afoul of public opinion
- (Real) proliferation concerns preventing adoptation of (currently mature) closed-cycle "technology", which would otherwise solve a large part of the waste problem
- High demand for, and thus cost of fuel (again, with a closed cycle, we wouldn't be having this problem, but proliferation...)
- Skyrocketing insurance costs (yeah, that one is kinda what you said), especially when keeping waste on-site
- Alternative energy sources dropping in price and thus rising in competitiveness
I truly wish we'd still have that easy nuclear solution, because it is quite appealing from a carbon point of view, but other factors seem to be conspiring against it. For now, our best hope is alternative energy, and in the long run, fusion.
That and political willingness of course - such as to leave readily buried (relatively) pure carbon where it belongs. It's not the 1800s anymore and its present economical significance is far lower than some people seem to think - so it's time to move on.
Streisand effect in 3... 2... never mind, I'm too late already.
Never mind that, my 1-year-old moto^H^H^H^HLenovo handset still hasn't been patched for the 3-months-old Krack vulnerability, which is way more readily exploitable. And the irony is that I bought that particular brand specifically because it used to have a good track record with patching (before it was taken over...)
Is it even possible to a buy mobile phone with a close-to-vanilla android install that has a realistic prospect of lasting more than a couple of years and get timely patches? I guess this whole industry is waiting for its "early 2000s" moment before changing its attitude...
I think that's what GP meant with "that number falling to ~3.5% for the year".
Makes one wonder who on earth is willing to pay similar fees as international wire transfers for the privilege of doing the transaction in a woefully unstable currency. One would start to think that some attribute of bitcoin (like, say, some degree of anon^H^H^H^Hpseudonymity) must be essential to some kind of money-making business in order to justify the expense. This would almost lead to the suspicion that people still using bitcoin for actual payments have something to hide - something profitable.
Oh well, I'm sure it's just jerks paying for their perfectly legal pr0n in a way their nosy conservative wives cannot find out. Yeah, that must be it.</sarcasm>
Not to mention English... invidious != insidious .
BTW, Gerrymandering has been happening since the beginning of the Republic.
Oh, then it's OK. Like slavery.</sarcasm>
You keep on using that word... Are you telling me that nobody knows that in the default Ubuntu boot menu, on can select an older (non-freezing) kernel image with a few keypresses in an extremely user-friendly fashion. This isn't even remotely close to "bricking". Heck, "bricking" resides in another galaxy.
"Major security flaw" is relative. IMHO, the kernel component of the recent speculative execution flaws doesn't come close to heartbleed, shellshock or even krack in terms of being an imminent thread to online safety. It's more in the league of a local privillege escalation, of which close to a dozen get patched per year in the average distro. Sure, it's serious and needs to be patched ASAP, but the sky won't come falling down because of spending a couple more days testing the patches on different machines.
I speculate (obligatory pun) that this panicky response is more driven by be the fear that a major cloud vendor will switch to the competition.