Even if you could repeal the 2nd Amendment what happens next?
1) You need to get gun control through both houses. Good luck with that,
This is a silly concern. Repealing the 2nd amendment would be a huge herculean task that could only be done with the population having an enormous change of opinion. Everyone running for congress would look at the ratification as an opinion poll, and adjust their platform accordingly (or else lose their election). You'd have a different Congress. (Still, "what next?" is a damn good question. It's not obvious what gun controls would be "ideal" if gun control were legalized.)
2) You need to confiscate all the now illegal guns.
Why? There's no downside to skipping that step. Elect me and I promise I won't burn those trillions of dollars.
You can ignore every illegal gun that LE never comes into contact with. If someone has an illegal gun in their house, so what? Don't ask, don't tell.;-)
And then whenever LE does run into one, you can either get medieval on the owner's ass (to set an example, which I think would be pointless), or you can just whatever, confiscate it with all the passion and seriousness of a cop pouring out a teenager's beer can.
All of this is independent of the debate over whether or not repealing the 2nd amendment is a good idea. But repealing it doesn't cause those problems.
The choice between trusting my US gov't, who supposedly answers to the American people, or a global multinational corporate that answers to no one, is no choice to me at all. I choose the US gov't
What convinced you to trust at least one of them? That was a non-obvious move on your part, and a lot more interesting than how you decided which one to trust.
Maybe this is telling us all that software apps are not as valuable as the VCs think they are.
You might have read about this (possibly via this site that you're browsing right now) almost 20 years ago, in the Halloween I and Halloween II documents.
Microsoft knew (mostly correctly!) the world we were heading for. My computers all run "commodity" software and with the exception of a few games, I didn't pay for any of it. Software is freely available and abundant. If I need anything, I can search the repo and try out several candidates. It doesn't cover everything but it goes damn far.
As a user, I don't see this as a problem. I see it as wealth. It's like we've settled on a planet where bacon trees grow naturally on the chocolatey banks of a beer river. You can't sell groceries or even plow blades to this colony!
As a proprietary software vendor, Microsoft saw it as a problem (obviously!), and the original Halloween documents outline one approach to solving it.
Over the years we have all seen other approaches, as well as variations of the Microsoft style solution, but these also cause great unhappiness to users so we develop natural immunities to those too. (e.g. "Fuck no, I'm not using your 'cloud service' especially one where I have to use your client software.") But I'm sure some VC is getting a boner right now, from some evil plan to try to lock users into another recurring monthly payment. And it'll work, to some extent (because users only learn so fast), so it's not necessarily a bad idea from a business perspective. As a user, though, you only fall for this so many times before you eventually get into the habit of Just Say No.
One of the more interesting ways to de-commoditize software is used by companies like Google and Facebook. The software that makes their money, is stuff they don't sell. And while a competitor can basically "copy" it (by looking at what it produces and imagining how they might serve ads to maximum profit), what makes it work is the data they gather, which you can only get by being popular! Being-popular is not easy to copy. You can have infinite technical knowledge (and I think technical knowledge itself is a commodity, which is why we have so much great software) and still not be able to copy Google. You need human (market/habit) knowledge for that.
But some users are in the beginning stages of pushback against that model too (e.g. ublock/privacybadger, darknets, etc). If you think the NSA hates Snowden, imagine what they must be saying about him behind closed doors at Google! "Fuckin' guy woke up several percent of the userbase. Damn him!"
This seems pretty common sensy and it's also what we've determined to always be best in the computer world. So far.
But this approach seems flawed if we think about, say, nuclear weapons engineering. The more everyone (including you) knows about how to make a nuclear weapon detonate correctly, the more dangerous other people become but you don't really get to apply any of that to your defense. It's not like your bomb shelter will get better because of you finally figured out how to get the imploder timed right. It's not like your political efforts to limit nuclear proliferation benefit from proliferation of the engineering knowledge. It's not like your coping-with-horror-by-using-fatalistic-nihilism-and-humor will benefit from th-- wait, ok, so it does happen to help that one defense, but that's an unusual case.
For the most part, nuclear weapon engineering proliferation is bad for everyone, in a way that completely contrasts with, say, knowing that fingerd has an exploitable buffer overflow bug.
Are there some conditions where software tech crosses over into being more like nuclear weapons and less like other software tech? More to the point: what are the general conditions where tech knowledge proliferation is bad rather than good, such that buffer overflows get categorized one way and nukes the other? The condition isn't really "software good, hardware bad," no way.
That some people think some software tech is crossing over or soon may, makes me wonder WTF they figured out how to do!
(BTW, for some reason I actually like that they used movie plot threats in the guise of latching onto Black Mirror trendiness. Let's face it, everyone: movie plot threats are fun to think, about and I don't care what The Almighty Bruce says!)
Now, if you want to live in a country where the government can access most information about your life and your choices and your opinions, because most of that data is now available digitally, maybe you should, like for guns, not forfeit the the right to make that information private.
Amusingly, the government itself presented this parallel to the public. What was Phil Zimmermann charged with, for releasing PGP? That's right: exporting munitions. Our own government, trying to remove the limits we centuries-ago imposed on its power, framed the issue perfectly to get the 1st and 2nd amendment enthusiasts to team up!
PRZ won, and we got to grow up in a world of cryptography (even if we so often fumbled incompetently with key exchange) and we'll be getting rid of crypto about as easily as we'll give up guns and a free press. (That is, you'll retain the right to have those things, but most people won't bother, or won't bother to a realistically effective degree.)
Damn. I hate being the dick in Lavabit discussions because he meant well and basically did the right when when he was attacked, but Lavabit was horribly flawed and the fact that the attack could have worked is why.
Email is a problem where web browsers are simply the wrong tool for the job, and how it worked is that they sent code from the web page to browser to decrypt keys in the browsers. Send different code and you can make the browser leak the key. There are so many ways to MitM that, it ain't funny. Had the government, or anyone else, used more subterfuge instead of a NSL, a bunch of people could have easily gotten compromised.
Think about how many stories there have been since the Lavabit shutdown, where CAs were caught being sloppy and browser makers eventually had to stop including them in their list of fully-trusted introducers. That shit happened, happens, and will always happen. HTTPS is never something that normal users will be able to rely on. Any Lavabit user who was really protecting something truly sensitive, would have had to check the signer on every single fucking page they loaded (no, not just pages but especially the replies to the requests for the code to handle the PGP decryption) and make sure they knew who that signer was, instead of it ending up being someone operated by, or coerced by, the government.
And even then, you don't know what the Lavabit guy might have done if someone literally pointed a gun at his head. The US government exercised commendable restraint when you think of the full spectrum of thuggery that could have happened, and that real users might actually face.
If you want security, you have to Just Say Fuck No to webmail. You shouldn't be routinely downloading and re-downloading decryption code like that, especially where there are hundreds of entities, most of whom you don't know anything about, who can sign it and make that reassuring lock icon appear.
Lavabit shouldn't have even been doing that or offering that service. Stop trying to legitimize webmail. It's never going to be ok, and Lavabit did the wrong thing by trying.
If fears of Trumpnet 5G is what gets you to finally start moving everything to darknets and looking harder at key exchange for things that can't go to darknets, that can only be a good thing.
By the time you think you're ready to tunnel through Trumpnet in 2022, you'll finally be ready to deal with the realities of 2002 Internet.
I wonder if the carbon footprint just happen to fairly well correlate with the price. i.e. might I find that a $5 sandwich was responsible for roughly twice as much CO2 in the atmosphere as a $2.50 one?
Cases where it doesn't correlate, might have some interesting things going on.
Just get a second computer to use as a server and wifi AP. Have it be in a tower case (or double-tower; I personally prefer the Lian Li PC-D8000 but perhaps your tastes are more "racky"), and fill it with hard drives so you have lots of space and fault-tolerance for your important data. Oh, and get a UPS to power it for whenever you're not near a power outlet.
Duct tape your Chromebook to it, so that the server gets automatically carried around whenever you grab your chromebook, without you having to remember anything. Use any leftover tape to fashion a convenient carrying handle. Problem solved.
If the women don't find you handsome, they should at least find you handy.
It boggles my mind that anyone, anywhere, with any degree of a tech background, could ever ask "why can Uber find me but 911 can't?"
It's not a technical question. It's a rhetorical question about the requirements. Nobody gives the slightest fuck about the technical answer, because it's irrelevant. The question is obviously intended to criticize how we've approached the problems, our values, etc.
If I need to keep the present I bought my wife a secret until her birthday in April, "large" needn't be longer than 4 months. Using too big of a value for "large" adds complexity which, in turn, increases the potential for errors which may divulge your secret.
Except it doesn't really add complexity. You just turn a knob from 1024 to 4096 and a machine takes care of all the work, while the lazy human just sits there and drools. And you don't really even have to turn the knob, because the first time you touched the machine you just turned it up to max and left it there forever. It's effortless.
You've got a fascinating point, but there's no way you can ever have any idea what all possible adversaries' capabilities are. And you'd have to continuously stay up-to-date on it too, since what costs $10M today is $1M tomorrow.
I think there's also an assumption that "legitimate" adversaries have more power than illegitimate ones, i.e. your own government happens to have the most, fastest computers. Go ahead and try to tell that to a citizen of a poor country. As a citizen of a rich country, I think it's probably true (i.e. the US government is able to brute force my stuff easier than, say, the Chinese government) but I don't really know that's true, do I? And if it's right for me, then it's wrong for everyone everywhere else!
I haven't seen anything that would make me think that a drive by attack through a web browser could actually be performed.
One of the things that makes Spectre so interesting, is that we're wrong!
Long story short, is that though Javascript doesn't have pointers, it can have an array of bytes. And the compilers are amazing and apparently do a really great job of turning the Javascript into machine language.
So the Javascript basically asks for somearray[i], where i is totally out of bounds but nevertheless does correspond to some memory location that would be used, if we weren't checking array bounds. Of course, array bounds are checked, but by the time they're checked, the conditional execution has already read and used somearray[i] to touch something else. Though somearray[i] is never directly exposed, its value can be later inferred by checking to see what memory page got loaded into the cache.
Fuck. Now I see why everyone is freaking out.
If I were in charge of the Internet (heh) I'd say let's just remove all of Javascript's ability to interface with the clock, so that you can't ever figure out what was in cache vs what wasn't. No, let's not kid ourselves: my imperial directive as God of the Internet would be that web browsers should no longer ever execute any code of any kind from web pages. (Gee, I could have told myself that 20 years ago, and I probably did but I eventually had to come to accept that Javascript on the web ain't going away, no matter how much we all hate it.) You just can't sandbox things good enough.
I'll buy the cheapest brand that's FDA and ADA approved, ideally without SLS.
Aha, there's the problem! You see, I'd prefer you to buy my toothpaste.
Now just do what I say, and nobody has to get hurt. We need not resort to violence for you to pay me. Instead, I could occasionally gently remind you to buy my toothpaste. I think we all agree this is a better situation than me having to stick a gun in your face.
As much as I detest these companies, I don't believe it is the role of local government to compete with private business using public tax dollars and staff with life long benefits again paid by citizens.
If you're outraged by this, wait until you learn the city owns City Hall, the courthouse, and fire stations, instead of renting them all from private companies. They even have employees (instead of contractors) who mop the floors. It's scandalous!
One of the things I've seen flying around, is some people are saying this can be exploited in a web browser, thanks to Javascript JIT-compiling to machine code.
I am pretty damn out of date on Javascript compilers, so I was hoping someone could explain how this is possible. Javascript doesn't have pointers. I'd think that if a Javascript programmer is capable of writing Javascript code that compiles in such a way that the programmer can create a pointer of their own making (perhaps pointing to kernel memory) and can cause code to dereference that pointer, we would all call that a severe and inexcusible compiler bug.
I mean, even if there were no processor flaw at all, but the Javascript-compiled-to-x86 code could read arbitrary memory in its own browser process, that alone would be a severe web-user-killing nightmare. How is that not a compiler bug?
Am I mistaken that a Javascript exploit is possible?
What is this penchant so many engineers have for adding needless complexity to (what should be) relatively simple, single-purpose devices?
Orders. An engineer's job is to answer marketing's question with "yes, I can do that."
I had a brief moment of weakness/curiosity so I decided to look at what these guys are selling, and I think I spotted what they're up to. Check out their Roomba model comparison chart. Go ahead, you don't have to buy anything. Look. What do you see?
The first thing I saw, is that they have multiple models. Gotta admit, I didn't know that.
Check out the bullet points. There are some dubious "features" there, but a couple stand out, almost as negative things where you might think "WTF, some Roombas can't do that?" Don't you want tangle-free rollers? Of course you do, unless you're a tangle-lover! The multi-room cleaning "feature" shocked me too. Does that mean with the cheaper Roombas, you have to get one for every room? Fuck that.
It's about upselling. I think that's 100% of it. But maybe we all have different buttons to press, and what gets me to think "I have to get a Roomba 960 or else there's no point in getting any Roomba at all" is different from what might make you decide to get a 960 or none at all.;-)
Of course, the easiest solution is to get none at all. But let's say your spouse wants one, and it's decided: you're getting something. Maybe another stupid fucking bullet point would push your button. Obviously, silly stuff like wifi mapping ain't it, but everyone has their eccentricities, and if they keep piling on weird features, something could tip you into the upsell.
What if the microkernel doesn't share the same address space as the userspace processes? My understanding is that Linux shares the space to make lots of kernel services convenient (e.g. they can do things to userspace memory, as part of their job). But on a microkernel there's less incentive to do that (whoever is doing things for you, is more likely to be doing things in its own userspace). And if you're not doing that, then there's less to defend against.
DMCA defines circumvention as breaking the DRM without the authority of the copyright holder. The copyright holder can always grant permission for anyone and everyone to crack DRM on their own works. If I were to make a Blu-Ray disc containing my video, then I could give everyone in the world the right to crack the DRM on my disc. This is not an exemption; it's something right in the definition of circumvention.
It could even be argued that if I had granted that right, and you manufactured, imported, offered-to-the-public or trafficked in the tool primarily intended to play my disc despite the DRM, that might be legal as well. (This is less certain than the above paragraph, though.)
(And all this ignores any trade secrets which may be required to make or play Blu-Rays. I'm just talking about DMCA.)
If these filmmakers think they don't already have this right, then I have to conclude that they don't hold the copyright on their own movies, and someone else (the studio) is denying them permission to watch their own movies. Well, that sucks. So, filmmakers, maybe you should think about just what value (if any) studios provide to your filmmaking, such that you are letting them have the whole fucking thing. Everyone should hold them accountable for their decision to start the relationship in bad faith.
And of course, if using the media you bought is too hard to use, I'm sure someone else already did the hard work and has made the file available. So you might want to think twice about purchasing anything DRMed in the first place. You should feel dirty whenever you pay them.
All the ISP is doing is pointing out things that will stop working properly if the customer's internet is shut off.
I am not a customer of the ISP in question so I'm not sure I'm reading it right, but it sounds like this particular ISP doesn't so much "shut off" as deliver less than the customer originally paid for:
please be advised that, if Armstrong receives additional notifications of infringement connected With your Zoom Internet Service, Armstrong will remove you from your current service level and place you at the lowest service level.
This will allow you to access email, but limit your speeds and affect your ability to upload or download material to the internet or use other file-sharing capabilities.
Seems the obvious solution is for the ISP to not do that. These are "notifications of infringement", i.e. mere accusations, not findings that infringement actually happened. You shouldn't defraud a paying customer based on a mere rumor.
Slashdot Mirror
We're merely running a Class 2 Perversion; it's not the fscking Blight, ok? Just relax, everyone.
This is a silly concern. Repealing the 2nd amendment would be a huge herculean task that could only be done with the population having an enormous change of opinion. Everyone running for congress would look at the ratification as an opinion poll, and adjust their platform accordingly (or else lose their election). You'd have a different Congress. (Still, "what next?" is a damn good question. It's not obvious what gun controls would be "ideal" if gun control were legalized.)
Why? There's no downside to skipping that step. Elect me and I promise I won't burn those trillions of dollars.
You can ignore every illegal gun that LE never comes into contact with. If someone has an illegal gun in their house, so what? Don't ask, don't tell. ;-)
And then whenever LE does run into one, you can either get medieval on the owner's ass (to set an example, which I think would be pointless), or you can just whatever, confiscate it with all the passion and seriousness of a cop pouring out a teenager's beer can.
All of this is independent of the debate over whether or not repealing the 2nd amendment is a good idea. But repealing it doesn't cause those problems.
What convinced you to trust at least one of them? That was a non-obvious move on your part, and a lot more interesting than how you decided which one to trust.
You might have read about this (possibly via this site that you're browsing right now) almost 20 years ago, in the Halloween I and Halloween II documents.
Microsoft knew (mostly correctly!) the world we were heading for. My computers all run "commodity" software and with the exception of a few games, I didn't pay for any of it. Software is freely available and abundant. If I need anything, I can search the repo and try out several candidates. It doesn't cover everything but it goes damn far.
As a user, I don't see this as a problem. I see it as wealth. It's like we've settled on a planet where bacon trees grow naturally on the chocolatey banks of a beer river. You can't sell groceries or even plow blades to this colony!
As a proprietary software vendor, Microsoft saw it as a problem (obviously!), and the original Halloween documents outline one approach to solving it.
Over the years we have all seen other approaches, as well as variations of the Microsoft style solution, but these also cause great unhappiness to users so we develop natural immunities to those too. (e.g. "Fuck no, I'm not using your 'cloud service' especially one where I have to use your client software.") But I'm sure some VC is getting a boner right now, from some evil plan to try to lock users into another recurring monthly payment. And it'll work, to some extent (because users only learn so fast), so it's not necessarily a bad idea from a business perspective. As a user, though, you only fall for this so many times before you eventually get into the habit of Just Say No.
One of the more interesting ways to de-commoditize software is used by companies like Google and Facebook. The software that makes their money, is stuff they don't sell. And while a competitor can basically "copy" it (by looking at what it produces and imagining how they might serve ads to maximum profit), what makes it work is the data they gather, which you can only get by being popular! Being-popular is not easy to copy. You can have infinite technical knowledge (and I think technical knowledge itself is a commodity, which is why we have so much great software) and still not be able to copy Google. You need human (market/habit) knowledge for that.
But some users are in the beginning stages of pushback against that model too (e.g. ublock/privacybadger, darknets, etc). If you think the NSA hates Snowden, imagine what they must be saying about him behind closed doors at Google! "Fuckin' guy woke up several percent of the userbase. Damn him!"
This seems pretty common sensy and it's also what we've determined to always be best in the computer world. So far.
But this approach seems flawed if we think about, say, nuclear weapons engineering. The more everyone (including you) knows about how to make a nuclear weapon detonate correctly, the more dangerous other people become but you don't really get to apply any of that to your defense. It's not like your bomb shelter will get better because of you finally figured out how to get the imploder timed right. It's not like your political efforts to limit nuclear proliferation benefit from proliferation of the engineering knowledge. It's not like your coping-with-horror-by-using-fatalistic-nihilism-and-humor will benefit from th-- wait, ok, so it does happen to help that one defense, but that's an unusual case.
For the most part, nuclear weapon engineering proliferation is bad for everyone, in a way that completely contrasts with, say, knowing that fingerd has an exploitable buffer overflow bug.
Are there some conditions where software tech crosses over into being more like nuclear weapons and less like other software tech? More to the point: what are the general conditions where tech knowledge proliferation is bad rather than good, such that buffer overflows get categorized one way and nukes the other? The condition isn't really "software good, hardware bad," no way.
That some people think some software tech is crossing over or soon may, makes me wonder WTF they figured out how to do!
(BTW, for some reason I actually like that they used movie plot threats in the guise of latching onto Black Mirror trendiness. Let's face it, everyone: movie plot threats are fun to think, about and I don't care what The Almighty Bruce says!)
Amusingly, the government itself presented this parallel to the public. What was Phil Zimmermann charged with, for releasing PGP? That's right: exporting munitions. Our own government, trying to remove the limits we centuries-ago imposed on its power, framed the issue perfectly to get the 1st and 2nd amendment enthusiasts to team up!
PRZ won, and we got to grow up in a world of cryptography (even if we so often fumbled incompetently with key exchange) and we'll be getting rid of crypto about as easily as we'll give up guns and a free press. (That is, you'll retain the right to have those things, but most people won't bother, or won't bother to a realistically effective degree.)
Be the fastest. If they had published this source code a few years ago, nobody would care that someone else published another identical branch.
Damn. I hate being the dick in Lavabit discussions because he meant well and basically did the right when when he was attacked, but Lavabit was horribly flawed and the fact that the attack could have worked is why.
Email is a problem where web browsers are simply the wrong tool for the job, and how it worked is that they sent code from the web page to browser to decrypt keys in the browsers. Send different code and you can make the browser leak the key. There are so many ways to MitM that, it ain't funny. Had the government, or anyone else, used more subterfuge instead of a NSL, a bunch of people could have easily gotten compromised.
Think about how many stories there have been since the Lavabit shutdown, where CAs were caught being sloppy and browser makers eventually had to stop including them in their list of fully-trusted introducers. That shit happened, happens, and will always happen. HTTPS is never something that normal users will be able to rely on. Any Lavabit user who was really protecting something truly sensitive, would have had to check the signer on every single fucking page they loaded (no, not just pages but especially the replies to the requests for the code to handle the PGP decryption) and make sure they knew who that signer was, instead of it ending up being someone operated by, or coerced by, the government.
And even then, you don't know what the Lavabit guy might have done if someone literally pointed a gun at his head. The US government exercised commendable restraint when you think of the full spectrum of thuggery that could have happened, and that real users might actually face.
If you want security, you have to Just Say Fuck No to webmail. You shouldn't be routinely downloading and re-downloading decryption code like that, especially where there are hundreds of entities, most of whom you don't know anything about, who can sign it and make that reassuring lock icon appear.
Lavabit shouldn't have even been doing that or offering that service. Stop trying to legitimize webmail. It's never going to be ok, and Lavabit did the wrong thing by trying.
If fears of Trumpnet 5G is what gets you to finally start moving everything to darknets and looking harder at key exchange for things that can't go to darknets, that can only be a good thing.
By the time you think you're ready to tunnel through Trumpnet in 2022, you'll finally be ready to deal with the realities of 2002 Internet.
I wonder if the carbon footprint just happen to fairly well correlate with the price. i.e. might I find that a $5 sandwich was responsible for roughly twice as much CO2 in the atmosphere as a $2.50 one?
Cases where it doesn't correlate, might have some interesting things going on.
Just get a second computer to use as a server and wifi AP. Have it be in a tower case (or double-tower; I personally prefer the Lian Li PC-D8000 but perhaps your tastes are more "racky"), and fill it with hard drives so you have lots of space and fault-tolerance for your important data. Oh, and get a UPS to power it for whenever you're not near a power outlet.
Duct tape your Chromebook to it, so that the server gets automatically carried around whenever you grab your chromebook, without you having to remember anything. Use any leftover tape to fashion a convenient carrying handle. Problem solved.
If the women don't find you handsome, they should at least find you handy.
It's not a technical question. It's a rhetorical question about the requirements. Nobody gives the slightest fuck about the technical answer, because it's irrelevant. The question is obviously intended to criticize how we've approached the problems, our values, etc.
Except it doesn't really add complexity. You just turn a knob from 1024 to 4096 and a machine takes care of all the work, while the lazy human just sits there and drools. And you don't really even have to turn the knob, because the first time you touched the machine you just turned it up to max and left it there forever. It's effortless.
You've got a fascinating point, but there's no way you can ever have any idea what all possible adversaries' capabilities are. And you'd have to continuously stay up-to-date on it too, since what costs $10M today is $1M tomorrow.
I think there's also an assumption that "legitimate" adversaries have more power than illegitimate ones, i.e. your own government happens to have the most, fastest computers. Go ahead and try to tell that to a citizen of a poor country. As a citizen of a rich country, I think it's probably true (i.e. the US government is able to brute force my stuff easier than, say, the Chinese government) but I don't really know that's true, do I? And if it's right for me, then it's wrong for everyone everywhere else!
Arbitrary deadline: write it before you die.
It's so fucking arbitrary! Why do people feel a need to pile on these needless conditions?!
(BTW, thanks to the people who suggested I read the Spectre paper.)
One of the things that makes Spectre so interesting, is that we're wrong!
Long story short, is that though Javascript doesn't have pointers, it can have an array of bytes. And the compilers are amazing and apparently do a really great job of turning the Javascript into machine language.
So the Javascript basically asks for somearray[i], where i is totally out of bounds but nevertheless does correspond to some memory location that would be used, if we weren't checking array bounds. Of course, array bounds are checked, but by the time they're checked, the conditional execution has already read and used somearray[i] to touch something else. Though somearray[i] is never directly exposed, its value can be later inferred by checking to see what memory page got loaded into the cache.
Fuck. Now I see why everyone is freaking out.
If I were in charge of the Internet (heh) I'd say let's just remove all of Javascript's ability to interface with the clock, so that you can't ever figure out what was in cache vs what wasn't. No, let's not kid ourselves: my imperial directive as God of the Internet would be that web browsers should no longer ever execute any code of any kind from web pages. (Gee, I could have told myself that 20 years ago, and I probably did but I eventually had to come to accept that Javascript on the web ain't going away, no matter how much we all hate it.) You just can't sandbox things good enough.
Oh, fuckfuckfuck.
Aha, there's the problem! You see, I'd prefer you to buy my toothpaste.
Now just do what I say, and nobody has to get hurt. We need not resort to violence for you to pay me. Instead, I could occasionally gently remind you to buy my toothpaste. I think we all agree this is a better situation than me having to stick a gun in your face.
If you're outraged by this, wait until you learn the city owns City Hall, the courthouse, and fire stations, instead of renting them all from private companies. They even have employees (instead of contractors) who mop the floors. It's scandalous!
One of the things I've seen flying around, is some people are saying this can be exploited in a web browser, thanks to Javascript JIT-compiling to machine code.
I am pretty damn out of date on Javascript compilers, so I was hoping someone could explain how this is possible. Javascript doesn't have pointers. I'd think that if a Javascript programmer is capable of writing Javascript code that compiles in such a way that the programmer can create a pointer of their own making (perhaps pointing to kernel memory) and can cause code to dereference that pointer, we would all call that a severe and inexcusible compiler bug.
I mean, even if there were no processor flaw at all, but the Javascript-compiled-to-x86 code could read arbitrary memory in its own browser process, that alone would be a severe web-user-killing nightmare. How is that not a compiler bug?
Am I mistaken that a Javascript exploit is possible?
It's called an Opportunity Button.
Buy a brand new Intel processor next year!
Orders. An engineer's job is to answer marketing's question with "yes, I can do that."
I had a brief moment of weakness/curiosity so I decided to look at what these guys are selling, and I think I spotted what they're up to. Check out their Roomba model comparison chart. Go ahead, you don't have to buy anything. Look. What do you see?
The first thing I saw, is that they have multiple models. Gotta admit, I didn't know that.
Check out the bullet points. There are some dubious "features" there, but a couple stand out, almost as negative things where you might think "WTF, some Roombas can't do that?" Don't you want tangle-free rollers? Of course you do, unless you're a tangle-lover! The multi-room cleaning "feature" shocked me too. Does that mean with the cheaper Roombas, you have to get one for every room? Fuck that.
It's about upselling. I think that's 100% of it. But maybe we all have different buttons to press, and what gets me to think "I have to get a Roomba 960 or else there's no point in getting any Roomba at all" is different from what might make you decide to get a 960 or none at all. ;-)
Of course, the easiest solution is to get none at all. But let's say your spouse wants one, and it's decided: you're getting something. Maybe another stupid fucking bullet point would push your button. Obviously, silly stuff like wifi mapping ain't it, but everyone has their eccentricities, and if they keep piling on weird features, something could tip you into the upsell.
Maybe?
What if the microkernel doesn't share the same address space as the userspace processes? My understanding is that Linux shares the space to make lots of kernel services convenient (e.g. they can do things to userspace memory, as part of their job). But on a microkernel there's less incentive to do that (whoever is doing things for you, is more likely to be doing things in its own userspace). And if you're not doing that, then there's less to defend against.
I'm probably missing something.
Life isn't all about Zootopia; your proposed fix would miss an episode of Hogan's Heroes.
DMCA defines circumvention as breaking the DRM without the authority of the copyright holder. The copyright holder can always grant permission for anyone and everyone to crack DRM on their own works. If I were to make a Blu-Ray disc containing my video, then I could give everyone in the world the right to crack the DRM on my disc. This is not an exemption; it's something right in the definition of circumvention.
It could even be argued that if I had granted that right, and you manufactured, imported, offered-to-the-public or trafficked in the tool primarily intended to play my disc despite the DRM, that might be legal as well. (This is less certain than the above paragraph, though.)
(And all this ignores any trade secrets which may be required to make or play Blu-Rays. I'm just talking about DMCA.)
If these filmmakers think they don't already have this right, then I have to conclude that they don't hold the copyright on their own movies, and someone else (the studio) is denying them permission to watch their own movies. Well, that sucks. So, filmmakers, maybe you should think about just what value (if any) studios provide to your filmmaking, such that you are letting them have the whole fucking thing. Everyone should hold them accountable for their decision to start the relationship in bad faith.
And of course, if using the media you bought is too hard to use, I'm sure someone else already did the hard work and has made the file available. So you might want to think twice about purchasing anything DRMed in the first place. You should feel dirty whenever you pay them.
I am not a customer of the ISP in question so I'm not sure I'm reading it right, but it sounds like this particular ISP doesn't so much "shut off" as deliver less than the customer originally paid for:
Seems the obvious solution is for the ISP to not do that. These are "notifications of infringement", i.e. mere accusations, not findings that infringement actually happened. You shouldn't defraud a paying customer based on a mere rumor.