There used to be a pair of film actors working under the names "Alphonse" and "Gaston" who had several routines about that. I don't know whether they were supposed to be Canadian, or just French.
A watch can't carry much info on a gui interface, and is too small for anyone to type on. So it will require a VERY good voice interface. The version of Siri I experienced last year won't cut it. And it has to work in noisy environments. You also want to avoid FaceId for this purpose because walking around with your arm in front of your mouth makes you look sick. So you need a good voice id system if you want that kind of interaction.
Etc. I believe that watches will eventually become important, but they require a *lot* of improvements.
Yeah, but there are many things that are characteristics of some animals, e.g. mice, that don't apply to people. So it's useful info to say that this protein is also present in people. (They didn't say it was present in all animals, maybe it isn't.)
University administrations never were, and college students rarely were, despite what the press told you. Many of the "radicals" of the 1960's were actually conservatives who believed what they had been told in government and civics classes in high school. You know, free speech, individual rights, etc. The groups tended to be co-opted by those with a better understanding of how group politics work, but the individual students were often libertarian (small "l") idealists. The anointed spokesmen, however, rarely were. This is partially because the press likes to shock and dismay people, and partially because the actual libertarian idealists were generally lousy at working together. And I never met one who was a good public speaker.
One place I worked replaced about 1/10th of the computers every year. If you were lucky and got a new one, your old one went to someone with an older computer. So about 1/10th of the people had a computer 10 years old. Not quite, as if a computer died, it was replaced and not counted, but that didn't happen too often.
Both chips did branch prediction, AMD just checked address validity before the speculative execution rather than afterwards. This allowed Intel chips to be faster at executing the code by ignoring certain (apparently known) security problems.
But whether it was actually faster or not can be disputed, because Intel is also known to have gamed compilers to disadvantage AMD. In that case they made the AMD chips seem slower by cheating. The question is how many of the benchmarks were done with the altered compilers. And this is where the accusation that Intel made their chips *seem* faster gains validity.
Don't consider the Spectre patch. All the major CPUs are vulnerable to Spectre. It's Meltdown where there is a significant difference.
Also, it's not yet clear to me that Spectre can be patched in the current chip designs (any of them) without disabling speculative execution. That's more than the 10% penalty. (How much more? I've no idea.)
This is quite annoying as I'd been thinking it was time to start considering buying a new computer, but now it looks as if buying one with one of this or the upcoming generation of chips is a bad mistake with no way around it. The chips that I need are the ones that haven't yet been designed.
Depends on how you measure it. Actually that particular set of four common words has considerably less entropy, because it's been used as an example so often that I didn't need to explain why I used them as an example, whereas "solemn pTarmagines nest strangely" has a lot more. Partially because "pTarmagines" is spelled incorrectly and partially because of the unusual capitalization. And nobody said you need to limit it to four words.
OTOH, as someone indicated, you don't want to need to type that much every time you log in, much less every time you receive a message. But it should require some modicum of effort to decrypt something that you want hidden, and it should be something easily memorized, so you don't need to write it down (unless the use case is against electronic interception, in which case writing it down isn't a problem...you just don't want to store it on your computer).
All the evidence I am aware of is consistent with the assertion that the upper levels of the executive branch intentionally chose to not prevent the attack which happened on 9/11. It's actually consistent with the assertion that they initiated it, but that's a bit of a stretch. There is reasonably good evidence that they were repeatedly warned of it ahead of time, with some specifics, and that all they did about it was to ready legislation to push through after the event.
Yeah, I remember. Multiple agents tried to alert the FBI central office up to months ahead of time and were ignored. IIRC, even Germany sent in info about the upcoming attack and were ignored.
But you're right, within hours after the attack new legislation had been passed. It had been written ahead of time. And public opinion generally supported it. One Senator who was opposing the legislation received anthrax spores in the mail which turned out to come from a US Army biowar lab.
This doesn't prove that the attack didn't originate from outside (though the FBI has been proven to have inspired several "terrorist" attacks that didn't run to completion), but it sure seems to suggest they didn't want to stop it.
Just to make a point: The NSA is not the FBI, and doesn't necessarily share it's information with them. And vice-versa.
This doesn't mean the FBI doesn't already have all the info it needs, but saying the NSA does isn't asserting that the FBI does. To some extent they cooperate, but they are also in competition for power and funding.
Unfortunately, it's the kind of assertion that it's hard to reliably test. If a particular group knows of an exploit and nobody else does, there's a good chance it will be undiscovered for a long time. There are buffer exploits that existed in high value open source code for over a decade before anyone noticed it. (I believe a few showed up just this last year, and I'm not talking about Meltdown, that wasn't open source.)
So all you can really say is that Apple is secure as far as we can tell...if you follow these rules... And this may be because it's secure, or it may be because the people that hold the exploit are being cagey about how they use it. And there's no way to distinguish between the two cases.
While passphrases are potentially better, I once found out that only the first few letters of a password I was using were significant. Whoops! This may not be true for the Apple version, but don't rely on it without experimenting.
Pass phrases are quite reasonable for encryption, if not for something that you need to type frequently. And they allow for a lot more entropy to be remembered than does a few numbers (unless you're a quite unusual person).
An interesting question is "Who is this they?". If it's various malicious salesmen "getting even" with businesses for refusing to buy from them it's one thing, if it's company policy it's another, and if it's just the way the incentives to the salesmen are structured without any official policy, or even against official policy, then it's a third.
It seems pretty clear that the "malicious salesman" thing happens. But what's the backstory?
I think you're right about Trump's attitude, but many of the cohort really believe that corporations should be allowed to do anything that will make them lots of money.
My understanding was that while home users probably didn't have anything to worry about from this, those running services in the cloud definitely did. And those services are probably already patched against the easier exploits. But if they don't patch against this, someone will take an unreported zero-day, blend it with meltdown, and build a password stealing trojan that is invisible to current approaches. You'd never know that all the passwords had been lifted, so you wouldn't change them. And this would include things like the records from insurance companies, hospitals, financial services, etc.
Therefore it's important to patch those services quickly. Or transparency would take on a whole new meaning.
If you're technically competent, better advice is to not use MSWindows. If you're not, then the advice is silly.
Actually, though, given the news of the past year, I'm in a quandary as to what I should recommend for my non-technical friends. I used to recommend Apple, but they seem to be doing nearly as poorly as MS at helping their end-users. With this last couple of months, though, Apple is appearing worth the extra cost as not being quite as user hostile.
Your advice is totally unreasonable for someone with a single computer. The person who created it (I get that you are repeating rules you learned) either had no intention of it being used by someone with a single computer or had no intention of the advice being followed. Even reasonable backups are hard to keep current for someone with a single computer. (Reminds me, my backups need refreshing.)
And if you don't have a bootable CD to recover from, which you won't have if you don't have a CD drive, what are you supposed to do? (I'm assuming that MS still won't allow you to make your own bootable usb stick.)
The only variant of Linux that even vaguely forced an update to systemd was Red Hat, and even there you had the option to not do the update. I do rather object to the way it was forced on the community, but there are still ways to avoid it if it's important to you to do so. Even if you still run Debian, you can avoid systemd. I'm not sure how long that will be true, so it's a good thing that Devuan is being developed, but for now it's still true, And it's also true in several other Linux distributions. I believe that in Slackware systemd isn't even an option. (I haven't looked recently.)
Spectre and Meltdown are not the same, though, I believe, Meltdown is a subclass of Spectre. Many of the sites seem to confuse the two, sometimes, I suspect, intentionally. Certainly I suspect the Intel press release of intentionally confusing them.
FWIW, the "fix" that Intel provided to Linux would have installed on AMD CPUs as well as Intel CPUs. So if MS just accepted the Intel patch, MS is pushing out abuse authored, possibly with malice aforethought, but Intel. The Linux developers let AMD alter the fix so that AMD chips weren't impacted. There seems a fair possibility the MS hid the code from AMD, so they never had a chance to offer their input.
If my above guesses are correct, then MS was not being malicious. Merely incompetent. So you should, of course, trust them.
Slashdot Mirror
You are, at least partially, correct. Bricked is the wrong term. It was, however, described that way in some news stories.
OTOH, and IIUC, you had to revert the patch to fix the problem, and I'm not sure that MSWindows lets you do that, even though Ubuntu did.
There used to be a pair of film actors working under the names "Alphonse" and "Gaston" who had several routines about that. I don't know whether they were supposed to be Canadian, or just French.
A watch can't carry much info on a gui interface, and is too small for anyone to type on. So it will require a VERY good voice interface. The version of Siri I experienced last year won't cut it. And it has to work in noisy environments. You also want to avoid FaceId for this purpose because walking around with your arm in front of your mouth makes you look sick. So you need a good voice id system if you want that kind of interaction.
Etc. I believe that watches will eventually become important, but they require a *lot* of improvements.
Yeah, but there are many things that are characteristics of some animals, e.g. mice, that don't apply to people. So it's useful info to say that this protein is also present in people. (They didn't say it was present in all animals, maybe it isn't.)
Also doing thereby less damage to the car the the passenger.
University administrations never were, and college students rarely were, despite what the press told you. Many of the "radicals" of the 1960's were actually conservatives who believed what they had been told in government and civics classes in high school. You know, free speech, individual rights, etc. The groups tended to be co-opted by those with a better understanding of how group politics work, but the individual students were often libertarian (small "l") idealists. The anointed spokesmen, however, rarely were. This is partially because the press likes to shock and dismay people, and partially because the actual libertarian idealists were generally lousy at working together. And I never met one who was a good public speaker.
Yes, it is definitely Intel's intention to not give you more than 10% of the money you've spent on their products. (0% *is* less than 10% isn't it?)
One place I worked replaced about 1/10th of the computers every year. If you were lucky and got a new one, your old one went to someone with an older computer. So about 1/10th of the people had a computer 10 years old. Not quite, as if a computer died, it was replaced and not counted, but that didn't happen too often.
Both chips did branch prediction, AMD just checked address validity before the speculative execution rather than afterwards. This allowed Intel chips to be faster at executing the code by ignoring certain (apparently known) security problems.
But whether it was actually faster or not can be disputed, because Intel is also known to have gamed compilers to disadvantage AMD. In that case they made the AMD chips seem slower by cheating. The question is how many of the benchmarks were done with the altered compilers. And this is where the accusation that Intel made their chips *seem* faster gains validity.
Don't consider the Spectre patch. All the major CPUs are vulnerable to Spectre. It's Meltdown where there is a significant difference.
Also, it's not yet clear to me that Spectre can be patched in the current chip designs (any of them) without disabling speculative execution. That's more than the 10% penalty. (How much more? I've no idea.)
This is quite annoying as I'd been thinking it was time to start considering buying a new computer, but now it looks as if buying one with one of this or the upcoming generation of chips is a bad mistake with no way around it. The chips that I need are the ones that haven't yet been designed.
Depends on how you measure it. Actually that particular set of four common words has considerably less entropy, because it's been used as an example so often that I didn't need to explain why I used them as an example, whereas "solemn pTarmagines nest strangely" has a lot more. Partially because "pTarmagines" is spelled incorrectly and partially because of the unusual capitalization. And nobody said you need to limit it to four words.
OTOH, as someone indicated, you don't want to need to type that much every time you log in, much less every time you receive a message. But it should require some modicum of effort to decrypt something that you want hidden, and it should be something easily memorized, so you don't need to write it down (unless the use case is against electronic interception, in which case writing it down isn't a problem...you just don't want to store it on your computer).
All the evidence I am aware of is consistent with the assertion that the upper levels of the executive branch intentionally chose to not prevent the attack which happened on 9/11. It's actually consistent with the assertion that they initiated it, but that's a bit of a stretch. There is reasonably good evidence that they were repeatedly warned of it ahead of time, with some specifics, and that all they did about it was to ready legislation to push through after the event.
Proof, either way, does not seem to be available.
Yeah, I remember. Multiple agents tried to alert the FBI central office up to months ahead of time and were ignored. IIRC, even Germany sent in info about the upcoming attack and were ignored.
But you're right, within hours after the attack new legislation had been passed. It had been written ahead of time. And public opinion generally supported it. One Senator who was opposing the legislation received anthrax spores in the mail which turned out to come from a US Army biowar lab.
This doesn't prove that the attack didn't originate from outside (though the FBI has been proven to have inspired several "terrorist" attacks that didn't run to completion), but it sure seems to suggest they didn't want to stop it.
Just to make a point: The NSA is not the FBI, and doesn't necessarily share it's information with them. And vice-versa.
This doesn't mean the FBI doesn't already have all the info it needs, but saying the NSA does isn't asserting that the FBI does. To some extent they cooperate, but they are also in competition for power and funding.
Unfortunately, it's the kind of assertion that it's hard to reliably test. If a particular group knows of an exploit and nobody else does, there's a good chance it will be undiscovered for a long time. There are buffer exploits that existed in high value open source code for over a decade before anyone noticed it. (I believe a few showed up just this last year, and I'm not talking about Meltdown, that wasn't open source.)
So all you can really say is that Apple is secure as far as we can tell...if you follow these rules ...
And this may be because it's secure, or it may be because the people that hold the exploit are being cagey about how they use it. And there's no way to distinguish between the two cases.
While passphrases are potentially better, I once found out that only the first few letters of a password I was using were significant. Whoops! This may not be true for the Apple version, but don't rely on it without experimenting.
But why not "Correct horse Battery staple"?
Pass phrases are quite reasonable for encryption, if not for something that you need to type frequently. And they allow for a lot more entropy to be remembered than does a few numbers (unless you're a quite unusual person).
An interesting question is "Who is this they?". If it's various malicious salesmen "getting even" with businesses for refusing to buy from them it's one thing, if it's company policy it's another, and if it's just the way the incentives to the salesmen are structured without any official policy, or even against official policy, then it's a third.
It seems pretty clear that the "malicious salesman" thing happens. But what's the backstory?
I think you're right about Trump's attitude, but many of the cohort really believe that corporations should be allowed to do anything that will make them lots of money.
My understanding was that while home users probably didn't have anything to worry about from this, those running services in the cloud definitely did. And those services are probably already patched against the easier exploits. But if they don't patch against this, someone will take an unreported zero-day, blend it with meltdown, and build a password stealing trojan that is invisible to current approaches. You'd never know that all the passwords had been lifted, so you wouldn't change them. And this would include things like the records from insurance companies, hospitals, financial services, etc.
Therefore it's important to patch those services quickly. Or transparency would take on a whole new meaning.
If you're technically competent, better advice is to not use MSWindows. If you're not, then the advice is silly.
Actually, though, given the news of the past year, I'm in a quandary as to what I should recommend for my non-technical friends. I used to recommend Apple, but they seem to be doing nearly as poorly as MS at helping their end-users. With this last couple of months, though, Apple is appearing worth the extra cost as not being quite as user hostile.
Your advice is totally unreasonable for someone with a single computer. The person who created it (I get that you are repeating rules you learned) either had no intention of it being used by someone with a single computer or had no intention of the advice being followed. Even reasonable backups are hard to keep current for someone with a single computer. (Reminds me, my backups need refreshing.)
And if you don't have a bootable CD to recover from, which you won't have if you don't have a CD drive, what are you supposed to do? (I'm assuming that MS still won't allow you to make your own bootable usb stick.)
The only variant of Linux that even vaguely forced an update to systemd was Red Hat, and even there you had the option to not do the update. I do rather object to the way it was forced on the community, but there are still ways to avoid it if it's important to you to do so. Even if you still run Debian, you can avoid systemd. I'm not sure how long that will be true, so it's a good thing that Devuan is being developed, but for now it's still true, And it's also true in several other Linux distributions. I believe that in Slackware systemd isn't even an option. (I haven't looked recently.)
Spectre and Meltdown are not the same, though, I believe, Meltdown is a subclass of Spectre. Many of the sites seem to confuse the two, sometimes, I suspect, intentionally. Certainly I suspect the Intel press release of intentionally confusing them.
FWIW, the "fix" that Intel provided to Linux would have installed on AMD CPUs as well as Intel CPUs. So if MS just accepted the Intel patch, MS is pushing out abuse authored, possibly with malice aforethought, but Intel. The Linux developers let AMD alter the fix so that AMD chips weren't impacted. There seems a fair possibility the MS hid the code from AMD, so they never had a chance to offer their input.
If my above guesses are correct, then MS was not being malicious. Merely incompetent. So you should, of course, trust them.