Forgive the question but when you say "total stock market index" and "total bond market index", are you saying I should split my money thus:
> 70% of the money in an index that only invests in the stock markets and the remaining 30% in an index that only invests in bonds?
I believe that's what you're saying but would love confirmation of my understanding.
An Index Fund basically buys key stocks that it believes will follow the general trend of whatever exchange it is tied to. So if the entire exchange goes up by 18% an index fund would be expected to mirror that change closely. I think what the GP was referring to are funds that are not tied to a specific exchange but try and mirror the US stock markets in general. But like the Dow Jones Industrial Average is basically an index that tracks the NYSE. If you look at the prospectus for these kinds of funds they generally have less than 1% fees on them. I actually do have one high fee fund that I keep because it has averaged 18% returns for me over the last 15 years or so. That 18% is after the 3 or 4% fee they charge on my holdings every year. Bond index funds behave the same way.
Do yourself a favor. Ignore the financial adviser and just open an account with Vanguard or Fidelity. Put 70% of your money in a total stock market index, and 30% in a total bond market index. Rebalance annually (i.e. reallocate so you don't drift too far from 70/30). That's literally all you need to do. The financial industry wants you to think it's complicated so they can skim fees for "managing" or "advising."
I will add that if you have a certain amount of money in the account that Fidelity (and probably Vanguard) waive the annual account fees and you just have to pay the fees on the funds (which partially go to the investment company). I am more aggressive than 70/30 but I have a lot longer to wait for retirement than just 20 years.
Passports are a scam and a TRAP.
The world never used to have passports. There was and is NO need for them.
That is entirely wrong. All you have to do is read a book like the Count of Monte Cristo, written almost 200 years ago, to see that there was a period in time where you couldn't even leave the town you grew up in without a passport. If you did, you'd be considered a criminal when you tried to get into any town. The lay person did not need a passport because the lay person never had the opportunity to go anywhere.
We're meeting with a financial adviser this week to discuss our finances. Both our companies and the firm they use for managing our RRSPs offer financial advisers, but we want someone independent with no skin in the game. We made it very clear when booking our appointment that we're not interested in moving our RRSP so I'm hoping to get some good advise.
The index fund option is very interesting, the wife and I both agreed we should go down that route and reading the Warren Buffet article lends more credence to that strategy. Will be interesting to hear what this adviser says.
Best of luck to you. My experience with financial advisors is that, even when you're paying for their time, they try and convince you to do the most boneheaded things in order to maximize their income. I honestly believe that they are more despicable than the stereotypical used car salesman. I once had one try to convince me to refinance my mortgage to a HIGHER interest rate and could provide no real justification for it. However, the paperwork he showed me made it clear that he got a commission on that loan. I am sure there are honest advisors out there. And the type of advisor matters. I think the only type of advisor that is legally obligated to act in your benefit instead of their own is a fiduciary, but I may be mistaken.
And yes boys and girls, sometimes you as a nation have to kill those people trying to kill you. That's the real world. Grow up.
Perhaps... but that doesn't mean people should have to take part in something they find morally objectionable, does it?
Also, you might find this hard to believe but a lot more people are killed by domestic bad actors than foreign bad actors. It makes little sense to spend so much on people who are such a small threat.
No they should not be forced to participate in something that they find to be morally objectionable. But I think they fail to realize that increasing the lethality of the US Military does not automatically equate to people dying somewhere. It's quite possible that doing so would deter a war that would have ultimately resulted in even more deaths than this program *may* potentially result in. They may be saving lives around the world and, almost certainly, would be saving lives of members of the US military. Technology can be used for good or for evil.
I don't think any sane or rational being would want anyone to die in a conflict and yet we continue to have war and conflict throughout the world. The world would be a lot better off if no one had to work on these sorts of projects but could spend their time and their energy doing things that benefit humanity. Unfortunately, I don't believe that human nature and global events will change any time soon.
Do you own a smartphone? Or any mobile phone? Do you know what that device is doing all the time? These Things devices are essentially pluggin-in phones, they have the same capabilities and you ultimately there is very little different in trusting your phone to trusting these devices.
Like all things that you can't verify personally, it comes down to trust. What do you / who do you trust. I get why you wouldn't want to trust a home thingy, but it's much less personal than your smartphone (which has multiple cameras, comes with you, knows where it/you are) which you probably already are OK with.
At least a smart phone provides value over a brick phone. A smart speaker provides nothing but planned obsolescence over a normal speaker.
I don't think call centers care about more regulations, they already ignore the ones in place. There would need to be a technical solution. We would need to get rid off spoofing numbers. The arguments for spoofing aren't good enough to allow the system to be abused.
I don't think a technical solution is required at all. The best way to end it is to charge a tariff on calls from the originator. They certainly won't allow people to get a DID if they're getting charged a $5 fine for every spam call these asshats make. Just pass the fine along until you exit the country and if the provider overseas doesn't want to pay the fine, block them from making inbound calls to the US. If it's not a spam call, no fine. End of harassment when they can no longer get access to a DID.
2) Bloomberg's editors and writers are just misinterpreting whatever happened to Apple that they say was a compromised driver caught in the lab coming from a variety of sources who don't really have that good of info
Why did Apple drop them as a supplier in that case? Did Apple go directly to the ODM and use open compute designs? I am not sure. But I don't think that it is normal to drop a supplier for a reason like an infected driver.
To be even more accurate: it depends on if you hit the button explicitly designed as 'turn off Bluetooth connections other than the pencil and watch, and turn it back on after 24 hours,' or if you use the button explicitly designed as 'disable Bluetooth completely, yo.'
If you swipe up, and hit the 'temporarily disable bluetooth' button, and you're surprised that Bluetooth is only disabled temporarily, that's a you problem, not an Apple problem.
Oh! SO there are two buttons to turn off bluetooth that do different things. Because that makes sense. Especially since the “turn off bluetooth connections other than the pencil and watch” button used to behave exactly the same as the one in settings.
I might hold off on that if I were you. I am having serious radio issues with iOS 12 and I don't know that they are fixed in 12.0.1. I have a 7 and the radios will not let me do anything unless I have at least 3 bars. Also sometimes they just stop working until I restart the device. WiFi has been flaky as well. I was in the mountains this weekend and I basically had to restart my phone every time I wanted to use it. It seems the current radio firmware does not like when you have low reception.
Please read the release notes. The patch notes only mention fixes for radio issues on iPhone Xs and not any other platform. It may not fix radio issues on other models. Also, please read what the AC also wrote - if you’re not having issues on iOS11 why update to 12.0.1 if there may still be radio issues?
So, you are recommending NOT upgrading to an OS version that announces fixes for some radio issues?
Wow. Is it true you can't turn bluetooth off either and it will turn itself back on?
No, false.
can you turn "mobile data" off? (i.e. use the 2G/3G phone network, without connecting to the Internet)
Yes, of course.
I thought I'd become an iPhone user
You should stick to the device meant for low-information tech users.
The GP is correct. You cannot turn off bluetooth with the latest versions of iOS. Even if you turn it off, the bluetooth radio remains powered to work with the pencil and certain other devices. Go ahead. Give it a try. It’ll turn itself back on after 24 hours too. Same with WiFI, though I think WiFI radios actually do power off for 24 hours.
A shortage of cell towers in the mountains? Imagine that.
The issue is not the shortage of cell towers. It’s the fact that I had to restart the device every time I wanted to use it and had signal because the model would be in a bad state from the last time it lost signal and would not do anything whatsoever without a restart. That is not normal behavior. It should gracefully handle the loss and return of service without a restart.
Having many controls that would be buttons in most cars on the touch screen is going to be a distraction for drivers. Even stuff like the headlight controls and windscreen wiper settings are on the screen, meaning you have to glance aside and hit a touch target with no tactile feedback.
Go outside. It's been several years since people have to set those things manually.
There are states where you have to turn on the headlights when it is raining enough that the wipers must be in continuous motion. Does the Tesla turn the headlights on automatically in this case? I don't know. But I have driven other cars (rentals) that do not. You have to manually interact with the headlights to comply with the law. Of course, in my experience, most people do not actually comply with that law and are more likely to turn on their hazard lights instead of their headlights which, by the way, is also illegal in most states.
That being said, I drove my friend's Model S this weekend and I was annoyed at how little I could actually do without using the touchscreen. Things that I can do without ever looking away - like open the sunroof, adjust the air conditioning, and just about everything else. I rarely use the touchscreen in my car but it's basically mandatory in the Model S. They've built so much into the touchscreen that I am surprised that you don't have to use the stupid thing to roll down the windows or open the doors. It's ridiculous. And I really don't need that size of a screen next to me when I am driving. I did not drive this car at night but I basically want all those lights off, including the touchscreen, when driving at night.
I did enjoy driving the Model S but the usability of the controls is approximately 0.
I might hold off on that if I were you. I am having serious radio issues with iOS 12 and I don't know that they are fixed in 12.0.1. I have a 7 and the radios will not let me do anything unless I have at least 3 bars. Also sometimes they just stop working until I restart the device. WiFi has been flaky as well. I was in the mountains this weekend and I basically had to restart my phone every time I wanted to use it. It seems the current radio firmware does not like when you have low reception.
While we’re discussing this, I just wanted to apologize for typo that has appeared in our corporate motto since the company’s foundation. Our motto was supposed to be “Don’t openly do evil” but it seems that the secretary taking the board minutes accidentally wrote down “Don’t do evil” and it’s just stuck with us throughout the years. Many apologies.
— Larry Page
You're not forced into google freemium, but it's indeed unfortunate the option is not particularly user friendly (unlocking boot, flashing ROM).
Still waiting for that one hardware vendor who will ship lineage ROM on a slight margin to cater to your crowd.
They moved the location services into Google Play. If you want to be able to use the Play store at all you have to let Google spy on your location at all times. That's just wrong.
100% of Android buyers put money in their pocket while buying a better phone than Apple. Apple diehards spend more than they can afford on a worse product and die poor. Bury the obsolete iPhone with them.
Seems to be that you're an Android diehard. 80% of the market pays for an Android when you count the entire world and most of them are low margin phones. Not that there is anything wrong with buying a low margin phone. But Android exists to spy on you. End of story. I have zero interest in having every single text, phone call, etc on my phone being spied upon by corporate overlords./P.
Vote with your dollars. Android is better anyway and you get a whole lot more for your money.
I'm sorry but as long as I am the product, I will never pay money for an Android phone. And if you've ever worked on mobile software you know that the Android SDK is absolutely terrible.
They didn't really say it had that much by way of capability... just code injection, and phone home. What logic would this thing really need?
1. listen for "XXXX", inject "YYYY" (create remote vulnerability to exploit)
2. loop: send packet to x.x.x.x once a week/month. (advertise presence)
3. (optional) listen for kill signal, on kill signal HALT. (conceal self once access has been gained)
Given the density of modern die fab processes, I can easily imagine something with that capability fitting on the head of a pin.
I think it has to have decent processing power in order to spy on the BMC's bus without causing a noticeably long delay while it's halting the host CPU to inject these new instructions.
If they could modify the board, then yes, this sort of thing becomes MUCH more likely.
The down side to this is that modifications MIGHT be detectable by tests. Lots of things can go wrong while building and assembling a board so tests are standard. Mucking about with it might create changes that can be detected during a standard bed-of-nails test. If the same company controls the test, then they could get away with it easily.
The other side is that changing the board is easy to prove once you discover it.
That actually depends. Supposedly this thing is sitting on some data lines between the host CPU and the BMC. Having hardware debug level access to the CPU, it may be able to detect the current state of the system. For instance, Intel has a check you can make to see if the system has been marked as “End of Manufacturing” which is likely when they would do any quality tests. The chip could intelligently change behavior based on all kinds of things, depending on how sophisticated they’re able to make it. It’s pretty small and I have a hard time believing that such a small chip could have the proper capabilities to perform what is implied by the article. But the bus it supposedly sits on would basically give it god mode access to the entire system AND have network capabilities as long as the power supply is putting power to the board and there’s an active connection coming into the NIC.
Actually it's my third and had a brain fart while typing. Thanks for taking the time in pointing it out.
No worries! I didn’t want to assume that you were a native speaker. I know I would want someone to correct me in the other language I pretend to speak.
Sounds to me like theoretically there's a simple (well, for me, or someone with my skill-set at least) way to determine if any of this is true or not: A comprehensive physical examination of Supermicro server motherboards being used in critical applications. If something that's not on the BOM for the PCB has been glued to the board and blue-wired into it, then it obviously doesn't belong there and is suspect. Any and all silicon should also be able to be identified by it's manufacturers' part number and it's existence on the PCB justified. Furthermore the BIOS should not have any extraneous code in it that either runs on the main processor cores or that loads into the various microcontroller cores found in the chipset of any modern computer. Hiding malicious code that only lives in RAM is one thing, but anything physical or that lives permanently in something physical is literally a smoking gun and should be able to be sussed out, you really can't hide it. I have to say though it's pretty cheeky of a manufacturer, Chinese or not, to do something like this, if in fact they have. Malware is one thing, something physical is a completely different ballgame.
From my understanding of what was done, there is no way the firmware could know of, or detect this attack as the firmware itself cannot be trusted even if it is properly signed on the flash chip. The extra chip is sitting on lines between the BMC and the host CPU and can actually modify instructions on the CPU as it runs. Nothing after the initial platform security check (the first phase of the CPU initialization) can be trusted and that is only because the hardware debugging capabilities of these CPUs do not let you interfere with any instruction before the end of SEC.
While we would cooperate with any government investigation, we are not aware of any investigation regarding this topic nor have we been contacted by any government agency in this regard. We are not aware of any customer dropping Supermicro as a supplier for this type of issue.
And they go on to say a lot more that categorically denies Bloomberg's claims, including denying that they even make the chips that were allegedly compromised and that these companies supposedly purchased from them.
The article does not allege that Supermicro knows (as a corporation at least) or manufactures the chips in question. Supermicro designs boards and manufacturers in Taiwan and China make them. This chip is allegedly added onto some data lines between the BMC and host CPU during manufacture, and without actually being a part of the Supermicro design. Based on the images I have seen of this alleged chip, I don’t think anyone would even notice them if they were doing a standard quality review of a board supplied by these factories. However, I do not believe that Supermicro would be involved in this kind of investigation as they are the company being investigated. And we all know from NSL and things of that nature that companies can be compelled to comply with such an investigation and forced to deny participation in it. I’m not sure why your post was marked insightful because it’s not only partially incorrect, but it provides no value to the discussion as to whether or not such an attack is feasible and, if so, practical.
Yes I did, and it doesn't really answer my question, like I said it would have to be sitting on an externally accessible bus, like the Ethernet bus, in order to receive the instructions on what to do. Being able to monitor the operating system loading is next to useless, unless the OS itself is compromised, in which case you have far bigger problems than a 6502 sitting somewhere it shouldn't.
Which is why I asked where exactly it was. Saying it's on the "BMC lines" is... not an answer.
Do you know what a BMC does? The lines it is sitting on allows it to modify instructions on the CPU. You can actually use those exact same lines to perform remote hardware debugging through the BMC. And by hardware debugging, I mean anything that happens in the board initialization process after SEC finishes. So PEI onward in a UEFI environment. The BMC also has its own connection to the LAN controller(s) on the PCH. It can be used to power on / off, flash firmware over the SPI bus, interact with the server CPU directly, etc.
This is only a small part of the issues I have about the report. What is the chip monitoring or able to monitor? How is it programmed?
It's not impossible to envisage something that, say, could monitor Ethernet for a string and use that to program itself, but something that can both see an incoming Ethernet packet and see what the CPU is doing is harder to conceptualize.
I know this is Slashdot but... did you read the article? Supposedly this chip was put on the BMC lines that allow it to modify basically anything going to the CPU. They could have even tweaked the firmware on the board through the BMC. The chip does nothing but detect the loading of the OS and insert instructions that it downloads off of a known host. There was no data exfiltrated as far as anyone can tell. It was just lying dormant or used as a vector to penetrate other areas of the network. They were able to identify the 30 companies affected by monitoring traffic and/or hacking the C&C server used. But it was not detected because, as far as they can tell, the compromised systems themselves were never used to exfiltrate data.
Slashdot Mirror
Forgive the question but when you say "total stock market index" and "total bond market index", are you saying I should split my money thus: > 70% of the money in an index that only invests in the stock markets and the remaining 30% in an index that only invests in bonds? I believe that's what you're saying but would love confirmation of my understanding.
An Index Fund basically buys key stocks that it believes will follow the general trend of whatever exchange it is tied to. So if the entire exchange goes up by 18% an index fund would be expected to mirror that change closely. I think what the GP was referring to are funds that are not tied to a specific exchange but try and mirror the US stock markets in general. But like the Dow Jones Industrial Average is basically an index that tracks the NYSE. If you look at the prospectus for these kinds of funds they generally have less than 1% fees on them. I actually do have one high fee fund that I keep because it has averaged 18% returns for me over the last 15 years or so. That 18% is after the 3 or 4% fee they charge on my holdings every year. Bond index funds behave the same way.
Do yourself a favor. Ignore the financial adviser and just open an account with Vanguard or Fidelity. Put 70% of your money in a total stock market index, and 30% in a total bond market index. Rebalance annually (i.e. reallocate so you don't drift too far from 70/30). That's literally all you need to do. The financial industry wants you to think it's complicated so they can skim fees for "managing" or "advising."
I will add that if you have a certain amount of money in the account that Fidelity (and probably Vanguard) waive the annual account fees and you just have to pay the fees on the funds (which partially go to the investment company). I am more aggressive than 70/30 but I have a lot longer to wait for retirement than just 20 years.
Passports are a scam and a TRAP. The world never used to have passports. There was and is NO need for them.
That is entirely wrong. All you have to do is read a book like the Count of Monte Cristo, written almost 200 years ago, to see that there was a period in time where you couldn't even leave the town you grew up in without a passport. If you did, you'd be considered a criminal when you tried to get into any town. The lay person did not need a passport because the lay person never had the opportunity to go anywhere.
We're meeting with a financial adviser this week to discuss our finances. Both our companies and the firm they use for managing our RRSPs offer financial advisers, but we want someone independent with no skin in the game. We made it very clear when booking our appointment that we're not interested in moving our RRSP so I'm hoping to get some good advise. The index fund option is very interesting, the wife and I both agreed we should go down that route and reading the Warren Buffet article lends more credence to that strategy. Will be interesting to hear what this adviser says.
Best of luck to you. My experience with financial advisors is that, even when you're paying for their time, they try and convince you to do the most boneheaded things in order to maximize their income. I honestly believe that they are more despicable than the stereotypical used car salesman. I once had one try to convince me to refinance my mortgage to a HIGHER interest rate and could provide no real justification for it. However, the paperwork he showed me made it clear that he got a commission on that loan. I am sure there are honest advisors out there. And the type of advisor matters. I think the only type of advisor that is legally obligated to act in your benefit instead of their own is a fiduciary, but I may be mistaken.
And yes boys and girls, sometimes you as a nation have to kill those people trying to kill you. That's the real world. Grow up.
Perhaps... but that doesn't mean people should have to take part in something they find morally objectionable, does it?
Also, you might find this hard to believe but a lot more people are killed by domestic bad actors than foreign bad actors. It makes little sense to spend so much on people who are such a small threat.
No they should not be forced to participate in something that they find to be morally objectionable. But I think they fail to realize that increasing the lethality of the US Military does not automatically equate to people dying somewhere. It's quite possible that doing so would deter a war that would have ultimately resulted in even more deaths than this program *may* potentially result in. They may be saving lives around the world and, almost certainly, would be saving lives of members of the US military. Technology can be used for good or for evil.
I don't think any sane or rational being would want anyone to die in a conflict and yet we continue to have war and conflict throughout the world. The world would be a lot better off if no one had to work on these sorts of projects but could spend their time and their energy doing things that benefit humanity. Unfortunately, I don't believe that human nature and global events will change any time soon.
Do you own a smartphone? Or any mobile phone? Do you know what that device is doing all the time? These Things devices are essentially pluggin-in phones, they have the same capabilities and you ultimately there is very little different in trusting your phone to trusting these devices.
Like all things that you can't verify personally, it comes down to trust. What do you / who do you trust. I get why you wouldn't want to trust a home thingy, but it's much less personal than your smartphone (which has multiple cameras, comes with you, knows where it/you are) which you probably already are OK with.
At least a smart phone provides value over a brick phone. A smart speaker provides nothing but planned obsolescence over a normal speaker.
I don't think call centers care about more regulations, they already ignore the ones in place. There would need to be a technical solution. We would need to get rid off spoofing numbers. The arguments for spoofing aren't good enough to allow the system to be abused.
I don't think a technical solution is required at all. The best way to end it is to charge a tariff on calls from the originator. They certainly won't allow people to get a DID if they're getting charged a $5 fine for every spam call these asshats make. Just pass the fine along until you exit the country and if the provider overseas doesn't want to pay the fine, block them from making inbound calls to the US. If it's not a spam call, no fine. End of harassment when they can no longer get access to a DID.
2) Bloomberg's editors and writers are just misinterpreting whatever happened to Apple that they say was a compromised driver caught in the lab coming from a variety of sources who don't really have that good of info
Why did Apple drop them as a supplier in that case? Did Apple go directly to the ODM and use open compute designs? I am not sure. But I don't think that it is normal to drop a supplier for a reason like an infected driver.
To be even more accurate: it depends on if you hit the button explicitly designed as 'turn off Bluetooth connections other than the pencil and watch, and turn it back on after 24 hours,' or if you use the button explicitly designed as 'disable Bluetooth completely, yo.'
If you swipe up, and hit the 'temporarily disable bluetooth' button, and you're surprised that Bluetooth is only disabled temporarily, that's a you problem, not an Apple problem.
Oh! SO there are two buttons to turn off bluetooth that do different things. Because that makes sense. Especially since the “turn off bluetooth connections other than the pencil and watch” button used to behave exactly the same as the one in settings.
Now it's time to upgrade from 11 to 12
I might hold off on that if I were you. I am having serious radio issues with iOS 12 and I don't know that they are fixed in 12.0.1. I have a 7 and the radios will not let me do anything unless I have at least 3 bars. Also sometimes they just stop working until I restart the device. WiFi has been flaky as well. I was in the mountains this weekend and I basically had to restart my phone every time I wanted to use it. It seems the current radio firmware does not like when you have low reception.
Please read the release notes. The patch notes only mention fixes for radio issues on iPhone Xs and not any other platform. It may not fix radio issues on other models. Also, please read what the AC also wrote - if you’re not having issues on iOS11 why update to 12.0.1 if there may still be radio issues?
So, you are recommending NOT upgrading to an OS version that announces fixes for some radio issues?
Talk about useless advice!
Wow. Is it true you can't turn bluetooth off either and it will turn itself back on?
No, false.
can you turn "mobile data" off? (i.e. use the 2G/3G phone network, without connecting to the Internet)
Yes, of course.
I thought I'd become an iPhone user
You should stick to the device meant for low-information tech users.
The GP is correct. You cannot turn off bluetooth with the latest versions of iOS. Even if you turn it off, the bluetooth radio remains powered to work with the pencil and certain other devices. Go ahead. Give it a try. It’ll turn itself back on after 24 hours too. Same with WiFI, though I think WiFI radios actually do power off for 24 hours.
A shortage of cell towers in the mountains? Imagine that.
The issue is not the shortage of cell towers. It’s the fact that I had to restart the device every time I wanted to use it and had signal because the model would be in a bad state from the last time it lost signal and would not do anything whatsoever without a restart. That is not normal behavior. It should gracefully handle the loss and return of service without a restart.
Having many controls that would be buttons in most cars on the touch screen is going to be a distraction for drivers. Even stuff like the headlight controls and windscreen wiper settings are on the screen, meaning you have to glance aside and hit a touch target with no tactile feedback.
Go outside. It's been several years since people have to set those things manually.
There are states where you have to turn on the headlights when it is raining enough that the wipers must be in continuous motion. Does the Tesla turn the headlights on automatically in this case? I don't know. But I have driven other cars (rentals) that do not. You have to manually interact with the headlights to comply with the law. Of course, in my experience, most people do not actually comply with that law and are more likely to turn on their hazard lights instead of their headlights which, by the way, is also illegal in most states.
That being said, I drove my friend's Model S this weekend and I was annoyed at how little I could actually do without using the touchscreen. Things that I can do without ever looking away - like open the sunroof, adjust the air conditioning, and just about everything else. I rarely use the touchscreen in my car but it's basically mandatory in the Model S. They've built so much into the touchscreen that I am surprised that you don't have to use the stupid thing to roll down the windows or open the doors. It's ridiculous. And I really don't need that size of a screen next to me when I am driving. I did not drive this car at night but I basically want all those lights off, including the touchscreen, when driving at night.
I did enjoy driving the Model S but the usability of the controls is approximately 0.
Now it's time to upgrade from 11 to 12
I might hold off on that if I were you. I am having serious radio issues with iOS 12 and I don't know that they are fixed in 12.0.1. I have a 7 and the radios will not let me do anything unless I have at least 3 bars. Also sometimes they just stop working until I restart the device. WiFi has been flaky as well. I was in the mountains this weekend and I basically had to restart my phone every time I wanted to use it. It seems the current radio firmware does not like when you have low reception.
While we’re discussing this, I just wanted to apologize for typo that has appeared in our corporate motto since the company’s foundation. Our motto was supposed to be “Don’t openly do evil” but it seems that the secretary taking the board minutes accidentally wrote down “Don’t do evil” and it’s just stuck with us throughout the years. Many apologies. — Larry Page
You're not forced into google freemium, but it's indeed unfortunate the option is not particularly user friendly (unlocking boot, flashing ROM). Still waiting for that one hardware vendor who will ship lineage ROM on a slight margin to cater to your crowd.
They moved the location services into Google Play. If you want to be able to use the Play store at all you have to let Google spy on your location at all times. That's just wrong.
100% of Android buyers put money in their pocket while buying a better phone than Apple. Apple diehards spend more than they can afford on a worse product and die poor. Bury the obsolete iPhone with them.
Seems to be that you're an Android diehard. 80% of the market pays for an Android when you count the entire world and most of them are low margin phones. Not that there is anything wrong with buying a low margin phone. But Android exists to spy on you. End of story. I have zero interest in having every single text, phone call, etc on my phone being spied upon by corporate overlords./P.
Why should anybody be surprised? It's Apple.
Vote with your dollars. Android is better anyway and you get a whole lot more for your money.
I'm sorry but as long as I am the product, I will never pay money for an Android phone. And if you've ever worked on mobile software you know that the Android SDK is absolutely terrible.
They didn't really say it had that much by way of capability... just code injection, and phone home. What logic would this thing really need? 1. listen for "XXXX", inject "YYYY" (create remote vulnerability to exploit) 2. loop: send packet to x.x.x.x once a week/month. (advertise presence) 3. (optional) listen for kill signal, on kill signal HALT. (conceal self once access has been gained) Given the density of modern die fab processes, I can easily imagine something with that capability fitting on the head of a pin.
I think it has to have decent processing power in order to spy on the BMC's bus without causing a noticeably long delay while it's halting the host CPU to inject these new instructions.
If they could modify the board, then yes, this sort of thing becomes MUCH more likely.
The down side to this is that modifications MIGHT be detectable by tests. Lots of things can go wrong while building and assembling a board so tests are standard. Mucking about with it might create changes that can be detected during a standard bed-of-nails test. If the same company controls the test, then they could get away with it easily.
The other side is that changing the board is easy to prove once you discover it.
That actually depends. Supposedly this thing is sitting on some data lines between the host CPU and the BMC. Having hardware debug level access to the CPU, it may be able to detect the current state of the system. For instance, Intel has a check you can make to see if the system has been marked as “End of Manufacturing” which is likely when they would do any quality tests. The chip could intelligently change behavior based on all kinds of things, depending on how sophisticated they’re able to make it. It’s pretty small and I have a hard time believing that such a small chip could have the proper capabilities to perform what is implied by the article. But the bus it supposedly sits on would basically give it god mode access to the entire system AND have network capabilities as long as the power supply is putting power to the board and there’s an active connection coming into the NIC.
Actually it's my third and had a brain fart while typing. Thanks for taking the time in pointing it out.
No worries! I didn’t want to assume that you were a native speaker. I know I would want someone to correct me in the other language I pretend to speak.
Sounds to me like theoretically there's a simple (well, for me, or someone with my skill-set at least) way to determine if any of this is true or not: A comprehensive physical examination of Supermicro server motherboards being used in critical applications. If something that's not on the BOM for the PCB has been glued to the board and blue-wired into it, then it obviously doesn't belong there and is suspect. Any and all silicon should also be able to be identified by it's manufacturers' part number and it's existence on the PCB justified. Furthermore the BIOS should not have any extraneous code in it that either runs on the main processor cores or that loads into the various microcontroller cores found in the chipset of any modern computer. Hiding malicious code that only lives in RAM is one thing, but anything physical or that lives permanently in something physical is literally a smoking gun and should be able to be sussed out, you really can't hide it. I have to say though it's pretty cheeky of a manufacturer, Chinese or not, to do something like this, if in fact they have. Malware is one thing, something physical is a completely different ballgame.
From my understanding of what was done, there is no way the firmware could know of, or detect this attack as the firmware itself cannot be trusted even if it is properly signed on the flash chip. The extra chip is sitting on lines between the BMC and the host CPU and can actually modify instructions on the CPU as it runs. Nothing after the initial platform security check (the first phase of the CPU initialization) can be trusted and that is only because the hardware debugging capabilities of these CPUs do not let you interfere with any instruction before the end of SEC.
While we would cooperate with any government investigation, we are not aware of any investigation regarding this topic nor have we been contacted by any government agency in this regard. We are not aware of any customer dropping Supermicro as a supplier for this type of issue.
And they go on to say a lot more that categorically denies Bloomberg's claims, including denying that they even make the chips that were allegedly compromised and that these companies supposedly purchased from them.
The article does not allege that Supermicro knows (as a corporation at least) or manufactures the chips in question. Supermicro designs boards and manufacturers in Taiwan and China make them. This chip is allegedly added onto some data lines between the BMC and host CPU during manufacture, and without actually being a part of the Supermicro design. Based on the images I have seen of this alleged chip, I don’t think anyone would even notice them if they were doing a standard quality review of a board supplied by these factories. However, I do not believe that Supermicro would be involved in this kind of investigation as they are the company being investigated. And we all know from NSL and things of that nature that companies can be compelled to comply with such an investigation and forced to deny participation in it. I’m not sure why your post was marked insightful because it’s not only partially incorrect, but it provides no value to the discussion as to whether or not such an attack is feasible and, if so, practical.
Yes I did, and it doesn't really answer my question, like I said it would have to be sitting on an externally accessible bus, like the Ethernet bus, in order to receive the instructions on what to do. Being able to monitor the operating system loading is next to useless, unless the OS itself is compromised, in which case you have far bigger problems than a 6502 sitting somewhere it shouldn't.
Which is why I asked where exactly it was. Saying it's on the "BMC lines" is... not an answer.
Do you know what a BMC does? The lines it is sitting on allows it to modify instructions on the CPU. You can actually use those exact same lines to perform remote hardware debugging through the BMC. And by hardware debugging, I mean anything that happens in the board initialization process after SEC finishes. So PEI onward in a UEFI environment. The BMC also has its own connection to the LAN controller(s) on the PCH. It can be used to power on / off, flash firmware over the SPI bus, interact with the server CPU directly, etc.
This is only a small part of the issues I have about the report. What is the chip monitoring or able to monitor? How is it programmed?
It's not impossible to envisage something that, say, could monitor Ethernet for a string and use that to program itself, but something that can both see an incoming Ethernet packet and see what the CPU is doing is harder to conceptualize.
I know this is Slashdot but... did you read the article? Supposedly this chip was put on the BMC lines that allow it to modify basically anything going to the CPU. They could have even tweaked the firmware on the board through the BMC. The chip does nothing but detect the loading of the OS and insert instructions that it downloads off of a known host. There was no data exfiltrated as far as anyone can tell. It was just lying dormant or used as a vector to penetrate other areas of the network. They were able to identify the 30 companies affected by monitoring traffic and/or hacking the C&C server used. But it was not detected because, as far as they can tell, the compromised systems themselves were never used to exfiltrate data.