Not that UEFI isn't catastrophically broken, but.....
Good golly, WTF.... If true, Call the FBI and the Department of Homeland security.
Recall the stuxnet attack. This tells me that because there is a requirement for user space writing of files a bad boy virus could do it on demand. Any time any place any....
Viruses have been known to lurk for a long time only to activate much later. A vulnerability like this is serious and worse exists to protect systems from attack.
Both windows and linux are apparently vulnerable. These machines need to be excluded from deployment in government, hospitals, banks, -- we are not talking about a painful reload of the OS and data from backups this is hardware. Both costly and difficult to deliver. Older hardware is out of production so this flaw mandates updates that may not be able to use peripherals like DRAM, Drives, network hardware...
If you do want to make progress invest in a Raspberry Pi and a WiFi USB thing. Perhaps two....
Run the Pi and the laptop network hardwired together. Have the Pi connect to the WiFi of the coffee shop. A Pi can run a decent firewall and Squid proxy with one of many Linux distro packages. It is easy to reload the uSD card with a clean OS install. It is easy to remove the uSD card and inspect the system for anomalies.
The second one... Install it as a VPN access point at your home network connection. The Pi in your home and the Pi in the coffee shop can contain shared secrets for a secure link that is harder to man in the middle attack.
There are cooperating groups sharing curated lists of addresses and host domains that the Pi at home can slurp up and maintain.
The mobile Pi WiFi USB thing can be replaced for ten bucks and some can have their MAC address randomized to look like yet another iPhone.
I would love to see a product packaged like the Airport Express that would manage a firewall and VPN.
It is also important to explore VM. A virtual machine can operate as a sacrificial OS. Copy the image start it, get work done, stop it and trash it.
Read the article; they explain really well why it is broken. A synopsis:
1) We don't actually get the same amount of energy from food as burning that food does..... It makes for a very inexact measure when applied to people.
I just did some math. I could get fat as heck by eating raw (paleo) unpolished diamonds over and over and over.
Dr. Google tells me: for the combustion of 12 grams of carbon to 44 grams of carbon dioxide: Diamond (1). - 93,240 calories; Diamond (2). - 94.650 calories; Natural graphite - 93,560 calories;
Clearly I do not need to eat that much diamond... about 5 ct per gram, 5ct at the large meal of the day for +7000 calories.
Law enforcement exists under some rather specific laws. This sounds like a structural conflict of interest in favor of a specific company and may prove sufficiently illegal to be interesting again here on/.
Years ago a drill sergeant would shout "Jump Up" Then would shout "Give me twenty you did it wrong".
After about 150 pushups he mentioned that he did not tell us to come down yet. At that point we hurt.... but did not die.
Some laws have consequences that violate other laws and or the constitution (charter) of the city, county, state or nation.
This is an obvious thing to do -- it is not obvious that the actions, contracts and cash flow are legal. Lacking checks and balances these processes could be lethal and judgements as a result should eliminate the value and "profit" of the program and could make the authors of an illegal contract liable to the point of conspiracy to __full_in_blank__.
An officer may serve a valid court order or judgement but this does not appear to be so processed.
Yes it is possible (and often preferable) to learn in a pure software emulated environment.
Start with turtle graphics. While old school this is where many have started their programming journey.
Simulators that model real systems are critical to the design and maintenance of all manner of real world systems. This is what many video games are... i.e. they are simulators of real or imaginary systems.
Modern graphics invites a 3D turtle graphics environment where ants can place blocks and build bridges to navigate turtles over.
Yes a Raspberry Pi is a wonderful learning tool. It is possible to explore almost any programming language you can name. And yes there is a Turtle Graphics application set.
The big value of a SBC like the Raspberry Pi is all the levels are open enough for any level of software tinkering and they are easy to recover if your hacking adventure steps on the OS. The logic of the Raspberry Pi is low voltage but it is very easy to add LEDs for small change. A current limiting resistor and an LED cost small change. The schematics of the Raspberry Pi shows how the onboard LEDs have been interfaced.
Look at QEMU -- it is a very interesting simulator and tool kit.
Big powerful robots are expensive but the simulation tool set is a necessary layer that any robotics project will need. Without a good simulation expensive hardware becomes expensive junk. https://www.willowgarage.com/p...
And if you make and document your progress there are individuals and companies that will fund a project in areas lacking schools, funding and infrastructure.
So by golly get started. Any large producer or distribution company should see this %% of improvement as a way to increase market and sidestep a lot of carbon regulation. North-South routes seem to be a good place to start.
Any simulation can be constrained to a data subset and optimizations rerun. Compare the results and overlay to see which paths are shared solutions.
Any 5% solution that is part of a net +75% solution would be a place to start.
For what it is worth this has been presented as an improvement about once every 3 or 7 years as the presidential/ congressional elections come due.
I want to dismiss this as foo but there are real gains to make by improving distribution including the last mile.
Me I am installing LED lamps one or two at a time as needed. They are getting better and less expensive...
It's not as simple as building a better mousetrap. The problem is all the worse mousetraps all over the world that you'll have to deal with when your "special flower" isn't available.
I went through this with Autocad 14 - very customizable interface, I customized it, worked in my customized interface for about 200 hours and was a good 20% faster than I would have been using the standard setup. Then I went to a machine shop and tried to work with one of the tech's Autocad workstations there and I was about 80% slower than I would have been had I spent those 200 hours learning the standard setup.
Spot on. A worthy keyboard that you carry with you is perhaps another mousetrap. With USB and Bluetooth some improvements should be easy. Setup files like Autocad should be easy to isolate. Something like " . MyPersonalAutocad" so not sticky but personal.
With influenza and ebola it makes sense to have personal keyboard+mouse at any shared keyboard office. Such a keyboard can also address aspects of authentication and identification in many contexts if so designed.
Your spot on reply makes the point that this is darn silly at many levels. But technology can fill a need.
The whole point of "erty" keyboards is to slow down the typists and reduce key-jams. It's an intentionally bad standard which has lived beyond its meaningfulness for more than 30 years now (when was the last manual typewriter made?)
And it is not an interesting comparison even if the key-jam issue was an issue.
Keyboards are simple programmable devices, TODAY. Standards from the mechanical device days need not apply.
Keyboard maps and closure handlers are software that is just too easy to play with in the system and as such can just be fixed.
Any TLA will not tell you (but could) that keystroke logging, interception and even modification is so darn easy that this is simply possible. If Logitech in French speaking parts of Switzerland wanted to a make a French keyboard and there was a market they would have already.
Those that worry about such things should design an improved model open source or license for pennies the "standard" and get-r-done.
Quit the noise.. make an improved solution and a market.
Apple has built a device and market that gathers money in large and small chunks from millions heck billions of people to the tune of billions. Cash into iTunes must be secure enough. Cash to pay for that phone swiped coffee in the morning must be secure enough. Connection to HealthCare.Gov must be secure enough. Connections to Amazon commerce must be secure enough....... all must be secure enough.
These collectively mandate a secure design foundation.
If Apple installed a side door to security in all their products as per these requests and dreams and that side door was to be hacked the liability to Apple could make the airbag recall and regulatory fines seem small.
Heck Kafka just called to remind me that a class action involving all 700 million iPhones would need a secure payment system to disburse the judgement. iPads, MacBooks.... too. iTunes runs on WindowZ... so iTunes must have its own methods and policy because Windows is so fragile.
The law enforcement goobers that want access via a side door simply to make their job easier today FAIL to understand that if the keys to the side door were to be stolen they could not keep up with the flood of crime that theft enables. CSI is fiction but some magical thinking wonks accept it as fact.
Wonks like this forget that great fiction works because suspension of disbelief or willing suspension of disbelief happens and allows the author to explore a fictitious story line.
Watch a TV show then watch the credits. The fantasy is that a couple of guys like Jamie and Adam can just do what they want to entertain us. Finance, sponsors, writers, production, a support team that scrolls on the screen in tiny print permits from fire departments, ATF and more. Product placement.....
Law enforcement and security would have an easier job without civil liberties, not because they have nefarious purposes, but because it will make their job easier.
...
Criminal elements would have an easier job without civil liberties (and privacy) not because they have honest intent and purpose but because it makes their job easier.
Civil liberties are part of the rule of law. Take them away and we no longer have the rule of law but just rule.
All of the companies that send me bills by mail are constantly hounding me to let them switch to bills by email. I may pay my bills online through my bank, but I insist on getting a paper copy of my bills. Why on Earth would I want the power company to know my email address?!?
For money it pays to have a spare email address and a second credit card with a "sane" limit.
I know this is the wrong place to be helpful but ask your bank about a "second internet" credit card with a small limit.
Dust off an old laptop and install a linux (anything you know) and virtual machine manager. Copy VM image, start it, connect to pay, kill and flush the VM. Watch the patches for your minimum VM and update it any time a security issue gets discovered. Eventually do nothing outside of the safety of an updated dedicated VM. Old hardware has great value as single purpose tools. Complain if you need Flash to access the site.
Perhaps you are not clear about what harassment is?
If you take a little bit of Google for a moment, you learn that harassment is "aggressive pressure or intimidation".
....chomp....
Of interest to bystanders is that this is a spectrum issue. For some "aggressive pressure or intimidation" is "good morning you are looking good today".
i.e. what was a compliment is now an acknowledgement of other topics not related to the work at hand.
Other bystanders ponder the astounding permutations of the modern world of LGBT+ where inclusion and exclusion are difficult to quantify for a laundry list of reasons the least of which is Sex on employment records is binary M/F. It does not even address the obvious question of Yes vs. No or NO vs. NFW.
Simply discussing the topic is harassing and intimidating to some.
Saying "no" is astoundingly difficult for some and saying no is a cultural impossibility. In a class room it is no longer effective to ask if anyone does not understand. "Does every one understand the last chapter.... " Asking will not discover comprehension. Testing is the only cultural option for some groups. Testing for sex related topics crosses the line for some and is harassing for others.
Then there are other agenda... there are many that still go to school for their "Mrs". Not all but a lot. Success in the Mrs. program often reaches into the rich pool of proven smart graduate assistants. This is a mind set that even when not considered in school becomes a biologic clock issue for some again org charts separate the good, better, best candidates.
Visual clues are cultural. Growing up "red" shoes" advertised a profession. Around the world advertising of availability can be subtle and opaque to those that do not know.. now what does a single ear ring in that ear tell me? Visible ankle, calf, thigh, tramp stamp, long, short no sleeves. Head covering is in the news but is unclear.... Yoga pants...
In my personal experience the most troubling abuses of power were made by the wives of managers. No one pays attention to the power struggle at home and the collateral damage in the work place.
BONUS: what is the most common matriarchal group in the US?
If the bill does not have an abuse of authority clause it is an opportunity for reckless abuse at multiple levels.
All of these side doors, secret court orders and other paranoia driven legislation lack a sturdy counterbalance to keep their use legal.
Sailing ships have a keel often tons of lead or in the old days layers of ballast rock at the lowest level of the hold. Without the counterbalance sailing ships are too easy to blow over and the same is true for laws. Without counterbalancing legislation to deter abuse the bad guys win.
Drug laws come to mind... 10-20 years for possession is not counterbalanced with a 40-80 year penalty for planting false evidence on someone to make a quota or a simple abuse of power comes to mind.
Without counterbalance in the law there is no push back that allows or encourages abuse.
My personal worry about pervasive surveillance is the ease of generating "parallel constructions" that prove a crime. https://en.wikipedia.org/wiki/... These abuses nulify laws that exclude evidence from the poison tree. Worse juries now demand air tight presentations from prosecutors. Jury instructions should begin with a disclosure. You will be told stories by master storytellers on both the prosecution and defense. If you do not have the ability or at least the inclination to sort out facts from fiction as presented by master storytellers you may not be able to serve with a clear conscience. The expectations of the CSI effect and the storyteller effect supported by parallel constructions makes justice seriously difficult but not impossible.
I listened to the findings of one of the internet famous cop vs. toy gun findings. In the presentation it was stated that the office could expect a weapon to be fired against him in 1/3 of a second and thus the policy is to fire first and not die. I looked and 1/3 of a second is a number associated with a seriously trained individual. I looked at the video multiple times and it is clear the officers were reckless in the way they drove up, exited their squad car and killed the individual inside of 2-5 seconds of arriving. My 2-5 second viewing of the tape is that this was an execution. Procedure for a code "priority 1" clearly is code for a process indistinguishable from an execution order. I looked at it again and again... vastly more than the seconds the officers took to decide to execute the individual and it is still clear that the officers arrived with an intent to kill the individual.
Judge... caller made a judgement that there was a problem called 911. Jury... dispatcher ruled this a "priority 1" withheld "might be a kid with a toy" Executioner... officer arrives and kills the kid inside of seconds.
The only way the officer is off a hook is for the authors and signators of the department policy to be placed under arrest and prosecuted for murder. We did execute war crime criminals for following orders so perhaps a different hook.
Departmental policy and training cannot violate the law. Loss of standing under the law cannot be eliminated by a policy change (IMO).
And yet they won't; per HIPAA encryption is "Addressable" and not "Required". 45 CFR 164.312 is actually really short and is completely tech agnostic.
N.B. the application in question is only supported today on Windows 8.n. We could go down the rat hole that WindowZ is the weaker link.
Encryption is only an issue for data should it be lost. i.e. if computer hardware is stolen or recycled badly. The nature of the HIPAA procedures place a lot of responsibility on the dentist not the application vendor beyond requiring logging in by name and managing the administrator password.
The single dentist office installation is small and there is little risk of a wide class action litigation. Perhaps the dentists against the software company but that is multiple orders of magnitude different.
The interesting bits get exposed when the dentist connects to an insurance provider via modem or the internet to transact payment. That asymmetry puts a lot of pressure on the insurance side more than the dentist side. There may be some patient history in the dentist records of interest to privacy folk. Dentistry is a blood sport so they care about AIDS/HIV. Some drugs are prescribed for pain or infection so these and allergies may matter. But a dentist records are less interesting than those of the STD, OBGYN or mental health services.
Everything causes cancer. Fuck em. I'd rather lose 10 years and enjoy life than gain 10 years and hate it.
The state of California is known to the state of California to contain substances harmful to your health. https://en.wikipedia.org/wiki/... The warnings are everywhere.
There is nothing scientific about it, and the medical profession say the change has nothing to do with new scientific data. The sole motivation driving this was to make men equal to female.
As if this bullshit is going to reduce anyone with a penis to change their drinking habits./s
Do you have a citation for that?... scale by body mass. I don't see any other reason why men and women of the same size should have different alcohol recommendations.
....
Liver size more than body mass. BMI as a reflection of fat as a %age of body mass is very different on average for men and women.
Metabolic efficiency and timing too. A recent headline noted that men burn calories better when hungry, women burn them best after eating.
The reality is alcohol does mess with metabolism and circulation (as does sugar). Worse fructose and alcohol challenge the liver when was the last time a guy ate an apple?
I smell a failure to understand that correlation does not imply causality. Or at worse a coalition of agenda. Health, driving, religious bias & moral-do-gooders could combine to gain a power over these standards and makes recommendation approval for a mix of reasons not clear in the data.
What if four of the seven supreme court judges in the US were tea totalers to comply with their perceived religious covenants... Same logic for the member of the panel making these recommendations. https://en.wikipedia.org/wiki/...
The worst languages are the ones that give programmers too much freedom with how things look. One of the true evils in "C" is where {} are optional: if ( TRUE ) {/* between the braces is the body of the if statement */
Execute all statements inside the body }
if (/.newinterfaces = good )/* woops */
throw(a_fit);
enjoy(it);
1) He is not attributing it to the police, but to.................
Not clearly correct on many counts. The most disturbing is that: mind set, policies and procedures work hard to remove any testimony except that of trained story tellers in blue. This process of content editing begins in police academies where reporting is taught. University writing is full of flaws to the point that a thesis review committee is held to sort it out. Department heads educated with MS and PhDs will aspire to a review board in kind.
Other story tellers have their cameras damaged and stolen. Digital and undeveloped film records are deleted, altered or lost. Reports are edited and reviewed for internal consistency. Reports written with the likes of Word shall have revision history enabled by the records system in addition to the lame history mechanism in Word itself. Safety barriers are erected so far from the action that no third party will have access. Remote cameras get run over or knocked down or stolen.
The single largest problem is the code of silence on both sides.
Juries are led to believe that an airtight case should be expected and that invites parallel reconstruction from well controlled sources. A big hint that there is reasonable doubt is a total lack of loose strings. Especially if much of the evidence is digital.
Twenty years plus ago an animator then at ILM commented that the days of video evidence being incontrovertible were passed with the foot note that it was currently expensive but that would change.
Editing equipment in the presence of law enforcement is problematic. At no time should edited material be entered into evidence without the original. Evidence lockers lack facilities for storage of digital content including pass word management.
Not in my backyard may keep any repository from becoming a reality.
The need is great and while this part of Nevada has issues they are less troubling than other choices.
Area 51 is not a good choice. The visitors that come and go in the middle of the night might visit another location.
The single largest risk is water and high desert is a good place to avoid or manage water.
Large volume low level waste might qualify for canyon fill (land fill) can be paved over and sealed with concrete after limiting groundwater and springs. Evaporative concentration of liquid waste can be implemented by taking advantage of the large dT from day to night as well as surface vs. subsurface dT. The rock is easy to tunnel when compared to other materials. Physical security is facilitated by the remote location. Housing for staff can be eliminated on site and built at the end of faster than normal rail on standard but heavyweight freight rail also needed for deliveries. Many commute an hour or more each way to work in DC, LA, SF... A fast 80 mph train allows a 100 mile stand off for security.
Job security... this problem is not going away. Any investment will have a life.
Slashdot Mirror
The thing about MicroSD is that internal storage is cheap(ish) to upgrade now, and cloud storages are becoming increasingly bigger for cheaper
Not sufficient.... Cloud storage does mirroring well enough and
works up to the capacity of the phone's storage.
As soon as the content on the cloud gets larger and shared
software management becomes a royal pain. Cloud storage
management just sucks for phones.
The important point about uSD cards is storage is a cash
cow and the cow will kick ya in the head if you put its
udder in too tight a clamp.
Kick some udder phones...
What about "Slash dot react"?
Caution here... "Let's get ready to fumble" next sunday.
Not that UEFI isn't catastrophically broken, but .....
Good golly, WTF.... If true, Call the FBI and the Department of Homeland security.
Recall the stuxnet attack. This tells me that because there is a requirement for user space ....
writing of files a bad boy virus could do it on demand. Any time any place any
Viruses have been known to lurk for a long time only to activate much later. A vulnerability
like this is serious and worse exists to protect systems from attack.
Both windows and linux are apparently vulnerable. These machines need to be excluded
from deployment in government, hospitals, banks, -- we are not talking about a painful
reload of the OS and data from backups this is hardware. Both costly and difficult
to deliver. Older hardware is out of production so this flaw mandates updates that may
not be able to use peripherals like DRAM, Drives, network hardware...
WTF.... if true this is a global risk.
This is getting harder and harder to do.
If you do want to make progress invest in a Raspberry Pi
and a WiFi USB thing. Perhaps two....
Run the Pi and the laptop network hardwired together.
Have the Pi connect to the WiFi of the coffee shop.
A Pi can run a decent firewall and Squid proxy with one of many Linux
distro packages. It is easy to reload the uSD card with a clean
OS install. It is easy to remove the uSD card and inspect the
system for anomalies.
The second one... Install it as a VPN access point at your home network
connection. The Pi in your home and the Pi in the coffee shop can contain
shared secrets for a secure link that is harder to man in the middle attack.
There are cooperating groups sharing curated lists of addresses and host
domains that the Pi at home can slurp up and maintain.
The mobile Pi WiFi USB thing can be replaced for ten bucks and
some can have their MAC address randomized to look like yet
another iPhone.
I would love to see a product packaged like the Airport Express
that would manage a firewall and VPN.
It is also important to explore VM. A virtual machine
can operate as a sacrificial OS. Copy the image
start it, get work done, stop it and trash it.
This is astoundingly difficult to do correctly.
Read the article; they explain really well why it is broken. A synopsis:
1) We don't actually get the same amount of energy from food as burning that food does. ....
It makes for a very inexact measure when applied to people.
I just did some math.
I could get fat as heck by eating raw (paleo) unpolished
diamonds over and over and over.
Dr. Google tells me:
for the combustion of 12 grams of carbon to 44 grams of carbon dioxide:
Diamond (1). - 93,240 calories; Diamond (2). - 94.650 calories; Natural graphite - 93,560 calories;
Clearly I do not need to eat that much diamond... about 5 ct per gram, 5ct at the large meal
of the day for +7000 calories.
But there were weapons of mass destruction...
We need to find a way to pull in the fantasy and fantastic and
anchor the world slightly better on reality.
Tonight I wonder who the dummy is? I hear a network just
bid "Seven No Trump"/
Law enforcement exists under some rather specific laws. /.
This sounds like a structural conflict of interest in favor of a specific company
and may prove sufficiently illegal to be interesting again here on
Years ago a drill sergeant would shout "Jump Up"
Then would shout "Give me twenty you did it wrong".
After about 150 pushups he mentioned that he did not ....
tell us to come down yet. At that point we hurt
but did not die.
Some laws have consequences that violate other laws and
or the constitution (charter) of the city, county, state or nation.
This is an obvious thing to do -- it is not obvious that the actions,
contracts and cash flow are legal. Lacking checks and balances
these processes could be lethal and judgements as a result
should eliminate the value and "profit" of the program and could
make the authors of an illegal contract liable to the point of conspiracy
to __full_in_blank__.
An officer may serve a valid court order or judgement but this
does not appear to be so processed.
Yes it is possible (and often preferable) to learn in a pure software emulated
environment.
Start with turtle graphics. While old school this is where many have started
their programming journey.
Simulators that model real systems are critical to the design and maintenance
of all manner of real world systems. This is what many video games are...
i.e. they are simulators of real or imaginary systems.
Modern graphics invites a 3D turtle graphics environment where ants
can place blocks and build bridges to navigate turtles over.
Yes a Raspberry Pi is a wonderful learning tool.
It is possible to explore almost any programming language you can name.
And yes there is a Turtle Graphics application set.
The big value of a SBC like the Raspberry Pi is all the levels are open enough
for any level of software tinkering and they are easy to recover if your hacking
adventure steps on the OS. The logic of the Raspberry Pi is low voltage
but it is very easy to add LEDs for small change. A current limiting resistor and
an LED cost small change. The schematics of the Raspberry Pi shows how the
onboard LEDs have been interfaced.
Look at QEMU -- it is a very interesting simulator and tool kit.
Big powerful robots are expensive but the simulation
tool set is a necessary layer that any robotics project will need.
Without a good simulation expensive hardware becomes expensive junk.
https://www.willowgarage.com/p...
And if you make and document your progress there are individuals and companies that
will fund a project in areas lacking schools, funding and infrastructure.
Such projects need to start someplace.
So by golly get started.
Any large producer or distribution company should see this %% of
improvement as a way to increase market and sidestep a lot of carbon
regulation. North-South routes seem to be a good place to start.
Any simulation can be constrained to a data subset and
optimizations rerun. Compare the results and overlay to
see which paths are shared solutions.
Any 5% solution that is part of a net +75% solution would
be a place to start.
For what it is worth this has been presented as an improvement
about once every 3 or 7 years as the presidential/ congressional
elections come due.
I want to dismiss this as foo but there are real gains to make
by improving distribution including the last mile.
Me I am installing LED lamps one or two at a time as needed.
They are getting better and less expensive...
It's not as simple as building a better mousetrap. The problem is all the worse mousetraps all over the world that you'll have to deal with when your "special flower" isn't available.
I went through this with Autocad 14 - very customizable interface, I customized it, worked in my customized interface for about 200 hours and was a good 20% faster than I would have been using the standard setup. Then I went to a machine shop and tried to work with one of the tech's Autocad workstations there and I was about 80% slower than I would have been had I spent those 200 hours learning the standard setup.
Spot on.
A worthy keyboard that you carry with you is perhaps another mousetrap.
With USB and Bluetooth some improvements should be easy.
Setup files like Autocad should be easy to isolate. Something like " . MyPersonalAutocad"
so not sticky but personal.
With influenza and ebola it makes sense to have personal keyboard+mouse at
any shared keyboard office. Such a keyboard can also address aspects of authentication and
identification in many contexts if so designed.
Your spot on reply makes the point that this is darn silly at many levels.
But technology can fill a need.
Keyboard makers take note...
; 10^(10^48)
Raising to very large power
Still have my IBM Selectric II. Still use for legal docs...
The Selectric is an astounding keyboard.
If the darn things were not so expensive (and heavy) I would still have one.
The whole point of "erty" keyboards is to slow down the typists and reduce key-jams. It's an intentionally bad standard which has lived beyond its meaningfulness for more than 30 years now (when was the last manual typewriter made?)
And it is not an interesting comparison even if the key-jam issue
was an issue.
Keyboards are simple programmable devices, TODAY.
Standards from the mechanical device days need not apply.
Keyboard maps and closure handlers are software that is
just too easy to play with in the system and as such can just be
fixed.
Any TLA will not tell you (but could) that keystroke logging, interception
and even modification is so darn easy that this is simply possible.
If Logitech in French speaking parts of Switzerland wanted to a make
a French keyboard and there was a market they would have already.
Those that worry about such things should design an improved model
open source or license for pennies the "standard" and get-r-done.
Quit the noise.. make an improved solution and a market.
There is just too much magical thinking.
Apple has built a device and market that gathers money in large ...... all must be secure enough.
and small chunks from millions heck billions of people to the
tune of billions.
Cash into iTunes must be secure enough.
Cash to pay for that phone swiped coffee in the morning must be secure enough.
Connection to HealthCare.Gov must be secure enough.
Connections to Amazon commerce must be secure enough.
These collectively mandate a secure design foundation.
If Apple installed a side door to security in all their products as per these
requests and dreams and that side door was to be hacked the liability to Apple
could make the airbag recall and regulatory fines seem small.
Heck Kafka just called to remind me that a class action involving
all 700 million iPhones would need a secure payment system
to disburse the judgement. iPads, MacBooks.... too. iTunes
runs on WindowZ... so iTunes must have its own methods and policy
because Windows is so fragile.
The law enforcement goobers that want access via a side door simply
to make their job easier today FAIL to understand that if the keys to
the side door were to be stolen they could not keep up with the
flood of crime that theft enables. CSI is fiction but some magical
thinking wonks accept it as fact.
Wonks like this forget that great fiction works because suspension of disbelief
or willing suspension of disbelief happens and allows the author to explore
a fictitious story line.
Watch a TV show then watch the credits. The fantasy is that a couple .....
of guys like Jamie and Adam can just do what they want to entertain us.
Finance, sponsors, writers, production, a support team that scrolls on the
screen in tiny print permits from fire departments, ATF and more.
Product placement
Extra points for Cognitive estrangement ....
The problem isn't....
Law enforcement and security would have an easier job without civil liberties, not because they have nefarious purposes, but because it will make their job easier.
...
Criminal elements would have an easier job without civil liberties (and privacy)
not because they have honest intent and purpose but because it makes
their job easier.
Civil liberties are part of the rule of law.
Take them away and we no longer have the rule of law but just rule.
Hillary had and has numerous email identities as does POTIS.
Some are security compartments.
Some allow social interactions with friends (yoga class).
The point is we have numerous identities the most common
are "home email" and "work email".
To collapse this and reduce all purpose and office driven identities to
a single ID greatly increases risks and solves rare crimes.
Erik Barnett needs to disclose all of his electronic identities ASAP.
I fear this fix is worse than the problem it is intended to solve.
BTW: Does he understand the /. effect.
All of the companies that send me bills by mail are constantly hounding me to let them switch to bills by email. I may pay my bills online through my bank, but I insist on getting a paper copy of my bills. Why on Earth would I want the power company to know my email address?!?
For money it pays to have a spare email address and a second credit card with a "sane" limit.
I know this is the wrong place to be helpful but ask your bank about a "second internet" credit card
with a small limit.
Dust off an old laptop and install a linux (anything you know) and virtual machine manager.
Copy VM image, start it, connect to pay, kill and flush the VM.
Watch the patches for your minimum VM and update it any time a security
issue gets discovered.
Eventually do nothing outside of the safety of an updated dedicated VM.
Old hardware has great value as single purpose tools.
Complain if you need Flash to access the site.
Update update update.
Perhaps you are not clear about what harassment is?
If you take a little bit of Google for a moment, you learn that harassment is "aggressive pressure or intimidation".
....chomp....
Of interest to bystanders is that this is a spectrum issue.
For some "aggressive pressure or intimidation" is "good morning you
are looking good today".
i.e. what was a compliment is now an acknowledgement of other topics not related
to the work at hand.
Other bystanders ponder the astounding permutations of the modern world of LGBT+
where inclusion and exclusion are difficult to quantify for a laundry list of reasons the
least of which is Sex on employment records is binary M/F. It does not even address
the obvious question of Yes vs. No or NO vs. NFW.
Simply discussing the topic is harassing and intimidating to some.
Saying "no" is astoundingly difficult for some and saying no is a
cultural impossibility. In a class room it is no longer effective to ask
if anyone does not understand. "Does every one understand the last
chapter.... " Asking will not discover comprehension. Testing is the
only cultural option for some groups. Testing for sex related topics crosses
the line for some and is harassing for others.
Then there are other agenda... there are many that still go to school for their "Mrs".
Not all but a lot. Success in the Mrs. program often reaches into the rich pool
of proven smart graduate assistants. This is a mind set that even when not
considered in school becomes a biologic clock issue for some again org charts
separate the good, better, best candidates.
Visual clues are cultural.
Growing up "red" shoes" advertised a profession.
Around the world advertising of availability can be subtle and opaque
to those that do not know.. now what does a single ear ring in that
ear tell me? Visible ankle, calf, thigh, tramp stamp, long, short no sleeves.
Head covering is in the news but is unclear....
Yoga pants...
In my personal experience the most troubling abuses of power were
made by the wives of managers. No one pays attention to the power
struggle at home and the collateral damage in the work place.
BONUS: what is the most common matriarchal group in the US?
If the bill does not have an abuse of authority clause it is an opportunity for
reckless abuse at multiple levels.
All of these side doors, secret court orders and other paranoia driven legislation
lack a sturdy counterbalance to keep their use legal.
Sailing ships have a keel often tons of lead or in the old days layers of ballast
rock at the lowest level of the hold. Without the counterbalance sailing ships
are too easy to blow over and the same is true for laws. Without counterbalancing
legislation to deter abuse the bad guys win.
Drug laws come to mind... 10-20 years for possession is not counterbalanced
with a 40-80 year penalty for planting false evidence on someone to make a quota
or a simple abuse of power comes to mind.
Without counterbalance in the law there is no push back that allows or encourages
abuse.
My personal worry about pervasive surveillance is the ease of generating "parallel constructions"
that prove a crime. https://en.wikipedia.org/wiki/... These abuses nulify
laws that exclude evidence from the poison tree. Worse juries now demand air tight
presentations from prosecutors.
Jury instructions should begin with a disclosure. You will be told stories by master storytellers
on both the prosecution and defense. If you do not have the ability or at least the inclination
to sort out facts from fiction as presented by master storytellers you may not be able to serve
with a clear conscience. The expectations of the CSI effect and the storyteller effect supported
by parallel constructions makes justice seriously difficult but not impossible.
I listened to the findings of one of the internet famous cop vs. toy gun findings.
In the presentation it was stated that the office could expect a weapon to be fired
against him in 1/3 of a second and thus the policy is to fire first and not die.
I looked and 1/3 of a second is a number associated with a seriously trained individual.
I looked at the video multiple times and it is clear the officers were reckless in the way
they drove up, exited their squad car and killed the individual inside of 2-5 seconds of
arriving.
My 2-5 second viewing of the tape is that this was an execution. Procedure for a
code "priority 1" clearly is code for a process indistinguishable from an execution order.
I looked at it again and again... vastly more than the seconds the officers took to decide
to execute the individual and it is still clear that the officers arrived with an intent
to kill the individual.
Judge... caller made a judgement that there was a problem called 911.
Jury... dispatcher ruled this a "priority 1" withheld "might be a kid with a toy"
Executioner... officer arrives and kills the kid inside of seconds.
The only way the officer is off a hook is for the authors and signators of the
department policy to be placed under arrest and prosecuted for murder.
We did execute war crime criminals for following orders so perhaps a different hook.
Departmental policy and training cannot violate the law.
Loss of standing under the law cannot be eliminated by a policy change (IMO).
And yet they won't; per HIPAA encryption is "Addressable" and not "Required". 45 CFR 164.312 is actually really short and is completely tech agnostic.
N.B. the application in question is only supported today on Windows 8.n.
We could go down the rat hole that WindowZ is the weaker link.
Encryption is only an issue for data should it be lost. i.e. if computer hardware is
stolen or recycled badly.
The nature of the HIPAA procedures place a lot of responsibility on the dentist
not the application vendor beyond requiring logging in by name and managing the
administrator password.
The single dentist office installation is small and there is little risk of a wide
class action litigation. Perhaps the dentists against the software company
but that is multiple orders of magnitude different.
The interesting bits get exposed when the dentist connects to an insurance
provider via modem or the internet to transact payment. That asymmetry
puts a lot of pressure on the insurance side more than the dentist side.
There may be some patient history in the dentist records of interest to privacy
folk. Dentistry is a blood sport so they care about AIDS/HIV. Some drugs are
prescribed for pain or infection so these and allergies may matter. But
a dentist records are less interesting than those of the STD, OBGYN or mental
health services.
Everything causes cancer. Fuck em. I'd rather lose 10 years and enjoy life than gain 10 years and hate it.
The state of California is known to the state of California to contain substances
harmful to your health.
https://en.wikipedia.org/wiki/...
The warnings are everywhere.
There is nothing scientific about it, and the medical profession say the change has nothing to do with new scientific data. The sole motivation driving this was to make men equal to female.
As if this bullshit is going to reduce anyone with a penis to change their drinking habits. /s
Do you have a citation for that? ... scale by body mass. I don't see any other reason why men and women of the same size should have different alcohol recommendations.
....
Liver size more than body mass.
BMI as a reflection of fat as a %age of body mass is very different on average for men and women.
Metabolic efficiency and timing too. A recent headline noted that men burn calories
better when hungry, women burn them best after eating.
The reality is alcohol does mess with metabolism and circulation (as does sugar).
Worse fructose and alcohol challenge the liver when was the last time a guy ate an apple?
I smell a failure to understand that correlation does not imply causality. Or at worse
a coalition of agenda. Health, driving, religious bias & moral-do-gooders could combine to gain
a power over these standards and makes recommendation approval for a mix of reasons
not clear in the data.
What if four of the seven supreme court judges in the US were tea totalers to
comply with their perceived religious covenants... Same logic for the member of
the panel making these recommendations.
https://en.wikipedia.org/wiki/...
Coalitions are insidious.
The worst languages are the ones that give programmers too much /* between the braces is the body of the if statement */
freedom with how things look.
One of the true evils in "C" is where {} are optional:
if ( TRUE ) {
Execute all statements inside the body
}
if ( /.newinterfaces = good ) /* woops */
throw(a_fit);
enjoy(it);
Wrong on two counts.
1) He is not attributing it to the police, but to .................
Not clearly correct on many counts.
The most disturbing is that: mind set, policies and procedures work hard to remove
any testimony except that of trained story tellers in blue. This process of content
editing begins in police academies where reporting is taught. University writing
is full of flaws to the point that a thesis review committee is held to sort it out.
Department heads educated with MS and PhDs will aspire to a review board in
kind.
Other story tellers have their cameras damaged and stolen. Digital and
undeveloped film records are deleted, altered or lost. Reports are edited and
reviewed for internal consistency. Reports written with the likes of Word shall
have revision history enabled by the records system in addition to the lame
history mechanism in Word itself. Safety barriers are erected so far from the action
that no third party will have access. Remote cameras get run over or knocked down
or stolen.
The single largest problem is the code of silence on both sides.
Juries are led to believe that an airtight case should be expected and that
invites parallel reconstruction from well controlled sources. A big hint that
there is reasonable doubt is a total lack of loose strings. Especially if much
of the evidence is digital.
Twenty years plus ago an animator then at ILM commented that the days of
video evidence being incontrovertible were passed with the foot note
that it was currently expensive but that would change.
Editing equipment in the presence of law enforcement is problematic.
At no time should edited material be entered into evidence without the
original. Evidence lockers lack facilities for storage of digital content
including pass word management.
Not in my backyard may keep any repository from becoming a reality.
The need is great and while this part of Nevada has issues they are less troubling
than other choices.
Area 51 is not a good choice. The visitors that come and go in the middle of the night might
visit another location.
The single largest risk is water and high desert is a good place to avoid or manage water.
Large volume low level waste might qualify for canyon fill (land fill) can be paved over and sealed with concrete after limiting groundwater and
springs. Evaporative concentration of liquid waste can be implemented by taking advantage of the large dT from day
to night as well as surface vs. subsurface dT.
The rock is easy to tunnel when compared to other materials.
Physical security is facilitated by the remote location.
Housing for staff can be eliminated on site and built at the end of faster than normal rail on standard but heavyweight freight rail
also needed for deliveries. Many commute an hour or more each way to work in DC, LA, SF... A fast 80 mph train
allows a 100 mile stand off for security.
Job security... this problem is not going away. Any investment will have a life.