You realize that Secure Boot can be turned off right?
If it's off by default on OEM machines then all of the stupid users who honestly believe that they are the one millionth person to visit a website will risk compromising their machines and simply increase the already nasty amount of noise on the internet.
Most malicious programs simply do obnoxious but otherwise benign things. It is not possible to preemptively stop malware from doing something if an otherwise legitimate program would be allowed to do the same. Legitimacy is subjective.
There is a large difference between a malicious program that tries to overwrite the boot record or patch the kernel, and a malicious program which sends out HTTP requests. The former is easy to detect because as you said, it takes actions which no program, legitimate or otherwise, is allowed to do on a stock installation of Windows. The latter is otherwise indistinguishable from a web browser and can only be detected by comparing its behavior to that of a known malicious program, requiring developers to play a constant game of catchup.
This was a problem with Windows XP, the system and user were not properly segregated. Thus, it was common for malware to inject itself into system folders and without a proper antivirus it was almost impossible to detect it. When UAC debuted with Windows Vista many of these attack vectors were supposed to disappear and they did. Unfortunately, it took developers about 5 years to get out of the Windows XP development style and to stop mixing application data and user data. Once a program is installed, there should be little to no reason to put user data in the same location, that's what home folders are for. Users simply clicked "yes" to UAC every time it popped up, or disabled it completely. As much as I wish it were possible to do so, it is not possible to patch stupid.
The exact same security vulnerabilities exist in Linux. Any malicious script or program will have unfettered access to the entire system if the user can be convinced to put 'sudo' in front of it. Any Linux admin knows better than to install something that they don't trust, the same cannot be said for Windows users often install pirated software and the malware that comes with it.
Most malware on Windows gets dumped into %APPDATA% because it can't go anywhere else without raising a red flag. This makes it fairly easy to nuke. The same works for Linux.
The overwhelming number of Linux servers worldwide are behind firewalls and will rarely ever attempt to reach out blindly to the internet. There aren't nearly as many attack vectors to exploit. It's far easier to find some bad PHP code to exploit, or an unpatched version of Apache than it is to attack it using traditional methods that might work on a user machine.
That can be done automatically, there's no need to recompile it. It's still problematic in that it's worthless if the downstream link can't be locked. Some sort of unencrypted marker is necessary
While its true that passive receivers and signal amplifiers do reflect or emit parts of the signal that they are receiving, it's not easily detectable unless you know what you're looking for and are close to the target.
These are satellite streams which run constantly. The receiving computer would have to be able to track and lock the start of the stream and/or a position in the stream before it could reassemble the packets. If a packet is missed, then the receiver will lose its lock. Thus, frame indexes of some sort would have to be used to help the receiver reacquire the lock. Since there are only so many possible ways to reassemble a real time data stream it's only a matter of time before someone else figures out how to do it simply by trial and error.
Encryption, real time, and noisy signals don't mix well. This isn't a youtube video in which the client can request that the server resend a packet that contained an error. Unencrypted video streams are fairly error tolerant as an error will only manifest itself as a slight artifact for a few short frames. Strong encryption schemes are not error tolerant, a non-correctable error would result in one or more blocks of data being entirely unusable.
A stream cipher could be used instead of a block cipher but a stream cipher presents added difficulties in that not only would the bitwise/bytewise encrypted transmission (as opposed to blockwise) have to be tracked, but it would have to be tracked in sync with a key. If the key repeats, it can be determined with a little bit of work in the same fashion that an RC4 key can be determined to break into WEP protected networks.
There are no current, well researched materials known which can reliably withstand the forces caused by large scale fusion reactions. There are some that are either experimental or hypothesized. Physicists and material scientists are working hard to make these materials a reality and/or easier to mass produce. It may take another 50 years but we should get there eventually.
MS-DOS took a very similar approach from an interface perspective but that's about it. Underneath the hood its neither a clone nor a clean room re-implementation of CP/M.
There's a very thorough article in IEEE Spectrum by an author who used modern disassembly, debugging, and code similarity techniques and applied them against various versions of DOS and CP/M. Everything led him to a dead end.
Multi-AZ is only available for certain services. It's slower and costs twice as much. There's also replication delay issues between multi-AZ instances.
Challenging Zimmerman's account of events is fine. However, it needs to be challenged by investigation in accordance with the standards of evidence. It is not acceptable to throw him at the mercy of a jury and hope that something sticks.
In general, they allow an individual to use force in self defense when they believe that they are faced with an unlawful threat. The keyword there is unlawful. Following someone may be intimidating but it is not unlawful. Similarly, the moment that TM ditched GZ he was no longer faced with any threat.
The court should not be putting George Zimmerman in a position where he is forced to prove his innocence. Material which is relevant to proving his guilt can be admitted as long as it meets the standard of evidence but it is generally easier to get character evidence about the victim admitted than it is to get character evidence about the defendant admitted. Courts look down on putting the victim on trial but when there's a lack of witnesses there's not much of a choice.
Please remember that it is the prosecution that has to prove George Zimmerman's guilt, not George Zimmerman that has to prove his own innocence. Under Florida law they must disprove Zimmerman's account of events using investigative procedure, not by hoping that a jury will find him guilty on a whim. This case has already made a mockery of our justice system.
It's a lot more complicated than that. photolithography is a very complex process. As dies shrink due to a smaller nodal size it becomes increasingly more difficult to fabricate a single chip until that process matures.
All 150+ 4/6/8 core Sandybridge processors were sourced from only 5 different chips with 2/4/8 cores a piece and varying amounts of cache. The yield on the 8 cores is low even on the mature 32nm process so they demand a huge price premium. Those with defective cores have some disabled and are sold as 6 core variants.
Since defects are fairly consistent per wafer, yields on a 200mm^2 Sandybridge are exponentially higher than they are on a ~400mm^2 Sandybridge. The same is true for Ivybridge. I'm not sure if Intels 22nm process has matured enough to make 8 core Ivybridge processors economically feasible quite yet. Thus, 220mm^2 yields on Intel's 32nm process may be comparable or even higher than 160mm^2 yields on Intel's 22nm process.
TSMC's 28nm process was backlogged for quite some time due to low yields. The GTX680 was unavailable for the longest time because it required that a large chip be fabricated with no defects, the GTX670 which came later allowed for part of the chip to be disabled, thus increasing yields. AMD had the same problem with their HD 7000 series, low yields on the top end processors reduced their ability to ship those processors. Fortunately for them they had a stripped down version (HD 7950) ready to go at the same time rather than months later.
Intel is a remarkably conservative company. They're not known for announcing a product unless they know that they can make it available and thus it doesn't make sense to introduce an 8 core Ivybridge processor unless they know that they can actually deliver it. This is why the Sandybridge-E processors came around much later, and the same will be true for Ivybridge-E
Intel is already years ahead of AMD. They have well over 80% market share in the PC market and over 90% in the server and workstation market. There's a large performance spread between AMDs processors and Intels processors in both single threaded performance and overall performance per watt. If Intel wants to bend consumers over, they are already in a position to do so. However, they seem to be sticking to their roadmap despite the fact that AMD has been falling farther and farther behind.
That's true about the defendant, but we're talking about the victim here. It's much easier to get character evidence entered about the victim than it is about the defendant.
The defense has argued that Trayvon was the aggressor and are going to see if his school records and online life back that up. The internet is not some parallel dimension with no relationship to our real lives. If Trayvon was into "Thug Life", MMA, etc... or was suspended for getting into fist fights at school (he was suspended at least 3 times) then this is relevant to the case at hand as it makes the notion that he attacked Zimmerman more believable.
Prosecutors have to be very careful about what they say. Filing charges that aren't substantiated by evidence can be a violation of the accused's legal rights and depending on the jurisdiction the prosecutor may not be protected under qualified immunity if they did so knowingly and maliciously, which can open them up to multiple lawsuits from the defendant that would otherwise be prohibited.
Similarly, they have to be very careful about what they say to others regarding criminal charges brought against someone. Mischaracterizations made to the media which are later proven false or are baseless may not only be grounds for defamation, they could also be a violation of the local Bar Association's standards of ethics.
Slashdot Mirror
It is not possible to disable Secure Boot outside of the EFI setup. That is by design.
You realize that Secure Boot can be turned off right?
If it's off by default on OEM machines then all of the stupid users who honestly believe that they are the one millionth person to visit a website will risk compromising their machines and simply increase the already nasty amount of noise on the internet.
Most malicious programs simply do obnoxious but otherwise benign things. It is not possible to preemptively stop malware from doing something if an otherwise legitimate program would be allowed to do the same. Legitimacy is subjective.
There is a large difference between a malicious program that tries to overwrite the boot record or patch the kernel, and a malicious program which sends out HTTP requests. The former is easy to detect because as you said, it takes actions which no program, legitimate or otherwise, is allowed to do on a stock installation of Windows. The latter is otherwise indistinguishable from a web browser and can only be detected by comparing its behavior to that of a known malicious program, requiring developers to play a constant game of catchup.
This was a problem with Windows XP, the system and user were not properly segregated. Thus, it was common for malware to inject itself into system folders and without a proper antivirus it was almost impossible to detect it. When UAC debuted with Windows Vista many of these attack vectors were supposed to disappear and they did. Unfortunately, it took developers about 5 years to get out of the Windows XP development style and to stop mixing application data and user data. Once a program is installed, there should be little to no reason to put user data in the same location, that's what home folders are for. Users simply clicked "yes" to UAC every time it popped up, or disabled it completely. As much as I wish it were possible to do so, it is not possible to patch stupid.
The exact same security vulnerabilities exist in Linux. Any malicious script or program will have unfettered access to the entire system if the user can be convinced to put 'sudo' in front of it. Any Linux admin knows better than to install something that they don't trust, the same cannot be said for Windows users often install pirated software and the malware that comes with it.
The best antivirus is a smart user.
Most malware on Windows gets dumped into %APPDATA% because it can't go anywhere else without raising a red flag. This makes it fairly easy to nuke. The same works for Linux.
The overwhelming number of Linux servers worldwide are behind firewalls and will rarely ever attempt to reach out blindly to the internet. There aren't nearly as many attack vectors to exploit. It's far easier to find some bad PHP code to exploit, or an unpatched version of Apache than it is to attack it using traditional methods that might work on a user machine.
That's called a stream cipher, which I mentioned in my post.
That can be done automatically, there's no need to recompile it. It's still problematic in that it's worthless if the downstream link can't be locked. Some sort of unencrypted marker is necessary
While its true that passive receivers and signal amplifiers do reflect or emit parts of the signal that they are receiving, it's not easily detectable unless you know what you're looking for and are close to the target.
These are satellite streams which run constantly. The receiving computer would have to be able to track and lock the start of the stream and/or a position in the stream before it could reassemble the packets. If a packet is missed, then the receiver will lose its lock. Thus, frame indexes of some sort would have to be used to help the receiver reacquire the lock. Since there are only so many possible ways to reassemble a real time data stream it's only a matter of time before someone else figures out how to do it simply by trial and error.
Encryption, real time, and noisy signals don't mix well. This isn't a youtube video in which the client can request that the server resend a packet that contained an error. Unencrypted video streams are fairly error tolerant as an error will only manifest itself as a slight artifact for a few short frames. Strong encryption schemes are not error tolerant, a non-correctable error would result in one or more blocks of data being entirely unusable.
A stream cipher could be used instead of a block cipher but a stream cipher presents added difficulties in that not only would the bitwise/bytewise encrypted transmission (as opposed to blockwise) have to be tracked, but it would have to be tracked in sync with a key. If the key repeats, it can be determined with a little bit of work in the same fashion that an RC4 key can be determined to break into WEP protected networks.
There are no current, well researched materials known which can reliably withstand the forces caused by large scale fusion reactions. There are some that are either experimental or hypothesized. Physicists and material scientists are working hard to make these materials a reality and/or easier to mass produce. It may take another 50 years but we should get there eventually.
MS-DOS took a very similar approach from an interface perspective but that's about it. Underneath the hood its neither a clone nor a clean room re-implementation of CP/M.
There's a very thorough article in IEEE Spectrum by an author who used modern disassembly, debugging, and code similarity techniques and applied them against various versions of DOS and CP/M. Everything led him to a dead end.
http://spectrum.ieee.org/computing/software/did-bill-gates-steal-the-heart-of-dos/0
MS-DOS was a thinly disguised clone of Digital Research's CP/M, circa 1974
Yeah... this was thoroughly debunked
Fools are easily parted from their money.
The OP is correct. Apple's software engineers are incompetent. The industrial designers are holding the company together
Multi-AZ is only available for certain services. It's slower and costs twice as much. There's also replication delay issues between multi-AZ instances.
Challenging Zimmerman's account of events is fine. However, it needs to be challenged by investigation in accordance with the standards of evidence. It is not acceptable to throw him at the mercy of a jury and hope that something sticks.
No. SYG laws are easily misunderstood.
In general, they allow an individual to use force in self defense when they believe that they are faced with an unlawful threat. The keyword there is unlawful. Following someone may be intimidating but it is not unlawful. Similarly, the moment that TM ditched GZ he was no longer faced with any threat.
The court should not be putting George Zimmerman in a position where he is forced to prove his innocence. Material which is relevant to proving his guilt can be admitted as long as it meets the standard of evidence but it is generally easier to get character evidence about the victim admitted than it is to get character evidence about the defendant admitted. Courts look down on putting the victim on trial but when there's a lack of witnesses there's not much of a choice.
Please remember that it is the prosecution that has to prove George Zimmerman's guilt, not George Zimmerman that has to prove his own innocence. Under Florida law they must disprove Zimmerman's account of events using investigative procedure, not by hoping that a jury will find him guilty on a whim. This case has already made a mockery of our justice system.
It's a lot more complicated than that. photolithography is a very complex process. As dies shrink due to a smaller nodal size it becomes increasingly more difficult to fabricate a single chip until that process matures.
All 150+ 4/6/8 core Sandybridge processors were sourced from only 5 different chips with 2/4/8 cores a piece and varying amounts of cache. The yield on the 8 cores is low even on the mature 32nm process so they demand a huge price premium. Those with defective cores have some disabled and are sold as 6 core variants.
Since defects are fairly consistent per wafer, yields on a 200mm^2 Sandybridge are exponentially higher than they are on a ~400mm^2 Sandybridge. The same is true for Ivybridge. I'm not sure if Intels 22nm process has matured enough to make 8 core Ivybridge processors economically feasible quite yet. Thus, 220mm^2 yields on Intel's 32nm process may be comparable or even higher than 160mm^2 yields on Intel's 22nm process.
TSMC's 28nm process was backlogged for quite some time due to low yields. The GTX680 was unavailable for the longest time because it required that a large chip be fabricated with no defects, the GTX670 which came later allowed for part of the chip to be disabled, thus increasing yields. AMD had the same problem with their HD 7000 series, low yields on the top end processors reduced their ability to ship those processors. Fortunately for them they had a stripped down version (HD 7950) ready to go at the same time rather than months later.
Intel is a remarkably conservative company. They're not known for announcing a product unless they know that they can make it available and thus it doesn't make sense to introduce an 8 core Ivybridge processor unless they know that they can actually deliver it. This is why the Sandybridge-E processors came around much later, and the same will be true for Ivybridge-E
Intel is already years ahead of AMD. They have well over 80% market share in the PC market and over 90% in the server and workstation market. There's a large performance spread between AMDs processors and Intels processors in both single threaded performance and overall performance per watt. If Intel wants to bend consumers over, they are already in a position to do so. However, they seem to be sticking to their roadmap despite the fact that AMD has been falling farther and farther behind.
That's true about the defendant, but we're talking about the victim here. It's much easier to get character evidence entered about the victim than it is about the defendant.
The defense has argued that Trayvon was the aggressor and are going to see if his school records and online life back that up. The internet is not some parallel dimension with no relationship to our real lives. If Trayvon was into "Thug Life", MMA, etc... or was suspended for getting into fist fights at school (he was suspended at least 3 times) then this is relevant to the case at hand as it makes the notion that he attacked Zimmerman more believable.
corollary:
Any sufficiently shocking display of stupidity is indistinguishable from malice
Prosecutors have to be very careful about what they say. Filing charges that aren't substantiated by evidence can be a violation of the accused's legal rights and depending on the jurisdiction the prosecutor may not be protected under qualified immunity if they did so knowingly and maliciously, which can open them up to multiple lawsuits from the defendant that would otherwise be prohibited.
Similarly, they have to be very careful about what they say to others regarding criminal charges brought against someone. Mischaracterizations made to the media which are later proven false or are baseless may not only be grounds for defamation, they could also be a violation of the local Bar Association's standards of ethics.
Unfortunately /. lacks a "factually incorrect" mod option