Canadian-owned and operated D-Wave computer has way more that 50 Q-bits with a 1000Q model available and a 2K in the works.
D-wave works on a completely different design. Their systems can not manipulate individual qbits, but instead have all their qbits in a big pool functioning together such that they can only manipulate the entire grouping.
Instead of reading out individual qbits, they read the energy level of the entire pool of qbits summed together.
This makes it easier to actually setup all of those qbits in the first place, but they are limited to solving "lowest energy state" problems.
IBM and Google are using designs that can manipulate individual qbits, which makes them more like general purpose computers in that sense, but introduces all sorts of complications in creating, setting up, and manipulating each qbit. This is why they have so few of them.
There isn't really much in the way of analogies that don't break down in a mess, but in general, imagine the differences between a general purpose CPU, and a very specialized IC to handle one particular problem set but do it very well.
Perhaps a CPU vs GPU comparison is the closest. A GPU like the nvidia gtx 1080 contains over 3500 cuda processing cores. But those cores can only do certain types of math, typically the type needed for 3d graphics processing, but there are other uses.
If you happen to have a type of problem that the GPU can do, the GPU can do it orders of magnitude faster than a general purpose CPU. But for any other type of problem a GPU is completely worthless. A CPU can solve both types of problems, but generally slower. But if that problem is one a GPU can't address, the "slow" CPU is your only option.
D-wave is very specific purpose to solving lowest energy state problems, and that's really it. If that is your problem set, a D-wave may very well provide you a massive speed increase over another type of system, but if it isn't that type of problem a D-wave is completely useless.
General quantum computers should be capable of any quantum type problem, but in this case it isn't speed that is your trade-off but memory space (qbits)
Otherwise, what are they doing to do, make you prove you own the image? "Sorry, I need you to uhh, verify this genitalia is yours...."
That sounds to me like even more reason to suspect Facebook keeps the original image, just in case anyone there needs to verify the image uploaded really is a nude body instead of random persons profile portrait.
Do you know of a BIOS that runs when the computer is off?
Sure: All HP servers, all Dell servers, all IBM servers.
HP calls it "iLo" or "Integrated Lights-Out" IBM calls it the "RSA" or "Remote Supervisor Adaptor" Dell calls it the "iDRAC" or "Integrated Dell remote access"
The hardware has been pretty standard for some time now. Although HP used to require purchasing a software license key per-server to be allowed to use it.
Intel ME/ATM is the same thing but available in desktop grade computers, any core-i chip with vPro.
Until that ME processor itself dies. Then you're stuck fucking going there any goddamned ways to replace an entirely dead machine.
Actually that doesn't need to be the case. For a single location it probably should be the case, but for multiple sites spread over the country or more it really is the most efficient option.
Our OEM vendor enables ATM for us and uploads our public provision key into the ME. They can then ship the desktop to any location we tell them to.
Once its on the LAN and turned on, the ME contacts our provisioning server and gets all the ATM settings, bios settings, and access public keys, and as they are signed by our private provision key it installs them.
At that point the provision server, having the only "live" copy of our access private key, can then issue commands. Specifically it tells the new PC to mount our base image ISO under the optical drive, and then to "power on" the desktop. The last step of the OS installation from that boot ISO (just before rebooting to the local HD that is) signals back to the provision server that it's done, which causes it to "unmount" the boot ISO.
The only prep work we do is feed the new asset numbers and MACs, provided from the order confirmation from the vendor, into the provision server.
Most vendors only pre-load provision keys once you get to be a certain size, which is annoying for small shops on one hand, but on the other it isn't some insanely large limit like Microsoft Volume licensing for example.
Prior to us hitting that magic "300 PCs ordered" threshold by our vendor, there was indeed an extra step and although it wasn't completely necessary we kept it internal to the IT staff. That step was to plug in a USB flash drive containing our public provision key and a little ME/ATM config before hitting the power button and control-e on boot to load it.
Also the ATM-SDK is a free download from Intel. You can automate the hell out of the thing if you really want to.
If you are small enough to be a single-site shop, it likely wouldn't be worth such a setup when it's just as easy to walk across the building, but for multiple-sites spanning different cities it can be quite efficient of a time saver.
Crime is OK if you use the proceeds for education. This seems like a bad precedent to set, especially with computer crime. It's not like we don't already have bunches of script kiddies imagining they're fighting a just cause while committing computer crimes.
So many talented but ethically-challenged kids out there can look at this and say, "Well, if I don't get caught I'm rich and if I do I get probation. Yay, free tuition!"
While I can certainly agree that this would be a bad thing in the hands of people who are always trying to game any and all systems for their own benefit, I'm actually leaning the other way.
Reading the summary the first thought that went through my head was "What the hell, our justice system is actually trying to find justice and not just revenge as is almost always the case?!"
The very fact our revenge system is so expected to dole out revenge and ignore justice, such that people actively see justice as a negative thing simply because it is so far from the norm, is a very poor reflection on us as a nation.
Reform is something everyone should absolutely believe in! Or at least the possibility of it. As I said, I do agree completely that reform shouldn't be determined by a checklist or set of rules that never changes, ie being encoded into law, for pretty much the same reasons you gave. But taken on a case-by-case basis, and with the proper amount of time and resources to do it correctly, it is absolutely something our justice system needs to return back to.
Not believing in reform, when taken to its ultimate conclusion, is the worst possible situation for all of us. After all if you firmly believe reform isn't possible, then ultimately there is no point what so ever in assigning prison terms anything under "life". Why let anyone out if by your own definition they can never reform and will never stop doing what they did to end up there?
Continuing to the extreme, can you name one person who has never in their life made a mistake? No, such a person doesn't exist. So why not imprison everyone ahead of time? After all the logic is sound: Everyone makes mistakes, one mistake is all that is needed for punishment, and there is no possibility ever for anyone to learn from that mistake and not make it again in the future. That certainly isn't a world I want to live in.
How many stories have we all heard about a gifted child, as in mid-teenage or less child, with amazing skills yet the usual shitty judgement that children have who end up in prison for multiple decades? It is a waste of talent, a waste of money, a waste of any possible contributing to our society, and ultimately a waste of a life. Throwing away a person like that Should be reserved for people who really can't provide any benefit to society or can't stop causing harm to others. It shouldn't be for people who make one mistake.
One of our biggest problems is allocating the resources needed to tell those two types of people apart, specifically in that we simply do not do so. There is a twisted kind of logic behind erring on the side of caution and just assuming the same answer for everyone, but the fact is we shouldn't be putting the justice system in the position to need to assume.
If you're thinking of asking me what we should be doing as some kind of universal answer, I have nothing to give. But this type of thing is still refreshing knowing at least a few people in our justice system haven't totally and completely given up hope on everyone as a blanket position.
Anyone who follows any sort of weapons or gaming or political channel on YouTube knows just how over-aggressive the Google's flagging bots can be.
I don't think "aggressive" is even the correct category of term to use here.
The most amazing and baffling example I've seen was after a live stream. The stream lasted almost 3 hours, and all was well. At the end of the stream the VOD was marked to post to the channel in its entirety.
Either the stream or the archived full copy was flagged at all.
The next morning editing began, which was to cut the original video into segments aligned to the few topics discussed on stream. 5 segments in all.
2 of those 5 were flagged as not suitable for advertisers. Keep in mind, those 2 segments were exact copies from the original stream, which is still suitable for advertisers.
So the bot had decided that one copy of the video was not suitable for ads, which is an exact copy of time marks 36m-72m within another video which was sutable for ads
What this shows is that you can upload the exact same video multiple times, with the exact same description text, and the same title but with " - 1" or " - 2" etc. appended, and have a non-zero chance that some but not all of those copies will get flagged while the other copies will remain fine, despite being identical copies.
This is not simply being aggressive, this is being broken and incapable of basic pattern matching.
It's an open source version of the Nvidia GameStream protocol supported by the higher end GTX cards, usually advertised for use with the Nvidia Shield devices. Very low latency video streaming that actually does work pretty well with games at 1080@60
There is an android version that works side loaded on a FireTV, right next to a Kodi load. I've used it to play fallout 4 on the ipad pro on a lark, but it worked quite well.
The mobile versions do have a built in on-screen control pad setup but it sucks about as much as you'd imagine. In my case I just used a bluetooth gamepad paired to the host PC, mainly due to Apple not allowing such devices to pair with an ipad, but I don't believe any of the other OSes have that same limitation.
May be useful in other situations even if you have no interest in a FireTV device.
You seem to have evaded the whole point of TFM, which is that RSA tokens have a vulnerability. That is, I don't need to steal your token and then figure out the key because I can just breach the security of the site you use the token for and access its database of RSA tokens.
Well yes, I "evaded" that because it isn't possible.
You can have my tokens public key to your hearts content, and you still will be unable to predict the next code displayed for any given time in the future.
All you could use that key for is to validate a code shown on my token was the correct one for a given time.
AKA you can't use the public key to predict my tokens code and use it to authenticate as me. All you can use it for is to verify a code is valid and allow me to authenticate to you.
I fail to see how the tokens public key would be of any use to you. If you wanted my password component, and you have completely taken over the website in question, you wouldn't even need to use the RSA code. You already have access to the server I'd be sending my password to, there is no need to verify the token code to do that.
But so long as that sites password isn't reused anywhere else, none of that would gain you anything at all useful. If you have complete control over the sites servers, you already have access to any data on those servers that would normally be protected from others by my password and token. aka you wouldn't need either of them to copy that data.
If the password isn't reused, then knowing my password for that site won't gain you any advantage over other sites. Knowing the token public key also won't gain you any advantage in using my token to authenticate on other sites.
This should make it crystal clear as to the priorities of security for most companies and people.
Pros for hardware tokens: - The private key is exceptionally difficult to extract, and in cases like RSA tokens, currently impossible. - Many protection features built into the hardware, such as the key being stored in RAM and a battery that is designed to become disconnected upon disassembly, trace contacts only maintaining connection via points inside the enclosure that are disrupted upon tampering, etc. - Expiration date enforced by battery life - Can't be copied so must be taken from you, on the assumption that lack of your token would then become noticed at which time the entire keypair is removed from the trust chain.
Compared with pros for software tokens: - Cheap, generally free
That's it, just the cost, everything above is given up in exchange for not having to pay for hardware.
Now I'll be the first in line to say I wish RSA tokens were not as expensive as they are. In fact I'm certain I'd have to wait in that line right along with you. But despite the price you actually are getting quite a lot in return, and many things not possible to duplicate in software simply due to the nature of software.
Phones and even computers that would be running that software are not designed with self-destruct capabilities in mind.
The software requires both saving the private key, which is typically going to be on hardware designed explicitly to be readable (HDs, flash, etc), as well as such that the private key needs to be installed in it meaning that key is likely stored elsewhere to be copied.
Which leads to copying of the software/key as a possibility. With a hardware token I would need to deprive you of its use in order to use it myself, something that should be noticeable and set off red flags. One may say the same would be true for your cell phone, but the reality is I don't need to deprive you of your phone, I can simply copy the data off of it and/or access it remotely, or being a multi-purpose device use some other software running on it to get at that data (Eg a web browser exploit you initiate yourself)
All of those protection features get traded away completely in exchange for a lower price. Which really highlights exactly where security falls in the order of priorities when these software apps are used.
Like with the "https everywhere" crowd, there definitely are situations where a software token makes more sense, but equally similar they tend to be edge cases that shouldn't require much security in the first place. Development work, educational purposes, setting up a test system to protect one server on your LAN from the rest of your LAN just to learn how the backend setup works before deploying the real deal elsewhere. etc.
But for anything "real world" those hardware token features shouldn't be dismissed simply due to cost.
Enough of modding comments, I want to be able to mod this fucking awful summary and article out of existence...
The very top of the page by the Slashdot logo. Firehose -> All https://slashdot.org/recent . It's pretty sad seeing technical articles with 50 or less comments assuming they even get modded up and out of the firehose to the main page, yet many political articles per day with multiple hundreds of comments so damn consistently on a tech website, I wish more technical people would help mod the articles.
Clearly, the real story here is that Lake Superior and the State of Maine are interchangeable units of measuring area. Who Knew?
A little known fact is that Lake Superior and the state of Maine are also physically interchangeable! This is the reason neither of those things are labeled by name on Google Maps.
These feature removals mostly seem troublesome at a locked down PC environment at school or work where you can't install anything.
At least for work related environments, such things are far less troublesome, and generally not at all for end users.
Windows updates get centralized from one internal server which the admins can approve/deny on a per patch basis, as well as push to a testing group of computers to be vetted individually if need be.
If the company standardized on media player, this KB update would not make it onto your computer until a group policy update was made to ensure it remains an enabled feature at the same time. If the company uses another media player, be it in the default image or pushed via group policy, then likely media player was already disabled, and if not it going missing isn't going to be noticed.
I would like to think a school environment was run similarly but I personally have no experience there. I can see if they had an IT department mostly full of students in training to be IT admins, that could certainly be problematic, though I'd argue that problem would run much deeper than just this one issue:P
I've come into numerous environments throughout my career that had a multitude of printers set up on public IP's, no firewall, and in numerous cases, with the default admin password. No valid reason for doing so. Just a lack of proper management.
I dunno, that doesn't really answer the question.
How does any organization even obtain public internet routable IPs without proper management to set that up?
With so many devices defaulting to NAT and requiring work to turn that off, assuming you can turn it off, how do those devices even get a public IP instead of an internal IP without proper management?
Every time I setup a business internet connection I had to beg and plead to get a/29 over the single IP setup by default, and took more than zero effort to add a router to the mix that either wasn't a piece of crap $20 linksys that forces NAT on you, or to get the ISP to bridge that single IP through their CPE and onto my own router directly. Not to mention I don't remember any ISP after the dialup era automatically assigning you an IP, let alone providing DHCP services for any routable subnets.
One would expect that without any proper network management things wouldn't be able to be in any situation where $randomDevice plugged in is handed a public IP from any DHCP server anywhere.
If anything I'd expect lack of proper network management to result in nothing working in the first place at worse, or a standard home NAT setup at best.
Doesn't having a "hint" imply that the system has stored the actual password somewhere? If not, what is the hint going to do, return an encrypted password?
No. It doesn't even come close to implying that. Why would you think such a thing?
Your username, real name, and the hint are all text value stored in plain text as they should be. Your password is a different value stored hashed.
When you type a password wrong, clicking "show hint" is expected to return *the hint value you entered*
The hint actually has less to do with your password (nothing) than it has to do with your username (the thing the hint is linked to, just like your name and user icon and everything else)
If you enter the hint "my 2017 password starting with U and 10 characters", clicking show hint is expected to return exactly that and nothing else.
would you prefer ads or background JS running Bitcoin miners funding the websites you visit?
Given just those two options and only a few minutes to ponder on it, I'm actually leaning towards the bitcoin miner.
In theory, javascript is supposed to be sand boxed in the browser, while flash was never designed in such a way for that to be possible, so in theory the miner is supposed to be more secure. Of course in reality that isn't really the case, as there have been plenty of exploits using javascript over the years too. That would also only apply to flash ads, which isn't as dominate these days.
Normally I am very much against running random strangers code on my computer. Originally I didn't intentionally block ads, but I do run a script blocker which coincidentally blocks many ads too.
But another point in the miners favor and against ads is the aggressive nature they have become. I now also run an ad blocker specifically for that reason, since ads tend to completely destroy a website.
Ever try to read slashdot without an ad blocker? It's quite literally not possible. By far ads take up over 80% of the screen and move around to fuck with the remaining small percent left over for content. You can't open an article from the main page since the ads force the page to scroll most of the way down, and once you scroll up it triggers the ads to move and push the comments off screen again. Not to mention the postage stamp sized box you get to reply in without a script blocker or always updating your settings back to the old view layout.
Coin mining on the other hand wouldn't even show up on screen at all. Both the miner and ads suck up CPU cycles, I'd assume the miner much more so, but these days I have plenty of CPU cycles to spare and doubt a single core pegged at 100% would be noticeable.
Ads also have a habit of redirecting you to scammy websites, or the site with the ad makes the entire background of their page a clickable element to hijack their own website to open an ad in a popup or popunder tab.
I can safely say between allowing a website to use ads in my browser, or doing without ever going to that website, I choose the latter. A coin miner on the other hand would be a silly thing to deploy if it didn't actually report back to the website owner and gave random scammy sites access to it.
Of course in the end I don't think I'd put myself in any position where I'd only have those two choices. For sites and content creators I love, they either get paypal donations or lately patreon pledges. (Patreon has been an amazing game changer, I have a few hundred dollars per month in pledges to about 30 different people and groups. Not having to remember to paypal something every so often, or sign up for multiple subscription services, makes the entire ordeal so easy to setup and let do its thing)
The rest I can generally do without if it came down to it.
It shouldn't be possible to connect from the public Internet via some exploit in the public-facing web server and then just dump the contents of all the back-end database servers. Am I just being naive here?
Well that web server has to get the data its showing you from the back-end server, which means an exploited web server running a rouge process can get that same data.
One may argue that us people don't need quite that much data to be on the web site to view in the first place, but I'm assuming at least someone argued that they do want to, and the companies thus did so.
What you are referring to is "security in layers" Web server makes API requests to another server, that makes API requests to another server or database. The communications are completely restricted to nothing but that API, and the APIs are restricted to only be able to get at certain things.
But sadly that requires actually making those layers, and ideally each layer managed by a separate person or team, meaning hiring enough people to fill all those separate spots. It also requires a management team that doesn't act like security in layers is "restricting them" or "an assault on their authority" and simply threatens everyone to allow everything so he or she won't be potentially inconvenienced in any way or perceive that someone is telling him no as an affront to his or her "I am a god!" mentality.
It can be done right if someone at the top demands it is done right and tells everyone below to fuck off and deal with it or they''re fired, including all lines of management. It's just rare to find such companies structured that way with enough people that care about it to actually do the work needed.
No, it is not. Nobody was arrested or even talked to.
Re-read what I said then and try to comprehend analogy. Because you are incorrect, my example explicitly involved one person being arrested.
Here was my example: arresting your neighbor, you, and every other person that lives on your street and holding you in jail for days, simply because it takes that long to question your neighbor.
The very first three words involve an arrest in that example. So yes, in my example, someone was arrested and even talked to (that is what "question your neighbor" means, talking to them)
How is this different from police following every single and unsuspected citizen in an area?
It isn't different, both are not legal without a warrant, which was the entire point. If I am not being detained as a suspect, or being placed under arrest, it is perfectly legal for me to go to a place the police would be trespassing to enter, and it would be a crime for them to follow. Linking back to the example I made, not just my house for me, but everyone on the street that isn't the actual suspect are supposed to be free from surveillance in and on their own property.
Or, indeed, video-recording everything with security-cameras?
That example has an explicit exception to the wiretapping laws so that it isn't illegal anyways, for police or not-police the same. There is currently no such blanket exception for wiretapping RF signals.
You can argue those laws make no technical sense all you want and will get no complaint from me, but at the end of the day those nonsensical laws are still the laws.
The simple fact of the matter is ALL of these laws can have a police officer excluded from them just by getting a warrant for the act. If they would only bother to utilize it, none of these things would be illegal for the police to do.
The entire point of complaint is the police can't be bothered to follow the law they are at the same time claiming to be upholding. And the court agrees that interpretation of the law is correct.
I don't know, how you define the term "pervasive surveillance". But I do know, that use of stingray to target a suspect's phone is no different from following a suspect on the street.
It is very different, so much so it's not even close enough to resemble the same thing.
This is like the police knowing for a fact a single person committed a crime (one human body on camera, covered head to toe in clothes) and they suspect that single person is your neighbor.
Using a stingray is akin to arresting your neighbor, you, and every other person that lives on your street and holding you in jail for days, simply because it takes that long to question your neighbor.
Stingrays do not and can not physically track a suspect. Stingrays track every single last innocent and unsuspected citizen in a 5 mile radius around them, minus the suspect that they hope is coincidentally in that same area.
What I want is for people to stop bending over when a company demands that you use DRM to view content. Users are real bootlickers when it comes to this.
OK, so what do you propose?
Not purchasing DRM content (aka voting with your wallet) is already the preferred option, yet clearly does nothing to stop the content providers from doing it.
Asking or even demanding change from the content providers has done nothing to change their minds, and realistically there isn't a single reason to expect otherwise.
You may argue this is due to the majority of people accepting DRM (you certainly imply that) however even that is suspect. Getting most, let alone all, of any given group to decide on the same thing has always been somewhere between storybook fantasy level and impossible.
I would also argue quite a large number of companies in the position to decide yes or no on DRM would rather go out of business completely before giving up asserting control over what they mistakenly but certainly still feel is their property.
We already have the option of avoiding DRM and only purchasing content from creators that specifically choose to release it DRM free. This still doesn't have any effect on the remainder that do not.
I'm not calling into question your values here, but there is a difference between "bending over and accepting" something we are in fact not accepting, and the reality that DRM can be made to disappear completely.
Even if somehow the impossible could happen and you convince all or at least most people to reject DRM, the end result really does appear to be that those DRM protected works will disappear instead of exist without DRM.
You seem to be under the impression rejecting DRM would somehow result in those works being available without DRM. However if you are already avoiding DRM, then that situation would be the same result as now: those works will not be available to us.
If there was some potential solution in sight, I'd jump on it right there next to you, I'm just not seeing it.
So that makes it sound like this guy was using a personal Yahoo Messenger account. So that kind of takes me in the other direction, in favor of the employee's right to privacy. As a general rule, I don't think that your company should have the right to access your personal email/IM accounts, even if you happen to access them on work devices.
It can be a very fine line, but as the steward of an employers data, networks, and security policy, IT staff are between a rock and a hard place here.
The company is legally responsible for vetting contractually and/or legally burdened data from leaving any internal compartmentalized or secured areas to outside networks such as the Internet.
There is really only two ways to do this. A) Monitor the data egressing the network, or B) Disallow any and all types of general network access that would permit this in the first place.
As a technology advocate myself, I would much prefer the option of simply treating all employees as trusted adults capable of such restrictions and care on their own. However not only do the lesser technologically inclined not always have the knowledge or skills to do this even when it is their intent, but the fact is there does exist bad actors that for whatever reasoning are actively going to try and harm you for their gain. For this reason it falls upon us to practically guarantee the protection of the companies data and information.
Personally I know I would absolutely hate and despise operating under work conditions where all of the company resources are locked down and restricted to the point of not being useful, such as a whitelist of vendors and customers for email and websites, or those simply blocked entirely.
On the other hand, I know if I went to my boss to present this as a problem needing a solution applied, and gave the two options above... He very likely wouldn't share my opinions on the moral downsides of option "B", and would very likely see it as the simplest, cheapest, and best option to solve the problem. And while this wouldn't apply to my current boss, I have in the past worked for people who would immediately question why I am even presenting such a thing as a problem to them in the first place, since to them option "B" would be the glaringly obvious only answer, and "shame on me" for not recognizing that "fact".
In the end I very much worry laws like these will less protect an employees privacy and more simply force companies to block any and all such privileges in the first place, both to meet their other legal and contractual obligations as well as to head off any more removal of things they can or can't do with their own property.
The first part of your sentence claims how ludicrous it would be implying it isn't easy/possible, while the second part of that same sentence details exactly how possible it is to do.
Are you claiming it isn't possible for a German company to put things on the moon via Russian rockets? Or are you claiming it IS possible for a German company to put things on the moon via Russian rockets?
I mean, obviously you claimed both at the same time, but clearly only one can be true, right?
Slashdot Mirror
You should of opted for the industrial japanese sex robot. Those things are rated to remain functional down to -30C
Canadian-owned and operated D-Wave computer has way more that 50 Q-bits with a 1000Q model available and a 2K in the works.
D-wave works on a completely different design. Their systems can not manipulate individual qbits, but instead have all their qbits in a big pool functioning together such that they can only manipulate the entire grouping.
Instead of reading out individual qbits, they read the energy level of the entire pool of qbits summed together.
This makes it easier to actually setup all of those qbits in the first place, but they are limited to solving "lowest energy state" problems.
IBM and Google are using designs that can manipulate individual qbits, which makes them more like general purpose computers in that sense, but introduces all sorts of complications in creating, setting up, and manipulating each qbit. This is why they have so few of them.
There isn't really much in the way of analogies that don't break down in a mess, but in general, imagine the differences between a general purpose CPU, and a very specialized IC to handle one particular problem set but do it very well.
Perhaps a CPU vs GPU comparison is the closest. A GPU like the nvidia gtx 1080 contains over 3500 cuda processing cores. But those cores can only do certain types of math, typically the type needed for 3d graphics processing, but there are other uses.
If you happen to have a type of problem that the GPU can do, the GPU can do it orders of magnitude faster than a general purpose CPU. But for any other type of problem a GPU is completely worthless.
A CPU can solve both types of problems, but generally slower. But if that problem is one a GPU can't address, the "slow" CPU is your only option.
D-wave is very specific purpose to solving lowest energy state problems, and that's really it.
If that is your problem set, a D-wave may very well provide you a massive speed increase over another type of system, but if it isn't that type of problem a D-wave is completely useless.
General quantum computers should be capable of any quantum type problem, but in this case it isn't speed that is your trade-off but memory space (qbits)
Otherwise, what are they doing to do, make you prove you own the image? "Sorry, I need you to uhh, verify this genitalia is yours...."
That sounds to me like even more reason to suspect Facebook keeps the original image, just in case anyone there needs to verify the image uploaded really is a nude body instead of random persons profile portrait.
Do you know of a BIOS that runs when the computer is off?
Sure: All HP servers, all Dell servers, all IBM servers.
HP calls it "iLo" or "Integrated Lights-Out"
IBM calls it the "RSA" or "Remote Supervisor Adaptor"
Dell calls it the "iDRAC" or "Integrated Dell remote access"
The hardware has been pretty standard for some time now. Although HP used to require purchasing a software license key per-server to be allowed to use it.
Intel ME/ATM is the same thing but available in desktop grade computers, any core-i chip with vPro.
Until that ME processor itself dies. Then you're stuck fucking going there any goddamned ways to replace an entirely dead machine.
Actually that doesn't need to be the case.
For a single location it probably should be the case, but for multiple sites spread over the country or more it really is the most efficient option.
Our OEM vendor enables ATM for us and uploads our public provision key into the ME.
They can then ship the desktop to any location we tell them to.
Once its on the LAN and turned on, the ME contacts our provisioning server and gets all the ATM settings, bios settings, and access public keys, and as they are signed by our private provision key it installs them.
At that point the provision server, having the only "live" copy of our access private key, can then issue commands.
Specifically it tells the new PC to mount our base image ISO under the optical drive, and then to "power on" the desktop.
The last step of the OS installation from that boot ISO (just before rebooting to the local HD that is) signals back to the provision server that it's done, which causes it to "unmount" the boot ISO.
The only prep work we do is feed the new asset numbers and MACs, provided from the order confirmation from the vendor, into the provision server.
Most vendors only pre-load provision keys once you get to be a certain size, which is annoying for small shops on one hand, but on the other it isn't some insanely large limit like Microsoft Volume licensing for example.
Prior to us hitting that magic "300 PCs ordered" threshold by our vendor, there was indeed an extra step and although it wasn't completely necessary we kept it internal to the IT staff. That step was to plug in a USB flash drive containing our public provision key and a little ME/ATM config before hitting the power button and control-e on boot to load it.
Also the ATM-SDK is a free download from Intel. You can automate the hell out of the thing if you really want to.
If you are small enough to be a single-site shop, it likely wouldn't be worth such a setup when it's just as easy to walk across the building, but for multiple-sites spanning different cities it can be quite efficient of a time saver.
Crime is OK if you use the proceeds for education. This seems like a bad precedent to set, especially with computer crime. It's not like we don't already have bunches of script kiddies imagining they're fighting a just cause while committing computer crimes.
So many talented but ethically-challenged kids out there can look at this and say, "Well, if I don't get caught I'm rich and if I do I get probation. Yay, free tuition!"
While I can certainly agree that this would be a bad thing in the hands of people who are always trying to game any and all systems for their own benefit, I'm actually leaning the other way.
Reading the summary the first thought that went through my head was "What the hell, our justice system is actually trying to find justice and not just revenge as is almost always the case?!"
The very fact our revenge system is so expected to dole out revenge and ignore justice, such that people actively see justice as a negative thing simply because it is so far from the norm, is a very poor reflection on us as a nation.
Reform is something everyone should absolutely believe in! Or at least the possibility of it.
As I said, I do agree completely that reform shouldn't be determined by a checklist or set of rules that never changes, ie being encoded into law, for pretty much the same reasons you gave.
But taken on a case-by-case basis, and with the proper amount of time and resources to do it correctly, it is absolutely something our justice system needs to return back to.
Not believing in reform, when taken to its ultimate conclusion, is the worst possible situation for all of us.
After all if you firmly believe reform isn't possible, then ultimately there is no point what so ever in assigning prison terms anything under "life". Why let anyone out if by your own definition they can never reform and will never stop doing what they did to end up there?
Continuing to the extreme, can you name one person who has never in their life made a mistake? No, such a person doesn't exist. So why not imprison everyone ahead of time?
After all the logic is sound: Everyone makes mistakes, one mistake is all that is needed for punishment, and there is no possibility ever for anyone to learn from that mistake and not make it again in the future.
That certainly isn't a world I want to live in.
How many stories have we all heard about a gifted child, as in mid-teenage or less child, with amazing skills yet the usual shitty judgement that children have who end up in prison for multiple decades? It is a waste of talent, a waste of money, a waste of any possible contributing to our society, and ultimately a waste of a life.
Throwing away a person like that Should be reserved for people who really can't provide any benefit to society or can't stop causing harm to others. It shouldn't be for people who make one mistake.
One of our biggest problems is allocating the resources needed to tell those two types of people apart, specifically in that we simply do not do so.
There is a twisted kind of logic behind erring on the side of caution and just assuming the same answer for everyone, but the fact is we shouldn't be putting the justice system in the position to need to assume.
If you're thinking of asking me what we should be doing as some kind of universal answer, I have nothing to give. But this type of thing is still refreshing knowing at least a few people in our justice system haven't totally and completely given up hope on everyone as a blanket position.
Anyone who follows any sort of weapons or gaming or political channel on YouTube knows just how over-aggressive the Google's flagging bots can be.
I don't think "aggressive" is even the correct category of term to use here.
The most amazing and baffling example I've seen was after a live stream.
The stream lasted almost 3 hours, and all was well. At the end of the stream the VOD was marked to post to the channel in its entirety.
Either the stream or the archived full copy was flagged at all.
The next morning editing began, which was to cut the original video into segments aligned to the few topics discussed on stream. 5 segments in all.
2 of those 5 were flagged as not suitable for advertisers. Keep in mind, those 2 segments were exact copies from the original stream, which is still suitable for advertisers.
So the bot had decided that one copy of the video was not suitable for ads, which is an exact copy of time marks 36m-72m within another video which was sutable for ads
What this shows is that you can upload the exact same video multiple times, with the exact same description text, and the same title but with " - 1" or " - 2" etc. appended, and have a non-zero chance that some but not all of those copies will get flagged while the other copies will remain fine, despite being identical copies.
This is not simply being aggressive, this is being broken and incapable of basic pattern matching.
Although the ACs suggestion is fairly lacking, and actually mine may very well too, but one more tool that might come in handy for the toolbox:
http://moonlight-stream.com/
It's an open source version of the Nvidia GameStream protocol supported by the higher end GTX cards, usually advertised for use with the Nvidia Shield devices.
Very low latency video streaming that actually does work pretty well with games at 1080@60
There is an android version that works side loaded on a FireTV, right next to a Kodi load.
I've used it to play fallout 4 on the ipad pro on a lark, but it worked quite well.
The mobile versions do have a built in on-screen control pad setup but it sucks about as much as you'd imagine.
In my case I just used a bluetooth gamepad paired to the host PC, mainly due to Apple not allowing such devices to pair with an ipad, but I don't believe any of the other OSes have that same limitation.
May be useful in other situations even if you have no interest in a FireTV device.
I didn't get my first VPN until just after I hit puberty. Wait, what exactly is a VPN again?
Well, when a mommy pptp endpoint and a daddy ipsec endpoint love each other very much...
You seem to have evaded the whole point of TFM, which is that RSA tokens have a vulnerability. That is, I don't need to steal your token and then figure out the key because I can just breach the security of the site you use the token for and access its database of RSA tokens.
Well yes, I "evaded" that because it isn't possible.
You can have my tokens public key to your hearts content, and you still will be unable to predict the next code displayed for any given time in the future.
All you could use that key for is to validate a code shown on my token was the correct one for a given time.
AKA you can't use the public key to predict my tokens code and use it to authenticate as me.
All you can use it for is to verify a code is valid and allow me to authenticate to you.
I fail to see how the tokens public key would be of any use to you.
If you wanted my password component, and you have completely taken over the website in question, you wouldn't even need to use the RSA code. You already have access to the server I'd be sending my password to, there is no need to verify the token code to do that.
But so long as that sites password isn't reused anywhere else, none of that would gain you anything at all useful. If you have complete control over the sites servers, you already have access to any data on those servers that would normally be protected from others by my password and token.
aka you wouldn't need either of them to copy that data.
If the password isn't reused, then knowing my password for that site won't gain you any advantage over other sites.
Knowing the token public key also won't gain you any advantage in using my token to authenticate on other sites.
This should make it crystal clear as to the priorities of security for most companies and people.
Pros for hardware tokens:
- The private key is exceptionally difficult to extract, and in cases like RSA tokens, currently impossible.
- Many protection features built into the hardware, such as the key being stored in RAM and a battery that is designed to become disconnected upon disassembly, trace contacts only maintaining connection via points inside the enclosure that are disrupted upon tampering, etc.
- Expiration date enforced by battery life
- Can't be copied so must be taken from you, on the assumption that lack of your token would then become noticed at which time the entire keypair is removed from the trust chain.
Compared with pros for software tokens:
- Cheap, generally free
That's it, just the cost, everything above is given up in exchange for not having to pay for hardware.
Now I'll be the first in line to say I wish RSA tokens were not as expensive as they are. In fact I'm certain I'd have to wait in that line right along with you.
But despite the price you actually are getting quite a lot in return, and many things not possible to duplicate in software simply due to the nature of software.
Phones and even computers that would be running that software are not designed with self-destruct capabilities in mind.
The software requires both saving the private key, which is typically going to be on hardware designed explicitly to be readable (HDs, flash, etc), as well as such that the private key needs to be installed in it meaning that key is likely stored elsewhere to be copied.
Which leads to copying of the software/key as a possibility. With a hardware token I would need to deprive you of its use in order to use it myself, something that should be noticeable and set off red flags.
One may say the same would be true for your cell phone, but the reality is I don't need to deprive you of your phone, I can simply copy the data off of it and/or access it remotely, or being a multi-purpose device use some other software running on it to get at that data (Eg a web browser exploit you initiate yourself)
All of those protection features get traded away completely in exchange for a lower price.
Which really highlights exactly where security falls in the order of priorities when these software apps are used.
Like with the "https everywhere" crowd, there definitely are situations where a software token makes more sense, but equally similar they tend to be edge cases that shouldn't require much security in the first place.
Development work, educational purposes, setting up a test system to protect one server on your LAN from the rest of your LAN just to learn how the backend setup works before deploying the real deal elsewhere. etc.
But for anything "real world" those hardware token features shouldn't be dismissed simply due to cost.
Enough of modding comments, I want to be able to mod this fucking awful summary and article out of existence...
The very top of the page by the Slashdot logo. Firehose -> All
https://slashdot.org/recent
.
It's pretty sad seeing technical articles with 50 or less comments assuming they even get modded up and out of the firehose to the main page, yet many political articles per day with multiple hundreds of comments so damn consistently on a tech website, I wish more technical people would help mod the articles.
Clearly, the real story here is that Lake Superior and the State of Maine are interchangeable units of measuring area. Who Knew?
A little known fact is that Lake Superior and the state of Maine are also physically interchangeable!
This is the reason neither of those things are labeled by name on Google Maps.
These feature removals mostly seem troublesome at a locked down PC environment at school or work where you can't install anything.
At least for work related environments, such things are far less troublesome, and generally not at all for end users.
Windows updates get centralized from one internal server which the admins can approve/deny on a per patch basis, as well as push to a testing group of computers to be vetted individually if need be.
If the company standardized on media player, this KB update would not make it onto your computer until a group policy update was made to ensure it remains an enabled feature at the same time.
If the company uses another media player, be it in the default image or pushed via group policy, then likely media player was already disabled, and if not it going missing isn't going to be noticed.
I would like to think a school environment was run similarly but I personally have no experience there. :P
I can see if they had an IT department mostly full of students in training to be IT admins, that could certainly be problematic, though I'd argue that problem would run much deeper than just this one issue
Alien bacon?! Quick, where do I sign my worldly possessions away?
I've come into numerous environments throughout my career that had a multitude of printers set up on public IP's, no firewall, and in numerous cases, with the default admin password. No valid reason for doing so. Just a lack of proper management.
I dunno, that doesn't really answer the question.
How does any organization even obtain public internet routable IPs without proper management to set that up?
With so many devices defaulting to NAT and requiring work to turn that off, assuming you can turn it off, how do those devices even get a public IP instead of an internal IP without proper management?
Every time I setup a business internet connection I had to beg and plead to get a /29 over the single IP setup by default, and took more than zero effort to add a router to the mix that either wasn't a piece of crap $20 linksys that forces NAT on you, or to get the ISP to bridge that single IP through their CPE and onto my own router directly.
Not to mention I don't remember any ISP after the dialup era automatically assigning you an IP, let alone providing DHCP services for any routable subnets.
One would expect that without any proper network management things wouldn't be able to be in any situation where $randomDevice plugged in is handed a public IP from any DHCP server anywhere.
If anything I'd expect lack of proper network management to result in nothing working in the first place at worse, or a standard home NAT setup at best.
Doesn't having a "hint" imply that the system has stored the actual password somewhere? If not, what is the hint going to do, return an encrypted password?
No. It doesn't even come close to implying that. Why would you think such a thing?
Your username, real name, and the hint are all text value stored in plain text as they should be.
Your password is a different value stored hashed.
When you type a password wrong, clicking "show hint" is expected to return *the hint value you entered*
The hint actually has less to do with your password (nothing) than it has to do with your username (the thing the hint is linked to, just like your name and user icon and everything else)
If you enter the hint "my 2017 password starting with U and 10 characters", clicking show hint is expected to return exactly that and nothing else.
would you prefer ads or background JS running Bitcoin miners funding the websites you visit?
Given just those two options and only a few minutes to ponder on it, I'm actually leaning towards the bitcoin miner.
In theory, javascript is supposed to be sand boxed in the browser, while flash was never designed in such a way for that to be possible, so in theory the miner is supposed to be more secure.
Of course in reality that isn't really the case, as there have been plenty of exploits using javascript over the years too. That would also only apply to flash ads, which isn't as dominate these days.
Normally I am very much against running random strangers code on my computer.
Originally I didn't intentionally block ads, but I do run a script blocker which coincidentally blocks many ads too.
But another point in the miners favor and against ads is the aggressive nature they have become.
I now also run an ad blocker specifically for that reason, since ads tend to completely destroy a website.
Ever try to read slashdot without an ad blocker? It's quite literally not possible. By far ads take up over 80% of the screen and move around to fuck with the remaining small percent left over for content. You can't open an article from the main page since the ads force the page to scroll most of the way down, and once you scroll up it triggers the ads to move and push the comments off screen again.
Not to mention the postage stamp sized box you get to reply in without a script blocker or always updating your settings back to the old view layout.
Coin mining on the other hand wouldn't even show up on screen at all.
Both the miner and ads suck up CPU cycles, I'd assume the miner much more so, but these days I have plenty of CPU cycles to spare and doubt a single core pegged at 100% would be noticeable.
Ads also have a habit of redirecting you to scammy websites, or the site with the ad makes the entire background of their page a clickable element to hijack their own website to open an ad in a popup or popunder tab.
I can safely say between allowing a website to use ads in my browser, or doing without ever going to that website, I choose the latter.
A coin miner on the other hand would be a silly thing to deploy if it didn't actually report back to the website owner and gave random scammy sites access to it.
Of course in the end I don't think I'd put myself in any position where I'd only have those two choices.
For sites and content creators I love, they either get paypal donations or lately patreon pledges.
(Patreon has been an amazing game changer, I have a few hundred dollars per month in pledges to about 30 different people and groups. Not having to remember to paypal something every so often, or sign up for multiple subscription services, makes the entire ordeal so easy to setup and let do its thing)
The rest I can generally do without if it came down to it.
It shouldn't be possible to connect from the public Internet via some exploit in the public-facing web server and then just dump the contents of all the back-end database servers.
Am I just being naive here?
Well that web server has to get the data its showing you from the back-end server, which means an exploited web server running a rouge process can get that same data.
One may argue that us people don't need quite that much data to be on the web site to view in the first place, but I'm assuming at least someone argued that they do want to, and the companies thus did so.
What you are referring to is "security in layers"
Web server makes API requests to another server, that makes API requests to another server or database. The communications are completely restricted to nothing but that API, and the APIs are restricted to only be able to get at certain things.
But sadly that requires actually making those layers, and ideally each layer managed by a separate person or team, meaning hiring enough people to fill all those separate spots.
It also requires a management team that doesn't act like security in layers is "restricting them" or "an assault on their authority" and simply threatens everyone to allow everything so he or she won't be potentially inconvenienced in any way or perceive that someone is telling him no as an affront to his or her "I am a god!" mentality.
It can be done right if someone at the top demands it is done right and tells everyone below to fuck off and deal with it or they''re fired, including all lines of management.
It's just rare to find such companies structured that way with enough people that care about it to actually do the work needed.
No, it is not. Nobody was arrested or even talked to.
Re-read what I said then and try to comprehend analogy.
Because you are incorrect, my example explicitly involved one person being arrested.
Here was my example:
arresting your neighbor, you, and every other person that lives on your street and holding you in jail for days, simply because it takes that long to question your neighbor.
The very first three words involve an arrest in that example. So yes, in my example, someone was arrested and even talked to (that is what "question your neighbor" means, talking to them)
How is this different from police following every single and unsuspected citizen in an area?
It isn't different, both are not legal without a warrant, which was the entire point.
If I am not being detained as a suspect, or being placed under arrest, it is perfectly legal for me to go to a place the police would be trespassing to enter, and it would be a crime for them to follow.
Linking back to the example I made, not just my house for me, but everyone on the street that isn't the actual suspect are supposed to be free from surveillance in and on their own property.
Or, indeed, video-recording everything with security-cameras?
That example has an explicit exception to the wiretapping laws so that it isn't illegal anyways, for police or not-police the same.
There is currently no such blanket exception for wiretapping RF signals.
You can argue those laws make no technical sense all you want and will get no complaint from me, but at the end of the day those nonsensical laws are still the laws.
The simple fact of the matter is ALL of these laws can have a police officer excluded from them just by getting a warrant for the act.
If they would only bother to utilize it, none of these things would be illegal for the police to do.
The entire point of complaint is the police can't be bothered to follow the law they are at the same time claiming to be upholding.
And the court agrees that interpretation of the law is correct.
I don't know, how you define the term "pervasive surveillance". But I do know, that use of stingray to target a suspect's phone is no different from following a suspect on the street.
It is very different, so much so it's not even close enough to resemble the same thing.
This is like the police knowing for a fact a single person committed a crime (one human body on camera, covered head to toe in clothes) and they suspect that single person is your neighbor.
Using a stingray is akin to arresting your neighbor, you, and every other person that lives on your street and holding you in jail for days, simply because it takes that long to question your neighbor.
Stingrays do not and can not physically track a suspect. Stingrays track every single last innocent and unsuspected citizen in a 5 mile radius around them, minus the suspect that they hope is coincidentally in that same area.
What I want is for people to stop bending over when a company demands that you use DRM to view content. Users are real bootlickers when it comes to this.
OK, so what do you propose?
Not purchasing DRM content (aka voting with your wallet) is already the preferred option, yet clearly does nothing to stop the content providers from doing it.
Asking or even demanding change from the content providers has done nothing to change their minds, and realistically there isn't a single reason to expect otherwise.
You may argue this is due to the majority of people accepting DRM (you certainly imply that) however even that is suspect.
Getting most, let alone all, of any given group to decide on the same thing has always been somewhere between storybook fantasy level and impossible.
I would also argue quite a large number of companies in the position to decide yes or no on DRM would rather go out of business completely before giving up asserting control over what they mistakenly but certainly still feel is their property.
We already have the option of avoiding DRM and only purchasing content from creators that specifically choose to release it DRM free. This still doesn't have any effect on the remainder that do not.
I'm not calling into question your values here, but there is a difference between "bending over and accepting" something we are in fact not accepting, and the reality that DRM can be made to disappear completely.
Even if somehow the impossible could happen and you convince all or at least most people to reject DRM, the end result really does appear to be that those DRM protected works will disappear instead of exist without DRM.
You seem to be under the impression rejecting DRM would somehow result in those works being available without DRM. However if you are already avoiding DRM, then that situation would be the same result as now: those works will not be available to us.
If there was some potential solution in sight, I'd jump on it right there next to you, I'm just not seeing it.
You're actually telling me that when you're having sex or a wank in bed, you're fine with Amazon listening to that
Amazon doesn't listen to that, a fact which is easily verified by watching network traffic.
You watch network traffic while wanking?
Far be it from me to kink shame, but I don't even recall ever seeing rule 34 about that one. Job well done!
So that makes it sound like this guy was using a personal Yahoo Messenger account. So that kind of takes me in the other direction, in favor of the employee's right to privacy. As a general rule, I don't think that your company should have the right to access your personal email/IM accounts, even if you happen to access them on work devices.
It can be a very fine line, but as the steward of an employers data, networks, and security policy, IT staff are between a rock and a hard place here.
The company is legally responsible for vetting contractually and/or legally burdened data from leaving any internal compartmentalized or secured areas to outside networks such as the Internet.
There is really only two ways to do this.
A) Monitor the data egressing the network, or
B) Disallow any and all types of general network access that would permit this in the first place.
As a technology advocate myself, I would much prefer the option of simply treating all employees as trusted adults capable of such restrictions and care on their own.
However not only do the lesser technologically inclined not always have the knowledge or skills to do this even when it is their intent, but the fact is there does exist bad actors that for whatever reasoning are actively going to try and harm you for their gain.
For this reason it falls upon us to practically guarantee the protection of the companies data and information.
Personally I know I would absolutely hate and despise operating under work conditions where all of the company resources are locked down and restricted to the point of not being useful, such as a whitelist of vendors and customers for email and websites, or those simply blocked entirely.
On the other hand, I know if I went to my boss to present this as a problem needing a solution applied, and gave the two options above... He very likely wouldn't share my opinions on the moral downsides of option "B", and would very likely see it as the simplest, cheapest, and best option to solve the problem.
And while this wouldn't apply to my current boss, I have in the past worked for people who would immediately question why I am even presenting such a thing as a problem to them in the first place, since to them option "B" would be the glaringly obvious only answer, and "shame on me" for not recognizing that "fact".
In the end I very much worry laws like these will less protect an employees privacy and more simply force companies to block any and all such privileges in the first place, both to meet their other legal and contractual obligations as well as to head off any more removal of things they can or can't do with their own property.
Could you please clarify your point?
The first part of your sentence claims how ludicrous it would be implying it isn't easy/possible, while the second part of that same sentence details exactly how possible it is to do.
Are you claiming it isn't possible for a German company to put things on the moon via Russian rockets?
Or are you claiming it IS possible for a German company to put things on the moon via Russian rockets?
I mean, obviously you claimed both at the same time, but clearly only one can be true, right?