>You seem to be following a stupidly absurd notion that such complex macro phenomena like himan society somehow could be self managed by simple rules.
Nope. Not at all. I don't think that and I didn't claim that. I was commenting on the phenomenon of people liking to make stupidly complex rules. I could also comment on the slashdotty phenomenon of people reading something to say something that was not written at all and then to make extremely offensive criticisms of the thing not written. That would be a different thread, but you brought it right to this one.
>Any scientist worth of salt and familiar with even much simpler biological systems will tell you how stupid you are, an illiterate libertarian imbecile
I know a few scientists and not one of them has ever called me a libertarian.
That's what you do when you see a problem. You curb it. Hell, people "invented rules" about privatizing the commons, and we got an agricultural revolution. People also "invented rules" about having to serve black people the same as white people in a restaurant. Rules can be forces for good.
I've spent a significant part of my career making rules. Good, clear, unambiguous, effective and enforceable rules are usually not trivial to create and deserve at lot of thought and review. This is slashdot, People fantasize about new rules for breakfast.
I am intrigued at how people think to solve a problem of low quality rentals or too high rents you should legislate on completely orthogonal things like the length of the rental. If you want rents to be lower, legislate exactly that. It's called rent control. If you want rental properties to be nicer, legislate that.
However I don't think those are good ideas at all. Resist the urge to make rules.
They cannot and did not make tweaks to the microcode. They took the coffee lake microcode blob from Intel and put it into the older gen board. So that board was presenting the right microcode for the CPU.
1W is roughly the energy imparted to you head from an apple falling on it from 1 meter above. So you 5W power draw is roughly the equivalent of 5 apples per second falling on your head from 1 meter above.
Emailing the keys to someone is an appropriate way to prove to them that the keys have been compromised.
The keys are compromised for sure so its not inappropriate, but a better method might have been to sign something with the keys as proof instead. Though either way the keys are just as bad off. Now why did digicert only suspend 23k keys instead of the full 50k as was initially reported? digicert is in essence saying they must send all 50k keys before they'll suspend them.
My crystal ball isn't working today. It seems like a really bad idea to be a CA and have people's private keys on file. It seems like a bad idea to be taking people's word for it when you're in a position of issuing revocations. Not my CA. The real CA I set up (in a former job role) held onto nothing but its own keys and the cert list. Certs are needlessly complicated, but you can and should make the process as simple as possible.
>Everything else just speaks to an irrational hatred of Java.
I've avoided it for 25+ years and I enjoy programming in higher and lower level languages. So my irrational hatred of Java seems be working for me.
More seriously, I wasn't being serious. The question was "Why was "Java" bad, exactly?". So I came up with all the reasons I could think of that people don't like Java. Then the mild autism spectrum crowd piled on in.
> I presume that Rust handles it well, but I've never really studied Rust.
I've studied Rust from the underpinnings up, in terms of its security properties, which are truly excellent if you care about the compiler doing what you tell it to do when you're implementing cryptographic software.
However last week I took it upon myself to study the language itself and things went downhill fast. Lots of unnecessary punctuation. Strange non intuitive syntax for mutable vs non mutable. Too much typing compared to other modern languages.
Rust is a great idea, but I do wish they had the programmer in mind when developing the syntax.
I'm not disputing that you can write cross platform code. I'm asserting that this rarely happens. I have several Java applications on my windows machine that are entirely windows specific. For example the hydra smart power supply software. Talks to USB, presents a UI. Yet it only runs on windows.
The others are not false. Your assertion is based on what?
>I'd be pretty sure a MacBook Air could manage four years.
My wife's did. The pro I'm typing on is a 2013 model and still going fine with no problems. It'll get replaced with some new iShiny when I start to feel the itch to upgrade.
When Jeremy Rowley, an executive vice president at DigiCert, asked for proof the certificates were compromised, the Trustico CEO emailed the private keys of 23,000 certificates
Those certificates are DEFINITELY compromised now.
TFA seems to imply that he emailed the private keys in order to prove that they were compromised. Which seems like an appropriate thing to do.
1) A system for remote code injection. 2) Lots of library code full of vulnerabilities. 3) Write once, run anywhere, except that bit never worked. 4) Another bloody OO language. 5) Useless for writing operating systems. 6) Exhibit #1 in things they teach in schools instead of teaching computer science. 7) Oracle
This is the case where I've done something Really Bad and they've recovered my phone from my dead body. And since I'm not a complete moron, it's unlikely that I'd use my phone while doing Evil anyway.
If they sneak in and lift my phone from the gym locker, all I have to worry about is stuff that they can put back as it was before I'm done on the treadmill.
Criminals will be criminals and they often aren't smart enough to leave the phone at home. However plenty of governments are evil and tech companies have insider attacks. So the need to protect information remains real.
Slashdot Mirror
Yep. Walls too.
"Shouldn't everyone have the blue tick (verified)."
No, I'm afraid of Lyme disease.
I came to make that joke.
Without daylight savings time we would get sunrise at 4:45 am in some places in June.
So get up earlier.
>You seem to be following a stupidly absurd notion that such complex macro phenomena like himan society somehow could be self managed by simple rules.
Nope. Not at all. I don't think that and I didn't claim that. I was commenting on the phenomenon of people liking to make stupidly complex rules. I could also comment on the slashdotty phenomenon of people reading something to say something that was not written at all and then to make extremely offensive criticisms of the thing not written. That would be a different thread, but you brought it right to this one.
>Any scientist worth of salt and familiar with even much simpler biological systems will tell you how stupid you are, an illiterate libertarian imbecile
I know a few scientists and not one of them has ever called me a libertarian.
>Rent control doesn't solve the problem because it actively discourages new development
I agree. I did state that I don't think it's a good idea. That's because it's not a good idea.
That's what you do when you see a problem. You curb it. Hell, people "invented rules" about privatizing the commons, and we got an agricultural revolution. People also "invented rules" about having to serve black people the same as white people in a restaurant. Rules can be forces for good.
I've spent a significant part of my career making rules. Good, clear, unambiguous, effective and enforceable rules are usually not trivial to create and deserve at lot of thought and review. This is slashdot, People fantasize about new rules for breakfast.
I am intrigued at how people think to solve a problem of low quality rentals or too high rents you should legislate on completely orthogonal things like the length of the rental. If you want rents to be lower, legislate exactly that. It's called rent control. If you want rental properties to be nicer, legislate that.
However I don't think those are good ideas at all. Resist the urge to make rules.
People love to invent rules for other people. The more complicated the better. If it's not working, make it more complicated, until it starts working.
The forum post gets it right.
They cannot and did not make tweaks to the microcode. They took the coffee lake microcode blob from Intel and put it into the older gen board. So that board was presenting the right microcode for the CPU.
1W is roughly the energy imparted to you head from an apple falling on it from 1 meter above.
So you 5W power draw is roughly the equivalent of 5 apples per second falling on your head from 1 meter above.
That would get old quickly.
Emailing the keys to someone is an appropriate way to prove to them that the keys have been compromised.
The keys are compromised for sure so its not inappropriate, but a better method might have been to sign something with the keys as proof instead. Though either way the keys are just as bad off. Now why did digicert only suspend 23k keys instead of the full 50k as was initially reported? digicert is in essence saying they must send all 50k keys before they'll suspend them.
My crystal ball isn't working today. It seems like a really bad idea to be a CA and have people's private keys on file. It seems like a bad idea to be taking people's word for it when you're in a position of issuing revocations. Not my CA. The real CA I set up (in a former job role) held onto nothing but its own keys and the cert list. Certs are needlessly complicated, but you can and should make the process as simple as possible.
>Everything else just speaks to an irrational hatred of Java.
I've avoided it for 25+ years and I enjoy programming in higher and lower level languages. So my irrational hatred of Java seems be working for me.
More seriously, I wasn't being serious. The question was "Why was "Java" bad, exactly?". So I came up with all the reasons I could think of that people don't like Java. Then the mild autism spectrum crowd piled on in.
Yes. I learned Pascal on an Apple ][+ with UCSD Pascal.
> I presume that Rust handles it well, but I've never really studied Rust.
I've studied Rust from the underpinnings up, in terms of its security properties, which are truly excellent if you care about the compiler doing what you tell it to do when you're implementing cryptographic software.
However last week I took it upon myself to study the language itself and things went downhill fast. Lots of unnecessary punctuation. Strange non intuitive syntax for mutable vs non mutable. Too much typing compared to other modern languages.
Rust is a great idea, but I do wish they had the programmer in mind when developing the syntax.
Sweet16 on the Apple ][ was pretty early on. Not exactly a VM, but an interpreted machine model, so close.
>I never had any cross platform problem.
I'm not disputing that you can write cross platform code. I'm asserting that this rarely happens. I have several Java applications on my windows machine that are entirely windows specific. For example the hydra smart power supply software. Talks to USB, presents a UI. Yet it only runs on windows.
The others are not false. Your assertion is based on what?
>I'd be pretty sure a MacBook Air could manage four years.
My wife's did. The pro I'm typing on is a 2013 model and still going fine with no problems. It'll get replaced with some new iShiny when I start to feel the itch to upgrade.
None of those things is relevant to the question of why is it bad.
>No... it is NOT appropriate for a CA or a reseller of a CA to retain customers' private keys in the first place
Well that's not what I said, is it?
Emailing the keys to someone is an appropriate way to prove to them that the keys have been compromised. Now go and be contrarian somewhere else.
When Jeremy Rowley, an executive vice president at DigiCert, asked for proof the certificates were compromised, the Trustico CEO emailed the private keys of 23,000 certificates
Those certificates are DEFINITELY compromised now.
TFA seems to imply that he emailed the private keys in order to prove that they were compromised. Which seems like an appropriate thing to do.
Why was "Java" bad, exactly?
1) A system for remote code injection.
2) Lots of library code full of vulnerabilities.
3) Write once, run anywhere, except that bit never worked.
4) Another bloody OO language.
5) Useless for writing operating systems.
6) Exhibit #1 in things they teach in schools instead of teaching computer science.
7) Oracle
Why not Amazon?
> I am absolutely sure the solution involves some very clever electrical engineering at the very edge of the state of the art in IC design.
Yep. You're right on the ball there. that's what I meant by primitives. Circuits that raise the security bar beyond the government actor level.
lid-off attacks where the chip is disassembled
This is the case where I've done something Really Bad and they've recovered my phone from my dead body. And since I'm not a complete moron, it's unlikely that I'd use my phone while doing Evil anyway.
If they sneak in and lift my phone from the gym locker, all I have to worry about is stuff that they can put back as it was before I'm done on the treadmill.
Criminals will be criminals and they often aren't smart enough to leave the phone at home. However plenty of governments are evil and tech companies have insider attacks. So the need to protect information remains real.
You need to work with the assumption that that can happen and make it not matter.