It detects weaker events all the time. They can detect the gardeners mowing the lawn outside. But the gardeners aren't interesting to astronomers, black holes are.
And why isn't it detecting waves on a daily basis? The universe is supposed to contain billions of black holes.
I went to a talk by one of the LIGO scientists where pretty much this questions was asked.
It's a simple answer. Two black holes colliding is fantastically rare, but very the universe is fantastically big, so it happens a hell of a lot if it happens at all. The LIGO experiment is limited by noise and can 'see' out to some distance. So all the events happening within the sphere of that radius get detected. The rate of detection is a function of the radius of detection. The rate of detection tells us something about the actual density of black holes in the local part of the universe.
The nice thing is as they increase the sensitivity, the volume goes up as a the third power of the radius, so the rate of detection should go up by the same amount. The rate of detection at the increased ranges tell you lots of things about the uniformity of distribution and the tightens the statistics on the detection rate. If they improve the sensitivity by a few db, they might well be detecting on a daily basis. Before the upgrade they were getting nothing. After the upgrade they have got 2 in a year.
I think they should build a couple more of these things around the globe and so get a higher resolution of direction determination. If you have a few billion, you should fund that.
I've used a 6 minute interval timer for a a few years along with magic dots (see the book Elementary Data Analysis for details) to improve my ability to focus on a task for a long time. It isn't mindfulness, it's psychology - quasi-reinforcement - understanding how the human brain responds to stimulus. The idea came from a psychology professor doing real research in this area. http://blog.sethroberts.net/20...
Yes mindfulness is sprititual terminology loaded on top of run-of-the-mill mental tricks to stay focused and complete tasks.
The breath app sounds like an interval timer to me. I used to use the Orztek timer, which turned into the Hourglass app that's currently available. Doing it on a watch doesn't make it new or original. I really want it running on the machine into which my headphones are plugged in, so I hear the beep and take a second to do the interval task that has been shown to cause the quasi-reinforcement effect to happen.
Reading TFA on the indianna contractor who sued the basis of his suit is that 1) Uber requires him to bring and maintain his own tools 2) expects him to work a certain number of contracted hours.
As far as I know that's exactly the dividing line between contractor and employee. According to the IRS If you hire a maid, then it's an employee if the employer supplies the tools and otherwise its could be claimed to be a contractor.
Now the part about Tips is intriguing. I wonder why drivers don't tell their passengers that. Thus I'm skeptical.
The Uber app doesn't handle tips (or it didn't when I last used Uber). The Lyft app does handle tips. This is why I use the Lyft app. Most of the drivers I've encountered when using Uber and Lyft seem happy to be able to earn money driving because it's a side-job, not their primary job and the barriers to entry are low, and they can choose the hours that they do the work so they can fit it into their schedule.
You are talking about what might be, rather than what is.
The point is that it doesn't have to be this way. Accounting departments have been using key generators since the 90s for dealing with banking. This tech is available now we just need to force it down end user's throat. The first step is to introduce it as OPTIONAL and move towards MANDATORY as the users opting in increases. This will reduce the learning curve since the initial users will help those newly introduced to the new method.
But they are not being deployed and will not because there are strong forces of industry, government and laziness preventing that happen
You nailed it.
In the meantime, a password manager is an effective tool.
And as long as that's the means, only a small percentage of users will comply with "the correct way to secure yourself".
This is the way the world is. It's not good. The results are apparent.
Maybe we can go to the IETF and get the browser vendors to uniformly adopt an auth scheme with cipher elimination, ZK, blinding and support for cards and biometrics to replace passwords? Oh wait, that's already been tried time and again and nothing has happened. It's been long enough that it looks more deliberate than mere organizational inefficiency.
You are talking about what might be, rather than what is. Most web sites don't support federated logins or biometrics or anything other than a password that they may or may not handle well.
I dislike passwords as much as anyone else and I'm aware of better solutions that lead to vendors making god security choices by default. But they are not being deployed and will not because there are strong forces of industry, government and laziness preventing that happen.
In the meantime, a password manager is an effective tool.
I keep track of over 200 passwords, using a password manager. Why aren't you?
And when that password manager's security flaw gets hacked, bad actors now have access to all 200 passwords.
The would need to get the encrypted password file to do that. The password manager isn't and online service. It's a locally running program. This vastly reduced the attack surface or the password manager. I don't use online password managers, because the risks of flaws being exploited are much greater.
>I keep track of over 200 passwords, using a password manager. Why aren't you?
So you effectively share one password between all sites? Or do you use another method to secure your password manager?
Each site has a different password that is very long. The password manager requires some credentials to open up. Then the password can be copied and pasted. No typing required, which prevents keyloggers from grabbing passwords being typed.
One reasonably well protected point of failure, vs 200 horribly poorly defended points of failure where the failure of one compromises the others. The password manager makes is feasible to have every password be different and strong. This addresses the common case.
If you want to better defend your password manager, try 2FA or a yellow sticky note under your eyelid.
And don't forget that they can no longer raise the prices of stamps....the guys that saddled the Post Office with that giant instant Pension Obligation also made it so they couldn't raise their prices to cover extra cost at the same time. Almost as if they wanted to insure they would fail. I'm sure the UPS / Fedex lobbyists loved it...
Of course they did. The wrote the text of the legislation.
It isn't sad, it's unfortunate that we have to avoid reusing of passwords.
I just finished moving all my accounts from one email to another. That was 53 different accounts I had to manage. Can you imagine keeping track of 53 different passwords. I have 4-5 passwords I use. One for my banking, one that I don't care if they take my account, one for entities I trust, one for entities I trust less.
If we could trust all entities to secure their shit then we could all use one password but we all know it's impossible to secure everything so this strategy will have to hold for now;.
I keep track of over 200 passwords, using a password manager. Why aren't you?
For all your passwords, use a password manager. Have the manager make 20+ character passwords. Make them different for each site.
The basic requirements are (1) Runs on your phone, PC and Mac. (2) Can use a shared password file on a network drive like dropbox or Google Drive. and (3) isn't a pain to use.
I get by with Keeppass2. It has clients that support the file format on all the platforms (E.G. I use KylePass on MacOS).
We're talking about firmware that exists on the computer independent of any operating system. That firmware is needed to boot OS install media. You need to be able to update it without an OS present.
So you think its a good thing if the firmware connects to random places in the network, trying to install software? No thanks.
That's clearly not what I said. I was questioning the absence of addressing the relevant issue of updating in the absence of an OS. I would expect some kind of signing so that the code it fetches from wherever it is pointed to either by the user or self configuration or malicious activity can be validated and the user told that status and the user given policy control over what to do about it. The user might be writing their own code and know it isn't signed by the board vendor, but most users want to know that they're getting the right image from the board and not something else.
and skip fake webviews for crappy ad networks? no way
He can have it both ways though, that's my point. Make just the download page https, but put a page in front of it so he can keep serving his ads. I get the ads, it's not like the people who are using the software are paying for it and god forbid they donate to help the continued development. But there are technical solutions to this and the fact that he hasn't figured that out concerns me, especially since this is a security product he's making.
Web security is a completely different problem space, set of programming languages, attack models, crypto algorithm options and collection of douchebags to deal with than writing a password application. I don't blame him for avoiding the utter crock of crap that passes for working in web security. I certainly avoid it. It's like the people in charge of the specs don't want helping and there are plenty of security problems where you can do good work without being undermined by CAs, prima donnas at the IETF, the government and device manufacturers.
Exactly, but why should each hardware vendor have to write their own firmware updater program? The OS should take care of this, I don't want to have an extra program running just for the firmware updates.
What OS? We're talking about firmware that exists on the computer independent of any operating system. That firmware is needed to boot OS install media. You need to be able to update it without an OS present.
If would be reasonable to point a finger at say UEFI and say "Standardize a secure firmware replacement protocol and provide a reference implementation". But while OS vendors could be part of the recipe, the recipe needs to work without them.
These "attacks" are always on carefully selected hardware running custom software. There is no way on a real system this would work.
Yes. However these attacks show an attack works in principle and helps you understand what the bounds of the problem are and how to defend against it. The end result is that real products get made with all sort of mitigations against impractical attacks that might become practical given enough time or money.
Actually, the UK is a theocratic feudal dictatorship that allows a secular Parliament to run the government. The Queen has the right to veto laws and dissolve Parliament. It's really strange but, seems to work for them.
But if she did, the British would finish the job Cromwell started faster than she could bolt up the tower's stairs. The queen is the source of authority but she doesn't get to exercise it.
Slashdot Mirror
>remember that the strength of waves decays according to the square of our distance from them.
But the detector's detection rates increase with the cube of the sensitivity distance of the detector. That's why it works.
It detects weaker events all the time. They can detect the gardeners mowing the lawn outside. But the gardeners aren't interesting to astronomers, black holes are.
And why isn't it detecting waves on a daily basis? The universe is supposed to contain billions of black holes.
I went to a talk by one of the LIGO scientists where pretty much this questions was asked.
It's a simple answer. Two black holes colliding is fantastically rare, but very the universe is fantastically big, so it happens a hell of a lot if it happens at all.
The LIGO experiment is limited by noise and can 'see' out to some distance. So all the events happening within the sphere of that radius get detected. The rate of detection is a function of the radius of detection. The rate of detection tells us something about the actual density of black holes in the local part of the universe.
The nice thing is as they increase the sensitivity, the volume goes up as a the third power of the radius, so the rate of detection should go up by the same amount. The rate of detection at the increased ranges tell you lots of things about the uniformity of distribution and the tightens the statistics on the detection rate. If they improve the sensitivity by a few db, they might well be detecting on a daily basis. Before the upgrade they were getting nothing. After the upgrade they have got 2 in a year.
I think they should build a couple more of these things around the globe and so get a higher resolution of direction determination. If you have a few billion, you should fund that.
I've used a 6 minute interval timer for a a few years along with magic dots (see the book Elementary Data Analysis for details) to improve my ability to focus on a task for a long time. It isn't mindfulness, it's psychology - quasi-reinforcement - understanding how the human brain responds to stimulus. The idea came from a psychology professor doing real research in this area. http://blog.sethroberts.net/20...
Yes mindfulness is sprititual terminology loaded on top of run-of-the-mill mental tricks to stay focused and complete tasks.
The breath app sounds like an interval timer to me. I used to use the Orztek timer, which turned into the Hourglass app that's currently available. Doing it on a watch doesn't make it new or original. I really want it running on the machine into which my headphones are plugged in, so I hear the beep and take a second to do the interval task that has been shown to cause the quasi-reinforcement effect to happen.
He would need a bunch more votes to get a shot at being president. He didn't, so he won't be president.
Reading TFA on the indianna contractor who sued the basis of his suit is that
1) Uber requires him to bring and maintain his own tools
2) expects him to work a certain number of contracted hours.
As far as I know that's exactly the dividing line between contractor and employee. According to the IRS If you hire a maid, then it's an employee if the employer supplies the tools and otherwise its could be claimed to be a contractor.
Now the part about Tips is intriguing. I wonder why drivers don't tell their passengers that. Thus I'm skeptical.
The Uber app doesn't handle tips (or it didn't when I last used Uber). The Lyft app does handle tips. This is why I use the Lyft app. Most of the drivers I've encountered when using Uber and Lyft seem happy to be able to earn money driving because it's a side-job, not their primary job and the barriers to entry are low, and they can choose the hours that they do the work so they can fit it into their schedule.
More RAM less battery life
Not with effective power management. Unused RAM can be powered down.
I don't think you have fully grasped the meaning of "the heading of the article".
Hint: The heading is the big text at the top. Not the unrelated link at the bottom.
You are talking about what might be, rather than what is.
The point is that it doesn't have to be this way. Accounting departments have been using key generators since the 90s for dealing with banking. This tech is available now we just need to force it down end user's throat. The first step is to introduce it as OPTIONAL and move towards MANDATORY as the users opting in increases. This will reduce the learning curve since the initial users will help those newly introduced to the new method.
But they are not being deployed and will not because there are strong forces of industry, government and laziness preventing that happen
You nailed it.
In the meantime, a password manager is an effective tool.
And as long as that's the means, only a small percentage of users will comply with "the correct way to secure yourself".
This is the way the world is. It's not good. The results are apparent.
Maybe we can go to the IETF and get the browser vendors to uniformly adopt an auth scheme with cipher elimination, ZK, blinding and support for cards and biometrics to replace passwords? Oh wait, that's already been tried time and again and nothing has happened. It's been long enough that it looks more deliberate than mere organizational inefficiency.
You are talking about what might be, rather than what is. Most web sites don't support federated logins or biometrics or anything other than a password that they may or may not handle well.
I dislike passwords as much as anyone else and I'm aware of better solutions that lead to vendors making god security choices by default. But they are not being deployed and will not because there are strong forces of industry, government and laziness preventing that happen.
In the meantime, a password manager is an effective tool.
Yes Mr Epson FX-82.
I keep track of over 200 passwords, using a password manager. Why aren't you?
And when that password manager's security flaw gets hacked, bad actors now have access to all 200 passwords.
The would need to get the encrypted password file to do that. The password manager isn't and online service. It's a locally running program. This vastly reduced the attack surface or the password manager. I don't use online password managers, because the risks of flaws being exploited are much greater.
>I keep track of over 200 passwords, using a password manager. Why aren't you?
So you effectively share one password between all sites? Or do you use another method to secure your password manager?
Each site has a different password that is very long.
The password manager requires some credentials to open up.
Then the password can be copied and pasted. No typing required, which prevents keyloggers from grabbing passwords being typed.
Because ultimate point of failure. Next question.
One reasonably well protected point of failure, vs 200 horribly poorly defended points of failure where the failure of one compromises the others.
The password manager makes is feasible to have every password be different and strong. This addresses the common case.
If you want to better defend your password manager, try 2FA or a yellow sticky note under your eyelid.
And don't forget that they can no longer raise the prices of stamps....the guys that saddled the Post Office with that giant instant Pension Obligation also made it so they couldn't raise their prices to cover extra cost at the same time. Almost as if they wanted to insure they would fail. I'm sure the UPS / Fedex lobbyists loved it...
Of course they did. The wrote the text of the legislation.
To match the void in their soul.
Sad that theres so much password reuse
It isn't sad, it's unfortunate that we have to avoid reusing of passwords.
I just finished moving all my accounts from one email to another. That was 53 different accounts I had to manage. Can you imagine keeping track of 53 different passwords. I have 4-5 passwords I use. One for my banking, one that I don't care if they take my account, one for entities I trust, one for entities I trust less.
If we could trust all entities to secure their shit then we could all use one password but we all know it's impossible to secure everything so this strategy will have to hold for now;.
I keep track of over 200 passwords, using a password manager. Why aren't you?
Damn Sprites peeking and poking each other
Stop using BASIC!
Assign to and from unsigned char * like a proper programmer.
For all your passwords, use a password manager. Have the manager make 20+ character passwords. Make them different for each site.
The basic requirements are (1) Runs on your phone, PC and Mac. (2) Can use a shared password file on a network drive like dropbox or Google Drive. and (3) isn't a pain to use.
I get by with Keeppass2. It has clients that support the file format on all the platforms (E.G. I use KylePass on MacOS).
We're talking about firmware that exists on the computer independent of any operating system. That firmware is needed to boot OS install media. You need to be able to update it without an OS present.
So you think its a good thing if the firmware connects to random places in the network, trying to install software? No thanks.
That's clearly not what I said. I was questioning the absence of addressing the relevant issue of updating in the absence of an OS.
I would expect some kind of signing so that the code it fetches from wherever it is pointed to either by the user or self configuration or malicious activity can be validated and the user told that status and the user given policy control over what to do about it. The user might be writing their own code and know it isn't signed by the board vendor, but most users want to know that they're getting the right image from the board and not something else.
and skip fake webviews for crappy ad networks? no way
He can have it both ways though, that's my point. Make just the download page https, but put a page in front of it so he can keep serving his ads. I get the ads, it's not like the people who are using the software are paying for it and god forbid they donate to help the continued development. But there are technical solutions to this and the fact that he hasn't figured that out concerns me, especially since this is a security product he's making.
Web security is a completely different problem space, set of programming languages, attack models, crypto algorithm options and collection of douchebags to deal with than writing a password application. I don't blame him for avoiding the utter crock of crap that passes for working in web security. I certainly avoid it. It's like the people in charge of the specs don't want helping and there are plenty of security problems where you can do good work without being undermined by CAs, prima donnas at the IETF, the government and device manufacturers.
I use KeePass2 on my iPhone. It doesn't push ads. So why is this a problem?
Exactly, but why should each hardware vendor have to write their own firmware updater program? The OS should take care of this, I don't want to have an extra program running just for the firmware updates.
What OS?
We're talking about firmware that exists on the computer independent of any operating system. That firmware is needed to boot OS install media. You need to be able to update it without an OS present.
If would be reasonable to point a finger at say UEFI and say "Standardize a secure firmware replacement protocol and provide a reference implementation". But while OS vendors could be part of the recipe, the recipe needs to work without them.
These "attacks" are always on carefully selected hardware running custom software. There is no way on a real system this would work.
Yes. However these attacks show an attack works in principle and helps you understand what the bounds of the problem are and how to defend against it. The end result is that real products get made with all sort of mitigations against impractical attacks that might become practical given enough time or money.
Actually, the UK is a theocratic feudal dictatorship that allows a secular Parliament to run the government. The Queen has the right to veto laws and dissolve Parliament. It's really strange but, seems to work for them.
But if she did, the British would finish the job Cromwell started faster than she could bolt up the tower's stairs. The queen is the source of authority but she doesn't get to exercise it.
I call it 'A system of threats and balances".