It is really annoying that you have to pay someone a recurring fee just to add a little security
You don't. Either get a free certificate, or add your own self-signed root certificate to the trusted store in all your devices and you won't get a warning again.
Certificates serve for more than encryption. They also serve for identification. This is precisely why self-signed certificates get a warning as it breaks one of the two fundamental points of security: 1. You know who you are talking to. 2. You know no one else is listening.
But in principle I agree, unencrypted information should be called out, but encrypted information should either meet the requirements or present an error message to the user.
It's Zuckerberg: he looks like a dick whatever he does.
True as that may be it doesn't mean he should flaunt it in front of the camera having every word and action carefully analysed.
If I were a dick I wouldn't go to a public hearing where everyone is against me either, I'd put on a hoddie and go be a dick in the local bar while claiming I am someone else.
Mark Zuckerberg and Facebook are disinformation. The more I read and hear about "social media" the more I agree with other that it's been more of a hindrance to society then anything.
Exactly, we need to shutdown platforms that are used by people to speak. That will fix the problem.
I'm no fan of Facebook but to attack Facebook specifically for the spread of disinformation is utterly ludicrous given that they do not create any content themselves. The solution to this problem is not censorship by closing down avenues of wide spread speech.
Now's your time. There's a lot of graphics cards on the second hand market. Heck the other day I found a listing from someone selling 20 used 1080s, though admittedly he wasn't entertaining unit sales.
I cannot imagine the need for an antivirus on Linux.
Linux's fundamental protection is that its users are for a large portion people who know what they are doing. An incredible amount (dare I say the vast majority) of malware is spread exclusively through the ignorance of users.
Get ignorant users on your system and you'll find the malware spreading just as fast as it does on windows. "sudo./britneyspearsnudes.jpg"
The answer is: because we continue to operate operating systems and software which are acutely vulnerable to malware - and because we refuse to learn from the lessons of past mistakes.
False. We continue to use operating systems that allow the user control even if it is not in their best interest and criminals exploit this behaviour. You can't make an OS that is not vulnerable to malware without also actively working against the requests of the user. This includes simple barriers including for example: "Sudo", a protection that is easily bypassed by an error message: "Warning to Install this software that you so desperately want you need to type sudo. You will be prompted for a password"
We still need antivirus because computers still allow the user to do what they want despite it not being in their best interest, and criminals continue to exploit this problem.
We will continue to need anti-virus until computers no longer allow users to do what they want, but rather only what is permitted.
I have never seen Windows Defender do diddly squat against those FB malware links
As a matter of personal interest I've clicked on those malware links. I've not been able to get past them on Chrome or Edge (Firefox not tested). Why rely on AV for this? It's like saying "There's a bear trap don't step in it", and getting the reply "It's okay, I have bandages with me. I highly recommend using these instead of just those crappy bandaid found in cheap first aid kits."
Thanks for proving my point. You just linked me to a whole series of lab experiements which require up front knowledge of the computer in question.
If someone is in a position to gain enough knowledge about your machine to use any of the examples you just linked to, to pardon my French, you're already properly fucked,... or your a cloud / VM provider which as I pointed out earlier are exactly the kind of people who are actively at risk here.
In terms of security risk for the 99.9% of people out there, this ranks lower than simply owning a modem or daring to connect to a public WiFi hotspot.
Frequently cited means nothing ultimately. Bitcoin and blockchain technology is frequently cited too, and ultimately it was a management discussion fad that went no where. While we frequently cite things it means nothing when ultimately business practices haven't changed.
Now that isn't universal. There has definitely been work in the cloud space, which makes perfect sense too since they actually have direct exposure to the issue as their business model relies on having people run their code on machines you own.
The Meltdown deniers are just angry nerds like you.
It's interesting you call us deniers. Unlike say climate deniers who actively ignore the science I have yet to see the Meltdown proponents (is that the opposite of a denier) actually demonstrate a problem.
I said it in another post: Meltdown, Spectre, and this entire speculative execution issue is among the most high profile series of bugs that are widely unpatched / unpatchable for a great deal of people. Yet actual working exploits outside of carefully controlled lab experiments, or balls out just prove I can copy some random bits which I can't identify as belonging to something have yet to be seen or developed... a full year later.
So yes, I guess I am a "denier". I probably will continue to be a "denier" since it's this is the most sensibile state to be in after risk assessing my exposure to these alegedly horrible security risks.
Sidenote: I bought a Ryzen recently, you may have seen me reference it in other posts. But fear not Speculative Execution didn't factor into the purchasing decision in the slightest.
How many of their performance and power advantages over the last several years have been substantially due to the of taking secure design shortcuts?
Probably none given the incredibly difficulty of doing anything useful with such an attack without already having unsupervised access to a computer. By none I mean they didn't take any shortcuts and instead put through what looks like a reasonable performance trade-off.
Or are you taking a shortcut right now reading this? I suggest if you're worried about Spec Execution attacks you start with the low hanging fruit and take an axe to your modem. You'd be insane to have a connection to the internet if you're worried about the security issues here. Or maybe you legitimately use your computer like this: http://screencrush.com/files/2...
...This wasn't the best way to improve performance.
Maybe given the incredibly low threat posed by side channel attacks given that they literally require letting someone not only run code on your computer but also have the opportunity to characterise that computer in attempt to learn how to actually achieve something with a speculative execution attack, maybe given all that it was a GREAT way to improve performance.
We are nearly 1 year in, and there have been no nefarious exploits utilising this despite the fact that for the most part you could consider perfectly patching these holes almost impossible. Remember that when you think of trade-offs.
Where is the sky? If you point a high gain antenna straight up your odds of hitting a satellite are greatly reduced. There's a reason that the best GPS antennas have a 180degree radiation pattern and a gain of 2.
But even if you did point it straight up and even if you did have an incredibly high gain (no antenna is perfect), you're still battling a 500W signal from 21000km away vs a nefarious actor who is likely standing much closer to you.
Before you understand how easy it is to jam a GPS signal you need to appreciate how amazing it is that it works at all given the absolute tiny signals that we are dealing with.
They work when they desensitize nearby receivers, but you have to to be close.
You definitely do NOT have to be close.
It's basically like having someone shout in your ear.
Exactly. It's like having someone shout in your ear... while you're sitting with the otolaryngologist attempting to characterise your age related hearing loss. GPS signals when they reach the surface are in the order of -130dBm The fact that they work at all is a borderline miracle and they drop out constantly by the most trivial and innocent of interference to say nothing of someone actively attempting to block the L1 band.
Once you start getting farther away, all you did is raise the noise floor a tiny amount.
Define further away. Any half way knowledgeable person can produce 500W of noise to interfere with these signals. Now IF these people were at line of sight 21000km away then they already generate just as much noise as as the signal itself. It's unlikely that they would be working from this distance for obvious reasons.
What we do is design coding schemes that actually let us recover a signal that's below the noise floor (which is basically what GPS uses). Through the magic of a correlation receiver you can recover signals buried deep within noise.
There's nothing magic about it. But here's the kicker, that thing you call magic is required just to make the base case work. There most definitely is no assumption that you'll be battling with another transmitter in the L1 band accidental or nefarious. It's why the band is so heavily protected in the first place.
The other kind of GPS jammer actually transmits incorrect GPS signals.
While everything you've said up until this point is wrong, this here is actually the most likely scenario. Transmitting incorrect signals. Incidentally that doesn't make the GP's comment any less relevant. Transmitting incorrect GPS signals is comically trivial. Like download some open source code, run a command and feed the resulting signal from your cheap $40 SDR through an easily built (or bought) amplifier kind of trivial. Heck there were people doing just this during the rise of Pokemon Go just so they don't have to leave the house while they play.
Of course they are. They just aren't verified as belonging to the account they claim they are. If you change your twitter handle you don't lose the verified mark.
Reverse engineer a 30 year old game designed for a system that no longer exists? I'm sure if Nintendo wanted to waste money they could just throw cash into the boiler in their basement. But really let's get a grip. It's not like they couldn't just dump the ROMs like any other person did.
The message that Nintendo is sending fans seems clear. Don't use, buy, play or in any other way invest your time or money in Nintendo
Actually the message they are sending is that they don't abandon their IP and you can get these old ROMs legitimately designed to run on your current hardware for pennies on their online store.
I get upset at a lot of anti-piracy bullshit, but at least Nintendo actively do something with their IP.
Copyrights are now hijacking cultural history. If you're not actively selling the material to for some reasonable period (10 years) then the copyright should go to the public domain.
I would agree with you if I didn't just buy a whole lot of original 30 year old games from Nintendo's store to play on the Switch.
Next time people criticise using cloud services as just putting data on "Someone Else's Computer" It's always worth while reflecting on the way many people out their would manage their own computer and their own data.
I think you'll find that this particular idiot is in company with a large portion of computer users out there.
will the CEO volunteer to go jail / prison if the car kills someone
Why would they? More importantly why would you think the CEO ultimately ends up having any liability when there's a death of someone, and EULAs are completely irrelevant to the point I'm trying to make.
Interesting given who it was that started with the name calling. I think everyone has learnt a bit about you today. Your other post just now was equally retarded.
Slashdot Mirror
It is really annoying that you have to pay someone a recurring fee just to add a little security
You don't. Either get a free certificate, or add your own self-signed root certificate to the trusted store in all your devices and you won't get a warning again.
Certificates serve for more than encryption. They also serve for identification. This is precisely why self-signed certificates get a warning as it breaks one of the two fundamental points of security:
1. You know who you are talking to.
2. You know no one else is listening.
But in principle I agree, unencrypted information should be called out, but encrypted information should either meet the requirements or present an error message to the user.
It's Zuckerberg: he looks like a dick whatever he does.
True as that may be it doesn't mean he should flaunt it in front of the camera having every word and action carefully analysed.
If I were a dick I wouldn't go to a public hearing where everyone is against me either, I'd put on a hoddie and go be a dick in the local bar while claiming I am someone else.
Mark Zuckerberg and Facebook are disinformation. The more I read and hear about "social media" the more I agree with other that it's been more of a hindrance to society then anything.
Exactly, we need to shutdown platforms that are used by people to speak. That will fix the problem.
I'm no fan of Facebook but to attack Facebook specifically for the spread of disinformation is utterly ludicrous given that they do not create any content themselves. The solution to this problem is not censorship by closing down avenues of wide spread speech.
Now's your time. There's a lot of graphics cards on the second hand market. Heck the other day I found a listing from someone selling 20 used 1080s, though admittedly he wasn't entertaining unit sales.
I cannot imagine the need for an antivirus on Linux.
Linux's fundamental protection is that its users are for a large portion people who know what they are doing. An incredible amount (dare I say the vast majority) of malware is spread exclusively through the ignorance of users.
Get ignorant users on your system and you'll find the malware spreading just as fast as it does on windows. "sudo ./britneyspearsnudes.jpg"
The answer is: because we continue to operate operating systems and software which are acutely vulnerable to malware - and because we refuse to learn from the lessons of past mistakes.
False. We continue to use operating systems that allow the user control even if it is not in their best interest and criminals exploit this behaviour. You can't make an OS that is not vulnerable to malware without also actively working against the requests of the user. This includes simple barriers including for example: "Sudo", a protection that is easily bypassed by an error message: "Warning to Install this software that you so desperately want you need to type sudo. You will be prompted for a password"
Nope missing the point:
We still need antivirus because computers still allow the user to do what they want despite it not being in their best interest, and criminals continue to exploit this problem.
We will continue to need anti-virus until computers no longer allow users to do what they want, but rather only what is permitted.
My own work computer gets this lovely notification every so often:
"Outlook has crashed due to a problem with the following plugins: "Mcafee emailscan" Do you wish to load Outlook with this plugin disabled?"
I have never seen Windows Defender do diddly squat against those FB malware links
As a matter of personal interest I've clicked on those malware links. I've not been able to get past them on Chrome or Edge (Firefox not tested). Why rely on AV for this? It's like saying "There's a bear trap don't step in it", and getting the reply "It's okay, I have bandages with me. I highly recommend using these instead of just those crappy bandaid found in cheap first aid kits."
If the model is wrong
Then why not say something along with citations to back your statment than to simply cloud the issue?
You say you don't care for the politics yet you're speaking about the issue with all the finesse of a well trained politician.
It would be a bit embarrasing for your C-suite to flaunt devices manufacturerd by some of your biggest critics.
Thanks for proving my point. You just linked me to a whole series of lab experiements which require up front knowledge of the computer in question.
If someone is in a position to gain enough knowledge about your machine to use any of the examples you just linked to, to pardon my French, you're already properly fucked, ... or your a cloud / VM provider which as I pointed out earlier are exactly the kind of people who are actively at risk here.
In terms of security risk for the 99.9% of people out there, this ranks lower than simply owning a modem or daring to connect to a public WiFi hotspot.
Hahahah now that is a very interesting perspective I've never considered :-)
Frequently cited means nothing ultimately. Bitcoin and blockchain technology is frequently cited too, and ultimately it was a management discussion fad that went no where. While we frequently cite things it means nothing when ultimately business practices haven't changed.
Now that isn't universal. There has definitely been work in the cloud space, which makes perfect sense too since they actually have direct exposure to the issue as their business model relies on having people run their code on machines you own.
The Meltdown deniers are just angry nerds like you.
It's interesting you call us deniers. Unlike say climate deniers who actively ignore the science I have yet to see the Meltdown proponents (is that the opposite of a denier) actually demonstrate a problem.
I said it in another post: Meltdown, Spectre, and this entire speculative execution issue is among the most high profile series of bugs that are widely unpatched / unpatchable for a great deal of people. Yet actual working exploits outside of carefully controlled lab experiments, or balls out just prove I can copy some random bits which I can't identify as belonging to something have yet to be seen or developed... a full year later.
So yes, I guess I am a "denier". I probably will continue to be a "denier" since it's this is the most sensibile state to be in after risk assessing my exposure to these alegedly horrible security risks.
Sidenote: I bought a Ryzen recently, you may have seen me reference it in other posts. But fear not Speculative Execution didn't factor into the purchasing decision in the slightest.
How many of their performance and power advantages over the last several years have been substantially due to the of taking secure design shortcuts?
Probably none given the incredibly difficulty of doing anything useful with such an attack without already having unsupervised access to a computer. By none I mean they didn't take any shortcuts and instead put through what looks like a reasonable performance trade-off.
Or are you taking a shortcut right now reading this? I suggest if you're worried about Spec Execution attacks you start with the low hanging fruit and take an axe to your modem. You'd be insane to have a connection to the internet if you're worried about the security issues here. Or maybe you legitimately use your computer like this: http://screencrush.com/files/2...
...This wasn't the best way to improve performance.
Maybe given the incredibly low threat posed by side channel attacks given that they literally require letting someone not only run code on your computer but also have the opportunity to characterise that computer in attempt to learn how to actually achieve something with a speculative execution attack, maybe given all that it was a GREAT way to improve performance.
We are nearly 1 year in, and there have been no nefarious exploits utilising this despite the fact that for the most part you could consider perfectly patching these holes almost impossible. Remember that when you think of trade-offs.
Where is the sky? If you point a high gain antenna straight up your odds of hitting a satellite are greatly reduced. There's a reason that the best GPS antennas have a 180degree radiation pattern and a gain of 2.
But even if you did point it straight up and even if you did have an incredibly high gain (no antenna is perfect), you're still battling a 500W signal from 21000km away vs a nefarious actor who is likely standing much closer to you.
Before you understand how easy it is to jam a GPS signal you need to appreciate how amazing it is that it works at all given the absolute tiny signals that we are dealing with.
They work when they desensitize nearby receivers, but you have to to be close.
You definitely do NOT have to be close.
It's basically like having someone shout in your ear.
Exactly. It's like having someone shout in your ear ... while you're sitting with the otolaryngologist attempting to characterise your age related hearing loss. GPS signals when they reach the surface are in the order of -130dBm The fact that they work at all is a borderline miracle and they drop out constantly by the most trivial and innocent of interference to say nothing of someone actively attempting to block the L1 band.
Once you start getting farther away, all you did is raise the noise floor a tiny amount.
Define further away. Any half way knowledgeable person can produce 500W of noise to interfere with these signals. Now IF these people were at line of sight 21000km away then they already generate just as much noise as as the signal itself. It's unlikely that they would be working from this distance for obvious reasons.
What we do is design coding schemes that actually let us recover a signal that's below the noise floor (which is basically what GPS uses). Through the magic of a correlation receiver you can recover signals buried deep within noise.
There's nothing magic about it. But here's the kicker, that thing you call magic is required just to make the base case work. There most definitely is no assumption that you'll be battling with another transmitter in the L1 band accidental or nefarious. It's why the band is so heavily protected in the first place.
The other kind of GPS jammer actually transmits incorrect GPS signals.
While everything you've said up until this point is wrong, this here is actually the most likely scenario. Transmitting incorrect signals. Incidentally that doesn't make the GP's comment any less relevant. Transmitting incorrect GPS signals is comically trivial. Like download some open source code, run a command and feed the resulting signal from your cheap $40 SDR through an easily built (or bought) amplifier kind of trivial. Heck there were people doing just this during the rise of Pokemon Go just so they don't have to leave the house while they play.
Of course they are. They just aren't verified as belonging to the account they claim they are. If you change your twitter handle you don't lose the verified mark.
reverse engineer
Reverse engineer a 30 year old game designed for a system that no longer exists? I'm sure if Nintendo wanted to waste money they could just throw cash into the boiler in their basement. But really let's get a grip. It's not like they couldn't just dump the ROMs like any other person did.
The message that Nintendo is sending fans seems clear. Don't use, buy, play or in any other way invest your time or money in Nintendo
Actually the message they are sending is that they don't abandon their IP and you can get these old ROMs legitimately designed to run on your current hardware for pennies on their online store.
I get upset at a lot of anti-piracy bullshit, but at least Nintendo actively do something with their IP.
Copyrights are now hijacking cultural history. If you're not actively selling the material to for some reasonable period (10 years) then the copyright should go to the public domain.
I would agree with you if I didn't just buy a whole lot of original 30 year old games from Nintendo's store to play on the Switch.
Next time people criticise using cloud services as just putting data on "Someone Else's Computer" It's always worth while reflecting on the way many people out their would manage their own computer and their own data.
I think you'll find that this particular idiot is in company with a large portion of computer users out there.
will the CEO volunteer to go jail / prison if the car kills someone
Why would they? More importantly why would you think the CEO ultimately ends up having any liability when there's a death of someone, and EULAs are completely irrelevant to the point I'm trying to make.
Interesting given who it was that started with the name calling. I think everyone has learnt a bit about you today. Your other post just now was equally retarded.