While I hate mosquitoes, I would suggest caution. Mosquitoes are important in the food chain. If one species of mosquitoes are wiped out, would other insects fill the void? We need to think carefully about the ramifications of this. Of course, reducing the damage and death caused by malaria would be highly beneficial.
We obliterate species casually and without much thought all the time for no better reason than we want to clear some forest for lumber, or drain a swamp for a new mall, or demolish a mountain for some minerals. In this instance we'd be doing it deliberately to a few species in a genus that has thousands of members and which is not crucial to any food chain as far as we can discern, and we'd be saving millions of human lives by doing so.
The parent was not in any way arguing in favor of Putin, and no one is denying he is an authoritarian despot. The argument they were making is that US meddling in Russian internal politics and their post-communist economy created the conditions that enabled his rise to power. And now that the situation is reversed with economic disruption causing widespread angst here, Putin is turning the tables on us and nudging our political system to empower an authoritarian despot of our own.
Fortunately our despot is not nearly as competent as Putin, and he (hopefully) will not be able to hang onto power.
If that's possible, then they've designed a bad keyless entry system. The security should be contingent on a secret held in the key dongle, not the process to pair it.
In all seriousness, though, why should we trust Yubikey, Google, or any security key that doesn't publicly post its design and firmware for independent external audit? FST-01 or bust.
The USB flavor of the Yubi key is FIPS-140 certified, so it has been independently audited, albeit not in a public manner.
While by no means an expert, I have done a little bit of work with folks doing research with tCDS as a learning/awareness enhancement technique so I'd just like to like to correct some misconceptions I see being thrown around here. All the following should also be taken with the caveat that I personally find applying any kind of psychoactive therapy to an unwilling subject or someone whose agency has been been restricted and is unable to freely give consent (e.g. prisoners) reprehensible.
tCDS is not ECT - tCDS uses a tiny DC current, typically a few hundred uA to 1mA, while ECT uses a much larger AC current in the 100s of mA range.
tCDS is not painful or traumatic. There are no convulsions or painful neurological stimulus. Depending on the stimulation site, there may be some visual distortion while the current is being applied.
The ability for tCDS to effect long-term change is not settled except insofar as it may increase plasticity. Certainly there are positive correlations with stimulation and behaviour change in the hours to days range, but once regular therapy is withdrawn the effects tend to fall off. i.e. you are unlikely to see any long term change in an unwilling subject who is not trying to learn a new skill or change an existing behaviour.
It is very difficult to control for placebo with this kind of stimulation as it is difficult to mimic the sensation of the stimulation without actually applying a current.
Which password manager do you recommend? 1Password doesn't work on my old iPad with iOS 9, so that one is ruled out. Besides, I'd rather pay for a password manager than use a free one because 'free' means: "We know exactly which websites you visit and will sell this data gladly to everybody we meet."
CodeBook is great. I've been using it since it was a Palm III app called STRIP (Secure Tool for Recalling Important Passwords. Their encryption layer is open source, and they support syncing across devices via Dropbox, Google Drive, or local WiFi. It supports TOTP 2FA and will generate Diceware/xkcd style passwords. They have clients for Windows, iOS, Android, and Mac. The desktop version also has an agent that will fill out web form fields for you.
It's not a slick as some other password managers, but it works for me. $10 per mobile platform and $20 per desktop platform you use it on.
Here's the iOS store page - says it still supports iOS 9.
Because trademark law offers no "fair use" provisions, which means that a company has to aggressively hunt down anybody who uses their trademarked characters or risk losing the trademarks altogether.
So offer to license the trademarks to the festival for $1.00 with some mild restrictions, such as not using the characters in adults-only media / performances. Companies like to hide behind trademark law like it forces them to be jerks, but the reality is it would cost them very little to turn an unsanctioned use of a trademark into a santioned one and win them a bunch of free positive PR.
Webassembly is binary bytecode. It's something different.
What you describe is indeed asm.js, but that's not Webassembly.
But doesn't Javascript just get JIT'd down to binary bytecode these days anyway? And if that's the case, why not deliver the bytecode directly instead of having to perform the JIT step locally? As long as they are running in the same sandbox and the inputs get validated, there shouldn't be any difference between bytecode that your browser produces locally from source code and bytecode you load directly from an external source.
Fortnite uses an Epic Games account to login. If you've EVER logged into a Sony's PS4 with this account and touched Fortnite on it, this account become permanently locked out of both Microsoft's XBox One and Nintendo's Switch. The issue is not about cross play even, people are accepting that it wont happen. The issue is the fact that the outside Epic account becomes locked because of a deal Sony forced upon Epic games.
I am gobsmacked that Epic would agree to this. It's their account management system after all and Fortnight is huge. I can understand not implementing cross-platform play with the PS4 at the behest of Sony, but I'm surprised Sony had the leverage to make Epic piss off so many of their customers like this.
The 5th amendment enumerates a right, but it is couched in the form of a restraint on the governemnt's power to compel testimony: "No person... shall be compelled in any criminal case to be a witness against himself".
In theory, anyone anywhere has the right not to answer a question posed by a member of the US government or their representative if responding might cause them to provide incriminating evidence. In practice, if you are in a foreign country, good luck exercising this right: the US will just have their local counterpart put the question to you and you may have no such right to silence under the local laws. Those statements given to a foreign official can now be used as evidence against you in a US court.
They probably have logs of when storms made landfall at various islands as well as ships' logs to give an overall track and timeline and from there extrapolate average velocity. Also ground-based radar goes back further than the 70s, I think, so there should be some fairly accurate data that predates consistent satellite coverage (at least when the storm was over/near land).
In addition, if you are only concerned with the storm around the time it makes landfall, then eyeballs are probably good enough. I'm sure local weather stations kept track of when the eye passed over them and how long it took to pass, which should give you the over-land velocity.
there are multiple things which are referred to as "the Libya model".
The model where a regime voluntarily surrenders it's nuclear weapons program and other WMDs and 5 years later we sponsor a coup where its leader winds up dead. Un is a ruthless dictator, but he is not "crazy". He's a rational actor. All he has to do is look at Libya and Iraq to conclude he'd have to be suicidal to trust the US.
Same here. Finished college in 2001 and kept the job I started as an intern in '97 through 2012. I only left because of a merger I didn't like the smell of. I've been at my current job doing roughly the same kind of work as the first one for five years. I suppose I could have a slightly higher salary if I jumped around more, but I don't know if I would be as happy.
I said "excellent". No company would let an employee like that go. There would be no point. The problem with you people is you think everyone is "excellent".
Sure they would. If the "excellent" employee is being payed what they are worth, the company might decide that 2 mediocre employees could do the same job cheaper. Or maybe even farm it out to a bunch of barely passable contractors in Bangalore.
Please, the school can do nothing to him. Worst thing they could do is expel him, BFD. He needs more than that, though 14 felonies is overkill. One felony charge in juvenile court would be fine, sealed when he turns 18. Of course this is just to get him to a plea bargain. If he has a competent lawyer this won't ruin his life.
So if in addition to illicit computer use, if he's guilty of the crime of being poor, then he's fucked.
Because when you are in the field you often can't connect to the customer's WIFI, or you can connect to their "guest" network, but it is so locked down and/or slow that you are better off using a WiFi cellular data puck.
Extremely common? Compared to what, USB floppy drives? I'd be willing to bet 98% of laptop owners who don't have a built in optical drive do not have an external one. And that's probably being conservative.
I need mine all the time when I need to bring data into areas where outside electronics (i.e. my laptop) aren't allowed, or I can bring in my laptop, but can't connect to the customer network.
I also burn discs when mailing data or software to contractors or customers. It's cheaper and more likely to pass muster with IT security on their end if I send them read-only media vs a thumb drive.
Does this mean we will finally be getting a browser JS API for talking to PKCS#11 devices so we can do something more interesting with them besides mutual TLS authentication? I'd love to be able to, for example, bind a web server session to a remote AD using a browser-supplied hardware token, but right now that is virtually impossible unless you've jumped through all the hoops necessary to get NTLM working.
So that isn't available in VBA already? What makes that more of a security hole in JS?
It's not a security hole in JS per se, and of course you can do exactly the same thing in VBA. But the statement was "This is Excel. I can write a JS program that will erase your hard drive if I am running it in a shell.", and you invited someone to post source backing that up, which I did.
The point, and I think we agree on this, is that no language, be it VB, JS, perl, or python, is inherently dangerous. It's all about the context in which they are run and the APIs they have access to. JS in the browser is relatively "safe" with respect to the host OS because we've had years of refining the browser sandbox model and APIs. However, JS in the browser can be tricky from both a privacy and a server application security perspective, which is why we have to guard against things like what information leaks out of browser APIs and cross-site request filtering.
I think it is likely that JS will just be have all the same COM bindings that JScript in WSH has available to it, in which case it will be just as dangerous to run untrusted JS macro code in Excel as it would be to run one written in VBA. If I am wrong and this feature will just implement JS as a limited functional language with very proscribed access to Excel numeric and cell data functions, then it could be quite safe.
Slashdot Mirror
While I hate mosquitoes, I would suggest caution. Mosquitoes are important in the food chain. If one species of mosquitoes are wiped out, would other insects fill the void? We need to think carefully about the ramifications of this. Of course, reducing the damage and death caused by malaria would be highly beneficial.
We obliterate species casually and without much thought all the time for no better reason than we want to clear some forest for lumber, or drain a swamp for a new mall, or demolish a mountain for some minerals. In this instance we'd be doing it deliberately to a few species in a genus that has thousands of members and which is not crucial to any food chain as far as we can discern, and we'd be saving millions of human lives by doing so.
Depending on your state that may be illegal, and if your vehicle is equipped with an airbag, potentially deadly.
The parent was not in any way arguing in favor of Putin, and no one is denying he is an authoritarian despot. The argument they were making is that US meddling in Russian internal politics and their post-communist economy created the conditions that enabled his rise to power. And now that the situation is reversed with economic disruption causing widespread angst here, Putin is turning the tables on us and nudging our political system to empower an authoritarian despot of our own.
Fortunately our despot is not nearly as competent as Putin, and he (hopefully) will not be able to hang onto power.
I think you would have to hold the vacuum until the fuel cools enough so it won't self-ignite as soon as you restore oxygen, so.... eh?
If that's possible, then they've designed a bad keyless entry system. The security should be contingent on a secret held in the key dongle, not the process to pair it.
In all seriousness, though, why should we trust Yubikey, Google, or any security key that doesn't publicly post its design and firmware for independent external audit? FST-01 or bust.
The USB flavor of the Yubi key is FIPS-140 certified, so it has been independently audited, albeit not in a public manner.
Do you not want any guarantees that your news is unaltered from the source?
Nobody is doing that. It's the source itself that is usually subverted.
Sorry, replace tCDS with tDCS above - I have dyslexia when I type that acronym for some reason.
While by no means an expert, I have done a little bit of work with folks doing research with tCDS as a learning/awareness enhancement technique so I'd just like to like to correct some misconceptions I see being thrown around here. All the following should also be taken with the caveat that I personally find applying any kind of psychoactive therapy to an unwilling subject or someone whose agency has been been restricted and is unable to freely give consent (e.g. prisoners) reprehensible.
Which password manager do you recommend? 1Password doesn't work on my old iPad with iOS 9, so that one is ruled out. Besides, I'd rather pay for a password manager than use a free one because 'free' means: "We know exactly which websites you visit and will sell this data gladly to everybody we meet."
CodeBook is great. I've been using it since it was a Palm III app called STRIP (Secure Tool for Recalling Important Passwords. Their encryption layer is open source, and they support syncing across devices via Dropbox, Google Drive, or local WiFi. It supports TOTP 2FA and will generate Diceware/xkcd style passwords. They have clients for Windows, iOS, Android, and Mac. The desktop version also has an agent that will fill out web form fields for you.
It's not a slick as some other password managers, but it works for me. $10 per mobile platform and $20 per desktop platform you use it on.
Here's the iOS store page - says it still supports iOS 9.
Because trademark law offers no "fair use" provisions, which means that a company has to aggressively hunt down anybody who uses their trademarked characters or risk losing the trademarks altogether.
So offer to license the trademarks to the festival for $1.00 with some mild restrictions, such as not using the characters in adults-only media / performances. Companies like to hide behind trademark law like it forces them to be jerks, but the reality is it would cost them very little to turn an unsanctioned use of a trademark into a santioned one and win them a bunch of free positive PR.
Webassembly is binary bytecode. It's something different.
What you describe is indeed asm.js, but that's not Webassembly.
But doesn't Javascript just get JIT'd down to binary bytecode these days anyway? And if that's the case, why not deliver the bytecode directly instead of having to perform the JIT step locally? As long as they are running in the same sandbox and the inputs get validated, there shouldn't be any difference between bytecode that your browser produces locally from source code and bytecode you load directly from an external source.
Not everyone is made for college.
Not everyone who's made for college is made for a standardized test.
Fortnite uses an Epic Games account to login. If you've EVER logged into a Sony's PS4 with this account and touched Fortnite on it, this account become permanently locked out of both Microsoft's XBox One and Nintendo's Switch. The issue is not about cross play even, people are accepting that it wont happen. The issue is the fact that the outside Epic account becomes locked because of a deal Sony forced upon Epic games.
I am gobsmacked that Epic would agree to this. It's their account management system after all and Fortnight is huge. I can understand not implementing cross-platform play with the PS4 at the behest of Sony, but I'm surprised Sony had the leverage to make Epic piss off so many of their customers like this.
The 5th amendment enumerates a right, but it is couched in the form of a restraint on the governemnt's power to compel testimony: "No person... shall be compelled in any criminal case to be a witness against himself".
In theory, anyone anywhere has the right not to answer a question posed by a member of the US government or their representative if responding might cause them to provide incriminating evidence. In practice, if you are in a foreign country, good luck exercising this right: the US will just have their local counterpart put the question to you and you may have no such right to silence under the local laws. Those statements given to a foreign official can now be used as evidence against you in a US court.
They probably have logs of when storms made landfall at various islands as well as ships' logs to give an overall track and timeline and from there extrapolate average velocity. Also ground-based radar goes back further than the 70s, I think, so there should be some fairly accurate data that predates consistent satellite coverage (at least when the storm was over/near land).
In addition, if you are only concerned with the storm around the time it makes landfall, then eyeballs are probably good enough. I'm sure local weather stations kept track of when the eye passed over them and how long it took to pass, which should give you the over-land velocity.
Which one?
there are multiple things which are referred to as "the Libya model".
The model where a regime voluntarily surrenders it's nuclear weapons program and other WMDs and 5 years later we sponsor a coup where its leader winds up dead. Un is a ruthless dictator, but he is not "crazy". He's a rational actor. All he has to do is look at Libya and Iraq to conclude he'd have to be suicidal to trust the US.
The question to ask, as both a taxpayer and an IT guy is this: What's the "penalty" for failing to make the October deadline?
You have to manage a network using McAfee HBSS.
You joke, but that is, in fact, the apporved DoD solution:
https://www.disa.mil/cybersecu...
Same here. Finished college in 2001 and kept the job I started as an intern in '97 through 2012. I only left because of a merger I didn't like the smell of. I've been at my current job doing roughly the same kind of work as the first one for five years. I suppose I could have a slightly higher salary if I jumped around more, but I don't know if I would be as happy.
I said "excellent". No company would let an employee like that go. There would be no point. The problem with you people is you think everyone is "excellent".
Sure they would. If the "excellent" employee is being payed what they are worth, the company might decide that 2 mediocre employees could do the same job cheaper. Or maybe even farm it out to a bunch of barely passable contractors in Bangalore.
Please, the school can do nothing to him. Worst thing they could do is expel him, BFD. He needs more than that, though 14 felonies is overkill. One felony charge in juvenile court would be fine, sealed when he turns 18. Of course this is just to get him to a plea bargain. If he has a competent lawyer this won't ruin his life.
So if in addition to illicit computer use, if he's guilty of the crime of being poor, then he's fucked.
Because when you are in the field you often can't connect to the customer's WIFI, or you can connect to their "guest" network, but it is so locked down and/or slow that you are better off using a WiFi cellular data puck.
Extremely common
Extremely common? Compared to what, USB floppy drives? I'd be willing to bet 98% of laptop owners who don't have a built in optical drive do not have an external one. And that's probably being conservative.
I need mine all the time when I need to bring data into areas where outside electronics (i.e. my laptop) aren't allowed, or I can bring in my laptop, but can't connect to the customer network.
I also burn discs when mailing data or software to contractors or customers. It's cheaper and more likely to pass muster with IT security on their end if I send them read-only media vs a thumb drive.
Does this mean we will finally be getting a browser JS API for talking to PKCS#11 devices so we can do something more interesting with them besides mutual TLS authentication? I'd love to be able to, for example, bind a web server session to a remote AD using a browser-supplied hardware token, but right now that is virtually impossible unless you've jumped through all the hoops necessary to get NTLM working.
So that isn't available in VBA already? What makes that more of a security hole in JS?
It's not a security hole in JS per se, and of course you can do exactly the same thing in VBA. But the statement was "This is Excel. I can write a JS program that will erase your hard drive if I am running it in a shell.", and you invited someone to post source backing that up, which I did.
The point, and I think we agree on this, is that no language, be it VB, JS, perl, or python, is inherently dangerous. It's all about the context in which they are run and the APIs they have access to. JS in the browser is relatively "safe" with respect to the host OS because we've had years of refining the browser sandbox model and APIs. However, JS in the browser can be tricky from both a privacy and a server application security perspective, which is why we have to guard against things like what information leaks out of browser APIs and cross-site request filtering.
I think it is likely that JS will just be have all the same COM bindings that JScript in WSH has available to it, in which case it will be just as dangerous to run untrusted JS macro code in Excel as it would be to run one written in VBA. If I am wrong and this feature will just implement JS as a limited functional language with very proscribed access to Excel numeric and cell data functions, then it could be quite safe.