It is my understanding that it is, indeed possible. For example, consider the DoD Orange Book security classifications for Operating Systems.
Indeed. Consider them carefully, and note the enormous constraints under which they had to be used to be considered secure. No network connections, and no unverified application software for starters.
If I can limit sufficiently exactly how a system can be used, I can make any system secure.
So what? He is exactly the kind of 'unqualified outsider' that is repeatedly told to shut the fuck up by 'real climate scientists'.
No one is telling him to shut up. If you point out real problems, real climate scientists are happy to listen. Which is exactly what happened in this case.
The important thing that we need to remember is that it is entirely possible to design and produce a technology stack that is not vulnerable to malware.
Is it, is it really? The fact that it has never, ever been done on any system of significant size or complexity argues strongly that you're wrong. Formal verification seems like the only path with real potential, but so far it is impossibly hard to do at scale.
And then there's the issue that even if you had a system with zero vulnerabilities, that still doesn't make AV unnecessary. One of the hardest problems is how to handle software that does not exploit any vulnerabilities and uses only legitimate, reasonable APIs, but uses them in ways that may harm the user. The Android security team (of which I'm a member) doesn't use the term "malware", because it's too narrow. Instead we use "Potentially-Harmful Apps" (PHA) to include apps that don't qualify as malware in the traditional sense, but yet may do harmful things.
Now, some of the abusive apps are able to be abusive only because of badly-designed Android APIs. For example, I don't think there's any reason even to have an API that allows apps to retrieve a user's whole contacts database. If an app legitimately needs contact information (say, to make a phone call), they should request a contact from a system API which presents the user with a picker to select the contact whose phone number they wish to provide, and only that number should be provided to the requesting app.
But there are other cases in which the APIs are completely reasonable and needed, but still allow harmful things to be done when misused in certain ways. I'm not sure it is possible to prevent PHAs of that form by anything done in the operating system. There's lots of academic research on data tagging and tainting and other approaches, but it's really not clear that they can work without creating a painfully-unusable system.
So I don't think it's possible to produce an operating system that is not vulnerable to malware. I'd love to be proven wrong, though, so by all means figure it out and publish about it! If you figure it out you'll get all sorts of academic rewards, and if you play it right you can easily make yourself stinking rich as well. Please do!
BTW, regarding the claim in the summary that third-party AV tools on Android make sense, I disagree. Third-party tools simply can't have the visibility into the system needed to be really good without rooting, and rooting your device opens it to a raft of exploits. On a rooted device it's possible to disable SELinux, which instantly demolishes much of the compartmentalization of the system. No longer are 5-10 step exploit chains needed, one is enough in most cases.
What does make sense is to enable the built-in AV tool, Verify Apps.
Oh, while I'm posting about Android security, I'd like to take a moment to gloat that -- yet again -- Google's phone is undefeated in Moble Pwn2own, despite having (along with iPhone) the largest offered prizes.
Art is seen, not made. That means that when "true art" "happens", it's because there's an observer. There doesn't have to be a consciousness behind the creation, but there has to be a consciousness behind the observation.
I think this is entirely true, but a little bit false.
It's a little bit false because art isn't entirely about the piece and the observer. The artist does have a role; if this weren't true, then absolutely anyone could create art. But one observation/clarification makes your statement true: the artist is the first observer. This first observation happens partly before anything observable by others has been produced.
I think what I mean can best be described in the context of the art of photography. In one sense, it could be claimed (though it would be stupid) that photography isn't art at all unless the photographer is creating the scene to be photographed. After all, it's just the mechanical recording of a visual scene. Where's the skill, the emotion, the creativity in that? Especially if the photographer is using a "point and shoot" camera that does all the fiddly work of metering and exposure.
The art of photography is about the selection of what to photograph (and a little about how). What to include and what to exclude. What to highlight and what to downplay. Good photographers speak of "creating photos", because it is a creative process that begins with a conceptual image that the photographer wants to make. Novice photographers do this differently; they take pictures first and then decide which ones are good -- and they're not very good at deciding which ones are good. It's instructive to watch a photography class in action, where novice photographers submit what they think are good photos to a teacher who has already developed the artistic skills required to recognize what is good art and what is not.
At one level "recognize what is good art and what is not" seems like a nonsensical statement, because art is about the observer, so what I like is art to me but maybe not to you. But it's not nonsense, because there are common elements in how humans perceive the world, and artists (outside of some prodigies, I suppose) must learn how particular pieces affect observers. Novices can just barely recognize the faint stirrings of their own responses. Artists have tuned their sensibilities to a high pitch and furthermore they understand the mechanics of evoking reaction well enough to know what works and what doesn't. To some degree they can even choose what response they wish to evoke, and succeed at it. This, then, is the core element of art: knowledge of how to create responses in observers, including and most particularly, the first observer: the artist.
Applying this to the question of AI and art: Through training, the AI has been given knowledge of what kinds of things evoke responses, guided by the feedback of the human artists. The AI then produces lots of pieces, from which the human artists select the ones they deem the best. This means that ultimately the art is the creation of the humans and that the AI is merely a very complicated new kind of paint. The training and selection processes are the equivalent of brush strokes. Granted, this new medium produces results that the artist might never produce without the AI, but new mediums often push artists in new directions.
And frankly, it's not clear to me that most travelers actually care that much, based on the fact that although legroom information is available from the airlines, only one of the major flight search tools provides it.
Data is not being provided in useful convenient form to consumer, therefore the consumer doesn't care that much? No, it just means that the booking tools chose not to provide it.
The tools compete with one another for users. If consumers cared about this issue, they'd switch to the one that provides it, which would motivate the others to provide it in order to remain competitive.
t's not clear to me that most travelers actually care that much, based on the fact that although legroom information is available from the airlines, only one of the major flight search tools provides it.
That doesn't mean customers don't care. It means that customers cannot easily get information to make informed decisions. That is, if Kayak offered it, they could use stats to show most people don't care. But it doesn't.
If people cared, they'd switch to the service that provides the information, which would cause the other services to start providing it as well.
"...the T2 chip could render a computer inoperable..." and it went on from there. The hinge of this whole story rests on a "could". Twist the hinge one way, there is no story, the other way, and... well... you get this flame bait
I disagree. There is a story here, though it's one without a clear villain, which slashdot will find uncomfortable.
It is a problem if third-party repair services are effectively blocked. As another commenter points out, it may even be illegal. However, I also see Apple's point. When you're trying to secure a device against hardware attack, the integrity of the components is critical, as is the ability to transmit data between them securely. Since it's all but impossible to keep the various communications busses inaccessible to attackers, you cryptographically authenticate the components to one another and encrypt the traffic (this also denies the data to attackers doing EM sniffing). But to to do that you need the components to have a shared key, which means you need a pairing step -- and that pairing step must be something the attacker can't do. This is easy to arrange in the factory, and not too hard to arrange in authorized repair facilities, but allowing any third party to do it without also allowing attackers to do it is really hard (and, no, asymmetric cryptography doesn't fix this. To paraphrase Bruce Schneier, "If you think asymmetric cryptography solves this problem, you don't understand asymmetric cryptography and you don't understand this problem.").
You are even more confused, you probably are a shill, paid by the banks.
What he said is absolutely true. I once designed a cash management system for a large retailer (a chain of grocery stores), and in the process saw a lot of detail about just what all of this costs. Stores pay banks to have cash delivered to them. Stores pay banks to accept cash deposits. Stores pay employees and managers for a lot of hours that are spent doing nothing but counting and handling cash, including lots of double-checking and oversight to minimize "shrinkage" (the retail term for the rate of theft). And stores lose a lot of money to shrinkage.
The system I designed used automated counting machines that shrink-wrapped and barcoded blocks of bills, and registered those blocks as a sort of inventory that was tracked. To minimize cash delivery and deposit fees, the retail chain essentially set up its own set of cash "warehouses" and hired their own armored cars to transport cash between them, to make sure that all stores had the cash on hand that they needed to make change and to minimize and centralize deposits. The retailer's finance department was even looking into using the cash inventory as collateral for short-term loans whose proceeds were to be invested to generate a revenue stream from the millions of dollars that were always tied up in cash inventory.
All of that together was intended to reduce the cost of cash to a level below that of credit card fees, because the aggregate cost of cash handling was actually more costly than credit transaction fees as a percentage of cash/card business, respectively.
Of course, what the retailer really wanted was to get its customers to switch to using debit cards, which have miniscule transaction fees and none of the cash handling costs. Debit cards are among the worst of all options for consumers, of course, without the anonymity of cash or the liability limitation of credit cards.
You're actually both right. EMV isn't a protocol, it's a whole family of protocols, most with their own family of variants. The security of these protocols varies widely.
Go back to live evacuation tests. Require that they use airline CEOs, upper management, and their families as the test subjects... If the plane can't be evac'ed in 90 seconds without injury, increase seat pitch and try again.
If a few airline upper managers get hurt during an evacuation test, maybe they'll realize WHY extremely dense seating is a bad idea.
Meh. As a numerate consumer, I think this is a bad idea. Denser seating lowers ticket prices, and given that the probability that a plane I'm on will need to be evacuated in 90 seconds is extraordinarily low, and given that in one of those rare situations I think minor injuries would be the least of my concerns, I'll take the denser seating and lower price as long as I get enough legroom that I can fit. Especially for short flights.
This is why capitalism rarely serves the needs of the consumer, because usually all players in the market have a a common goal that is the exact opposite of what the consumer needs.
There are two competing consumer needs here, but you're ignoring the one that is the most important for many consumers: cost. X% fewer seats on a plane, all else equal, means X% higher ticket price. And when consumers are shopping for airline tickets, they're mostly shopping on price.
What consumers need that capitalism doesn't always provide is accurate information. As long as consumers can get accurate information about legroom when choosing their flights, then if they want to choose cheaper flights with less legroom, that's their decision and any regulations that try to force them to have more room just serve to price air travel out of reach for more people.
And frankly, it's not clear to me that most travelers actually care that much, based on the fact that although legroom information is available from the airlines, only one of the major flight search tools provides it. I just checked Kayak, Expedia, Travelocity, Priceline and Google Flights. Google is the only one that provides legroom information, and even there you have to click the "expand" arrow on each fare option to see what the legroom is. Further, while Google allows you to specify a lot of different criteria to narrow your search options, legroom isn't one of them.
If it says you do have it, there is a 1 in 5 chance that you don't.
No, you have to consider the base rate. Of all adults over 65 in the US, about 10% have Alzheimer's.
So of 100 people, 10 will get Alzheimer's. Since the test's sensitivity appears to be perfect, all 10 will get a positive if tested, along with 18 others who won't get Alzheimer's. That's a total of 28 positive results. So while 18 of 100 results are false positives, 18/28 = 64% of positive results are false.
So, if this test says you are going to get Alzheimer's, there's a 36% chance that you actually will (assuming the numbers given, and assuming you don't use the information to modify your lifestyle in a way that changes your odds).
Pixel has a 4 year support? That's good to know and may shift my purchasing decisions. Me and my family hold on to our phones for a long time.
Sorry, no it doesn't. My mistake. It's three years. My confusion was caused by the fact that it used to be two years of major upgrades plus a third year of security patches, then they changed it to three years of major upgrades. I mistakenly assumed this meant three years of upgrades plus a year of security patches, but it's just three years of upgrades & patches.
So Pixel 2 will be supported until October 2020. Pixel 3 until October 2021. They'll get version upgrades and monthly security patches until those dates. Of course, after those dates you could potentially switch to a custom ROM if there's one that continues providing updates for longer, but that's not really a great option for most people. Pixel bootloaders are unlockable, so the self support option is always available, if not always practical.
This three years guaranteed updates policy is a complete and utter BS, Google.
It should be noted that Google is, AFAICT, the only phone maker that offers any guaranteed update policy at all. Apple in practice offers about five years of updates, but they make no specific commitments and could change this at any time.
Note also that Google's guaranteed support period has increased to four years on Pixel devices. IMO, it should be five years. I'm skeptical that it makes sense to support devices longer than that, just because such a small percentage of devices actually survive that long. It costs the same to support an old device that has 1000 units still in service as it does to support an old device with 100,000 units still in service, but the benefit is obviously much smaller. And support costs increase as a device gets older and less similar to current generations.
[*] It's worth pointing out that malice is actually pretty rare, and that malice in its purest form -- malice for its own sake -- is extremely uncommon.
I'm guessing you browse at +1 and just never see all the Anonymous Coward posts here.
For anything in the last decade or so, the presence of an ftp server indicates intentional set up of ftp.
You don't know government (or Big Business) very well. I wouldn't be surprised if that server is actually a 15 year old SCO server, not patched in 12 years, and the hardware out of support for 10 years.
In which case it almost certainly has a raft of well-known vulnerabilities which can be exploited to break out of the locked-down configuration.
The much more important question is, "What directories were exposed, and what was in them?"
If -- and I mean if -- it's only/pub, and there's nothing in/pub then what's to worry about?
Vulnerabilities in the FTP server and, far more likely, misconfigurations that mean that/pub isn't the only thing exposed. If a system is badly misconfigured enough to have an FTP server enabled by accident, what are the odds that it's configured correctly and patched up?
That presupposes that incompetence is substantially more common than malice - I'm not sure that holds in politics, where both seem nearly ubiquitous.
What about incompetent malice?
I assert that competence is rare everywhere -- including in politics -- and that this is the true basis of Hanlon's Razor. The reason you should never attribute to malice what can be adequately explained by stupidity (or incompetence) isn't so much that malice is rare [*], but that incompetence is so incredibly common. Nearly all attributions of malice implicitly assume competent malice, because the incompetently malicious generally screw up in some way, and it's this assumption of competence more than the assumption of malice that calls the assertion into question.
Conspiracy theories are always dubious for exactly this same reason. Competent conspirators are really hard to find, so as the number of people who would have to be involved for the conspiracy to work rises, the probability that the conspiracy continues to successfully avoid leaking proof of its existence falls. If more than a handful of extraordinarily dedicated and competent people would have to be in on it, then it's just not so.
[*] It's worth pointing out that malice is actually pretty rare, and that malice in its purest form -- malice for its own sake -- is extremely uncommon. Screwing your neighbor to benefit yourself is more common, but the fact that being known as someone who will shaft their neighbor to benefit themselves is almost always more costly than whatever benefit can be obtained from the betrayal means that people are pretty reluctant to do it. The vast majority of people are also held back by morality... though we also tend to have tremendous powers of self-justification. That last sentence really just describes emotions which are themselves an evolutionary adaptation to the fact that screwing your neighbor is likely to come back on you, and cooperation is likely to give the best outcome -- unless you can be really sure you won't be caught.
My old pre-wifi Roomba cleans the kitchen floor daily thanks to a simple timer. Why would I want to have to verbally command it from another location daily?
You have an automatic timer for the whole area the robot cleans, and you can set additional timed cleaning cycles for specific rooms which need it more often... and you can also order an extra cleaning cycle of a particular area when you have some reason to know that it needs it, or some reason that you want it to be extra clean.
The voice command stuff isn't instead of timer-based cleaning, it's in addition to.
Slashdot Mirror
It is my understanding that it is, indeed possible. For example, consider the DoD Orange Book security classifications for Operating Systems.
Indeed. Consider them carefully, and note the enormous constraints under which they had to be used to be considered secure. No network connections, and no unverified application software for starters.
If I can limit sufficiently exactly how a system can be used, I can make any system secure.
So what? He is exactly the kind of 'unqualified outsider' that is repeatedly told to shut the fuck up by 'real climate scientists'.
No one is telling him to shut up. If you point out real problems, real climate scientists are happy to listen. Which is exactly what happened in this case.
The important thing that we need to remember is that it is entirely possible to design and produce a technology stack that is not vulnerable to malware.
Is it, is it really? The fact that it has never, ever been done on any system of significant size or complexity argues strongly that you're wrong. Formal verification seems like the only path with real potential, but so far it is impossibly hard to do at scale.
And then there's the issue that even if you had a system with zero vulnerabilities, that still doesn't make AV unnecessary. One of the hardest problems is how to handle software that does not exploit any vulnerabilities and uses only legitimate, reasonable APIs, but uses them in ways that may harm the user. The Android security team (of which I'm a member) doesn't use the term "malware", because it's too narrow. Instead we use "Potentially-Harmful Apps" (PHA) to include apps that don't qualify as malware in the traditional sense, but yet may do harmful things.
Now, some of the abusive apps are able to be abusive only because of badly-designed Android APIs. For example, I don't think there's any reason even to have an API that allows apps to retrieve a user's whole contacts database. If an app legitimately needs contact information (say, to make a phone call), they should request a contact from a system API which presents the user with a picker to select the contact whose phone number they wish to provide, and only that number should be provided to the requesting app.
But there are other cases in which the APIs are completely reasonable and needed, but still allow harmful things to be done when misused in certain ways. I'm not sure it is possible to prevent PHAs of that form by anything done in the operating system. There's lots of academic research on data tagging and tainting and other approaches, but it's really not clear that they can work without creating a painfully-unusable system.
So I don't think it's possible to produce an operating system that is not vulnerable to malware. I'd love to be proven wrong, though, so by all means figure it out and publish about it! If you figure it out you'll get all sorts of academic rewards, and if you play it right you can easily make yourself stinking rich as well. Please do!
BTW, regarding the claim in the summary that third-party AV tools on Android make sense, I disagree. Third-party tools simply can't have the visibility into the system needed to be really good without rooting, and rooting your device opens it to a raft of exploits. On a rooted device it's possible to disable SELinux, which instantly demolishes much of the compartmentalization of the system. No longer are 5-10 step exploit chains needed, one is enough in most cases.
What does make sense is to enable the built-in AV tool, Verify Apps.
Oh, while I'm posting about Android security, I'd like to take a moment to gloat that -- yet again -- Google's phone is undefeated in Moble Pwn2own, despite having (along with iPhone) the largest offered prizes.
Art is seen, not made. That means that when "true art" "happens", it's because there's an observer. There doesn't have to be a consciousness behind the creation, but there has to be a consciousness behind the observation.
I think this is entirely true, but a little bit false.
It's a little bit false because art isn't entirely about the piece and the observer. The artist does have a role; if this weren't true, then absolutely anyone could create art. But one observation/clarification makes your statement true: the artist is the first observer. This first observation happens partly before anything observable by others has been produced.
I think what I mean can best be described in the context of the art of photography. In one sense, it could be claimed (though it would be stupid) that photography isn't art at all unless the photographer is creating the scene to be photographed. After all, it's just the mechanical recording of a visual scene. Where's the skill, the emotion, the creativity in that? Especially if the photographer is using a "point and shoot" camera that does all the fiddly work of metering and exposure.
The art of photography is about the selection of what to photograph (and a little about how). What to include and what to exclude. What to highlight and what to downplay. Good photographers speak of "creating photos", because it is a creative process that begins with a conceptual image that the photographer wants to make. Novice photographers do this differently; they take pictures first and then decide which ones are good -- and they're not very good at deciding which ones are good. It's instructive to watch a photography class in action, where novice photographers submit what they think are good photos to a teacher who has already developed the artistic skills required to recognize what is good art and what is not.
At one level "recognize what is good art and what is not" seems like a nonsensical statement, because art is about the observer, so what I like is art to me but maybe not to you. But it's not nonsense, because there are common elements in how humans perceive the world, and artists (outside of some prodigies, I suppose) must learn how particular pieces affect observers. Novices can just barely recognize the faint stirrings of their own responses. Artists have tuned their sensibilities to a high pitch and furthermore they understand the mechanics of evoking reaction well enough to know what works and what doesn't. To some degree they can even choose what response they wish to evoke, and succeed at it. This, then, is the core element of art: knowledge of how to create responses in observers, including and most particularly, the first observer: the artist.
Applying this to the question of AI and art: Through training, the AI has been given knowledge of what kinds of things evoke responses, guided by the feedback of the human artists. The AI then produces lots of pieces, from which the human artists select the ones they deem the best. This means that ultimately the art is the creation of the humans and that the AI is merely a very complicated new kind of paint. The training and selection processes are the equivalent of brush strokes. Granted, this new medium produces results that the artist might never produce without the AI, but new mediums often push artists in new directions.
And frankly, it's not clear to me that most travelers actually care that much, based on the fact that although legroom information is available from the airlines, only one of the major flight search tools provides it.
Data is not being provided in useful convenient form to consumer, therefore the consumer doesn't care that much? No, it just means that the booking tools chose not to provide it.
The tools compete with one another for users. If consumers cared about this issue, they'd switch to the one that provides it, which would motivate the others to provide it in order to remain competitive.
False. There is a fixed handling cost per passenger
The bulk of the costs are per-flight, not per passenger. Empty planes cost about as much to fly as full ones.
That doesn't mean customers don't care. It means that customers cannot easily get information to make informed decisions. That is, if Kayak offered it, they could use stats to show most people don't care. But it doesn't.
If people cared, they'd switch to the service that provides the information, which would cause the other services to start providing it as well.
"...the T2 chip could render a computer inoperable..." and it went on from there. The hinge of this whole story rests on a "could". Twist the hinge one way, there is no story, the other way, and ... well ... you get this flame bait
I disagree. There is a story here, though it's one without a clear villain, which slashdot will find uncomfortable.
It is a problem if third-party repair services are effectively blocked. As another commenter points out, it may even be illegal. However, I also see Apple's point. When you're trying to secure a device against hardware attack, the integrity of the components is critical, as is the ability to transmit data between them securely. Since it's all but impossible to keep the various communications busses inaccessible to attackers, you cryptographically authenticate the components to one another and encrypt the traffic (this also denies the data to attackers doing EM sniffing). But to to do that you need the components to have a shared key, which means you need a pairing step -- and that pairing step must be something the attacker can't do. This is easy to arrange in the factory, and not too hard to arrange in authorized repair facilities, but allowing any third party to do it without also allowing attackers to do it is really hard (and, no, asymmetric cryptography doesn't fix this. To paraphrase Bruce Schneier, "If you think asymmetric cryptography solves this problem, you don't understand asymmetric cryptography and you don't understand this problem.").
You are even more confused, you probably are a shill, paid by the banks.
What he said is absolutely true. I once designed a cash management system for a large retailer (a chain of grocery stores), and in the process saw a lot of detail about just what all of this costs. Stores pay banks to have cash delivered to them. Stores pay banks to accept cash deposits. Stores pay employees and managers for a lot of hours that are spent doing nothing but counting and handling cash, including lots of double-checking and oversight to minimize "shrinkage" (the retail term for the rate of theft). And stores lose a lot of money to shrinkage.
The system I designed used automated counting machines that shrink-wrapped and barcoded blocks of bills, and registered those blocks as a sort of inventory that was tracked. To minimize cash delivery and deposit fees, the retail chain essentially set up its own set of cash "warehouses" and hired their own armored cars to transport cash between them, to make sure that all stores had the cash on hand that they needed to make change and to minimize and centralize deposits. The retailer's finance department was even looking into using the cash inventory as collateral for short-term loans whose proceeds were to be invested to generate a revenue stream from the millions of dollars that were always tied up in cash inventory.
All of that together was intended to reduce the cost of cash to a level below that of credit card fees, because the aggregate cost of cash handling was actually more costly than credit transaction fees as a percentage of cash/card business, respectively.
Of course, what the retailer really wanted was to get its customers to switch to using debit cards, which have miniscule transaction fees and none of the cash handling costs. Debit cards are among the worst of all options for consumers, of course, without the anonymity of cash or the liability limitation of credit cards.
You're actually both right. EMV isn't a protocol, it's a whole family of protocols, most with their own family of variants. The security of these protocols varies widely.
Go back to live evacuation tests. Require that they use airline CEOs, upper management, and their families as the test subjects... If the plane can't be evac'ed in 90 seconds without injury, increase seat pitch and try again.
If a few airline upper managers get hurt during an evacuation test, maybe they'll realize WHY extremely dense seating is a bad idea.
Meh. As a numerate consumer, I think this is a bad idea. Denser seating lowers ticket prices, and given that the probability that a plane I'm on will need to be evacuated in 90 seconds is extraordinarily low, and given that in one of those rare situations I think minor injuries would be the least of my concerns, I'll take the denser seating and lower price as long as I get enough legroom that I can fit. Especially for short flights.
This is why capitalism rarely serves the needs of the consumer, because usually all players in the market have a a common goal that is the exact opposite of what the consumer needs.
There are two competing consumer needs here, but you're ignoring the one that is the most important for many consumers: cost. X% fewer seats on a plane, all else equal, means X% higher ticket price. And when consumers are shopping for airline tickets, they're mostly shopping on price.
What consumers need that capitalism doesn't always provide is accurate information. As long as consumers can get accurate information about legroom when choosing their flights, then if they want to choose cheaper flights with less legroom, that's their decision and any regulations that try to force them to have more room just serve to price air travel out of reach for more people.
And frankly, it's not clear to me that most travelers actually care that much, based on the fact that although legroom information is available from the airlines, only one of the major flight search tools provides it. I just checked Kayak, Expedia, Travelocity, Priceline and Google Flights. Google is the only one that provides legroom information, and even there you have to click the "expand" arrow on each fare option to see what the legroom is. Further, while Google allows you to specify a lot of different criteria to narrow your search options, legroom isn't one of them.
If it says you do have it, there is a 1 in 5 chance that you don't.
No, you have to consider the base rate. Of all adults over 65 in the US, about 10% have Alzheimer's.
So of 100 people, 10 will get Alzheimer's. Since the test's sensitivity appears to be perfect, all 10 will get a positive if tested, along with 18 others who won't get Alzheimer's. That's a total of 28 positive results. So while 18 of 100 results are false positives, 18/28 = 64% of positive results are false.
So, if this test says you are going to get Alzheimer's, there's a 36% chance that you actually will (assuming the numbers given, and assuming you don't use the information to modify your lifestyle in a way that changes your odds).
Thanks for the correction. Ignore the AC :)
The AC follows me around like a puppy. Sometimes I worry when he goes quiet for a while :-)
Pixel has a 4 year support? That's good to know and may shift my purchasing decisions. Me and my family hold on to our phones for a long time.
Sorry, no it doesn't. My mistake. It's three years. My confusion was caused by the fact that it used to be two years of major upgrades plus a third year of security patches, then they changed it to three years of major upgrades. I mistakenly assumed this meant three years of upgrades plus a year of security patches, but it's just three years of upgrades & patches.
So Pixel 2 will be supported until October 2020. Pixel 3 until October 2021. They'll get version upgrades and monthly security patches until those dates. Of course, after those dates you could potentially switch to a custom ROM if there's one that continues providing updates for longer, but that's not really a great option for most people. Pixel bootloaders are unlockable, so the self support option is always available, if not always practical.
https://support.google.com/nexus/answer/4457705
I believe at WWDC this year, Apple announced the then-current generation of hardware would receive 7 years of support.
That's awesome, if true. Cite? Some quick searching didn't turn it up.
This three years guaranteed updates policy is a complete and utter BS, Google.
It should be noted that Google is, AFAICT, the only phone maker that offers any guaranteed update policy at all. Apple in practice offers about five years of updates, but they make no specific commitments and could change this at any time.
Note also that Google's guaranteed support period has increased to four years on Pixel devices. IMO, it should be five years. I'm skeptical that it makes sense to support devices longer than that, just because such a small percentage of devices actually survive that long. It costs the same to support an old device that has 1000 units still in service as it does to support an old device with 100,000 units still in service, but the benefit is obviously much smaller. And support costs increase as a device gets older and less similar to current generations.
[*] It's worth pointing out that malice is actually pretty rare, and that malice in its purest form -- malice for its own sake -- is extremely uncommon.
I'm guessing you browse at +1 and just never see all the Anonymous Coward posts here.
Trolling is boredom, not actual malice.
From the summary:
Rest assured that this will be changed with a forced update of the ELUA ("Accept or your Roomba will stop working").
I'll bet you $1000 that this never happens.
For anything in the last decade or so, the presence of an ftp server indicates intentional set up of ftp.
You don't know government (or Big Business) very well. I wouldn't be surprised if that server is actually a 15 year old SCO server, not patched in 12 years, and the hardware out of support for 10 years.
In which case it almost certainly has a raft of well-known vulnerabilities which can be exploited to break out of the locked-down configuration.
The much more important question is, "What directories were exposed, and what was in them?"
If -- and I mean if -- it's only /pub, and there's nothing in /pub then what's to worry about?
Vulnerabilities in the FTP server and, far more likely, misconfigurations that mean that /pub isn't the only thing exposed. If a system is badly misconfigured enough to have an FTP server enabled by accident, what are the odds that it's configured correctly and patched up?
That presupposes that incompetence is substantially more common than malice - I'm not sure that holds in politics, where both seem nearly ubiquitous.
What about incompetent malice?
I assert that competence is rare everywhere -- including in politics -- and that this is the true basis of Hanlon's Razor. The reason you should never attribute to malice what can be adequately explained by stupidity (or incompetence) isn't so much that malice is rare [*], but that incompetence is so incredibly common. Nearly all attributions of malice implicitly assume competent malice, because the incompetently malicious generally screw up in some way, and it's this assumption of competence more than the assumption of malice that calls the assertion into question.
Conspiracy theories are always dubious for exactly this same reason. Competent conspirators are really hard to find, so as the number of people who would have to be involved for the conspiracy to work rises, the probability that the conspiracy continues to successfully avoid leaking proof of its existence falls. If more than a handful of extraordinarily dedicated and competent people would have to be in on it, then it's just not so.
[*] It's worth pointing out that malice is actually pretty rare, and that malice in its purest form -- malice for its own sake -- is extremely uncommon. Screwing your neighbor to benefit yourself is more common, but the fact that being known as someone who will shaft their neighbor to benefit themselves is almost always more costly than whatever benefit can be obtained from the betrayal means that people are pretty reluctant to do it. The vast majority of people are also held back by morality... though we also tend to have tremendous powers of self-justification. That last sentence really just describes emotions which are themselves an evolutionary adaptation to the fact that screwing your neighbor is likely to come back on you, and cooperation is likely to give the best outcome -- unless you can be really sure you won't be caught.
Why do you want Google to know your homes' floorplan and where all the furniture is?
From the summary:
My old pre-wifi Roomba cleans the kitchen floor daily thanks to a simple timer. Why would I want to have to verbally command it from another location daily?
You have an automatic timer for the whole area the robot cleans, and you can set additional timed cleaning cycles for specific rooms which need it more often... and you can also order an extra cleaning cycle of a particular area when you have some reason to know that it needs it, or some reason that you want it to be extra clean.
The voice command stuff isn't instead of timer-based cleaning, it's in addition to.
You completely miss the point.
It is perfectly possible to be both polite and deliberately not clear.
And it's equally possible to be both impolite and deliberately not clear. Clarity and politeness are orthogonal.