Unfortunately things are even less stable if you don't shut down. (On some of the worse runs, you could tell it was getting near the end of the week by beam stability and quality.)
In the existing space PnP spec, the devices are autonomously numbered. In fact, the existing space PnP spec is designed to run over either USB or the SpaceWire bus.
If you read the article, you'll note that the comparison with USB is that the devices provide other devices on the network with a description of the functions they support. So, the bus has multinode network communication over a single common protocol, power, autonomous numbering, and devices indicating their capabilities. That's USB, not IP.
If your resource is element-79 for instance, then no, it really would take a government action to grant total control over that resource. If for no other reason than the price of said element climbing out of their price range as a group of people attempted to buy it all up.
I said that's all that's necessary to have monopolies, not that it is possible to monopolize every resource.
It's hard to monopolize gold at a global scale these days -- particularly by trying to buy it all, which is a terrible way to monopolize a resource. You can monopolize diamonds, though, by owning nearly all of the diamond mines with significant production.
I figure you're joking, but most of these machines do actually shut down on a fairly regular basis, because if they run longer than that at a stretch, they'll stop working. (Most of the problems occur after these breaks when they start back up.)
Because there are no monopolies unless the government can protect those monopolies.
Strictly untrue. Any system where rule of law enforces personal property rights enables a small group of people to exercise monopolistic control over a limited resource. If you're excluding such systems, they still can exercise such control, but they enforce it themselves.
Unless you're envisioning a government that suppresses people's ability to protect their own property but refuses to enforce property rights?
Yes -- it's "just" energy and scale, both of which are outside of anything that's been done before. These other colliders didn't magically work overnight, either. They still have periodic problems.
How exactly is a report by a semiconductor company, clearly for the purposes of promoting LED lights, the product of "the environmental movement"?
On another note, it's interesting that you manage to turn a single assumption (albeit a significant one) and turn that into "they didn't do any research". This might well be the case if all the information they came back with was the consequences of a the different lifetimes, but that's not the case. The primary product of the study -- which the summary, even, is so kind as to point out for you -- is determining the energy costs in manufacture and end-of-life for the different bulb types.
Many LEDs are made out of toxic materials (like gallium aresenide). Neither they nor CFLs (which contain something like 4 mg of elemental mercury) present a significant hazard to the user.
Despite being no Bush fan, I have to agree -- it pissed me off to no end that people blamed legislation on Bush, as if the senators and representatives were not complicit (if not instrumental) in it.
While I have my pro- and anti-Obama days, I agree -- nothing about his campaign seriously suggested that he's strongly for civil liberties (meaning, of course, "more civil liberties than are common in recent history").
You're confusing their paper with things you're imagining their paper might say.
All this demonstrates is that input sanitization that checks for statistical properties (looks like English) is insufficient to prevent executing useful code when there is a buffer overflow vulnerability: the payload can be made to conform to the sanitization requirements while still containing arbitrary code.
Even better: inputs that can overwrite the stack can perform arbitrary code execution even if the stack is never executable, via "return-to-libc" programming.
Yes -- in theory, could should be W xor X: writable or executable, but never both. This is then solved neatly. However, this is often not the case. It's a little bold on Von Neumann machines, where the code and data are the same, to hope that code and data can be cleanly separated reliably.
The most egregious case is interpreters, where data that's passed around is turned into executable code dynamically. Less egregious but still unsafe is dynamically-generated code, which must be both writable and executable.
Pinning down terminology use by security researchers is tricky.
In this case, what they mean is that the system has a vulnerability that enables code from a remote source to be executed, and that the input from the remote source is being run through a filter that attempt to identify executable code (in order to block it) versus English text.
On an already-secure system, this makes no difference at all. Those don't exist, much. If you were relying on a "looks like executable code" filter to protect you, this is a tip that it's not that secure. The paranoid should already assume so (based on things that already are available in Metasploit, if nothing else).
No, an assembler or compiler takes as input text in a high-level language and generates executable machine code.
This takes as input executable machine code and generates executable machine code with a very narrowly-defined statistical property. (Simpler, but important, statistical properties have been done previously -- e.g., the Metasploit filters.)
Shellcode is machine code. That is, compiled assembler.
It's just a logical extension of the shellcode filters that Metasploit already provides. If you hadn't thought it through, though, it's an important proof-of-concept.
It's not that shellcode can be written in text and then compiled to an executable form. It's not that shellcode can be compiled to an intermediary form, translated or compiled into machine instructions by a piece of code (this is common in malware now, to pass input restrictions -- as the article says). It's that the executed machine instructions themselves -- the compiled binary data that can be run raw on an x86 processor -- looks like English text.
Sort of. NVIDIA's definition of a "thread" is different from a CPU thread -- it's more similar to the instructions executed on a single piece of data in a SIMD system. You're not required to make data-parallel code for the GPU, but certainly data-parallel code is the easiest to write and visualize.
On NVIDIA chips, at least, there are a number of independent processors. The processors execute vector instructions (though all the vector instructions can be conditionally executed, so that, e.g., they only affect some of the data). Optimally, they have many sets of instruction flows at the same time -- they have a built-in zero-cost thread context switch, and computation in one set of threads is used to hide memory access time for the other threads.
The NSA Tempest guidelines are probably sufficient.
Of course, the requirements are potentially made weaker by what you're eavesdropping. Tempest is written assuming that eavesdropping is a problem, but that's not true with voting -- it's only a problem if you are then able to associate votes with individuals.
Shit, that's what I learned in school. Isn't it what you learned in your ivory-tower university? How to deceive the honest, God-fearing, critically-thinking Republicans using Big Science?
Oh, no, wait. I learned physics. Totally different.
I'm not going to presuppose what Exxon knows or thinks -- but this is called hedging your bets. Aside from maybe being pathological, it's completely rational to fund both a "debunk global warming" campaign and a "deal with global warming" program, especially if the latter stands to earn you money. (Hell, they're just companies. They don't really care if in the future they can't sell oil, as long as by then they have a bigger revenue stream.)
Slashdot Mirror
Oh, I know.
Unfortunately things are even less stable if you don't shut down. (On some of the worse runs, you could tell it was getting near the end of the week by beam stability and quality.)
In the existing space PnP spec, the devices are autonomously numbered. In fact, the existing space PnP spec is designed to run over either USB or the SpaceWire bus.
If you read the article, you'll note that the comparison with USB is that the devices provide other devices on the network with a description of the functions they support. So, the bus has multinode network communication over a single common protocol, power, autonomous numbering, and devices indicating their capabilities. That's USB, not IP.
I can't think of
Hardly evidence for the lack of their existence.
If your resource is element-79 for instance, then no, it really would take a government action to grant total control over that resource. If for no other reason than the price of said element climbing out of their price range as a group of people attempted to buy it all up.
I said that's all that's necessary to have monopolies, not that it is possible to monopolize every resource.
It's hard to monopolize gold at a global scale these days -- particularly by trying to buy it all, which is a terrible way to monopolize a resource. You can monopolize diamonds, though, by owning nearly all of the diamond mines with significant production.
I figure you're joking, but most of these machines do actually shut down on a fairly regular basis, because if they run longer than that at a stretch, they'll stop working. (Most of the problems occur after these breaks when they start back up.)
Because there are no monopolies unless the government can protect those monopolies.
Strictly untrue. Any system where rule of law enforces personal property rights enables a small group of people to exercise monopolistic control over a limited resource. If you're excluding such systems, they still can exercise such control, but they enforce it themselves.
Unless you're envisioning a government that suppresses people's ability to protect their own property but refuses to enforce property rights?
Yes -- it's "just" energy and scale, both of which are outside of anything that's been done before. These other colliders didn't magically work overnight, either. They still have periodic problems.
How exactly is a report by a semiconductor company, clearly for the purposes of promoting LED lights, the product of "the environmental movement"?
On another note, it's interesting that you manage to turn a single assumption (albeit a significant one) and turn that into "they didn't do any research". This might well be the case if all the information they came back with was the consequences of a the different lifetimes, but that's not the case. The primary product of the study -- which the summary, even, is so kind as to point out for you -- is determining the energy costs in manufacture and end-of-life for the different bulb types.
Many LEDs are made out of toxic materials (like gallium aresenide). Neither they nor CFLs (which contain something like 4 mg of elemental mercury) present a significant hazard to the user.
I am absolutely certain you don't understand quantum mechanics. This leads me to believe you also don't understand economics.
Despite being no Bush fan, I have to agree -- it pissed me off to no end that people blamed legislation on Bush, as if the senators and representatives were not complicit (if not instrumental) in it.
Pro tip: all politicians call them "positions". It's the politician equivalent of "opinion". Used in, for example, "position paper".
While I have my pro- and anti-Obama days, I agree -- nothing about his campaign seriously suggested that he's strongly for civil liberties (meaning, of course, "more civil liberties than are common in recent history").
I hope that you find your stay here while not Informative at least Funny!
ftfy
You're confusing their paper with things you're imagining their paper might say.
All this demonstrates is that input sanitization that checks for statistical properties (looks like English) is insufficient to prevent executing useful code when there is a buffer overflow vulnerability: the payload can be made to conform to the sanitization requirements while still containing arbitrary code.
Even better: inputs that can overwrite the stack can perform arbitrary code execution even if the stack is never executable, via "return-to-libc" programming.
Yes -- in theory, could should be W xor X: writable or executable, but never both. This is then solved neatly. However, this is often not the case. It's a little bold on Von Neumann machines, where the code and data are the same, to hope that code and data can be cleanly separated reliably.
The most egregious case is interpreters, where data that's passed around is turned into executable code dynamically. Less egregious but still unsafe is dynamically-generated code, which must be both writable and executable.
Technically, machine code -- assembly is the pseudo-English text version of machine code.
But otherwise, yes.
Pinning down terminology use by security researchers is tricky.
In this case, what they mean is that the system has a vulnerability that enables code from a remote source to be executed, and that the input from the remote source is being run through a filter that attempt to identify executable code (in order to block it) versus English text.
On an already-secure system, this makes no difference at all. Those don't exist, much. If you were relying on a "looks like executable code" filter to protect you, this is a tip that it's not that secure. The paranoid should already assume so (based on things that already are available in Metasploit, if nothing else).
No, an assembler or compiler takes as input text in a high-level language and generates executable machine code.
This takes as input executable machine code and generates executable machine code with a very narrowly-defined statistical property. (Simpler, but important, statistical properties have been done previously -- e.g., the Metasploit filters.)
Shellcode is machine code. That is, compiled assembler.
It's just a logical extension of the shellcode filters that Metasploit already provides. If you hadn't thought it through, though, it's an important proof-of-concept.
Good job not reading the article.
It's not that shellcode can be written in text and then compiled to an executable form. It's not that shellcode can be compiled to an intermediary form, translated or compiled into machine instructions by a piece of code (this is common in malware now, to pass input restrictions -- as the article says). It's that the executed machine instructions themselves -- the compiled binary data that can be run raw on an x86 processor -- looks like English text.
Sort of. NVIDIA's definition of a "thread" is different from a CPU thread -- it's more similar to the instructions executed on a single piece of data in a SIMD system. You're not required to make data-parallel code for the GPU, but certainly data-parallel code is the easiest to write and visualize.
On NVIDIA chips, at least, there are a number of independent processors. The processors execute vector instructions (though all the vector instructions can be conditionally executed, so that, e.g., they only affect some of the data). Optimally, they have many sets of instruction flows at the same time -- they have a built-in zero-cost thread context switch, and computation in one set of threads is used to hide memory access time for the other threads.
The NSA Tempest guidelines are probably sufficient.
Of course, the requirements are potentially made weaker by what you're eavesdropping. Tempest is written assuming that eavesdropping is a problem, but that's not true with voting -- it's only a problem if you are then able to associate votes with individuals.
Shit, that's what I learned in school. Isn't it what you learned in your ivory-tower university? How to deceive the honest, God-fearing, critically-thinking Republicans using Big Science?
Oh, no, wait. I learned physics. Totally different.
I'm not going to presuppose what Exxon knows or thinks -- but this is called hedging your bets. Aside from maybe being pathological, it's completely rational to fund both a "debunk global warming" campaign and a "deal with global warming" program, especially if the latter stands to earn you money. (Hell, they're just companies. They don't really care if in the future they can't sell oil, as long as by then they have a bigger revenue stream.)