Actually, as I recall, the hypervisors run in ring 0 and generally push the kernel up to ring 1.
Anyway, jumping to the hypervisor level is Blue Pill, by the same people. That was a few years ago. This is actually jumping to a lower level (below that of the hypervisor).
If you're playing the rootkit versus rootkit detection / prevention game, attacking a lower level than your opponent is powerful. A rootkit detector in the hypervisor has an enormous advantage over a rootkit in a VM, and vice versa. A rootkit at the SMM level has an enormous advantage over rootkit detectors at the kernel or hypervisor levels -- which is the lowest easily-accessible level.
Note that these guys did propose a solution in the same talk they presenting this problem.
And slashdot.org is not an american-only site as it's domain name ends in.org and not in.us
Do you not understand how the domain name system works, or are you just really fishing for something to support your point?
As an example, nearly every Native American nonprofit is.org, with a few.com and.net. They are distinctly "American-only", if anything on the Internet can indeed by qualified as that. Perhaps you're assuming how your country uses its national TLD is necessarily how the US uses its?
It certainly does have a number of problems, including what constitutes "malicious intent". It's just that it's not completely unreasonable -- as a law barring truthful statements from being reported would be.
Further, while the law has problems, it's not completely crazy -- you have grounds for libel if it's false or if it was done with malicious intent. That seems, on its face, reasonable.
Way to go Obama! Open! Change! Guess amending the EO was too hard.
While I'm no Obama apologist, I should point out that you can't change every executive order you disagree with in the course of eight weeks. With the other aspects of your job, I imagine it'd be tough to read every executive order in eight weeks. I should also point out that, to my knowledge, he does not directly review all FOIA rejections.
Let's get this right: we're restricting distribution of drafts of proposals for international treaties by claiming they're pertinent to national security. While the letter that cites "national security" is not clear on this, the USC section they mention clarifies that it also pertains to documents whose distribution would jeopardize foreign relations.
If you're interested in "getting it right", you should at least read the letter to see what documents were denied. They're not laws, they're proposal drafts.
I haven't read their process carefully, but it's not biodiesel. In fact, the quote in the original post is out of context, but the comment that the fuel is "free of chemicals" is comparing it to biodiesel. They're simply filtering and burning vegetable oil.
It is true that if you apply appropriate chemical modification, you may well be able to separate the contaminants from the resulting fuel, it's not necessarily the case. The biodiesel chemical conversion process is certainly much less rigorous than plants turning raw material into tissue (and even there, soil and water contaminants can end up in the plant tissue).
That seems like an unlikely filter. While it's reasonably easy to filter out particulate matter, deep-fry grease breaks down from being held at high temperatures. I'm not sure you could effectively filter out the breakdown byproducts.
Even if you take it to mean a reasonable interpretation -- free of added or unwanted chemicals (which, as you point out, really means added or unwanted *anything*), it's still not true. Oil that's been held at high temperatures and used repeatedly to fry food is by no means free of impurities. At least some of these chemicals are hazardous or carcinogenic. Maybe the fuel overall is clean compared to the alternatives, but it's not truly clean.
There's probably some way the FS could finesse this issue -- e.g., don't actually schedule truncation until you see the first write or close -- but it would be a workaround for buggy applications, not a FS bugfix.
The general solution is to provide a guarantee of atomicity for arbitrary sequential collections of filesystem operations. So, if I do operations A, B, and C, the filesystem is in a state where either none or all of them are done. POSIX does *not* provide that at all. A well-done POSIX filesystem will guarantee atomicity at the level of individual filesystem calls, but not groups. (A filesystem more advanced than POSIX requires certainly could provide this feature.)
Incidentally, what he recommends is using a database. What is a database? Oh, wait, it's very much like a filesystem, but with more features. What's one of these features? Oh, it's grouping multiple operations into a single atomic operation!
More than one person inventing or discovering something at (roughly) the same time does not immediately make it obvious. If you look at the amount of time spent developing the first telephones, how to construct a working telephone was not an obvious matter, even among practitioners of the art.
(as should most people, since 99.9999999% of all cookies are redundant)
There's a word in English, "most", appropriate for this situation. It's not necessary or helpful to invent obviously-made-up-numbers to illustrate "most". I doubt you have data to back up that only one in one billion cookies is useful.
Interesting. What is the cost to the taxpayers of Fermilab? How much is being spent on developing nuclear fusion?
Cosmology is less applicable but rarely gets much federal funding. High-energy physics is enormously useful, but it takes quite a while for the application to appear.
Grant requests always give justification for experiments. Press releases, not always -- they expect you to do some minimum of research yourself.
For one, this depends on your memory being the only source for the encryption key. (Given how modern cryptographic programs are implemented, of course, your memory generally isn't storing the encryption key to the data itself, but a key used to encrypt the real encryption key. Presumably this is an unimportant detail.)
Even if the encryption key is in your memory, it's not subjective testimony, since whether or not you provided a correct decryption key (or, more generally, an adequate decryption procedure) can be verified. (If you happen to be encrypting maximum-entropy data with encryption software that performs no sort of key verification, this is no longer true.)
Slashdot Mirror
Overriding SMM functions (which appears to be what they're doing here) is not actually a function that's intended to be accessible from ring zero.
So no, you get your code running in ring zero and then you can do something that you shouldn't be able to do with ring zero access.
Actually, as I recall, the hypervisors run in ring 0 and generally push the kernel up to ring 1.
Anyway, jumping to the hypervisor level is Blue Pill, by the same people. That was a few years ago. This is actually jumping to a lower level (below that of the hypervisor).
If you're playing the rootkit versus rootkit detection / prevention game, attacking a lower level than your opponent is powerful. A rootkit detector in the hypervisor has an enormous advantage over a rootkit in a VM, and vice versa. A rootkit at the SMM level has an enormous advantage over rootkit detectors at the kernel or hypervisor levels -- which is the lowest easily-accessible level.
Note that these guys did propose a solution in the same talk they presenting this problem.
And slashdot.org is not an american-only site as it's domain name ends in .org and not in .us
Do you not understand how the domain name system works, or are you just really fishing for something to support your point?
As an example, nearly every Native American nonprofit is .org, with a few .com and .net. They are distinctly "American-only", if anything on the Internet can indeed by qualified as that. Perhaps you're assuming how your country uses its national TLD is necessarily how the US uses its?
I should switch to Chris# solely for the TG instruction: play "Eye of the Tiger".
While true, this is not "easy" -- radiative cooling is very restrictive, and you get no conductive or convective cooling in space.
It certainly does have a number of problems, including what constitutes "malicious intent". It's just that it's not completely unreasonable -- as a law barring truthful statements from being reported would be.
You're addressing whether you agree with the law, not whether it is reasonable.
Further, while the law has problems, it's not completely crazy -- you have grounds for libel if it's false or if it was done with malicious intent. That seems, on its face, reasonable.
Way to go Obama! Open! Change! Guess amending the EO was too hard.
While I'm no Obama apologist, I should point out that you can't change every executive order you disagree with in the course of eight weeks. With the other aspects of your job, I imagine it'd be tough to read every executive order in eight weeks. I should also point out that, to my knowledge, he does not directly review all FOIA rejections.
Let's get this right: we're restricting distribution of drafts of proposals for international treaties by claiming they're pertinent to national security. While the letter that cites "national security" is not clear on this, the USC section they mention clarifies that it also pertains to documents whose distribution would jeopardize foreign relations.
If you're interested in "getting it right", you should at least read the letter to see what documents were denied. They're not laws, they're proposal drafts.
I haven't read their process carefully, but it's not biodiesel. In fact, the quote in the original post is out of context, but the comment that the fuel is "free of chemicals" is comparing it to biodiesel. They're simply filtering and burning vegetable oil.
It is true that if you apply appropriate chemical modification, you may well be able to separate the contaminants from the resulting fuel, it's not necessarily the case. The biodiesel chemical conversion process is certainly much less rigorous than plants turning raw material into tissue (and even there, soil and water contaminants can end up in the plant tissue).
He didn't answer 75%, he answered 3/4. There's a different implicit accuracy.
Which in turn sounds a lot like Tempest, which dates back to the what, 40s?
You should most certainly *not* consider "cover signals" as adequate against EM-leak eavesdropping.
It was also actually done, in 1985, by Van Eck. While Cryptonomicon might overstate the situation a bit, the entire "Van Eck" thing is quite true.
That seems like an unlikely filter. While it's reasonably easy to filter out particulate matter, deep-fry grease breaks down from being held at high temperatures. I'm not sure you could effectively filter out the breakdown byproducts.
Even if you take it to mean a reasonable interpretation -- free of added or unwanted chemicals (which, as you point out, really means added or unwanted *anything*), it's still not true. Oil that's been held at high temperatures and used repeatedly to fry food is by no means free of impurities. At least some of these chemicals are hazardous or carcinogenic. Maybe the fuel overall is clean compared to the alternatives, but it's not truly clean.
There's probably some way the FS could finesse this issue -- e.g., don't actually schedule truncation until you see the first write or close -- but it would be a workaround for buggy applications, not a FS bugfix.
The general solution is to provide a guarantee of atomicity for arbitrary sequential collections of filesystem operations. So, if I do operations A, B, and C, the filesystem is in a state where either none or all of them are done. POSIX does *not* provide that at all. A well-done POSIX filesystem will guarantee atomicity at the level of individual filesystem calls, but not groups. (A filesystem more advanced than POSIX requires certainly could provide this feature.)
Incidentally, what he recommends is using a database. What is a database? Oh, wait, it's very much like a filesystem, but with more features. What's one of these features? Oh, it's grouping multiple operations into a single atomic operation!
I prefer a dictionary.
I bet no site tries to send you even a hundred cookies. Most sites don't even try to send ten.
More than one person inventing or discovering something at (roughly) the same time does not immediately make it obvious. If you look at the amount of time spent developing the first telephones, how to construct a working telephone was not an obvious matter, even among practitioners of the art.
(as should most people, since 99.9999999% of all cookies are redundant)
There's a word in English, "most", appropriate for this situation. It's not necessary or helpful to invent obviously-made-up-numbers to illustrate "most". I doubt you have data to back up that only one in one billion cookies is useful.
Gecko is licensed under MPL, GPL, and LGPL -- two of these allow you to use it in closed-source software.
Interesting. What is the cost to the taxpayers of Fermilab? How much is being spent on developing nuclear fusion?
Cosmology is less applicable but rarely gets much federal funding. High-energy physics is enormously useful, but it takes quite a while for the application to appear.
Grant requests always give justification for experiments. Press releases, not always -- they expect you to do some minimum of research yourself.
For one, this depends on your memory being the only source for the encryption key. (Given how modern cryptographic programs are implemented, of course, your memory generally isn't storing the encryption key to the data itself, but a key used to encrypt the real encryption key. Presumably this is an unimportant detail.)
Even if the encryption key is in your memory, it's not subjective testimony, since whether or not you provided a correct decryption key (or, more generally, an adequate decryption procedure) can be verified. (If you happen to be encrypting maximum-entropy data with encryption software that performs no sort of key verification, this is no longer true.)