I still continue to see Java applets being widely used in tasks that require trusted signatures â" Say, filling in the tax declarations in my country, or submitting the grades for my students. For both actions, we must use a x.509 client certificate
You're in Estonia? Just trying to figure out which country actually uses client certificates for tax filing.
Equipment A (provided by Comcast) was swapped out for Equipment D (provided by Comcast) and power usage increased. What is wrong in the comparison?
It'd be interesting to see more details on power usage from other devices, if you look at the PF figure it's just over 50% which means they must be using awful power supplies (PFC != efficiency, but it's useful as a rule of thumb, once you get into efficiency classes like IV or V you generally need active PFC - optional for IV, mandatory for V - which these things obviously don't have). Most external power supplies (EPCs) now should be class IV or V, whereas these look more like class I, a.k.a. "fail".
If this is indicative of the rest of the electronics, it's no wonder that these things are power-guzzlers.
I misread "propet" like you did, then wondered what "prophet software" was supposed to be. Maybe Windows ME was supposed to be Windows Messiah? Instead it turned out to be Windows Anti-Christ.
No, that's Windows Vista. And then there's Windows Cthulhu, a.k.a. Metro/Win8.
While I fully support the sentiment, completely removing components like this can cause Windows Updates to fail to install. For example if your Windows desktop PC or server doesn't have a "Tablet PC" folder in the start menu, some updates won't install. So you potentially need to keep gigabytes of Microsoft's crapware sitting on your PC on the off chance that some update checks for it and won't install if it's not present.
Re:It's better to hear people you might disagree w
on
The CIA Does Las Vegas
·
· Score: 1
This isn't a matter of disagreement but rather than being lied to perpetually.
Well I'm not sure who Dan Greer is, but I've known Dan Geer for ages, he's a libertarian academic type who publishes somewhat philosophical texts on the economics of information security. If you're looking for some sort of evil CIA spook, you'll need to try again.
By doing this continuously you end up with releases which are free of known errors.
Weeellll... you end up with something that's been run through gcc -wall, which is a long way from "free of known errors". Now admittedly "free of known errors" is a nice circular definition meaning "free of things gcc warns about", but even then it's not necessarily the case, there's plenty of code that ships with avalanches of warnings when you build it, but no-one's bothered fixing it up.
At best, you get something that doesn't produce warnings in gcc and clang. At worst you get code that hasn't been changed from the default release because the maintainers decided none of the warnings were serious.
The knee jerk reaction, of course, is to look for a catch in anything Homeland Security is doing. However, this seems like a really good idea. Finally, they are contributing in a positive way to public safety.
Barely. If you look at what they're offering it's FindBugs, clang, gcc, and cppcheck. Completely bog-standard tools that anyone should be using anyway, but they're being paid $23M taxpayer dollars for it. Shee-it, I could do the same thing with $10K to cover the cost of renting some EC2 space, and I'll spend the remaining $22.99M on coke and hookers (seriously, how can they have spent $23M on this? One person could set it up in a few hours, the only constraint is how many VMs you need to spin up if lots of people sign up for it).
This looks very much a DHS solution, vast sums of money spent on something that should be nearly free. Not to mention that while gcc -wall, clang, and FindBugs aren't bad as far as free software goes, they're nowhere near the level of commercial offerings like Fortify, Coverity, and others.
OK, so in terms of cost/benefit it's more of a TSA solution then strictly a DHS solution.
This also relates to the problem of the "cure for cancer" that will never be found because "cancer" isn't a single illness but a generic name for a huge range of different ones, with a wide range of etiologies and manifestations. A single "test for cancer" seems about as likely as a single "test for virus".
As you say, it's a cool study, but like far too many other studies I think it got released to the PR department of the research institute a bit too early (I've experienced this myself on several occasions).
And, as proof of that, starting in November, the official CAs will stop issuing those types of certs.
Not quite. As of November, the official CAs will claim that they've stopped issuing those types of certs. When something like the SSL Observatory points out that they're still issuing them, they'll say that this (and the other 8,192 times they did it) was a one-off mistake and they've updated their policies to make sure it never happens again. Then when they get caught again they'll say that it was test certificates that accidentally escaped. After that, they'll stop responding to reports. And we'll all be much, much safer, and phishing will be eradicated once and for all.
No, but the first one will turn out to be a cheap knockoff with out of date hardware that only gets a tenth of the advertised resolution and fails to work when it's cloudy outside.
They'll offer to replace it, but only if you pay the shipping costs to send it back to Shenzhen.
It's not big brother, it's anyone. All of the IPMI systems used by Intel, Dell, HP, etc, are unaudited cesspits of remote-rootkit capabilities full of buffer overflows, authorisation bugs, parser errors, and so on. It's hard to know where to begin, but here's one starting point. Hack like it's 1999.
Intel SSD's have had AES encryption built in for years, it's no big deal. What they've added with their IPMI support is a capability for remote attackers to get at the encryption, which is kind of a big deal if you're worried about your privacy.
Microsoft have already done that. In Windows 8 they unified the Windows interface around the design for the vast number of Windows cellphones out there, leaving the totally insignificant Windows desktop/laptop market to wither. The overwhelming market response has justified this decision, in as little as twenty years Windows 8 could even overtake XP.
Otherwise they might be just testing whether richer people give a lesser value to a small amount of money than poorer people.
It's not money, it's access to goods (and pretty much everything else). If you wanted anything in East Germany (or Poland, Hungary, Romania, Russia,...), you had to take shortcuts. My west German relatives used to visit their east German relatives with the car packed with luxury goods like tins of paint (for their roof), which were unavailable to most people in the east unless you knew how to game the system. All this study seems to be showing is that if you grow up in a society where you need to be able to game the system in order to get anywhere, you end up gaming the system in order to get somewhere.
Well with a bit of luck the layoffs will include the cretins who decided to inflict the Win8 UI on the world. In fact I think they need to fire them several times over just to make sure they're really gone.
That's the problem when you're playing with a hammer that big, accidentally drop it on your crotch and first you're thore, then you're not thure you're Thor any more.
I can't wait to buy a shiny new Sound Blaster ZxR so I can get that noticeably superior audio.
It's important to note that in order to truly experience the noticeably superior audio from a Soundblaster ZxR you need to pair it with an appropriate Purity Audio Ultra GT preamp (retail $53,000), WAVAC SH-833 monoblocs ($350,000 each, you'll need two sets) driving Moon Audio Titan 2's ($510,000 each), with the equipment on an NTT Audiolab RC4 stand ($18,000) and Walker Audio speaker cables ($13,500 a pair, you'll need two pairs because you're bi-amping) alongside a PurePower 2000 power conditioner ($2,800).
Actual measurements of music reproduction quality rather than liberal use of the listener's imagination as in the HotHardware review have shown that even the crappiest DACs built into a cheap motherboard or laptop produce sound that's as good as anything from a professional sound system of 5-10 years ago. The important factor beyond that point is (a) noise immunity of the low-level signal portions (the inside of a computer isn't a good environment for those) and (b) the speakers. Whether you're using a Creative Labs or Intel Express chipset DAC doesn't make any difference.
Indeed. If they automatize things, we will at least have consistent low quality...
Actually I think the use of algorithms to write articles is great, I'm currently working on an anti-article algorithm that extracts just the facts from algorithm-generated articles and turns them into tweets. So instead of having to plough through a long slew of pseudo-intelligent analysis, all you get are the essential sound bytes: "Cat explodes; canary charged by police", that sort of thing. Pretty soon it'll be bigger than Facebook.
Microsoft is still operating under NSL restraints. That means the NSA has the keys anyway.
TLS doesn't work that way, the implementation trusts, and uses, whatever keys it's told to trust (via certificates). And that's the problem, while most implementations will allow you to manage your own certs, for example by creating self-signed certs, the Windows implementation will only trust certs from commercial CAs. You know, Diginotar, Trustwave, Comodo, those sorts of guys. So you can't just generate and manage your own keys and certs but are forced to pay, and trust hundreds of external CAs to manage your certs (and by extension keys) for you.
Basically they want the people who write malware packers to tag the packed malware as malware so it can be easily identified. Sort of like asking burglars to wear a shirt with I AM A BURGLAR printed on it in large letters, and perhaps notify the police when they're planning to break into a house.
It's a cunning plan, but somehow I can't see it catching out many bad guys.
Slashdot Mirror
The number of dead languages will vary considerably based on which definition of "dead" you use.
Quod dixerit ad illum, infantem!
I still continue to see Java applets being widely used in tasks that require trusted signatures â" Say, filling in the tax declarations in my country, or submitting the grades for my students. For both actions, we must use a x.509 client certificate
You're in Estonia? Just trying to figure out which country actually uses client certificates for tax filing.
Equipment A (provided by Comcast) was swapped out for Equipment D (provided by Comcast) and power usage increased. What is wrong in the comparison?
It'd be interesting to see more details on power usage from other devices, if you look at the PF figure it's just over 50% which means they must be using awful power supplies (PFC != efficiency, but it's useful as a rule of thumb, once you get into efficiency classes like IV or V you generally need active PFC - optional for IV, mandatory for V - which these things obviously don't have). Most external power supplies (EPCs) now should be class IV or V, whereas these look more like class I, a.k.a. "fail".
If this is indicative of the rest of the electronics, it's no wonder that these things are power-guzzlers.
Doesn't matter what country you pick you're going to be spied on
With the Xiaomi this is especially the case, it sends a pile of private information on you back to Beijing, China. So it's not just the generic spooks, it's also the manufacturer who's spying on you.
I misread "propet" like you did, then wondered what "prophet software" was supposed to be. Maybe Windows ME was supposed to be Windows Messiah? Instead it turned out to be Windows Anti-Christ.
No, that's Windows Vista. And then there's Windows Cthulhu, a.k.a. Metro/Win8.
REMOVE Metro. (not disable, not hide; DIE.)
While I fully support the sentiment, completely removing components like this can cause Windows Updates to fail to install. For example if your Windows desktop PC or server doesn't have a "Tablet PC" folder in the start menu, some updates won't install. So you potentially need to keep gigabytes of Microsoft's crapware sitting on your PC on the off chance that some update checks for it and won't install if it's not present.
This isn't a matter of disagreement but rather than being lied to perpetually.
Well I'm not sure who Dan Greer is, but I've known Dan Geer for ages, he's a libertarian academic type who publishes somewhat philosophical texts on the economics of information security. If you're looking for some sort of evil CIA spook, you'll need to try again.
I have dealt with Indians for years, and have learned how to ask questions so that I get the answer I am looking for. It is not that hard.
Paleface no ask question with forked tongue, paleface get correct answer.
By doing this continuously you end up with releases which are free of known errors.
Weeellll... you end up with something that's been run through gcc -wall, which is a long way from "free of known errors". Now admittedly "free of known errors" is a nice circular definition meaning "free of things gcc warns about", but even then it's not necessarily the case, there's plenty of code that ships with avalanches of warnings when you build it, but no-one's bothered fixing it up.
At best, you get something that doesn't produce warnings in gcc and clang. At worst you get code that hasn't been changed from the default release because the maintainers decided none of the warnings were serious.
The knee jerk reaction, of course, is to look for a catch in anything Homeland Security is doing. However, this seems like a really good idea. Finally, they are contributing in a positive way to public safety.
Barely. If you look at what they're offering it's FindBugs, clang, gcc, and cppcheck. Completely bog-standard tools that anyone should be using anyway, but they're being paid $23M taxpayer dollars for it. Shee-it, I could do the same thing with $10K to cover the cost of renting some EC2 space, and I'll spend the remaining $22.99M on coke and hookers (seriously, how can they have spent $23M on this? One person could set it up in a few hours, the only constraint is how many VMs you need to spin up if lots of people sign up for it).
This looks very much a DHS solution, vast sums of money spent on something that should be nearly free. Not to mention that while gcc -wall, clang, and FindBugs aren't bad as far as free software goes, they're nowhere near the level of commercial offerings like Fortify, Coverity, and others.
OK, so in terms of cost/benefit it's more of a TSA solution then strictly a DHS solution.
This also relates to the problem of the "cure for cancer" that will never be found because "cancer" isn't a single illness but a generic name for a huge range of different ones, with a wide range of etiologies and manifestations. A single "test for cancer" seems about as likely as a single "test for virus".
As you say, it's a cool study, but like far too many other studies I think it got released to the PR department of the research institute a bit too early (I've experienced this myself on several occasions).
And, as proof of that, starting in November, the official CAs will stop issuing those types of certs.
Not quite. As of November, the official CAs will claim that they've stopped issuing those types of certs. When something like the SSL Observatory points out that they're still issuing them, they'll say that this (and the other 8,192 times they did it) was a one-off mistake and they've updated their policies to make sure it never happens again. Then when they get caught again they'll say that it was test certificates that accidentally escaped. After that, they'll stop responding to reports. And we'll all be much, much safer, and phishing will be eradicated once and for all.
Will they have to buy a new one every year?
No, but the first one will turn out to be a cheap knockoff with out of date hardware that only gets a tenth of the advertised resolution and fails to work when it's cloudy outside.
They'll offer to replace it, but only if you pay the shipping costs to send it back to Shenzhen.
It's not big brother, it's anyone. All of the IPMI systems used by Intel, Dell, HP, etc, are unaudited cesspits of remote-rootkit capabilities full of buffer overflows, authorisation bugs, parser errors, and so on. It's hard to know where to begin, but here's one starting point. Hack like it's 1999.
Intel SSD's have had AES encryption built in for years, it's no big deal. What they've added with their IPMI support is a capability for remote attackers to get at the encryption, which is kind of a big deal if you're worried about your privacy.
I'd love to see a single UI that works across...
Microsoft have already done that. In Windows 8 they unified the Windows interface around the design for the vast number of Windows cellphones out there, leaving the totally insignificant Windows desktop/laptop market to wither. The overwhelming market response has justified this decision, in as little as twenty years Windows 8 could even overtake XP.
That'd be a logic inverter, while they specifially say power inverter.
So you use it to drive an NPN transistor in common-emitter mode, say a 2N6338.
Otherwise they might be just testing whether richer people give a lesser value to a small amount of money than poorer people.
It's not money, it's access to goods (and pretty much everything else). If you wanted anything in East Germany (or Poland, Hungary, Romania, Russia, ...), you had to take shortcuts. My west German relatives used to visit their east German relatives with the car packed with luxury goods like tins of paint (for their roof), which were unavailable to most people in the east unless you knew how to game the system. All this study seems to be showing is that if you grow up in a society where you need to be able to game the system in order to get anywhere, you end up gaming the system in order to get somewhere.
In the olden days, we'd have said he's "looking a gift horse in the mouth."
I think this phone came from slightly further back on the horse. You probably wouldn't want to look in there too much.
Well with a bit of luck the layoffs will include the cretins who decided to inflict the Win8 UI on the world. In fact I think they need to fire them several times over just to make sure they're really gone.
That's the problem when you're playing with a hammer that big, accidentally drop it on your crotch and first you're thore, then you're not thure you're Thor any more.
Could is suggest Asa Dotzler as a payload? I'm sure most Firefox users would happily chip in to send him there.
I can't wait to buy a shiny new Sound Blaster ZxR so I can get that noticeably superior audio.
It's important to note that in order to truly experience the noticeably superior audio from a Soundblaster ZxR you need to pair it with an appropriate Purity Audio Ultra GT preamp (retail $53,000), WAVAC SH-833 monoblocs ($350,000 each, you'll need two sets) driving Moon Audio Titan 2's ($510,000 each), with the equipment on an NTT Audiolab RC4 stand ($18,000) and Walker Audio speaker cables ($13,500 a pair, you'll need two pairs because you're bi-amping) alongside a PurePower 2000 power conditioner ($2,800).
Actual measurements of music reproduction quality rather than liberal use of the listener's imagination as in the HotHardware review have shown that even the crappiest DACs built into a cheap motherboard or laptop produce sound that's as good as anything from a professional sound system of 5-10 years ago. The important factor beyond that point is (a) noise immunity of the low-level signal portions (the inside of a computer isn't a good environment for those) and (b) the speakers. Whether you're using a Creative Labs or Intel Express chipset DAC doesn't make any difference.
Indeed. If they automatize things, we will at least have consistent low quality...
Actually I think the use of algorithms to write articles is great, I'm currently working on an anti-article algorithm that extracts just the facts from algorithm-generated articles and turns them into tweets. So instead of having to plough through a long slew of pseudo-intelligent analysis, all you get are the essential sound bytes: "Cat explodes; canary charged by police", that sort of thing. Pretty soon it'll be bigger than Facebook.
Microsoft is still operating under NSL restraints. That means the NSA has the keys anyway.
TLS doesn't work that way, the implementation trusts, and uses, whatever keys it's told to trust (via certificates). And that's the problem, while most implementations will allow you to manage your own certs, for example by creating self-signed certs, the Windows implementation will only trust certs from commercial CAs. You know, Diginotar, Trustwave, Comodo, those sorts of guys. So you can't just generate and manage your own keys and certs but are forced to pay, and trust hundreds of external CAs to manage your certs (and by extension keys) for you.
I can't get the linked PDF to load
Basically they want the people who write malware packers to tag the packed malware as malware so it can be easily identified. Sort of like asking burglars to wear a shirt with I AM A BURGLAR printed on it in large letters, and perhaps notify the police when they're planning to break into a house.
It's a cunning plan, but somehow I can't see it catching out many bad guys.