Surely signing extensions and signing software updates use two different certs and either cert is uses the existing HTTPS SSL/TLS CA system for that ?
Mozilla are a company that clearly deals with and understand X.509 certificates, so surely anything they do themselves where they control both the distribution and verification they use their own CA.
The only purpose of the "trusted CA" system is to issue certificates where there are three parties involved, a mutually trusted CA, a server (that needs to verify its legitimacy) and a client (that needs a mechanism to verify the servers legitimacy). But there is only 1 party involved with Mozilla extension and Mozilla browser software updates (although thats not completely true to OS vendor might also be involved for OS level code signing).
So while the might use HTTPS under that system, the payload it carried is also signed right ? And that verification process is using a CA system that only Mozilla control ?
As per the official comments in https://www.raspberrypi.org/magpi/pi-3-interview/ "USB and PXE network boot" when will the updated Firmware/BIOS image be ready that will enable Raspberry-Pi 3 MMC cardless PXE booting ?
Isn't there OCSP stapling now https://en.wikipedia.org/wiki/OCSP_stapling ?
The HTTPS webserver asks the OCSP server for a signed by CA & timestamped message every few hours to validate the certificate serial it is using is still valid (i.e. the certificate has not been revoked by CA).
The HTTPS webserver then provides this extra bit of signed information to the browser during the TLS handshake.
So now the load on the OCSP scales better (by website, not by all web users), has minimal latency impact (just the extra bytes in the handshake), no out-of-band communication from browser to OCSP server is needed at all.
Hopefully when SPDY or HTTP/2.0 is running even the bytes in the handshake can be reduced to nothing by higher reuse of a single TCP connection to multiplex and also if the client has a recent TLS sessionID that is represented to the server. You'd think they can optimize the extra bytes away and speed up the handshake for the 2nd.. Nth reconnection for HTTPS to the webserver.
In the case of PC software though I would expect there to be multiple channels for getting OCSP data and only one channel needs to work to validate firmware/driver is still usable. But I'm sure there are other issues with invalidating important drivers for graphics/network that would be more like a nag screen every day to get you to reinstall driver.
Yes I'm sure you are correct, but... the lower TCO is in using consumer drives, they have lower replacement warranty periods but they must actually be lasting significantly well enough that the cheapest cost per month to ownership is in consumer drives.
This presumes you have factored in costs to replace, diagnose, deal with issues that might crop up more often due to partial/complete failure in units. I guess the mean variation is within 150%, when the consumer drive is 2 year warranty, the cost of replacement doesn't seem that high if you are doing it every 3.5 years.
What all that new found free time and money, with no one to track them. Will the citizens go buying guns and ammo to finally overthrow their political overlords ?
No, me thinks they will keep watching "reality" TV programs.
It has to be the same amount of money for everybody.
It is upto society to reorganise itself around making that situation work. For example people would move out of London to a place where they can be that is within their budget. London would suffer from lack of workers for such tasks and proper supply/demand would start to take place.
Actually I can not believe this as many foreign workers are happy to be 10 to a house taking shifts on using bedrooms or sharing beds. But then maybe these people would also not be eligible for this payment, until they have many years of their own taxes paid into the system on record when formally completing a naturalization process.
I agree people in prison do not get the allowance, well they do, but it is forced to be spent on the cost of their stay. Which brings up another point that society should not treats its prisoners better than its regular citizens. A state income improves the citizens situation but I think prisoners should have a more harsh basic existence behind what state income can provide.
Another real issue is if everyone gets lower wages (but fixed state income amount), so the total is same or higher. Will the cost of buying bread and water increase ? Thus the purchasing power of the state income is reduced. Where and how will an equilibrium be met?
Well if things stay as-is they will be paid more, they will get state income and their regular wages,
What remains to be seen is if the wages element of those low skilled menial jobs actually declines over time. As the tax collection is increased to cover the costs in some other areas and those low skilled jobs need to equalize their global worth because other countries (without a state income) are not subject to that higher taxation. So for Finland to remain competitive maybe those menial wages need to decrease, but you get state income on top.
It would be hoped that all governments would simply laws/taxation such that implementing them (especially when using IT) can be done more easily and therefore the administrative costs are reduced. But then there can be a lot of politicians enjoying the gravy train created by the more complex situation.
Doesn't Finland have public personal tax records/reporting. That is anyone can lookup anyone else personal tax records?
I presume this also helps limit unreported income, since people living a lifestyle beyond their tax record information can be vetted by everyone and investigated. I presume this allows things like linking in ownership of expensive assets property/car to the individuals tax history, because all different government agencies have access to more information since it is public.
Just transaction tax everything, in an inversely scaled amount to the time between you buying/selling that same kind of item.
So if you buy, buy, buy, wait a month, then sell, sell, sell, you don't pay much/any transaction tax.
But if you buy, sell, buy, sell, buy, sell, you get transaction taxed to extinction.
Now make it so you publish your sell price for a whole hour, before you finalize trades for it.
Now make it so that you cancel too many sell orders, compared to those that made it to the end of the hour but may (or may not) not have receive any buying offers, you get a charge applied.
Now make it so that the all buyers making offers get a pro-rata split of the shares being sold.
Now increase transaction taxes when the number of shares in the selling order is lower than the number of buyers. An exercise for the sell to predict how large in volume the sell order needs to be to not get penalized here.
All this to take the money out of the transaction part, and place it back into the, I'm holding this stock, so I'm taking a risk the business will do well in the future, compared to holding cash.
So the next question, who gets to spend the transaction taxes and on what ? Government coffers, as the people effectively permit this activity to go on under the protection of the state. Other suggestions ?
The problem is those people ("script kiddies") do not have a support contract with Oracle, so would not be publishing it via the official support channels back to the vendor. They would use other mechanisms that increase their e-peen among their peers (of other "script kiddies").
For me the issue here is what is the definition of reverse engineering and how do I ensure it does not happen ? For example if I were to simply use a standard debugger of my own code that was running in conjunction with an Oracle product, how do I stop my debugger from entering into the realm of reverse engineering. Since a debugger does not understand the legal boundaries, it just reported on activities going in inside the machine representation of the code.
> "Customer may not reverse engineer, disassemble, decompile, or otherwise attempt to derive the source code of the Programs..."
But they are not trying to derive the source code.
They are debugging their own problem and they are happy to work directly with Java bytecode and CPU assembly language to do this. They are not trying to reconstruct Java lanaguage of C/C++ language code from machine optimized code.
Now my debugger automatically goes into this detail for me, I can see Java bytecode (by opening a *.class file) and I can see CPU assembly language (when using 'gdb'). So while I do not work with Oracle products I find it hard to see how there is a breach of this clause in the terms, for this to be the case Oracle need proof in the form of a copy of my attempt (or success) to derive source code.
So the problem is the debuggers used against Oracle systems are already performing the operations to "disassemble" and "decompile" the machine optimized representation (that you supplied) of the original source coed. But they are not doing this for the purpose of trying to derive the source code, but to explain a set of circumstance that are a genuine problem to the customer.
* All motor vehicle insurance (private, commercial, passenger service vehicle) policies that are active are on a database, coverage dates are known also all other basic details as you'd expect.
* Ministry of Transport tests (yearly or more frequent vehicle road worthy and safety tests).
* Road fund licenses (a yearly tax based on size, CO2 emissions, type and purpose of vehicle use that is intended to fund highway maintenance although we have very heavy fuel taxation over 70% and VAT on top of that).
* Driver and Vehicle Licensing Agency, this government body manages vehicle identification, registration plate issuing, ownership. It also regulate driver license categories, you need to pass specific tests for car, motorbike, minibus, small lorry, large lorry, coach/bus driver. Some of these tests are good until old age, some need to be refreshed, some have mandatory medical fitness tests.
These things are all updated in near real-time to all agencies that use the information to monitor and regulate traffic. With the number of road traffic cameras in the UK it is expected many of these to be hooked upto monitor usage of a license plate.
Everything is regulated for consumer safety.
To be a taxi driver you need a vehicle registered for that purpose (and therefore subject to stricter MOT safety testing), You need a driver with a suitable license to carry other passengers, so basically clean enough without problematic endorsements, You probably need a criminal background check and other such public safety checks, You need suitable insurance for the vehicle and number of passengers.
Then you can work as a Taxi driver and work for "Hire or Reward conveying passengers in a vehicle".
So now can Uber work? It costs time and money to get and maintain all these things above. This is why you pay a higher fare.
Yes there is a formal procedure you have to follow, just having a prescription is not enough.
You need to have that kind of medical evidence for need; and request in advance and gain approval from your sporting bodies testing organisation.
Such as https://en.wikipedia.org/wiki/World_Anti-Doping_Agency and their TUE (Therapeutic Use Exemption) process https://www.wada-ama.org/en/what-we-do/science-medical/therapeutic-use-exemptions
I stopped using Linux desktop years ago when Win7 productivity was so much better. That is mainly due to X.11 issues, but GTK is a horrid API for a GUI and didn't render itself much better.
So many like 0.3% of all people needing such treatment ? I'm making my numbers up like your comment attempts to incite there is some systemic concern.
Yes people do elsewhere as with all services, maybe it is because they are also the ones who are able to afford private medical expenses from the best in the world.
The solution is easy you make it an economic problem of needing the sender to use computing power as a cost.
When an SMTP client offers a messages (during the dialog and protocol exchange) the server announces a mathematical problem to the sender (that will allow the message to be accepted in the first place).
This mathematical problem needs to be easy for the server to generate. The server withholds the answer and other information from the client and presents the problem to solve in a way that the client is forced to brute-force the answer consuming CPU time. The amount of CPU time needs to scale both linearly and exponentially (so we are talking a quadratic scaling mechanism).
The server can decide per SMTP transaction to offer no problem to solve (like SMTP right now) or an easy problem to well behaved systems and a harder problem to untrusted systems.
Now the client has the option to decide if it can afford the cost of sending at the moment of delivery (allow a bounce for HAM). Yes the spammers can go out and buy server farms to solve these problems, let them do it. You are forcing the cost of sending spam up in the process. Yes they use botnets but if these botnets start consuming 100% CPU people notice faster and get it fixed sooner and it rate limits what one bot in a botnet can send per hour. Power consumption goes up on sever farm botnets etc.. all noticeable metrics to someone to fix the problem.
Now the question is how is a mathematical / cryptographic boffin who can propose such a mathematical problem. Generate random number, decide on problem scaling size (how hard it will be to compute answer), do something with these numbers and output a question and answer. The important point is that should take an short instant to generate while scaling takes it from a longer instant to solve to many 100s years to solve.
Surely recruiters love job hopping ? If its contract periods of time by definition you are job hopping after. If it is for permanent positions then people stay at least a year or two so the recruiter probably got paid after the first 3 months. But now that recruiter can earn his commission on you again to place you somewhere else. Recruiters love job hopping.
Ah, they (Google) need a contract with one or more GSM providers, this is where the plan will fail.
Mobile phone network operators here in UK are already providing wifi calling apps for smartphones.
I guess they know the situation is coming and are seeking to be the ones in control of it. Here in the UK once you spend enough per month (not a lot of money about the same as decent cable or landline Internet access) you already get a mobile plan with unlimited SMS and voice calling,
So the network operators are reducing their network load, this does not necessarily mean lower monthly fees in the future. Because they still have the monopoly of the expensive bit, the towers/equipment/network and mobile operator licenses. Not something google will be able to muscle in on anytime soon.
Maybe the original light should have arrived 300 years ago (due to Earth being 11,000 LY away from source), but the reflected echo is coming to us only now (since the reflection traveled further) ?
You are still not getting it. The scientific claims can only be made for the substance used in the experiment. Since you have not verified the mechanism of action you can not be sure it is a blanket claim to anything that tastes sweet.
Since the claim is so interesting can you cite any other experiments over the past 8 years (since the papers date) to confirm the mechanism of action ? Surely someone would have tried it with many other sweet tasting substances since then ?
Taste buds may know more than you think (literally). As in your brains ability to detect sweet and sour in concious thought is one thing, but the taste buds might be able to detect a lot more than your concious thought is capable of discerning.
It is also very difficult to have a substance interact with taste buds and then remove 100% of the substance. One way maybe to evaporate it off the tongue with a blow torch? But still there maybe particles that won't evaporate, so how do you remove ?
Slashdot Mirror
I read it as "Power Supply" failure, as my thinking was something more than a single device was affected, due to power supply interruption.
Surely signing extensions and signing software updates use two different certs and either cert is uses the existing HTTPS SSL/TLS CA system for that ?
Mozilla are a company that clearly deals with and understand X.509 certificates, so surely anything they do themselves where they control both the distribution and verification they use their own CA.
The only purpose of the "trusted CA" system is to issue certificates where there are three parties involved, a mutually trusted CA, a server (that needs to verify its legitimacy) and a client (that needs a mechanism to verify the servers legitimacy). But there is only 1 party involved with Mozilla extension and Mozilla browser software updates (although thats not completely true to OS vendor might also be involved for OS level code signing).
So while the might use HTTPS under that system, the payload it carried is also signed right ? And that verification process is using a CA system that only Mozilla control ?
As per the official comments in https://www.raspberrypi.org/magpi/pi-3-interview/ "USB and PXE network boot" when will the updated Firmware/BIOS image be ready that will enable Raspberry-Pi 3 MMC cardless PXE booting ?
Keep up the great work,
Thanks
Isn't there OCSP stapling now https://en.wikipedia.org/wiki/OCSP_stapling ?
.. Nth reconnection for HTTPS to the webserver.
The HTTPS webserver asks the OCSP server for a signed by CA & timestamped message every few hours to validate the certificate serial it is using is still valid (i.e. the certificate has not been revoked by CA).
The HTTPS webserver then provides this extra bit of signed information to the browser during the TLS handshake.
So now the load on the OCSP scales better (by website, not by all web users), has minimal latency impact (just the extra bytes in the handshake), no out-of-band communication from browser to OCSP server is needed at all.
Hopefully when SPDY or HTTP/2.0 is running even the bytes in the handshake can be reduced to nothing by higher reuse of a single TCP connection to multiplex and also if the client has a recent TLS sessionID that is represented to the server. You'd think they can optimize the extra bytes away and speed up the handshake for the 2nd
In the case of PC software though I would expect there to be multiple channels for getting OCSP data and only one channel needs to work to validate firmware/driver is still usable. But I'm sure there are other issues with invalidating important drivers for graphics/network that would be more like a nag screen every day to get you to reinstall driver.
Yes I'm sure you are correct, but... the lower TCO is in using consumer drives, they have lower replacement warranty periods but they must actually be lasting significantly well enough that the cheapest cost per month to ownership is in consumer drives.
This presumes you have factored in costs to replace, diagnose, deal with issues that might crop up more often due to partial/complete failure in units. I guess the mean variation is within 150%, when the consumer drive is 2 year warranty, the cost of replacement doesn't seem that high if you are doing it every 3.5 years.
UNDO burden ??? UNDUE burden ???
What all that new found free time and money, with no one to track them. Will the citizens go buying guns and ammo to finally overthrow their political overlords ?
No, me thinks they will keep watching "reality" TV programs.
It has to be the same amount of money for everybody.
It is upto society to reorganise itself around making that situation work. For example people would move out of London to a place where they can be that is within their budget. London would suffer from lack of workers for such tasks and proper supply/demand would start to take place.
Actually I can not believe this as many foreign workers are happy to be 10 to a house taking shifts on using bedrooms or sharing beds. But then maybe these people would also not be eligible for this payment, until they have many years of their own taxes paid into the system on record when formally completing a naturalization process.
I agree people in prison do not get the allowance, well they do, but it is forced to be spent on the cost of their stay. Which brings up another point that society should not treats its prisoners better than its regular citizens. A state income improves the citizens situation but I think prisoners should have a more harsh basic existence behind what state income can provide.
Another real issue is if everyone gets lower wages (but fixed state income amount), so the total is same or higher. Will the cost of buying bread and water increase ? Thus the purchasing power of the state income is reduced. Where and how will an equilibrium be met?
Well if things stay as-is they will be paid more, they will get state income and their regular wages,
What remains to be seen is if the wages element of those low skilled menial jobs actually declines over time. As the tax collection is increased to cover the costs in some other areas and those low skilled jobs need to equalize their global worth because other countries (without a state income) are not subject to that higher taxation. So for Finland to remain competitive maybe those menial wages need to decrease, but you get state income on top.
It would be hoped that all governments would simply laws/taxation such that implementing them (especially when using IT) can be done more easily and therefore the administrative costs are reduced. But then there can be a lot of politicians enjoying the gravy train created by the more complex situation.
Doesn't Finland have public personal tax records/reporting. That is anyone can lookup anyone else personal tax records?
I presume this also helps limit unreported income, since people living a lifestyle beyond their tax record information can be vetted by everyone and investigated. I presume this allows things like linking in ownership of expensive assets property/car to the individuals tax history, because all different government agencies have access to more information since it is public.
Just transaction tax everything, in an inversely scaled amount to the time between you buying/selling that same kind of item.
So if you buy, buy, buy, wait a month, then sell, sell, sell, you don't pay much/any transaction tax.
But if you buy, sell, buy, sell, buy, sell, you get transaction taxed to extinction.
Now make it so you publish your sell price for a whole hour, before you finalize trades for it.
Now make it so that you cancel too many sell orders, compared to those that made it to the end of the hour but may (or may not) not have receive any buying offers, you get a charge applied.
Now make it so that the all buyers making offers get a pro-rata split of the shares being sold.
Now increase transaction taxes when the number of shares in the selling order is lower than the number of buyers. An exercise for the sell to predict how large in volume the sell order needs to be to not get penalized here.
All this to take the money out of the transaction part, and place it back into the, I'm holding this stock, so I'm taking a risk the business will do well in the future, compared to holding cash.
So the next question, who gets to spend the transaction taxes and on what ? Government coffers, as the people effectively permit this activity to go on under the protection of the state. Other suggestions ?
The problem is those people ("script kiddies") do not have a support contract with Oracle, so would not be publishing it via the official support channels back to the vendor. They would use other mechanisms that increase their e-peen among their peers (of other "script kiddies").
For me the issue here is what is the definition of reverse engineering and how do I ensure it does not happen ? For example if I were to simply use a standard debugger of my own code that was running in conjunction with an Oracle product, how do I stop my debugger from entering into the realm of reverse engineering. Since a debugger does not understand the legal boundaries, it just reported on activities going in inside the machine representation of the code.
> "Customer may not reverse engineer, disassemble, decompile, or otherwise attempt to derive the source code of the Programs..."
But they are not trying to derive the source code.
They are debugging their own problem and they are happy to work directly with Java bytecode and CPU assembly language to do this. They are not trying to reconstruct Java lanaguage of C/C++ language code from machine optimized code.
Now my debugger automatically goes into this detail for me, I can see Java bytecode (by opening a *.class file) and I can see CPU assembly language (when using 'gdb'). So while I do not work with Oracle products I find it hard to see how there is a breach of this clause in the terms, for this to be the case Oracle need proof in the form of a copy of my attempt (or success) to derive source code.
So the problem is the debuggers used against Oracle systems are already performing the operations to "disassemble" and "decompile" the machine optimized representation (that you supplied) of the original source coed. But they are not doing this for the purpose of trying to derive the source code, but to explain a set of circumstance that are a genuine problem to the customer.
There is in the UK.
* All motor vehicle insurance (private, commercial, passenger service vehicle) policies that are active are on a database, coverage dates are known also all other basic details as you'd expect.
* Ministry of Transport tests (yearly or more frequent vehicle road worthy and safety tests).
* Road fund licenses (a yearly tax based on size, CO2 emissions, type and purpose of vehicle use that is intended to fund highway maintenance although we have very heavy fuel taxation over 70% and VAT on top of that).
* Driver and Vehicle Licensing Agency, this government body manages vehicle identification, registration plate issuing, ownership. It also regulate driver license categories, you need to pass specific tests for car, motorbike, minibus, small lorry, large lorry, coach/bus driver. Some of these tests are good until old age, some need to be refreshed, some have mandatory medical fitness tests.
These things are all updated in near real-time to all agencies that use the information to monitor and regulate traffic. With the number of road traffic cameras in the UK it is expected many of these to be hooked upto monitor usage of a license plate.
Everything is regulated for consumer safety.
To be a taxi driver you need a vehicle registered for that purpose (and therefore subject to stricter MOT safety testing),
You need a driver with a suitable license to carry other passengers, so basically clean enough without problematic endorsements,
You probably need a criminal background check and other such public safety checks,
You need suitable insurance for the vehicle and number of passengers.
Then you can work as a Taxi driver and work for "Hire or Reward conveying passengers in a vehicle".
So now can Uber work? It costs time and money to get and maintain all these things above. This is why you pay a higher fare.
That is because they didn't bake security into the windows platform from the start. Security is a process not a piece of software.
Yes there is a formal procedure you have to follow, just having a prescription is not enough.
You need to have that kind of medical evidence for need; and request in advance and gain approval from your sporting bodies testing organisation.
Such as https://en.wikipedia.org/wiki/World_Anti-Doping_Agency and their TUE (Therapeutic Use Exemption) process https://www.wada-ama.org/en/what-we-do/science-medical/therapeutic-use-exemptions
GTK has done well for itself for a GIMP toolkit.
I stopped using Linux desktop years ago when Win7 productivity was so much better. That is mainly due to X.11 issues, but GTK is a horrid API for a GUI and didn't render itself much better.
So many like 0.3% of all people needing such treatment ? I'm making my numbers up like your comment attempts to incite there is some systemic concern.
Yes people do elsewhere as with all services, maybe it is because they are also the ones who are able to afford private medical expenses from the best in the world.
The solution is easy you make it an economic problem of needing the sender to use computing power as a cost.
When an SMTP client offers a messages (during the dialog and protocol exchange) the server announces a mathematical problem to the sender (that will allow the message to be accepted in the first place).
This mathematical problem needs to be easy for the server to generate. The server withholds the answer and other information from the client and presents the problem to solve in a way that the client is forced to brute-force the answer consuming CPU time. The amount of CPU time needs to scale both linearly and exponentially (so we are talking a quadratic scaling mechanism).
The server can decide per SMTP transaction to offer no problem to solve (like SMTP right now) or an easy problem to well behaved systems and a harder problem to untrusted systems.
Now the client has the option to decide if it can afford the cost of sending at the moment of delivery (allow a bounce for HAM). Yes the spammers can go out and buy server farms to solve these problems, let them do it. You are forcing the cost of sending spam up in the process. Yes they use botnets but if these botnets start consuming 100% CPU people notice faster and get it fixed sooner and it rate limits what one bot in a botnet can send per hour. Power consumption goes up on sever farm botnets etc.. all noticeable metrics to someone to fix the problem.
Now the question is how is a mathematical / cryptographic boffin who can propose such a mathematical problem. Generate random number, decide on problem scaling size (how hard it will be to compute answer), do something with these numbers and output a question and answer. The important point is that should take an short instant to generate while scaling takes it from a longer instant to solve to many 100s years to solve.
Surely recruiters love job hopping ? If its contract periods of time by definition you are job hopping after. If it is for permanent positions then people stay at least a year or two so the recruiter probably got paid after the first 3 months. But now that recruiter can earn his commission on you again to place you somewhere else. Recruiters love job hopping.
Ah, they (Google) need a contract with one or more GSM providers, this is where the plan will fail.
Mobile phone network operators here in UK are already providing wifi calling apps for smartphones.
I guess they know the situation is coming and are seeking to be the ones in control of it. Here in the UK once you spend enough per month (not a lot of money about the same as decent cable or landline Internet access) you already get a mobile plan with unlimited SMS and voice calling,
So the network operators are reducing their network load, this does not necessarily mean lower monthly fees in the future. Because they still have the monopoly of the expensive bit, the towers/equipment/network and mobile operator licenses. Not something google will be able to muscle in on anytime soon.
i7-5557U
i7 = i7 class
5xxx = 5th generation
557 = the higher the number the faster/better feature set
U = the market segment feature set
I guess AMD folks find it difficult to understand, hence that is why they buy AMD.
Maybe the original light should have arrived 300 years ago (due to Earth being 11,000 LY away from source), but the reflected echo is coming to us only now (since the reflection traveled further) ?
You are still not getting it. The scientific claims can only be made for the substance used in the experiment. Since you have not verified the mechanism of action you can not be sure it is a blanket claim to anything that tastes sweet.
Since the claim is so interesting can you cite any other experiments over the past 8 years (since the papers date) to confirm the mechanism of action ? Surely someone would have tried it with many other sweet tasting substances since then ?
Taste buds may know more than you think (literally). As in your brains ability to detect sweet and sour in concious thought is one thing, but the taste buds might be able to detect a lot more than your concious thought is capable of discerning.
It is also very difficult to have a substance interact with taste buds and then remove 100% of the substance. One way maybe to evaporate it off the tongue with a blow torch? But still there maybe particles that won't evaporate, so how do you remove ?
I'm not a practitioner or teacher, only been to a couple of sessions and I've heard about "fighting in slow motion".