It makes sense to go through a GSA competitive-bidding process when the government is buying 150,000 of something, or when they are buying hundreds of pickup trucks for some fleet.
When an employee's USB hub croaks, it makes a lot more sense, and is a lot cheaper, to order one from Walmart.com or Amazon than to go through any red tape. I used to work for the government and for some purchases the red tape cost a lot more than the item, and made things a lot slower. The delay was costly when an employee, who is being paid, can't work as effectively for several days.
This is an attempt to be more sensible, to have the option to just order a damn HDMI cable from Amazon, Walmart, etc rather than requisition one at a much higher cost. You want to have the right level of oversight for different kinds of purchases.
You're so very right. Software developers in particular sometimes test software only with valid, expected inputs. Unexpected inputs then result in a security failure.
Back when software ran locally, we we used to say "garbage in, garbage out". That's no longer acceptable for internet-connected software. With Heartbleed, the garbage that came out was random memory contents, which could include the server's private key.
You're partly right. If you're being smart economically, or advancing technology, you'll test some things that don't work. If everything you test works, you're a) doing the same boring shit that's been done and b) over-engineering, making things much more expensive than they should be.
Testing is how you find out what works and what doesn't, and how much you need to spend to make things work reliably.
From my understanding, the error was made by a hardware vendor who makes an encryption chip, and is present in the specialized library used with their chip. It can be loaded from software, but it's not what I'd call a "software implementation", the software is just an interface to this one vendor's hardware chip.
The list of products using this hardware chip is quite long, and I haven't seen a comprehensive list published. We can say that it's hardware-based systems, smartcards and the like, that are affected.
Of course it's also possible that developers of some pure software systems independently made the same error, separately from the reported flaw.
in order from an object side to an image side: a first lens element with a focal length f1 and positive refractive power, a second lens element with a focal length f2 and negative refractive power and a third lens element with a focal length f3, the focal length f1, the focal length f2 and the focal length f3 fulfilling the condition 1.2x|f3|>|f2|>1.5xf1.
I see you didn't even read the first claim of the patent. Just first claim requires: Total track length less than 6.5mm (has anyone else made a 5-element telephoto lens that small? Apple hadn't.) Focal less |f2|>1.5Ã--f1
That's the first claim. Claims 2-19 get more and more specific.
I forgot to comment about heat sinks. The engineers at AMD selected a heat sink (hunk of metal) that would make the CPU look good. From what I've seen, they weren't stupid enough to cheap out on that. I'd use what they selected and put in the box with the CPU (though you can also buy the CPU without a cooler included). AMD engineers speced the AMD Wraith Spire heat sink. It looks like a good option.
Choices in heat sinks and fans can also be affected by size, fan noise, ambient temperature in the room, case air flow, etc. Then you have how many cores can have what duty cycle before heat becomes a problem. But the Wraith seems to do the job fine if have a fairly typical setup.
Yeah the M.2 PCIe drives are attractive. I would have bought one two days ago if it weren't for the fact that the machine I was putting the drive only has two PCIe slots. You'll need a $12 adapter to put that drive in a PCIe slot. M.2 has pins for PCIe, USB, and SATA. A particular device may use/require any of those interfaces. That is unless you get a mobo with a M.2 NVMe slot.
You may have a couple second delay at boot while interface is initialized, which doesn't seem like much but it may eat up the entire improvement in boot time over SATA from having a faster transfer. In the 2 seconds that it take4s to initialize the interface, the SATA drive could have transferred a GB of data - all your boot files.
Someone doesn't know the difference between a board and a chip. A Qualcomm cellular modem with it's baseband processor, such as the famous MDM9600, may be on the opposite end of the circuit board from the CPU. Did you not even read the SUBJECT LINE of my post before spouting off with your stupidity?
Most ARM processors are in fact NOT in smartphones, so there no baseband processor in the device at all. Your car has several ARM processors, your TV probably has one, etc. In total, 86 BILLION ARM processors have been sold.
You might also note the baseband processor is not a remote management interface. The baseband processor cannot access the storage of the device, for example. (Though in one instance the main CPU, which can access the storage, had a backdoor which accepted commands over the modem).
Generally no, arm chips don't have remote management built in. If you have an arm server, you'd do it the "old-fashioned" way, with the remote management processor being on the motherboard. The remote management processor on a mother board for older Intel or AMD CPUs may itself be an ARM cpu in many instances.
It's extremely useful, to those of us who turn it on, because it replaces a $1,000 IP KVM. I don't care to drive an hour and half to the datacenter and an hour and a half back because somebody typoed a firewall or network setting. Much easier to just fix it remotely using IPMI or IME or whatever your vendor calls it this week.
If you don't need remote access to a crashed machine, don't turn it on.
I would agree, I would probably avoid the AliExpress because the GPU is important to you. "Lots of animation renders" sounds like you may want to look at whether the software you use uses GPU rendering and if so, via which API - opengl? If opengl, most of the major brands will have reasonably good support.
Other than that, I'm more of a software guy; I don't stay up on the latest hardware. I just know, from a software perspective, that some software will take full advantage of multiple cores, some will not. Some will use the GPU, some won't, and some has a setting to choose.
If I chose the AMD, I'd probably upgrade to the 8 core for a few dollars more than the 4 core. An AMD processor with 4 cores is, to, me, like a pickup truck with a 4-foot bed - missing the point. So I'd either get lots of cores (Ryzen) or fast cores (Intel). A possible exception would be if you're leaving room to upgrade - Ryzen all use the same socket, so you could get a 4-core now with plans to get an 8-core later after prices drop.
Either way, if you're currently using an old laptop, you'll probably see a major improvement.
I noticed you have both SSD and HD systems on your list. You'll want an SSD for the OS. You may also want a big HD for storing final copies of media, but an SSD will be far better for working files. The very cheapest SSDs use triple-level NAND (tlc). You probably want to avoid that and use double level, known as multilevel or MLC.
Every few years Senator Cornyn (R Texas) introduces a bill requiring federally funded research to be made available to freely online. Every few years, the fine folks who post on Slashdot ignore the bill, as does everyone else other than the publishers who oppose it. Every few years the bill dies with no broad support from the public.
Next time Senator Cornyn introduces the bill, please send a quick email or phone call to your senators and house reps, supporting the bill. Thanks.
I jumped back up here from my answers further down in the thread to see if you have any hints about your use case.
You can turn on GPU rendering in Blender, in which case your GPU becomes more important and your CPU becomes less important. This article is about Intel using graphics technology from AMD because AMD is so far ahead in GPUs, but you likely have a separate video card.
Blender uses threads efficiently, meaning CPU cores, so for Blender you want a CPU with at least 8 cores. That favors AMD for Blender work.
You also said â lots and lots of animation renders". What software are you using for those? If it mostly uses the GPU, that's where you should focus your attention (and check for settings for that in your software!). If your renderer uses many threads, AMD is probably going to be the winner for you, especially Ryzen. If your renderer is single-threaded, Intel is likely to be the better choice.
This assumes you're happy with a pretty typical motherboard. There are more chipsets and a wider variety of *different* motherboards available for AMD.
If you're no willing to spend a few seconds to think about whether your workload is multithreaded, and you are willing to spend more money than needed, get Ryzen.
A difference between C and D is that in the case of D, whole you're willing to spend 10 times as money as you should, that still doesn't tell you whether you should spend lots of money on 16 AMD cores or on 4 Intel cores.
If your workload is heavily multithreaded (servers), AMD will likely give you tell best performance, at *whatever* your budget is, because AMD will give you more cores. If you want to spend a lot, you can get dual Ryzens, 32 cores running 64 threads simultaneously.
If your workload is single-threaded and CPU-bound, Intel is probably a better bet.
> I don't want got get into a situation where I have to carefully study all the archane nuances to get the best results.
That sucks, because the BEST result does in fact depend on a number of factors. You can get a GOOD result with the newest CPUs from each manufacturer. AMD cpus provide far more different motherboard options, so they are more likely to be the best fit if you want lots of Pcie cards, or a tiny enclosure, or anything unusual.
Putting aside AMD's very newest chip for a moment, there are basically three different kinds of use cases:
A) I want the best performance I can get within my $X budget.
B) it's a server serving many clients (lots of threads)
C) It's a single thread and I don't care how much it costs because I'm spending taxpayer money, I want the very fastest single-thread performance, cost be damned
Intel specializes in case C. Raw single-thread performance, cost be damned.
AMD will give you more cores for the dollar, so it competes well in case B, servers running many threads. AMD also traditionally costs significantly less, so it fits case A, getting the best CPU you can within a certain price range.
That's a generalization, though. It's best to compare one CPU model to another, evaluating based on the needs of your specific application and budget.
The wings are already there for landing. By also using wings for takeoff, the craft can use it's much more efficient jet engines to reach hypersonic speeds, saving the rocket engine for when it's too high to get any oxygen from the air. That reduces the weight of fuel required, as well as potentially piping, pumps, etc.
As far as reaching orbit, it doesn't much matter. The altitude is easy. It's getting orbital speed that's the hard part. If they figure they can get velocity faster by using lift to counteract gravity, thereby saving engine thrust to use for velocity, that could make sense. On the other hand, getting into lower air pressure in the first 60 seconds will help acceleration.
> i avoid with cash payments. i don't evade, unless TurboTax does.
You're not just guilty of evasion, but the *felony* variety. If you accept cash payments and intentionally don't file a return showing those payments, that's misdemeanor tax evasion. When you file a return which says "total income... Under penalty of perjury" which you know does not accurately include those cash payments, that's FELONY tax evasion.
> One of the issues I see is that there is a difference between trust and encryption, but the average user may not make the distinction.
There actually isn't much difference, in use cases TLS is normally used for. Or more specifically, you can't usefully have one without setting up the other. To have useful encryption you must identify the other party, and to trust their identity you must have, at minimum, cryptographic signatures of the your personal challenge key with server's key and the data (at which point enciphering the data comes almost for free).
Suppose you wish to have encryption, without trusted authentication of identity. You want the connection between your browser and your bank to be encrypted (not readable by anyone else), without ever ensuring that you're talking to the bank's server. You'll end up with an encrypted connection between you and the bad guy. You think your browser is talking to the bank's server, but it's really talking to the bad guy's server. Given that the whole point is to prevent the bad guy from reading exchange, setting up an encrypted connection to the bad guy is effectively the same as no encryption at all. The bad guy can read the data.
Suppose you want identity (confirm the message was actually sent to you from the bank). You must ensure that no man-in-middle has changed the message along the way, or the message you receive is no longer the message from the bank, but instead a message from hacker. The message must therefore include at least a cryptographic signature on the bank's public key and your challenge bytes (for replay prevention). While not exactly encryption per-se, that's 90% of the way to encryption.
So encryption and trust of identity are very closely linked. Useful encryption requires trusted identity. In special cases you can theoretically use null encryption to throw away the encryption and maintain only identity, but at that point you already have everything you need for encryption and you haven't made anything easier.
It's partly because that's good design and partly because of historical reasons. Specifically, the script tag existed prior to the same-origin policy, and it was common to load scripts for other sources. This probably wouldn't be allowed if same-origin were designed in from the beginning. It allows jsonp, which contravenes the spirit of same-origin.
There were a hundred writers, so we can estimate at least another 50 employees selling ads, doing to accounting, running the servers, etc. So minimum $150,000 / month for salaries. Employee benefits, payroll taxes, office space, etc would be at least $50,000 / month. So bare minimum expenses $200,000 / month. Revenue was about $110,000/ month. Why would the writers want to work another job to support the $80,000 / month such a site loses, and work at the new employee-owned company?
Peer review is great. I introduced it at my company. It's not QA.
Users do stupid shit, shit no programmer in their right mind would ever think of doing. As an extremely simplistic example, at my job we have a script that calls nap with various arguments, including a list of IPs provided by user. The programmer tested it with some IPs. The peer could test it with some other IPs. The programmers made sure it works. Users will pass it 0.0.0.0/0, and fa70:638:363:7363::76. QA does the same, because QA is trying to break it. Programmers ensure it works, QA figures out how it can be broken (and are therefore an important part of security).
Aside from that difference, excellent programmers (10% of programmers) will PRODUCE quality. QA will ASSURE quality. With programmers testing, you can hope the quality is good. With QA testing, you can know the quality is good.
For purposes of initially deciding whether this might make any sense for you, there is one big question: do you have to use electric heating? Pretty much any other common type of heating is better.
IF you have to use electric heating there is basically no such thing as "efficient" electric heating and "inefficient". As long as you are heating the rooms you want to heat, you're perfectly efficient, more or less. ("Waste" from any sort of inefficient system ends up as heat. Since heat it what you want, it's 100% efficient.)
Since your electric furnace will be no more efficient than a mining rig, you may as well use that electricity do something while it's making heat. Maybe a mining rig. It won't useany more electricity. Just throttle it down if it produces more heat than you need.
Since electricity costs are equal with any kind of electric heat, it then comes down to the cost of buying the hardware. See if the hardware you're looking at will produce enough junkcoin to pay for itself in one winter.
Thank you for that link. I see the first half of the speech discusses the age-old problem of determining who is responsible, the specific people who did the crime vs the company they work for. That is, of course, fact-dependent, but the question posed is "is the human person who actually, physically did the crime responsible, or the company" - there is no mention of "all the executives who work at the company" being imprisoned. That idea is found only on Slashdot, not in any law anywhere in the world (because it's a stupid idea).
The paper/speech then goes on to discuss the new UK law and the regulator is careful to clearly point out to facts, to avoid any confusion: ----
First, the duty of responsibility does not create a
separate and independent basis for senior
management liability....
Secondly, a senior manager is not liable just because
the firm has breached a requirement -----
He's careful to point out it does NOT create a new liability and does NOT make an executive liable every time an employee, or the organization as a whole, commits a criminal act.
He explains: ----- In enforcing this duty, the FCA must establish: first that the firm committed a relevant contravention of our requirements; secondly that the defendant was the senior person responsible for the activities in question, and thirdly the defendant failed to take such reasonable steps to avoid or prevent the firm from contravening. -----
So it applies to specific criminal violations of Financial Conduct Authority requirements, not just any random screw up, so the appropriate senior managers can know exactly what they are responsible for.
Secondly, the requirements are divided up among specific senior manager roles, so again one specific executive, such as the CFO, has a list of the specific compliance items he is expected to make an effort on.
Thirdly, he's required to make a reasonable effort, no more or less. If an employee, or several employees, don't follow the law despite his reasonable effort to formulate appropriate policy, he's not liable.
So each person in an executive management role has their list of things for which they must make a reasonable effort toward compliance. That's quite different from:
> if any mistakes by any of the thousands of employees at the company could cause the executives to go to prison
Slashdot Mirror
It makes sense to go through a GSA competitive-bidding process when the government is buying 150,000 of something, or when they are buying hundreds of pickup trucks for some fleet.
When an employee's USB hub croaks, it makes a lot more sense, and is a lot cheaper, to order one from Walmart.com or Amazon than to go through any red tape. I used to work for the government and for some purchases the red tape cost a lot more than the item, and made things a lot slower. The delay was costly when an employee, who is being paid, can't work as effectively for several days.
This is an attempt to be more sensible, to have the option to just order a damn HDMI cable from Amazon, Walmart, etc rather than requisition one at a much higher cost. You want to have the right level of oversight for different kinds of purchases.
You're so very right. Software developers in particular sometimes test software only with valid, expected inputs. Unexpected inputs then result in a security failure.
Back when software ran locally, we we used to say "garbage in, garbage out". That's no longer acceptable for internet-connected software. With Heartbleed, the garbage that came out was random memory contents, which could include the server's private key.
You're partly right. If you're being smart economically, or advancing technology, you'll test some things that don't work. If everything you test works, you're a) doing the same boring shit that's been done and b) over-engineering, making things much more expensive than they should be.
Testing is how you find out what works and what doesn't, and how much you need to spend to make things work reliably.
From my understanding, the error was made by a hardware vendor who makes an encryption chip, and is present in the specialized library used with their chip. It can be loaded from software, but it's not what I'd call a "software implementation", the software is just an interface to this one vendor's hardware chip.
The list of products using this hardware chip is quite long, and I haven't seen a comprehensive list published. We can say that it's hardware-based systems, smartcards and the like, that are affected.
Of course it's also possible that developers of some pure software systems independently made the same error, separately from the reported flaw.
Slashdot ate the second half of the first claim:
in order from an object side to an image side:
a first lens element with a focal length f1 and positive refractive power,
a second lens element with a focal length f2 and negative refractive power and
a third lens element with a focal length f3,
the focal length f1, the focal length f2 and the focal length f3 fulfilling the condition 1.2x|f3|>|f2|>1.5xf1.
I see you didn't even read the first claim of the patent.
Just first claim requires:
Total track length less than 6.5mm (has anyone else made a 5-element telephoto lens that small? Apple hadn't.)
Focal less |f2|>1.5Ã--f1
That's the first claim. Claims 2-19 get more and more specific.
I forgot to comment about heat sinks. The engineers at AMD selected a heat sink (hunk of metal) that would make the CPU look good. From what I've seen, they weren't stupid enough to cheap out on that. I'd use what they selected and put in the box with the CPU (though you can also buy the CPU without a cooler included). AMD engineers speced the AMD Wraith Spire heat sink. It looks like a good option.
Choices in heat sinks and fans can also be affected by size, fan noise, ambient temperature in the room, case air flow, etc. Then you have how many cores can have what duty cycle before heat becomes a problem. But the Wraith seems to do the job fine if have a fairly typical setup.
Yeah the M.2 PCIe drives are attractive. I would have bought one two days ago if it weren't for the fact that the machine I was putting the drive only has two PCIe slots. You'll need a $12 adapter to put that drive in a PCIe slot. M.2 has pins for PCIe, USB, and SATA. A particular device may use/require any of those interfaces. That is unless you get a mobo with a M.2 NVMe slot.
You may have a couple second delay at boot while interface is initialized, which doesn't seem like much but it may eat up the entire improvement in boot time over SATA from having a faster transfer. In the 2 seconds that it take4s to initialize the interface, the SATA drive could have transferred a GB of data - all your boot files.
Someone doesn't know the difference between a board and a chip. A Qualcomm cellular modem with it's baseband processor, such as the famous MDM9600, may be on the opposite end of the circuit board from the CPU. Did you not even read the SUBJECT LINE of my post before spouting off with your stupidity?
Most ARM processors are in fact NOT in smartphones, so there no baseband processor in the device at all. Your car has several ARM processors, your TV probably has one, etc. In total, 86 BILLION ARM processors have been sold.
You might also note the baseband processor is not a remote management interface. The baseband processor cannot access the storage of the device, for example. (Though in one instance the main CPU, which can access the storage, had a backdoor which accepted commands over the modem).
Generally no, arm chips don't have remote management built in. If you have an arm server, you'd do it the "old-fashioned" way, with the remote management processor being on the motherboard. The remote management processor on a mother board for older Intel or AMD CPUs may itself be an ARM cpu in many instances.
It's extremely useful, to those of us who turn it on, because it replaces a $1,000 IP KVM. I don't care to drive an hour and half to the datacenter and an hour and a half back because somebody typoed a firewall or network setting. Much easier to just fix it remotely using IPMI or IME or whatever your vendor calls it this week.
If you don't need remote access to a crashed machine, don't turn it on.
I would agree, I would probably avoid the AliExpress because the GPU is important to you. "Lots of animation renders" sounds like you may want to look at whether the software you use uses GPU rendering and if so, via which API - opengl? If opengl, most of the major brands will have reasonably good support.
Other than that, I'm more of a software guy; I don't stay up on the latest hardware. I just know, from a software perspective, that some software will take full advantage of multiple cores, some will not. Some will use the GPU, some won't, and some has a setting to choose.
If I chose the AMD, I'd probably upgrade to the 8 core for a few dollars more than the 4 core. An AMD processor with 4 cores is, to, me, like a pickup truck with a 4-foot bed - missing the point. So I'd either get lots of cores (Ryzen) or fast cores (Intel). A possible exception would be if you're leaving room to upgrade - Ryzen all use the same socket, so you could get a 4-core now with plans to get an 8-core later after prices drop.
Either way, if you're currently using an old laptop, you'll probably see a major improvement.
I noticed you have both SSD and HD systems on your list. You'll want an SSD for the OS. You may also want a big HD for storing final copies of media, but an SSD will be far better for working files. The very cheapest SSDs use triple-level NAND (tlc). You probably want to avoid that and use double level, known as multilevel or MLC.
Every few years Senator Cornyn (R Texas) introduces a bill requiring federally funded research to be made available to freely online. Every few years, the fine folks who post on Slashdot ignore the bill, as does everyone else other than the publishers who oppose it. Every few years the bill dies with no broad support from the public.
Next time Senator Cornyn introduces the bill, please send a quick email or phone call to your senators and house reps, supporting the bill. Thanks.
I jumped back up here from my answers further down in the thread to see if you have any hints about your use case.
You can turn on GPU rendering in Blender, in which case your GPU becomes more important and your CPU becomes less important. This article is about Intel using graphics technology from AMD because AMD is so far ahead in GPUs, but you likely have a separate video card.
Blender uses threads efficiently, meaning CPU cores, so for Blender you want a CPU with at least 8 cores. That favors AMD for Blender work.
You also said â lots and lots of animation renders". What software are you using for those? If it mostly uses the GPU, that's where you should focus your attention (and check for settings for that in your software!). If your renderer uses many threads, AMD is probably going to be the winner for you, especially Ryzen. If your renderer is single-threaded, Intel is likely to be the better choice.
This assumes you're happy with a pretty typical motherboard. There are more chipsets and a wider variety of *different* motherboards available for AMD.
If you're no willing to spend a few seconds to think about whether your workload is multithreaded, and you are willing to spend more money than needed, get Ryzen.
A difference between C and D is that in the case of D, whole you're willing to spend 10 times as money as you should, that still doesn't tell you whether you should spend lots of money on 16 AMD cores or on 4 Intel cores.
If your workload is heavily multithreaded (servers), AMD will likely give you tell best performance, at *whatever* your budget is, because AMD will give you more cores. If you want to spend a lot, you can get dual Ryzens, 32 cores running 64 threads simultaneously.
If your workload is single-threaded and CPU-bound, Intel is probably a better bet.
> I don't want got get into a situation where I have to carefully study all the archane nuances to get the best results.
That sucks, because the BEST result does in fact depend on a number of factors. You can get a GOOD result with the newest CPUs from each manufacturer. AMD cpus provide far more different motherboard options, so they are more likely to be the best fit if you want lots of Pcie cards, or a tiny enclosure, or anything unusual.
Putting aside AMD's very newest chip for a moment, there are basically three different kinds of use cases:
A) I want the best performance I can get within my $X budget.
B) it's a server serving many clients (lots of threads)
C) It's a single thread and I don't care how much it costs because I'm spending taxpayer money, I want the very fastest single-thread performance, cost be damned
Intel specializes in case C. Raw single-thread performance, cost be damned.
AMD will give you more cores for the dollar, so it competes well in case B, servers running many threads. AMD also traditionally costs significantly less, so it fits case A, getting the best CPU you can within a certain price range.
That's a generalization, though. It's best to compare one CPU model to another, evaluating based on the needs of your specific application and budget.
The wings are already there for landing. By also using wings for takeoff, the craft can use it's much more efficient jet engines to reach hypersonic speeds, saving the rocket engine for when it's too high to get any oxygen from the air. That reduces the weight of fuel required, as well as potentially piping, pumps, etc.
As far as reaching orbit, it doesn't much matter. The altitude is easy. It's getting orbital speed that's the hard part. If they figure they can get velocity faster by using lift to counteract gravity, thereby saving engine thrust to use for velocity, that could make sense. On the other hand, getting into lower air pressure in the first 60 seconds will help acceleration.
> i avoid with cash payments. i don't evade, unless TurboTax does.
You're not just guilty of evasion, but the *felony* variety.
If you accept cash payments and intentionally don't file a return showing those payments, that's misdemeanor tax evasion. When you file a return which says "total income... Under penalty of perjury" which you know does not accurately include those cash payments, that's FELONY tax evasion.
https://www.irs.gov/compliance...
Common tax avoidance methods include 401k, IRA, HSA, and FSA.
> One of the issues I see is that there is a difference between trust and encryption, but the average user may not make the distinction.
There actually isn't much difference, in use cases TLS is normally used for. Or more specifically, you can't usefully have one without setting up the other. To have useful encryption you must identify the other party, and to trust their identity you must have, at minimum, cryptographic signatures of the your personal challenge key with server's key and the data (at which point enciphering the data comes almost for free).
Suppose you wish to have encryption, without trusted authentication of identity. You want the connection between your browser and your bank to be encrypted (not readable by anyone else), without ever ensuring that you're talking to the bank's server. You'll end up with an encrypted connection between you and the bad guy. You think your browser is talking to the bank's server, but it's really talking to the bad guy's server. Given that the whole point is to prevent the bad guy from reading exchange, setting up an encrypted connection to the bad guy is effectively the same as no encryption at all. The bad guy can read the data.
Suppose you want identity (confirm the message was actually sent to you from the bank). You must ensure that no man-in-middle has changed the message along the way, or the message you receive is no longer the message from the bank, but instead a message from hacker. The message must therefore include at least a cryptographic signature on the bank's public key and your challenge bytes (for replay prevention). While not exactly encryption per-se, that's 90% of the way to encryption.
So encryption and trust of identity are very closely linked. Useful encryption requires trusted identity. In special cases you can theoretically use null encryption to throw away the encryption and maintain only identity, but at that point you already have everything you need for encryption and you haven't made anything easier.
It's partly because that's good design and partly because of historical reasons. Specifically, the script tag existed prior to the same-origin policy, and it was common to load scripts for other sources. This probably wouldn't be allowed if same-origin were designed in from the beginning. It allows jsonp, which contravenes the spirit of same-origin.
There were a hundred writers, so we can estimate at least another 50 employees selling ads, doing to accounting, running the servers, etc. So minimum $150,000 / month for salaries. Employee benefits, payroll taxes, office space, etc would be at least $50,000 / month. So bare minimum expenses $200,000 / month. Revenue was about $110,000/ month. Why would the writers want to work another job to support the $80,000 / month such a site loses, and work at the new employee-owned company?
Peer review is great. I introduced it at my company. It's not QA.
Users do stupid shit, shit no programmer in their right mind would ever think of doing. As an extremely simplistic example, at my job we have a script that calls nap with various arguments, including a list of IPs provided by user. The programmer tested it with some IPs. The peer could test it with some other IPs. The programmers made sure it works. Users will pass it 0.0.0.0/0, and fa70:638:363:7363::76. QA does the same, because QA is trying to break it. Programmers ensure it works, QA figures out how it can be broken (and are therefore an important part of security).
Aside from that difference, excellent programmers (10% of programmers) will PRODUCE quality. QA will ASSURE quality. With programmers testing, you can hope the quality is good. With QA testing, you can know the quality is good.
For purposes of initially deciding whether this might make any sense for you, there is one big question: do you have to use electric heating? Pretty much any other common type of heating is better.
IF you have to use electric heating there is basically no such thing as "efficient" electric heating and "inefficient". As long as you are heating the rooms you want to heat, you're perfectly efficient, more or less. ("Waste" from any sort of inefficient system ends up as heat. Since heat it what you want, it's 100% efficient.)
Since your electric furnace will be no more efficient than a mining rig, you may as well use that electricity do something while it's making heat. Maybe a mining rig. It won't useany more electricity. Just throttle it down if it produces more heat than you need.
Since electricity costs are equal with any kind of electric heat, it then comes down to the cost of buying the hardware. See if the hardware you're looking at will produce enough junkcoin to pay for itself in one winter.
Thank you for that link. I see the first half of the speech discusses the age-old problem of determining who is responsible, the specific people who did the crime vs the company they work for. That is, of course, fact-dependent, but the question posed is "is the human person who actually, physically did the crime responsible, or the company" - there is no mention of "all the executives who work at the company" being imprisoned. That idea is found only on Slashdot, not in any law anywhere in the world (because it's a stupid idea).
The paper/speech then goes on to discuss the new UK law and the regulator is careful to clearly point out to facts, to avoid any confusion: ...
----
First, the duty of responsibility does not create a
separate and independent basis for senior
management liability.
Secondly, a senior manager is not liable just because
the firm has breached a requirement
-----
He's careful to point out it does NOT create a new liability and does NOT make an executive liable every time an employee, or the organization as a whole, commits a criminal act.
He explains:
-----
In enforcing this duty, the FCA must establish:
first that the firm committed a relevant contravention of our requirements;
secondly that the defendant was the senior person responsible for the activities in question, and
thirdly the defendant failed to take such reasonable steps to avoid or prevent the firm from contravening.
-----
So it applies to specific criminal violations of Financial Conduct Authority requirements, not just any random screw up, so the appropriate senior managers can know exactly what they are responsible for.
Secondly, the requirements are divided up among specific senior manager roles, so again one specific executive, such as the CFO, has a list of the specific compliance items he is expected to make an effort on.
Thirdly, he's required to make a reasonable effort, no more or less. If an employee, or several employees, don't follow the law despite his reasonable effort to formulate appropriate policy, he's not liable.
So each person in an executive management role has their list of things for which they must make a reasonable effort toward compliance. That's quite different from:
> if any mistakes by any of the thousands of employees at the company could cause the executives to go to prison