> botnets that attack systems in a distributed fashion, which harms the companies being attacked and the users that get locked out of their accounts. > The harm to the owners is negligible, because they lose just a tiny bit of bandwidth. But the harm to society is huge.
That's what the judge said. The FTC argued otherwise/ The judge wrote: -- would likely be in the ballpark of a âoesubstantial injury,â particularly when aggregated across a large group of consumers. See Neovi, 604 F.3d at 1157 (âoeAn act or practice can cause substantial injury by doing a small harm to a large number of peopleâ). But the FTC pursued a different and ultimately untenable track. --
The FTC, in their complaint, could have, and probably should have, pursued an action on the basis of likelihood of "substantial injury by doing a small harm to a large number of peopleâ. The FTC rejected that option because the relevant law is that D-Link would be liable if they KNOWINGLY made false statements which ended up causing the harm. Apparently the commission didn't think they could show that D-Link management or marketing people knew about the security problems.
Instead, the FTC sought damages based on unfair competition, which requires a more specific showing of damages.
The real Return of the u.s. stock market over the last 65 years has been 8% per year. It has many 11 percent before inflation. As might be expected returns are higher you're in years of higher inflation show the real net game is less volatile than the nominal game. 80% is average we also want to plan for Hard Times bad times 4% is generally accepted as a safe value that if you draw down 4% you will never exhaust your principal or not within 30 or 40 years you won't drive down your principal. Normally retirees also have their home paid off you should be paying off your mortgage right every month show your largest expense disappears when she have that paid off many people also move to a smaller home after the kids grow up freeing up cash that could very easily be another $300,000 on top of your Investments.
If your gross pay is 100000 and you're investing 15000 perhaps and perhaps spending another $15,000 on your mortgage and you're paying taxes if 20000 then you're spending is $50,000 a year other than your mortgage. See your actual spending it needs to be replaced and retirement is about $50,000 a year so you want just over a million dollars. A million dollars would provide you with $40,000 a year with no mortgage payment and a low tax rate and no need to invest any of that $40,000 .
$40,000 is perfectly livable in that area once you have the other things taken care of. Which means we want at least a million in order to live off the returns. This also assumes you have no other income - for US citizens no social security, no hobby that makes a few dollars, etc. For Norway, we're pretending that you get no money from the gas fund, you're fully self-funded.
Typically an employer will match part of your retirement or investment savings my last two companies for example match 50% so if I wanted to invest $10,000 a year I would only have to save 6500. The employer match would cover the other other 3500.$10,000 a year 6500 saved it would take 28 years to reach 1 million dollars and retire. It takes 20 years to hit a million if you save $13,500 plus match.
90% of American millionaires become millionaires, able to live off their investments, using exactly the math and method I just described. Over 90% of millionaires made less than $100,000 / year while working, and they invested around 15% of their income.
> Maybe if you put like a life-long effort into it making $100k and pretending to make $30k your kids or grand-kids might become capitalists instead of workers.
I knew a guy who did exactly that. He made $100K and spent like he made $30k, investing $70k / year. The math is, if you invest $70k / year, you only have to work 9.5 years in your life. You can retire at age 30 and live off the investment gains. That's a somewhat extreme case. Living as if you only make $30K isn't something most people want to do (though over 95% of the world does), but then only having to work for 9 and half years, retiring when your baby is born, is extremely cool.
> Tech workers, you have no idea how precarious your world is. You may think you're on top of the whole capitalism game
Well Google just paid a billion dollars for what? For HTC's cooperation as Google hired tech workers who were working at HTC. When a good company is willing to pay a billion dollars to try to get you on their payroll, yeah things are looking pretty good.
When you say "feudalism... everyone else who works for a living", it sounds like what you're eluding to is the manorial tradition in feudal Europe. The Lords owned the land, and the fiefs who worked the land paid rent. Because the fief could never own the productive land, he would always be a fief, a renter, a peasant. The principle that wealth comes from owning productive capacity is still true, of course. Over 90% of millionaires today are millionaires because they own businesses. Businesses such as Google.
I started buying Google ( https://finance.yahoo.com/quot... ) about seven years ago, for $280/share. It's now worth $930 / share. So my wealth, the wealth I put into Google rather than big screen TVs, has more than tripled. Owning is still how you build wealth, but unlike the feudal days in Europe, you can own the businesses (and thereby build wealth) any time you feel like it. This very morning you can decide - do you want to spend your resources buying a cup of coffee for $6.50 from Starbucks, or would you rather own Starbucks and let people pay YOU $6.50 for a cup of coffee? Your choice, my friend. Becoming an owner of Starbucks (Nasdaq:SBUX) will cost you $55.15, about the same as buying eight cups of coffee from them. Your choice.
What do you want to bet the rules that the Democrats propose still allow sitting US elected officials to keep getting money directly from foreign governments? For example the $1 million that the Clintons accepted from Qatar while she was Secretary of State - I'm sure that will still be okay, under their rules. Even more interesting, HRCâ(TM)s emails show Qatar requested to MEET with the Clintons in person to "present the check". So a million dollars buys a foreigner a sit-down with elected government officials and I'm sure that's fine.
This story is a bit misleading and sensationalist. The "gunpowder" they refer to isn't anything any modern gun would use. It's not nearly so strong. Instead it's the raw ingredients for the centuries-old black powder, which needs extensive processing in order to make black powder from these ingredients. Just mixing them will do nothing. (I've made black powder multiple times, using ingredients from the hardware store.)
The other item they refer to as "explosive" is metal powder, which Burns with a bright light. This has been used for camera flashes from the 1800s until recently. It's not a very good way to make a bomb, though anything that burns quickly will build up pressure if it's put into a metal container. If you wanted to build a bomb, though, you'd use high explosive, not flash powder. Your local Walmart, Walgreens, or Home Depot carries the materials for MUCH more dangerous explosive, which is easier to make than black powder.
a) Decryption only, enabling playback using the normal media pipeline, for example via a element. b) Decryption and *decoding*, passing video frames to the browser for rendering. c) Decryption and decoding, rendering directly in the hardware (for example, the GPU).
Option B and C have the CDM decoding (as ogg does).
EME implementations are required to support one option, clear key - which breaks DRM. In other words, a browser MUST support EME that's not secure DRM, one can also install DRM modules for it to talk to. EME doesn't specify anything about what the modules DO, just that the browser can send data to an external module, and the external module can send data back.
> On the other hand, you are not saying anything about compatibility issues (perhaps there is a theoretically perfect backwards compatibility with old.NET versions, but what about applications developed before the relatively-new.NET Core was even created?)
While it's supposed to be backward compatible,.Net Core is designed so you can embed the (small) copy of whichever version you want right into your application, so you can have multiple versions on the same machine.
Because it's small, it doesn't include the GUI stuff that Mono includes. Now that Microsoft owns Xamarin, and therefore Mono, we may see more and more code shared between them, until eventually they become the same product, or Core is a part of Mono.
Most W3C standards get a higher level of consensus, but they're just discussing the technical details of how to do something.
The EFF strongly argued that media decoders shouldn't be standardized at all. There is a big political / philosophical argument behind this one, as well as the normal technical discussions of how to do it.
Given the political / philosophical debate, I don't imagine they could have gotten much better than the 60% for, 30% opposed that they ended up with. In the end, all the main browsers had already implemented EME anyway, so the decision before W3C was whether or not to write down exactly what the browsers were already doing, in order to aid compatibility.
EME defines how a browser talks to a multimedia decoder. If the multimedia is Ogg / Theora / Vorbis / Flac / WebM, then obviously the decoder can be open source.
H.264 is patented, so you'd think that if the video is h.264 the decoder couldn't be open source, but it can be because Cisco has paid the patent license fees for OpenH264.
If the video is encrypted with a patented DRM, THEN you'd need a binary blob to decrypt it.
In other words, regarding open source vs proprietary it's just exactly the same as the existing situation, in which DRM content requires a proprietary browser plug-in such as Flash.
I just read a long analysis by someone who seems to be quite knowledgeable about both, and they updated it over time as.Net Core improved and the focus of the Mono ecosystem has changed.
The bottom line: For server and cli / console applications, you're probably better off with . Net Core. Microsoft is heavily invested in making that work well. They want.Net used on Linux servers, since everyone is using Linux servers. For GUI applications, Mono is a better bet. Microsoft isn't big on supporting the Linux graphical desktop.
> CompTIA, really? Are you actually suggesting spending money on an A+ cert?
I actually didn't say A+, but let's use that example of one that is common and therefore less valuable. (I have Network+, Linux+ and Security+, because my school chose those as final exams). But you wanted to talk about A+, so let's do that.
A great investment in a stock or fund is one that has a 20% annual return. The very best, luckiest investments might average 100% annual return over five years. What is the return on investment for A+. One author criticized A+ saying that it only increased earnings by $3,000 / year. I'll play along with the critic. The exam costs $300. If a $300 investment returns $3,000 / year, that's a 1000% return! Hell yes I recommend ANY investment with 1000% annual return!
> At $30,000 annually, budgetting for whatever it takes to get my foot in the door is a challenge.
I been absolutely understand that! I've been there.
Let me say again - I've been there. And I found the path from there to here. A few years later I'm making more than three times that much. My take home income is four times what it was five years ago.
If someone making $350,000 in this field told me the recipe they followed, I would listen carefully. I wouldn't dismiss what they say, acting like they don't know what they are talking about - they are making three times as much as me, so I'd want to know exactly how they did it.
> so I'll shoot for those cisco certs at the end of three years.
Sounds reasonable, and in the meantime when the mood strikes you, you can prepare by watching YouTube videos or read a book you got on eBay for 99 cents.
>. the Cisco certs. They gave them expirations after I failed mine. So it makes it that much harder to stack them.
The Cisco certs do expire after a few years UNLESS you stack them, or meet other criteria to keep your knowledge up to date. That's okay - today you can say you achieved CCNP in 2012. Whether the cert has expired or not, you did achieve it. I would renew it (by getting another Cisco cert) if you plan to work in networking, or if your employer pays for the exam. If you're not directly working in networking, and your company or school won't pay for it, maybe there is no need to renew it. It's main value is to get you that first and second "good" job anyway. Once you're the CIO of one company, the next company isn't going to care whether your CCNA is fresh or not.
Passing the Cisco certs and posting them on your LinkedIn absolutely does get recruiters calling you about much higher paying jobs than the $30K you're talking about. My income today is four times as much as it was five years ago.
Almost passing Cisco hasn't done much for you, but studying a bit more and passing, so you have the cert, and putting it on your LinkedIn DOES work.
> Working full time and taking the minimum fulltime hours for classes meant I was not fully prepared.
Most of my Cisco study was listening to YouTube videos in the car. I was already spending that time driving, so it didn't take any extra time to study that way. I also did some hands-on labs, but most of my study time was listening while driving. I achieved multiple Cisco certifications that way.
> You do know the number of companies willing to pay for a six figure paycheck is relatively low right now, right?
Based on the things I did, the items I put on my resume, when I last switched jobs there was a bidding war for me. Multiple offers over $90K - for what's on my resume.
> Do not think that because you managed to beat the odds, that your success is the norm.
It's not luck and it's not because I'm special, the companies looked at my resume. The result of the items on my resume is multiple offers over $90K. Most other people on Slashdot would get similar results if they put together a similar resume, by doing the same things I did. That includes listening to YouTube videos in order to get Cisco, Microsoft, and CompTIA certifications, and then based on those certifications, getting college credit. It's a recipe that works.
> likely got their education at a time when it was actually possible to do so without crippling debt
You mean like right now, for example? My tuition at a state school is $6,000 / year. The tax credit is $1,500 / year, so net cost $4,500 / year. Some of my classes had as the final exam the Cisco and Microsoft certification exams. Getting those certs helped increase my income even before I finished school, so I'll finish school with more money in the bank than I started with - essentially a negative amount of student debt.
I majored in Information Technology - Security, so I'll have a six figure income right about the time I graduate.
A person CAN choose to get a worthless degree from an expensive school, or they get can a valuable degree from an affordable school.
You make a good point. On the the other hand, they needed people immediately, who can fill those rules on day one. Had the retirements been planned, they would have spent a month of or more looking for the right candidate, who would then give two weeks notice at their old job, and maybe take a week to pack up and move. Then the new person would spend month getting to know the company and its various systems. So a good outside hire would take about 10 weeks from listing to the job to actually being productive. That's fine if the outgoing person stays while you're looking for a replacement.
In this instance, they needed someone who was ready to fill the role today, and using the pre-selected internal backup makes sense. At my last three jobs, someone was designated as my backup, ready to step into my role if something happened to me, and I was the designated backup for someone else. I do their job while they are on vacation or sick, so I'm ready to take over their position at a moment's notice.
Anyone who leaves their existing job is going to leave a new job opening behind, so that's still an open job.
What it comes down to is how many jobs there are that export something from the community. Foxconn jobs are creating something that will be sold outside of the local community, bringing in cash from outside. Each export job creates three to four local jobs.
Basically, when someone in Colorado or wherever buys an iPad, some of that money ends up paying salaries of Foxconn employees. They spend a large portion that money locally, buying haircuts, burgers, gas, whatever. The hair dresser then spends the money again, much of it locally. The money from outside keeps circulating around the local community until people send it off to Amazon or wherever that's not local.
This discussion is about how people can target their ads, not about totally removing a site from Google's index, or indeed removing it from the web completely.
Suppose you are selling unique cases for Raspberry Pi. You wouldn't want to show that ad to just anybody and everybody at random, that would be wasteful. Instead, you'd want to advertise Pi cases to people who search for "Raspberry Pi", "Pi case", "Pi model B", etc.
When you advertise through Google, you can show your ads to likely buyers by selecting phrases they search for. The author of the article set his ass to run when people search for "Jewish parasite". Google'sâ server let him type that in and run ads when people search for that.
> Google could easily build a filter that could stop 90% or more of these phrases. They will never stop 100%, but they could easily do way better.
If we made a list of objectionable phrases, we may find that Google DID block 90% of them. Without checking, I can't agree with "they could do way better" - we don't know how well they did. We only know that somebody was able to come up with a few phrases that weren't blocked.
> But should they? Is it really their role be society's ideological and moral gatekeepers?
That is indeed a very good question. It gets real interesting when you consider the types of racist things Al Sharpton says, or the things many black comedians say.
There is no need to guess about something that has already happened - thousands of times. This has been studied to death. A new large employer does in fact spur 3 to 4 times as many jobs indirectly as the the number they hire directly.
> already has a bank account is going to need none of that.
People actually do like to have a bank branch near where they work. Whether they open a new account or use an existing account, people with jobs do more banking than people without jobs.
> A guy who gets a lift and eats in the factory canteen also isn't.
The cafeteria is normally a contract operation, staffed by employees of the food service company. The people working to feed the Foxconn employees wouldn't typically be employees of Foxconn, so they wouldn'tâ be counted in the 13,000 number. They would be counted in the 50,000. Guess what - the guy who gets a lift - his ride is just as likely to need gas or a cup of coffee as the Foxconn employees are. Actually MORE likely since there are two people in the car - they are nearly twice as likely to want something from the gas station, not less likely.
Seriously this is not the first large employer to open up. It happens all the time, and it's been extensively studied, so you can very easily find some of the thousand or more studies on the matter. Or, just go drive by where a large employer has recently add a bunch of jobs near you. In all likelihood you'll see a new shopping center very nearby, with a hair cut place such as Great Clips, restaurants, a dentist, a gas station, etc,. Things people use on their lunch break, and before and after work. You can see them for yourself if you don't want to believe any of the studies done after new employees have come in.
The difference is how many they'll directly hire vs indirect effects.
A fast food place might serve 300 people at lunch. If 13,000 Foxconn employees eat burgers, they'll need 43 new fast food places to serve them. If a dozen people are working at each fast food place, that's 520 jobs making lunch for Foxconn employees. Obviously they don't all go to a fast food place every day, but that's the concept. Not just fast food either, of course, some will go to Olive Garden for lunch. On most days, there will be several non-Foxconn employees working at Foxconn's building - electricians, security guards, HVAC people, fire alarm people, somebody checking the fire extinguishers...
If they each stop at an area gas station once a week, that's 1,800 paying customers a day at gas stations. Which will require 20 new gas stations employing 100 people or whatever. Go through that for all the different things 13,000 people buy in a week.
Then realize that the gas station employees need lunch, and the fast food employees need gas. The employees of the new bank branch need lunch, as do the tradesmen who don't work for Foxconn, but handle Foxconn's needs for air conditioning, electrical work, etc. So there are more restaurants and gas stations needed, etc.
We're seeing these effects in the area where I live. Toyota moved here and the local businesses hired more people - the Toyota employees need to have their oil changed, so the quick line place hired more people. 13,000 Toyota employees buy 3,000 pairs of glasses every year, or so there's another job or two providing eyeglasses to Toyota employees. Nearly every company in the vicinity is hiring more people, and new businesses are opening around the Toyota campus. The three to one ratio implied by the two stories is about right. STEM jobs typically generate about 4.2 other jobs indirectly. So three "created" (spurred) for each Foxconn job is a reasonable number.
> Could WordPress site owners could do more to protect themselves?
Here are three suggestions.
1. Do not have plugins installed that you don't use. A large percentage of Wordpress hacks that I have investigated involve plugins that are no longer in use. The only software that is guaranteed to not make you vulnerable is software you have not installed.
1b. As a corollary, if most of the features of Wordpress are things you are not going to use, do not install WordPress. Smaller, simpler code we'll have fewer vulnerabilities.
2. Hacks, either built-in back doors or simple vulnerabilities, tend to use certain PHP functions such as which can execute external commands, such as exec() and popen(). These can be disabled in php.ini. Disabling these functions will prevent hackers from using them, and they tend to indicate poor quality code anyway. If disabling these function stops the script from running, it *may* have been a poor quality script to begin with.
3. Tools are available to scan PHP code looking for suspect portions. These tools can also look for functions such as exec() or popen which should be looked at to see if they may be either venerable or back doors.
Somebody may say that they use a exec or popen either to retrieve web Resources with wget or to run the imagemagick binaries. It's a better idea to use PHP's built in HTTP functions and to use the imagemagick API via the imagemagick extension. The imagemagick binaries are the UI, the USER interface,to imagemagick. Applications should use the application programming interface or API, not the UI.
> You're comparing products they sell and underwrite vs their own personal best practices
No, I'm comparing internal operating standards with internal operating standards. At my office, we had a fire inspector come through once every two years and look for extension cords being used improperly and that sort of thing. Passing the fire safety inspection lowered the insurance costs that the company paid. Management took care that we did well on the inspection, so that they would get the lower insurance rate.
We ALSO had a cyber security inspection / audit. The results of that inspection did not, however, affect our insurance costs. Therefore the security inspection was less important.
You are of course correct that fire insurance existed long before UL and NFPA, though not so long in the US. The point is that when they did take proactive measures such as UL and NFPA, it worked well - and they know that. They know that if they are going to insure a major office building, they are going to insist on fire safety. Knowing that, having that experience, they can use the results of cyber security inspections in setting rates.
Whether the inspection is outsourced or done by W-2 employees of the insurance company isn't the point. The point is they are starting to expect a passing security audit. Companies are beginning to pay attention to security in order to reduce costs, and hopefully we'll see that trend expand.
> the cost was new hardware due to a program that was written... Essentially it was a Ruby Gem that was outdated and the whole program would need to be recoded to fix the vulnerability.
And this was why we write software as modules, even microservices, rather than a huge monolithic pile of code. With proper abstraction and encapsulation, a bad problem means that specific 12-line function, or at worst the entire 350-line module, needs to be redone.
Slashdot Mirror
> Most of the harm is to the people in aggregate.
> botnets that attack systems in a distributed fashion, which harms the companies being attacked and the users that get locked out of their accounts.
> The harm to the owners is negligible, because they lose just a tiny bit of bandwidth. But the harm to society is huge.
That's what the judge said. The FTC argued otherwise/
The judge wrote:
--
would likely be in the
ballpark of a âoesubstantial injury,â particularly when aggregated across a large group of consumers.
See Neovi, 604 F.3d at 1157 (âoeAn act or practice can cause substantial injury by doing a small
harm to a large number of peopleâ). But the FTC pursued a different and ultimately untenable track.
--
The FTC, in their complaint, could have, and probably should have, pursued an action on the basis of likelihood of "substantial injury by doing a small
harm to a large number of peopleâ. The FTC rejected that option because the relevant law is that D-Link would be liable if they KNOWINGLY made false statements which ended up causing the harm. Apparently the commission didn't think they could show that D-Link management or marketing people knew about the security problems.
Instead, the FTC sought damages based on unfair competition, which requires a more specific showing of damages.
I was using voice to text and forgot to go back and edit part of it. Sorry for the poor readability.
The real Return of the u.s. stock market over the last 65 years has been 8% per year. It has many 11 percent before inflation. As might be expected returns are higher you're in years of higher inflation show the real net game is less volatile than the nominal game. 80% is average we also want to plan for Hard Times bad times 4% is generally accepted as a safe value that if you draw down 4% you will never exhaust your principal or not within 30 or 40 years you won't drive down your principal. Normally retirees also have their home paid off you should be paying off your mortgage right every month show your largest expense disappears when she have that paid off many people also move to a smaller home after the kids grow up freeing up cash that could very easily be another $300,000 on top of your Investments.
If your gross pay is 100000 and you're investing 15000 perhaps and perhaps spending another $15,000 on your mortgage and you're paying taxes if 20000 then you're spending is $50,000 a year other than your mortgage. See your actual spending it needs to be replaced and retirement is about $50,000 a year so you want just over a million dollars. A million dollars would provide you with $40,000 a year with no mortgage payment and a low tax rate and no need to invest any of that $40,000 .
$40,000 is perfectly livable in that area once you have the other things taken care of. Which means we want at least a million in order to live off the returns. This also assumes you have no other income - for US citizens no social security, no hobby that makes a few dollars, etc. For Norway, we're pretending that you get no money from the gas fund, you're fully self-funded.
Typically an employer will match part of your retirement or investment savings my last two companies for example match 50% so if I wanted to invest $10,000 a year I would only have to save 6500. The employer match would cover the other other 3500.$10,000 a year 6500 saved it would take 28 years to reach 1 million dollars and retire. It takes 20 years to hit a million if you save $13,500 plus match.
90% of American millionaires become millionaires, able to live off their investments, using exactly the math and method I just described. Over 90% of millionaires made less than $100,000 / year while working, and they invested around 15% of their income.
> Maybe if you put like a life-long effort into it making $100k and pretending to make $30k your kids or grand-kids might become capitalists instead of workers.
I knew a guy who did exactly that. He made $100K and spent like he made $30k, investing $70k / year. The math is, if you invest $70k / year, you only have to work 9.5 years in your life. You can retire at age 30 and live off the investment gains. That's a somewhat extreme case. Living as if you only make $30K isn't something most people want to do (though over 95% of the world does), but then only having to work for 9 and half years, retiring when your baby is born, is extremely cool.
> Tech workers, you have no idea how precarious your world is. You may think you're on top of the whole capitalism game
Well Google just paid a billion dollars for what? For HTC's cooperation as Google hired tech workers who were working at HTC. When a good company is willing to pay a billion dollars to try to get you on their payroll, yeah things are looking pretty good.
When you say "feudalism ... everyone else who works for a living", it sounds like what you're eluding to is the manorial tradition in feudal Europe. The Lords owned the land, and the fiefs who worked the land paid rent. Because the fief could never own the productive land, he would always be a fief, a renter, a peasant. The principle that wealth comes from owning productive capacity is still true, of course. Over 90% of millionaires today are millionaires because they own businesses. Businesses such as Google.
I started buying Google ( https://finance.yahoo.com/quot... ) about seven years ago, for $280/share. It's now worth $930 / share. So my wealth, the wealth I put into Google rather than big screen TVs, has more than tripled. Owning is still how you build wealth, but unlike the feudal days in Europe, you can own the businesses (and thereby build wealth) any time you feel like it. This very morning you can decide - do you want to spend your resources buying a cup of coffee for $6.50 from Starbucks, or would you rather own Starbucks and let people pay YOU $6.50 for a cup of coffee? Your choice, my friend. Becoming an owner of Starbucks (Nasdaq:SBUX) will cost you $55.15, about the same as buying eight cups of coffee from them. Your choice.
What do you want to bet the rules that the Democrats propose still allow sitting US elected officials to keep getting money directly from foreign governments? For example the $1 million that the Clintons accepted from Qatar while she was Secretary of State - I'm sure that will still be okay, under their rules. Even more interesting, HRCâ(TM)s emails show Qatar requested to MEET with the Clintons in person to "present the check". So a million dollars buys a foreigner a sit-down with elected government officials and I'm sure that's fine.
This story is a bit misleading and sensationalist. The "gunpowder" they refer to isn't anything any modern gun would use. It's not nearly so strong. Instead it's the raw ingredients for the centuries-old black powder, which needs extensive processing in order to make black powder from these ingredients. Just mixing them will do nothing. (I've made black powder multiple times, using ingredients from the hardware store.)
The other item they refer to as "explosive" is metal powder, which Burns with a bright light. This has been used for camera flashes from the 1800s until recently. It's not a very good way to make a bomb, though anything that burns quickly will build up pressure if it's put into a metal container. If you wanted to build a bomb, though, you'd use high explosive, not flash powder. Your local Walmart, Walgreens, or Home Depot carries the materials for MUCH more dangerous explosive, which is easier to make than black powder.
CDMs can do any of the following:
a) Decryption only, enabling playback using the normal media pipeline, for example via a element.
b) Decryption and *decoding*, passing video frames to the browser for rendering.
c) Decryption and decoding, rendering directly in the hardware (for example, the GPU).
Option B and C have the CDM decoding (as ogg does).
EME implementations are required to support one option, clear key - which breaks DRM. In other words, a browser MUST support EME that's not secure DRM, one can also install DRM modules for it to talk to. EME doesn't specify anything about what the modules DO, just that the browser can send data to an external module, and the external module can send data back.
> On the other hand, you are not saying anything about compatibility issues (perhaps there is a theoretically perfect backwards compatibility with old .NET versions, but what about applications developed before the relatively-new .NET Core was even created?)
While it's supposed to be backward compatible, .Net Core is designed so you can embed the (small) copy of whichever version you want right into your application, so you can have multiple versions on the same machine.
Because it's small, it doesn't include the GUI stuff that Mono includes. Now that Microsoft owns Xamarin, and therefore Mono, we may see more and more code shared between them, until eventually they become the same product, or Core is a part of Mono.
Most W3C standards get a higher level of consensus, but they're just discussing the technical details of how to do something.
The EFF strongly argued that media decoders shouldn't be standardized at all. There is a big political / philosophical argument behind this one, as well as the normal technical discussions of how to do it.
Given the political / philosophical debate, I don't imagine they could have gotten much better than the 60% for, 30% opposed that they ended up with. In the end, all the main browsers had already implemented EME anyway, so the decision before W3C was whether or not to write down exactly what the browsers were already doing, in order to aid compatibility.
EME defines how a browser talks to a multimedia decoder. If the multimedia is Ogg / Theora / Vorbis / Flac / WebM, then obviously the decoder can be open source.
H.264 is patented, so you'd think that if the video is h.264 the decoder couldn't be open source, but it can be because Cisco has paid the patent license fees for OpenH264.
If the video is encrypted with a patented DRM, THEN you'd need a binary blob to decrypt it.
In other words, regarding open source vs proprietary it's just exactly the same as the existing situation, in which DRM content requires a proprietary browser plug-in such as Flash.
I just read a long analysis by someone who seems to be quite knowledgeable about both, and they updated it over time as .Net Core improved and the focus of the Mono ecosystem has changed.
The bottom line: .Net used on Linux servers, since everyone is using Linux servers.
For server and cli / console applications, you're probably better off with . Net Core. Microsoft is heavily invested in making that work well. They want
For GUI applications, Mono is a better bet. Microsoft isn't big on supporting the Linux graphical desktop.
https://www.microsoft.com/net/...
Microsoft raised the white flag and surrendered to Linux a year or two ago.
> CompTIA, really? Are you actually suggesting spending money on an A+ cert?
I actually didn't say A+, but let's use that example of one that is common and therefore less valuable. (I have Network+, Linux+ and Security+, because my school chose those as final exams). But you wanted to talk about A+, so let's do that.
A great investment in a stock or fund is one that has a 20% annual return. The very best, luckiest investments might average 100% annual return over five years. What is the return on investment for A+. One author criticized A+ saying that it only increased earnings by $3,000 / year. I'll play along with the critic. The exam costs $300. If a $300 investment returns $3,000 / year, that's a 1000% return! Hell yes I recommend ANY investment with 1000% annual return!
> At $30,000 annually, budgetting for whatever it takes to get my foot in the door is a challenge.
I been absolutely understand that! I've been there.
Let me say again - I've been there. And I found the path from there to here. A few years later I'm making more than three times that much. My take home income is four times what it was five years ago.
If someone making $350,000 in this field told me the recipe they followed, I would listen carefully. I wouldn't dismiss what they say, acting like they don't know what they are talking about - they are making three times as much as me, so I'd want to know exactly how they did it.
> so I'll shoot for those cisco certs at the end of three years.
Sounds reasonable, and in the meantime when the mood strikes you, you can prepare by watching YouTube videos or read a book you got on eBay for 99 cents.
>. the Cisco certs. They gave them expirations after I failed mine. So it makes it that much harder to stack them.
The Cisco certs do expire after a few years UNLESS you stack them, or meet other criteria to keep your knowledge up to date. That's okay - today you can say you achieved CCNP in 2012. Whether the cert has expired or not, you did achieve it. I would renew it (by getting another Cisco cert) if you plan to work in networking, or if your employer pays for the exam. If you're not directly working in networking, and your company or school won't pay for it, maybe there is no need to renew it. It's main value is to get you that first and second "good" job anyway. Once you're the CIO of one company, the next company isn't going to care whether your CCNA is fresh or not.
Passing the Cisco certs and posting them on your LinkedIn absolutely does get recruiters calling you about much higher paying jobs than the $30K you're talking about. My income today is four times as much as it was five years ago.
Almost passing Cisco hasn't done much for you, but studying a bit more and passing, so you have the cert, and putting it on your LinkedIn DOES work.
> Working full time and taking the minimum fulltime hours for classes meant I was not fully prepared.
Most of my Cisco study was listening to YouTube videos in the car. I was already spending that time driving, so it didn't take any extra time to study that way. I also did some hands-on labs, but most of my study time was listening while driving. I achieved multiple Cisco certifications that way.
> You do know the number of companies willing to pay for a six figure paycheck is relatively low right now, right?
Based on the things I did, the items I put on my resume, when I last switched jobs there was a bidding war for me. Multiple offers over $90K - for what's on my resume.
> Do not think that because you managed to beat the odds, that your success is the norm.
It's not luck and it's not because I'm special, the companies looked at my resume. The result of the items on my resume is multiple offers over $90K. Most other people on Slashdot would get similar results if they put together a similar resume, by doing the same things I did. That includes listening to YouTube videos in order to get Cisco, Microsoft, and CompTIA certifications, and then based on those certifications, getting college credit. It's a recipe that works.
> likely got their education at a time when it was actually possible to do so without crippling debt
You mean like right now, for example? My tuition at a state school is $6,000 / year. The tax credit is $1,500 / year, so net cost $4,500 / year. Some of my classes had as the final exam the Cisco and Microsoft certification exams. Getting those certs helped increase my income even before I finished school, so I'll finish school with more money in the bank than I started with - essentially a negative amount of student debt.
I majored in Information Technology - Security, so I'll have a six figure income right about the time I graduate.
A person CAN choose to get a worthless degree from an expensive school, or they get can a valuable degree from an affordable school.
You make a good point. On the the other hand, they needed people immediately, who can fill those rules on day one. Had the retirements been planned, they would have spent a month of or more looking for the right candidate, who would then give two weeks notice at their old job, and maybe take a week to pack up and move. Then the new person would spend month getting to know the company and its various systems. So a good outside hire would take about 10 weeks from listing to the job to actually being productive. That's fine if the outgoing person stays while you're looking for a replacement.
In this instance, they needed someone who was ready to fill the role today, and using the pre-selected internal backup makes sense. At my last three jobs, someone was designated as my backup, ready to step into my role if something happened to me, and I was the designated backup for someone else. I do their job while they are on vacation or sick, so I'm ready to take over their position at a moment's notice.
> Not to mention anyone changing jobs
Anyone who leaves their existing job is going to leave a new job opening behind, so that's still an open job.
What it comes down to is how many jobs there are that export something from the community. Foxconn jobs are creating something that will be sold outside of the local community, bringing in cash from outside. Each export job creates three to four local jobs.
Basically, when someone in Colorado or wherever buys an iPad, some of that money ends up paying salaries of Foxconn employees. They spend a large portion that money locally, buying haircuts, burgers, gas, whatever. The hair dresser then spends the money again, much of it locally. The money from outside keeps circulating around the local community until people send it off to Amazon or wherever that's not local.
This discussion is about how people can target their ads, not about totally removing a site from Google's index, or indeed removing it from the web completely.
Suppose you are selling unique cases for Raspberry Pi. You wouldn't want to show that ad to just anybody and everybody at random, that would be wasteful. Instead, you'd want to advertise Pi cases to people who search for "Raspberry Pi", "Pi case", "Pi model B", etc.
When you advertise through Google, you can show your ads to likely buyers by selecting phrases they search for. The author of the article set his ass to run when people search for "Jewish parasite". Google'sâ server let him type that in and run ads when people search for that.
> Google could easily build a filter that could stop 90% or more of these phrases. They will never stop 100%, but they could easily do way better.
If we made a list of objectionable phrases, we may find that Google DID block 90% of them. Without checking, I can't agree with "they could do way better" - we don't know how well they did. We only know that somebody was able to come up with a few phrases that weren't blocked.
> But should they? Is it really their role be society's ideological and moral gatekeepers?
That is indeed a very good question. It gets real interesting when you consider the types of racist things Al Sharpton says, or the things many black comedians say.
There is no need to guess about something that has already happened - thousands of times. This has been studied to death. A new large employer does in fact spur 3 to 4 times as many jobs indirectly as the the number they hire directly.
> already has a bank account is going to need none of that.
People actually do like to have a bank branch near where they work. Whether they open a new account or use an existing account, people with jobs do more banking than people without jobs.
> A guy who gets a lift and eats in the factory canteen also isn't.
The cafeteria is normally a contract operation, staffed by employees of the food service company. The people working to feed the Foxconn employees wouldn't typically be employees of Foxconn, so they wouldn'tâ be counted in the 13,000 number. They would be counted in the 50,000. Guess what - the guy who gets a lift - his ride is just as likely to need gas or a cup of coffee as the Foxconn employees are. Actually MORE likely since there are two people in the car - they are nearly twice as likely to want something from the gas station, not less likely.
Seriously this is not the first large employer to open up. It happens all the time, and it's been extensively studied, so you can very easily find some of the thousand or more studies on the matter. Or, just go drive by where a large employer has recently add a bunch of jobs near you. In all likelihood you'll see a new shopping center very nearby, with a hair cut place such as Great Clips, restaurants, a dentist, a gas station, etc,. Things people use on their lunch break, and before and after work. You can see them for yourself if you don't want to believe any of the studies done after new employees have come in.
The difference is how many they'll directly hire vs indirect effects.
A fast food place might serve 300 people at lunch. If 13,000 Foxconn employees eat burgers, they'll need 43 new fast food places to serve them. If a dozen people are working at each fast food place, that's 520 jobs making lunch for Foxconn employees. Obviously they don't all go to a fast food place every day, but that's the concept. Not just fast food either, of course, some will go to Olive Garden for lunch. On most days, there will be several non-Foxconn employees working at Foxconn's building - electricians, security guards, HVAC people, fire alarm people, somebody checking the fire extinguishers ...
If they each stop at an area gas station once a week, that's 1,800 paying customers a day at gas stations. Which will require 20 new gas stations employing 100 people or whatever. Go through that for all the different things 13,000 people buy in a week.
Then realize that the gas station employees need lunch, and the fast food employees need gas. The employees of the new bank branch need lunch, as do the tradesmen who don't work for Foxconn, but handle Foxconn's needs for air conditioning, electrical work, etc. So there are more restaurants and gas stations needed, etc.
We're seeing these effects in the area where I live. Toyota moved here and the local businesses hired more people - the Toyota employees need to have their oil changed, so the quick line place hired more people. 13,000 Toyota employees buy 3,000 pairs of glasses every year, or so there's another job or two providing eyeglasses to Toyota employees. Nearly every company in the vicinity is hiring more people, and new businesses are opening around the Toyota campus. The three to one ratio implied by the two stories is about right. STEM jobs typically generate about 4.2 other jobs indirectly. So three "created" (spurred) for each Foxconn job is a reasonable number.
> Could WordPress site owners could do more to protect themselves?
Here are three suggestions.
1. Do not have plugins installed that you don't use. A large percentage of Wordpress hacks that I have investigated involve plugins that are no longer in use. The only software that is guaranteed to not make you vulnerable is software you have not installed.
1b. As a corollary, if most of the features of Wordpress are things you are not going to use, do not install WordPress. Smaller, simpler code we'll have fewer vulnerabilities.
2. Hacks, either built-in back doors or simple vulnerabilities, tend to use certain PHP functions such as which can execute external commands, such as exec() and popen(). These can be disabled in php.ini. Disabling these functions will prevent hackers from using them, and they tend to indicate poor quality code anyway. If disabling these function stops the script from running, it *may* have been a poor quality script to begin with.
3. Tools are available to scan PHP code looking for suspect portions. These tools can also look for functions such as exec() or popen which should be looked at to see if they may be either venerable or back doors.
Somebody may say that they use a exec or popen either to retrieve web Resources with wget or to run the imagemagick binaries. It's a better idea to use PHP's built in HTTP functions and to use the imagemagick API via the imagemagick extension. The imagemagick binaries are the UI, the USER interface,to imagemagick. Applications should use the application programming interface or API, not the UI.
> You're comparing products they sell and underwrite vs their own personal best practices
No, I'm comparing internal operating standards with internal operating standards. At my office, we had a fire inspector come through once every two years and look for extension cords being used improperly and that sort of thing. Passing the fire safety inspection lowered the insurance costs that the company paid. Management took care that we did well on the inspection, so that they would get the lower insurance rate.
We ALSO had a cyber security inspection / audit. The results of that inspection did not, however, affect our insurance costs. Therefore the security inspection was less important.
You are of course correct that fire insurance existed long before UL and NFPA, though not so long in the US. The point is that when they did take proactive measures such as UL and NFPA, it worked well - and they know that. They know that if they are going to insure a major office building, they are going to insist on fire safety. Knowing that, having that experience, they can use the results of cyber security inspections in setting rates.
Whether the inspection is outsourced or done by W-2 employees of the insurance company isn't the point. The point is they are starting to expect a passing security audit. Companies are beginning to pay attention to security in order to reduce costs, and hopefully we'll see that trend expand.
> the cost was new hardware due to a program that was written ... Essentially it was a Ruby Gem that was outdated and the whole program would need to be recoded to fix the vulnerability.
And this was why we write software as modules, even microservices, rather than a huge monolithic pile of code. With proper abstraction and encapsulation, a bad problem means that specific 12-line function, or at worst the entire 350-line module, needs to be redone.