In case anyone else was curious like I was, the 50 acres used to provide afternoon power could , if used as farmland instead, feed 250 people a minimal diet, or 20 fat Americans who supersize their Big Macs.
A big difference is probably that with open source you know you don't have glaring issues like a mail client that checks all incoming and outgoing emails for specific keywords, then sends a report to Microsoft and the NSA if any of those keywords are used. It's not that both open source and proprietary can't both have subtle bugs, of course they can. If an open source project such as say Apache decided to start sending tracking data to Apache.org, we'd all know about it before the version was even released, and we'd chop that "feature" right out immediately.
Secondly, fixes are much, much faster, and in high-impact cases the fixes tend to be of much higher quality due to the number of people studying the problem and suggesting fixes. Microsoft publicly acknowledged a problem with IE in 1998. In 2012, they released a half-fix. Florian released the shellshock fix that most people use within 24 hours. Over the next couple of days, many smart people looked at and proposed and released other methods of addressing it, and after a few days it was decided to use Florian's original fix.
As ESR famously said (but with context this time): given enough eyeballs, all bugs are shallow. More formally: Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix will be obvious to someone.
The fix, the proper fix, is likely to be clear to someone when you have perhaps thousands of people looking at an issue like shellshock or heartbleed. The possible solutions are discussed and a solid solution is generally released within hours to days. Contrast that with Microsoft repeatedly needing to publish more patches to fix problems caused their last patch, which they released to fix problems in an earlier patch.
It makes it harder to brute force, but maybe it was already hard enough to brute force. It doesn't help if someone finds a way around the encryption, a shortcut. That happens fairly often.
What happens most often, probably , is in the middle - someone finds a half-shortcut, a way to crack it 10,000 times faster than brute force, but not instantly . In this case, more rounds may or may not matter- it just depends on how gppd the shortcut is and how many iterations you choose.
Also, if the algorithm can be done on in parallel on a GPU, now or in the future , you'd need a crapload of rounds to make much difference. A lot of algorithms that don't appear to be able to run in parallel at first glance actually can be sped up by clever use of parallel processing. Generating rainbow tables (as opposed to dirext lookup tables) is an example of thos sorr of cleverness.
Yep. Where I work, we train first responders, mayors, governors and all sorts of people regarding their roles in an emergency. The states have their roles, the cities and county health departments and leadership have theirs, as do the hospitals, etc, and the CDC and others at the federal level.
What we don't need us a mandate that everything has to be done through a federal agency, maybe via ebola.healthcare.gov. One interesting drill that covers not only infectious disease but also riot is the zombie drill. In the drill, their is a microbe that turns people into zombies. Healthcare workers practice inoculating a lot of people in a hurry, while treating those already infected. City managers and the like practice communications with FEMA,CDC, and other agencies to get the needed information and resources, public information officials stand in front of our TV cameras and practice getting the most important information out in a clear manner, etc. Instructors watch everything via one-way mirrors and record all phone calls, then review the students' performance.
The summary mixes and matches some very different lists. The "no fly list" consists of about 13 people resident in the US and a few hundred who live in other countries and these people aren't allowed to fly into or out of the US - they are to be detained at the border. This suit was about the no-fly list.
Next up, we have the terrorism watch list. This is a mich larger list, too large in my opinion. This is a list of people authorities might look at if something happens, similar to the sex offender registry except it's not public. For example, if someone were to plant a bomb at UCLA, they would check to see of any UCLA students or staff were on the terrorism watch list. If so, authorities would ask those people where they were at the time of the bombing and check those alibis. So it kind of serves as a starting point - these are people who have advocated violence or whatever, so when something happens in their neighborhood it might be worth checking them out.
TFA says "lists", so they may also have in mind other lists such as: People who have exercised their second amendment rights (instant background check system) People licensed to buy and use explosives, such as for road construction or professional fireworks People who have taken courses in cybersecurity, which are federally subsidized
> But Paint Shop Pro on Windows 3.1 had more features than that.
And? She can do what she wants to do. Chromebook has other features too, which she doesn't use. What matters is that it can do what she wants it to do. Things she's not interested in doing don't matter, except that bloat is generally a bad thing.
If you have a text editor, you can write anything. Most operating systems are written with simple text editors. As you made reference to, Windows was written by rearranging fortune cookies, but the others were written with text editors.
Wow, the problems of the world's 1%. If someone catches you ripping off their work, they can have you stop doing so. Poor little you.
Take a look at the world beyond your own room one day. You're not even seeing your neighbor, who spent a year working on yhe song that you ripped off rather than tossing your dollar in to buy it, much less seeing the actual suffering around the world.
I wouldn't want to run a large IDE on an 8-10 inch screen no matter what the OS was. Photoshop and Quartus are the types of things I had in mind when I said for some things you want a 22 inch screen.
Speaking of Photoshop, my wife CAN use ChromeOS to adjust the brightness and contrast of her photos before posting them to Facebook. It's a device for home use, not for work. Even at work, I have four large monitors at work. One monitor has my email, one has terminal sessions, often with vim, and one monitor has Chrome. Most of my time even at work is spent in email, a terminal/ vim, snd a web browser. The Chromebook can do those things. For heavy Photoshop, yes you want a desktop eith a large screen. For anything you'd pick up a handheld device for, the Chromebook is a hood choice.
Thanks for that. Do you happen to know if someone using this to measure some fancy multi-phase AC would also see the DC, without specifically looking for it?
Most of what I do could be done on a cheap one, but not everything can be, most notably Adobe Flash development is a lot easier with the Flash, which is based on Eclipse. Other things could be done on the Chromebook, but can be done faster with a Core i7. The third reason is that my expensive machines were purchased with taxpayer money. Government spending doesn't always make perfect sense.
New Zealand does have an extradition treaty with the US, and recognizes money laundering and racketeering as felonies. The precise opposite set of facts vs GGP's imagination.
It's not like they are removing local storage. The gui just won't automatically mount ext3-formatted SD cards. You can still use ntfs or vfat cards, along with the built-in storage.
My wife loves hers, which she uses for web browsing, email, YouTube, etc. The instant boot in a small laptop form factor is nice. I'm a long-time Linux developer, and as long as I have a terminal I'm good to go. I would probably choose a Chromebook over a tablet. As it is, my employer bought me a maxed out MacBook Pro, so that covers me for an instant- on device with keyboard and terminal. If I didn't have that I'd probably get a Chromebook like my wife's for every day use around the house like reading Slashdot.
Same here. I had used Linix exclusively for fifteen years, so I installed a full-featured Linux distribution for dual boot. It's never been booted to the big Linux except that one day. ChromeOS does everything we've ever wanted to do on a small machine. Almost everything I do with my $2,500 big machine could be done within ChromeOS too, but for some things you want a 22 inch screen.
"Don't screw your neighbors wife" is a social norm in most parts of 21 century USA, but it's been a punishable law in most places for most of the last 10,000 years. "Gave the law unto Moses..." is a familiar phrase to Muslims, Jews, and Christians. Even in 21st century USA, it's enforced by a court who will formally throw the offender out of town.
The US treaty with Turkey is first limited to crimes which BOTH countries consider felonies. That requirement is on page 1. Them there's another 20 pages of requirements for it to apply.
On the device, the data that is encrypted uses a key derived from the password or pin. This is very similar to how you'd encrypt any local file. Anything you can still get to after forgetting your password and resetting it obviously was not encrypted with that forgotten password.
On their cloud, some things are technically encrypted, but the encryption isn't very effective. Anything you can access via their website or apps, including email and photos, they have access to. Email is a good example- their web site shows you the To, From, and Subject lines of the messages, so obviously their server has access to read the emails.
In general, encryption of live, working data on a server is _often_ largely security theatre. Sure, if a bad guy physically broke into the datacenter and walked out with the server, the encryption of the disk would make it hard for him to access the data. As long as the server is up and running, any data the server can access can also be accessed by a hacker with a presence on that server. In these cases, the key is for one of the server's disks, so it's generated by Apple and probably sitting on the same server where the data is. With tens of thousands of servers, you don't have human beings walking around typing in passwords, so the key needs to be on the server. If the hacker is in the server...
The data is encrypted in transit via ssl/tls. For that time period, it's encrypted via tls/ ssl. First Apple's ssl key is used, then a per-connection key is generated.
Holes, where the data is not encrypted at all, and there is no key, occur at transition points. They web server takes the ssl encrypted data, decrypts it, and hands it off to the storage layer to be "encrypted" on disk. Quotes are on the disk encryption because as discussed above the encryption on disk is largely illusory. Similarly with the transition from your phone to the upload to the server. Your phone decrypts it with your key, encrypts it with the ssl key, and then sends it to the server.
Those transition points in which the data is unencrypted are vulnerable points which are targeted for attack. I've confirmed at least one case where I've seen the transition point on the server compromised. Fortunately, I _think_ I may the one who tapped the data and logged at it that point, for debugging and recovery purposes. I forgot to turn off the logging when we went into full production, I think.
I wouldn't disagree with any of what you said.* Also, I probably wouldn't hire anyone who lied in the interview and said they'd never exceeded the speed limit. Our company has a simple set of rules - we don't lie, cheat, steal or tolerate those who do. That sentence ends with a period, not an asterisk. TFH says they won't hire people who LIE about having stolen music.
* You said most people view skipping out on the payment for your music similarly to speeding. Most young people probably do see it that way. As someone who lost a long-successful businesses when customers stopped paying and started stealing instead, I see it more like shoplifting. When huge numbers of people start shoplifting, we call that looting, and it destroys the very source of goods that it targets. That makes it unsustainable.
Based on shopper surveys, people who shoplift steal from the same stores where they shop.
It doesn't matter a whit WHO they're ripping off. The simple fact is that a few years ago most people stopped paying for the software they use at home. A whole generation of teenagers simply did not pay for the music which they took, they effectively shoplifted their entertainment. They didn't buy box sets, they didn't buy anything. When a few scumbags take it without paying , that increases prices for others in order to cover the cost of production. When EVERYBODY is ripping you off, when no one is paying, the producers go out of business.
What you quoted is often true. It's either secure or not.
On the other hand, If I encrypt some data, it can only be decrypted with the key. Theoretically, only I have the key, so only I can decrypt it. However, in at least one major instance, it's believed that the NSA also has a key*. If only me and the NSA have keys, the data is available to me and the NSA, but no one else. Whether that's good bad, the idea is that only two parties have keys. The attacker doesn't have my key, and the attacker doesn't have the NSA key.
* Actually more like NSA has half the key, and therefore only needs to construct the other half on a per-user basis. This is because each user's key is derived partially based on NSA-controlled numbers. (Initialization vectors) .
In case anyone else was curious like I was, the 50 acres used to provide afternoon power could , if used as farmland instead, feed 250 people a minimal diet, or 20 fat Americans who supersize their Big Macs.
Just an interesting factoid.
A big difference is probably that with open source you know you don't have glaring issues like a mail client that checks all incoming and outgoing emails for specific keywords, then sends a report to Microsoft and the NSA if any of those keywords are used. It's not that both open source and proprietary can't both have subtle bugs, of course they can. If an open source project such as say Apache decided to start sending tracking data to Apache.org, we'd all know about it before the version was even released, and we'd chop that "feature" right out immediately.
Secondly, fixes are much, much faster, and in high-impact cases the fixes tend to be of much higher quality due to the number of people studying the problem and suggesting fixes. Microsoft publicly acknowledged a problem with IE in 1998. In 2012, they released a half-fix. Florian released the shellshock fix that most people use within 24 hours. Over the next couple of days, many smart people looked at and proposed and released other methods of addressing it, and after a few days it was decided to use Florian's original fix.
As ESR famously said (but with context this time):
given enough eyeballs, all bugs are shallow. More formally: Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix will be obvious to someone.
The fix, the proper fix, is likely to be clear to someone when you have perhaps thousands of people looking at an issue like shellshock or heartbleed. The possible solutions are discussed and a solid solution is generally released within hours to days. Contrast that with Microsoft repeatedly needing to publish more patches to fix problems caused their last patch, which they released to fix problems in an earlier patch.
The log matches a Cisco firewall attempting to block malware and such being sent out.
It replaces all unknown / unsupported smtp commands with XXXXXX.
http://www.cisco.com/c/en/us/t...
It makes it harder to brute force, but maybe it was already hard enough to brute force.
It doesn't help if someone finds a way around the encryption, a shortcut. That happens fairly often.
What happens most often, probably , is in the middle - someone finds a half-shortcut, a way to crack it 10,000 times faster than brute force, but not instantly . In this case, more rounds may or may not matter- it just depends on how gppd the shortcut is and how many iterations you choose.
Also, if the algorithm can be done on in parallel on a GPU, now or in the future , you'd need a crapload of rounds to make much difference. A lot of algorithms that don't appear to be able to run in parallel at first glance actually can be sped up by clever use of parallel processing. Generating rainbow tables (as opposed to dirext lookup tables) is an example of thos sorr of cleverness.
Yep. Where I work, we train first responders, mayors, governors and all sorts of people regarding their roles in an emergency.
The states have their roles, the cities and county health departments and leadership have theirs, as do the hospitals, etc, and the CDC and others at the federal level.
What we don't need us a mandate that everything has to be done through a federal agency, maybe via ebola.healthcare.gov.
One interesting drill that covers not only infectious disease but also riot is the zombie drill. In the drill, their is a microbe that turns people into zombies. Healthcare workers practice inoculating a lot of people in a hurry, while treating those already infected. City managers and the like practice communications with FEMA,CDC, and other agencies to get the needed information and resources, public information officials stand in front of our TV cameras and practice getting the most important information out in a clear manner, etc. Instructors watch everything via one-way mirrors and record all phone calls, then review the students' performance.
The summary mixes and matches some very different lists. The "no fly list" consists of about 13 people resident in the US and a few hundred who live in other countries and these people aren't allowed to fly into or out of the US - they are to be detained at the border. This suit was about the no-fly list.
Next up, we have the terrorism watch list. This is a mich larger list, too large in my opinion. This is a list of people authorities might look at if something happens, similar to the sex offender registry except it's not public. For example, if someone were to plant a bomb at UCLA, they would check to see of any UCLA students or staff were on the terrorism watch list. If so, authorities would ask those people where they were at the time of the bombing and check those alibis. So it kind of serves as a starting point - these are people who have advocated violence or whatever, so when something happens in their neighborhood it might be worth checking them out.
TFA says "lists", so they may also have in mind other lists such as:
People who have exercised their second amendment rights (instant background check system)
People licensed to buy and use explosives, such as for road construction or professional fireworks
People who have taken courses in cybersecurity, which are federally subsidized
I'm on the last three lists.
X forwarding is supposed to work via -Y. If you tried with -X, you might try again with -Y.
> But Paint Shop Pro on Windows 3.1 had more features than that.
And? She can do what she wants to do. Chromebook has other features too, which she doesn't use. What matters is that it can do what she wants it to do. Things she's not interested in doing don't matter, except that bloat is generally a bad thing.
If you have a text editor, you can write anything. Most operating systems are written with simple text editors. As you made reference to, Windows was written by rearranging fortune cookies, but the others were written with text editors.
Wow, the problems of the world's 1%. If someone catches you ripping off their work, they can have you stop doing so. Poor little you.
Take a look at the world beyond your own room one day. You're not even seeing your neighbor, who spent a year working on yhe song that you ripped off rather than tossing your dollar in to buy it, much less seeing the actual suffering around the world.
I wouldn't want to run a large IDE on an 8-10 inch screen no matter what the OS was. Photoshop and Quartus are the types of things I had in mind when I said for some things you want a 22 inch screen.
Speaking of Photoshop, my wife CAN use ChromeOS to adjust the brightness and contrast of her photos before posting them to Facebook. It's a device for home use, not for work. Even at work, I have four large monitors at work. One monitor has my email, one has terminal sessions, often with vim, and one monitor has Chrome. Most of my time even at work is spent in email, a terminal/ vim, snd a web browser. The Chromebook can do those things. For heavy Photoshop, yes you want a desktop eith a large screen. For anything you'd pick up a handheld device for, the Chromebook is a hood choice.
Thanks for that. Do you happen to know if someone using this to measure some fancy multi-phase AC would also see the DC, without specifically looking for it?
Most of what I do could be done on a cheap one, but not everything can be, most notably Adobe Flash development is a lot easier with the Flash, which is based on Eclipse. Other things could be done on the Chromebook, but can be done faster with a Core i7. The third reason is that my expensive machines were purchased with taxpayer money. Government spending doesn't always make perfect sense.
New Zealand does have an extradition treaty with the US, and recognizes money laundering and racketeering as felonies.
The precise opposite set of facts vs GGP's imagination.
It's not like they are removing local storage. The gui just won't automatically mount ext3-formatted SD cards. You can still use ntfs or vfat cards, along with the built-in storage.
My wife loves hers, which she uses for web browsing, email, YouTube, etc. The instant boot in a small laptop form factor is nice.
I'm a long-time Linux developer, and as long as I have a terminal I'm good to go. I would probably choose a Chromebook over a tablet. As it is, my employer bought me a maxed out MacBook Pro, so that covers me for an instant- on device with keyboard and terminal. If I didn't have that I'd probably get a Chromebook like my wife's for every day use around the house like reading Slashdot.
That's true. I thought about digging into it, but given my schedule vs how much I care, I'll probably not spend the time on it.
Same here. I had used Linix exclusively for fifteen years, so I installed a full-featured Linux distribution for dual boot. It's never been booted to the big Linux except that one day. ChromeOS does everything we've ever wanted to do on a small machine. Almost everything I do with my $2,500 big machine could be done within ChromeOS too, but for some things you want a 22 inch screen.
"Don't screw your neighbors wife" is a social norm in most parts of 21 century USA, but it's been a punishable law in most places for most of the last 10,000 years. "Gave the law unto Moses ..." is a familiar phrase to Muslims, Jews, and Christians. Even in 21st century USA, it's enforced by a court who will formally throw the offender out of town.
The US does not have an extradition treaty with Saudi Arabia.
http://en.m.wikipedia.org/wiki...
The US treaty with Turkey is first limited to crimes which BOTH countries consider felonies. That requirement is on page 1.
Them there's another 20 pages of requirements for it to apply.
On the device, the data that is encrypted uses a key derived from the password or pin. This is very similar to how you'd encrypt any local file. Anything you can still get to after forgetting your password and resetting it obviously was not encrypted with that forgotten password.
On their cloud, some things are technically encrypted, but the encryption isn't very effective. Anything you can access via their website or apps, including email and photos, they have access to. Email is a good example- their web site shows you the To, From, and Subject lines of the messages, so obviously their server has access to read the emails.
In general, encryption of live, working data on a server is _often_ largely security theatre. Sure, if a bad guy physically broke into the datacenter and walked out with the server, the encryption of the disk would make it hard for him to access the data. As long as the server is up and running, any data the server can access can also be accessed by a hacker with a presence on that server. In these cases, the key is for one of the server's disks, so it's generated by Apple and probably sitting on the same server where the data is. With tens of thousands of servers, you don't have human beings walking around typing in passwords, so the key needs to be on the server. If the hacker is in the server ...
The data is encrypted in transit via ssl/tls. For that time period, it's encrypted via tls/ ssl. First Apple's ssl key is used, then a per-connection key is generated.
Holes, where the data is not encrypted at all, and there is no key, occur at transition points. They web server takes the ssl encrypted data, decrypts it, and hands it off to the storage layer to be "encrypted" on disk. Quotes are on the disk encryption because as discussed above the encryption on disk is largely illusory. Similarly with the transition from your phone to the upload to the server. Your phone decrypts it with your key, encrypts it with the ssl key, and then sends it to the server.
Those transition points in which the data is unencrypted are vulnerable points which are targeted for attack. I've confirmed at least one case where I've seen the transition point on the server compromised. Fortunately, I _think_ I may the one who tapped the data and logged at it that point, for debugging and recovery purposes. I forgot to turn off the logging when we went into full production, I think.
I wouldn't disagree with any of what you said.* Also, I probably wouldn't hire anyone who lied in the interview and said they'd never exceeded the speed limit. Our company has a simple set of rules - we don't lie, cheat, steal or tolerate those who do. That sentence ends with a period, not an asterisk. TFH says they won't hire people who LIE about having stolen music.
* You said most people view skipping out on the payment for your music similarly to speeding. Most young people probably do see it that way. As someone who lost a long-successful businesses when customers stopped paying and started stealing instead, I see it more like shoplifting. When huge numbers of people start shoplifting, we call that looting, and it destroys the very source of goods that it targets. That makes it unsustainable.
Based on shopper surveys, people who shoplift steal from the same stores where they shop.
It doesn't matter a whit WHO they're ripping off. The simple fact is that a few years ago most people stopped paying for the software they use at home. A whole generation of teenagers simply did not pay for the music which they took, they effectively shoplifted their entertainment. They didn't buy box sets, they didn't buy anything. When a few scumbags take it without paying , that increases prices for others in order to cover the cost of production. When EVERYBODY is ripping you off, when no one is paying, the producers go out of business.
What you quoted is often true. It's either secure or not.
On the other hand, If I encrypt some data, it can only be decrypted with the key. Theoretically, only I have the key, so only I can decrypt it. However, in at least one major instance, it's believed that the NSA also has a key*. If only me and the NSA have keys, the data is available to me and the NSA, but no one else. Whether that's good bad, the idea is that only two parties have keys. The attacker doesn't have my key, and the attacker doesn't have the NSA key.
* Actually more like NSA has half the key, and therefore only needs to construct the other half on a per-user basis. This is because each user's key is derived partially based on NSA-controlled numbers. (Initialization vectors) .
"Ron Paul OR even somebody sane". Read it whichever way you wish -
Either Paul or somebody sane
Either Paul or somebody else sane
Two choices on how you want to read that.