The summary mentioned $900 billion stock price on profit of $2.5/quarter, or $10 billion / year. So that's a multiple of 90 - saying the company is worth 90 times as much as it earns. Amazon had revenue of $177 billion, so the stock price is five times revenue.
The ratios are important to investors - they tell you how much investors earn per dollar invested. For Amazon, every dollar invested means your share of profit is 11 cents.
Here are some comparisons to other companies. General Mills: $16B revenue, $2.5B profit, $26B valuation. Ratios: 1.6 x revenue, 10x profit.
So typically for an established company, for each dollar invested you should see about 12 cents profit. Tesla is of course the exception in the list. For each dollar invested, there was 25 cents lost.
So I take it you're suggesting that we should build Hoover Dam style installations in California?
Which canyons do you have in mind to dam? The lake behind Hoover Dam, Lake Meade, is 247 square miles. You've suggested that's fine to go ahead and flood 247 square miles at various places in California. Cool, where? Which 247 square miles area upstream of a deep canyon would you suggest destroying?
Are you suggesting that killing a quarter million people is also an acceptable cost of building each power plant, or do you have some locations in mind that don't have any cities downstream, so we don't have another Banqiao?
You mean like Raymond Williams, Daryl Duncan, Penny Duncan, from U.S. Technology Corporation? And William Terry Wright, president of Explo? Those were last month. In May we had guys like Gavin Rexer, Dennis Paulhamus Timothy Sweitzer, Joseph Powell, and John Joseph from Rockwater Northeast. This month it's Trey Glenn headed to prison.
You bring up some good questions. With a little investigation, you can discover that the CEO did not order the network security tech "be careless about how you configure the zones on the ASA". The CEO doesn't know what an ASA is, and the tech has never met the CEO. So it gets rather complicated.
When there is a specific law related to an overt act, such as dumping toxic waste somewhere, you may be able to follow the chain of command and figure out who knew what and who authorized what. The problem at Equifax was mostly not be careful on general. There was no one item that they did or failed to do which caused the breach. Their security just generally sucked all around, they were sloppy. Notice "they" is plural. Even if they had updated the application that was actually used in the breach, the bad guys would have just used one of their other security holes. Anyway, no boss sent out a memo saying "be sure to be sloppy about updating software".
So I don't think you can pin this on one person, or a few people. What you CAN do is identify who profited from their decision to be sloppy, to not invest in security. That would the shareholders. They can be penalized by taking the money that they inappropriately got by failing to pay for proper security, and perhaps more. The way you get money back from the shareholders is by fining the company.
One way to divide power systems is those that need to be reliable versus those that can be used whenever they happen to be available.
A few hours of storage is useful for "if we happen to have that's cool, if not we'll just use the natural gas plant". Large storm systems and other weather patterns can easily last several days, occasionally a week or more, so if you want to make weather-dependent power reliable, you need at least a week of storage.
I think you mean centuries. The first business corporations were for road building and other government contracts in ancient Rome. An individual mason couldn't build a road, a baker couldn't feed the army. Together, a thousand craftsmen could bid to do these things. If the project was late, or there were quality problems, the corporation so established would be penalized for the poor performance, rather than trying to figure out which of the many workers caused the delay. If it was finished ahead of schedule, the contract could include a bonus the bakers' corporation. If a road needed certain materials, the road building corporation could make a deal to buy 100 tons of pitch - you didn't need a single ultra-wealthy individual to personally buy enough material to build a road. The corporation meant ordinary workers, together, could do so. If there was a dispute with the pitch merchant, the merchant could bring an action against the corporation before the magistrate, rather than individually suing each of the 1,000 road workers.
> Throw their asses in prison for decades
Okay, which executives? How many decades should the head of accounting, the CFO, serve for the carelessness of some people in IT? The vice president of marketing? How about the head of HR? Penalizing the corporation, and thus the people who made money from it solves this issue.
Suppose you have a gallon of milk. In fact, go grab one from the fridge right now since this is unclear to you. As you've already considered, you can release some potential energy by allowing the gallon of milk to fall - it's weight could power a generator. Let's call the amount of power "one milk-fall". That's our unit of measurement.
Now if you were to lift it back up again and then use it's fall to power the generator again, that wouldn't be generating more power, because you'd be USING energy to lift it, then recovering that energy. You could lift it ten times and let it fall ten times to get 10 milk-fall of power from the generator, but you'd have to use 10 milk-fall of power to lift it, so that would be a waste.
Now suppose *I* do the lifting for you, for free. I keep lifting it up, then you keep powering your generator with its weight, getting power from it. YOU could get 10 milk-fall of power out, I would be putting the power in.
Suppose I have a solar panel, which produces good power from 10AM-3PM on sunny, cloudless days. You need power in the evening, and when it's cloudy. I use my solar power to lift it at 2PM on a sunny day. You can then retrieve that power by letting it fall in the evening, while people are home with their lights on and they are cooking dinner. We've effectively shifted the benefit of solar power from around noon into the evening.
This makes sense at Hoover dam. There is 100 square miles already flooded which can be topped up by pumping water up around noon. The mountains are in place to hold the water where it needs to be. There isn't major city downstream that will be destroyed when the dam eventually fails, etc.
Yes, this makes perfect sense in the right location. Mountains with the right geography, and of course building the dam flooded 100 square miles. So where you have just the right geography, and you don't mind destroying everything upstream for hundreds of square miles, at can make sense. Well, except consider Banqiao.
As Banqiao and other dams show, you also need to be okay with destroying everything downstream for many miles. Given all those conditions, it works well. Hoover dam is one of very few places in the US where it's a good fit.
You're free to hire him to run your projects, directing your people.
As for me, I won't be putting someone who constantly talks about the joy of child molestation in charge of *my* people. O care enough about the people in my sphere of influence that I wouldn't subject them to whatever this sicko may do next. You can, though. Do expect to be sued when he continues to be a sick bastard, because you knew about it when you hired him and put him in a position to hurt others.
> People develop, people change. Maybe he did get help?
Maybe he did, and refused to acknowledge that to Disney executives. Or maybe his interest in child molestation has developed in the way things normally develop. In general, things tend to develop further, whatever something does, it tends to develop to do more so. Small trees become larger trees, they don't generally become carrots. A leaning fence tends tends to lean further until it falls, it doesn't tend to right itself.
I'm not going to put him in charge of any of my people and projects. You can ask him to run your projects and take care of your people. I would suggest that if you choose to do that, you first get a REALLY good liability insurance policy or two, because you're KNOWINGLY putting an admitted pedophile in that position.
> make them think you're incredibly stupid
He did a very good job of making yrm think he's a pedophile, and spends a lot of time smiling while thinking about molesting children. Here's something I learned the hard way in the context of dating:
If a woman you've just met tells you she's crazy and dangerous, BELIEVE HER.
He's told us, over and over, that he thoroughly enjoys his child molestation fantasies. Until I have a darn good reason not to, I'm going to believe him.
> You can watch a vertical video on a phone, a tablet, or a vertical monitor
More specifically, you can watch it on the bottom 20% of your phone, while the top 80% of the screen is wasted. That's for most videos filmed vertically. Far into the sky normally isn't interesting, nor do I need to see somebody's feet while you're interviewing them.
Copying from everything NASA has learned over the years is a bit easier than coming up with everything for the first time.
That said, when you're spending other people's money, taxpayer money, some people tend to be much less frugal than when they are spending their own money. NASA, like nearly all government, has certainly had some wasteful spending.
> even if only random data now. someone will figure out how to get specific data.
They will and they did, it seems. I just read more about it. The basic attack would be ~random data, but people have combined it with other very clever ideas to be able to target certain memory locations.
In those cases in which they can access memory through the kernel, such as the networking portion of the kernel, address randomization is bypassed.
Until this attack, the attacker needed to run some code, which could be JavaScript. So infect a site, or lure a victim to your site, trumptweettoomuch.com, and you've got your code execution.
The BASIC idea would be your JavaScript does something with the byte 01010111 10,000 times and measures how long that takes, then compares it to the same operation with byte 01011111. That allows you to know if certain other programs are using either of those bytes in their data. Run through a million iterations of trying combinations and you've retrieved the contents of another processes memory - or the kernel memory. That's the part that let's your code step out of its own process.
Combine the ability to read the memory of other processes with a few other clever hacker techniques and you get the ability to read specific memory contents from specific locations.
What's new in this attack is that the attacker doesn't need to run any code on the victim machine. Instead, they send 20,000 packets, half include the 01010111 byte, half include the 01011111 byte. The timing of the network driver, and therefore the timing of the responses, will vary depending on whether a different piece of system software is using the same byte. Combine that with earlier techniques and you have the ability to read the memory of programs running on the machine, without you running any code on the machine.
These are a BIG deal for the theoretical security of the machine. The practical use is much harder, especially over the network. They achieved 15 bits per hour by saturating a direct gigabit connection. That's not very practical, unless you happen to be attacking a VM, coming from another VM on the same host hardware.
> Using Twitter is like playing Russian Roulette. Every time you tweet, you pull the trigger. > case in point: James Gunn
So what you're saying is every time you talk, things like this might spill out of your mouth?:
"I like when little boys touch me in my silly place." -- James Gunn
"The best thing about being raped is when youâ(TM)re done being raped and itâ(TM)s like 'whew this feels great, not being raped!'" -- James Gunn
"walked over a table to one of the kid actors on set, looked at the kid, and started masturbating right at him.... A string of semen shot out of the mini-monkey-wood and splash-landed DIRECTLY ON THE KID. Screaming and freaking out commenced. I know it might be sick, but that story makes me extremely happy." -- James Gunn
"Watching Trapped in the Closet, R Kellyâ(TM)s second best video after the one where he urinates on a child.â -- James Gunn
If these are the kinds of things you might randomly say, your Russian roulette, please - get help.
Legal cabs are limited by the number of taxi licenses, known as medallions. A New York can medallion sells for about $500,000, because that's how limited the supply is.
It would be a REALLY crappy backdoor. In this case, you're leaving looking at 15 bits per hour of random data, which will most likely be one pixel of a YouTube video or something equally interesting. Completely useless in most cases. Theoretically the bits you get might be a key, but they might also be anything else that the computer handled, and most of what computers handle isn't security keys.
Any time you have cache, things in the cache will be faster to access than things not in the cache. That's kinda the whole point of having a cache, to speed up access to data that is used many times in a row. Caches of various are extremely important to computing, too - the can often make operations an order of magnitude faster. So nothing either sinister or stupid there - it's a simple and cheap method to make the computer run much faster.
These general types of mechanisms will continue to exist, too. The only way you get rid of them, or many of them, is to run a completely separate, very simple (and slow) computer inside your desktop which is only used for security-sensitive operations AND have all applications use it, every time. A separate computer inside your computer, that gets ALL of your security keys? The more paranoid amongst us would have a field day with that.
My own experience has been the opposite. When I do a test or look for data to prove/test my own ideas, no matter how hard I try I can't completely get away from confirmation bias. I suppose if I tried hard enough, I could end up with reverse confirmation bias - designing the experiment and looking at the data in a way designed to prove the opposite. That's still bias.
When I look at results from people who were NOT trying to test my pet theory, who were collecting the data for an unrelated reason, I can both find surprising facts I wasn't looking for and have a degree of confidence that the experiment and data weren't subconsciously (or conciously) biased, because the people collecting the data weren't even interested in the question I'm considering.
Having said all of that, isolating variables is a real thing.
Slashdot Mirror
The summary mentioned $900 billion stock price on profit of $2.5/quarter, or $10 billion / year. So that's a multiple of 90 - saying the company is worth 90 times as much as it earns.
Amazon had revenue of $177 billion, so the stock price is five times revenue.
The ratios are important to investors - they tell you how much investors earn per dollar invested. For Amazon, every dollar invested means your share of profit is 11 cents.
Here are some comparisons to other companies.
General Mills: $16B revenue, $2.5B profit, $26B valuation. Ratios: 1.6 x revenue, 10x profit.
Hewlett Packard: $28B revenue, $3B earnings, $24B valuation. Ratios: 0.8x revenue, 8x earnings.
H&R Block $3B revenue, $0.8B earnings, $5B valuation
Ratio: 8x earnings, 2x revenue.
Charter Communications: $42B revenue, $8B earnings,
$65B valuation. Ratios: 8x earnings, 1.5x revenue
Macy's: $25B revenue, $1.5B earnings, $12B valuation. Ratios: 7.5x earnings, 0.5x revenue.
Kraft Heinz: $26B revenue, $11B earnings, $73B valuation. Ratios: 6.7x earnings, 2.8x revenue.
Tesla: $12B revenue, -$3B earnings, $51B stock valuation. Ratios: -17x earnings, 4x revenue.
So typically for an established company, for each dollar invested you should see about 12 cents profit. Tesla is of course the exception in the list. For each dollar invested, there was 25 cents lost.
So I take it you're suggesting that we should build Hoover Dam style installations in California?
Which canyons do you have in mind to dam? The lake behind Hoover Dam, Lake Meade, is 247 square miles. You've suggested that's fine to go ahead and flood 247 square miles at various places in California. Cool, where? Which 247 square miles area upstream of a deep canyon would you suggest destroying?
Are you suggesting that killing a quarter million people is also an acceptable cost of building each power plant, or do you have some locations in mind that don't have any cities downstream, so we don't have another Banqiao?
That should be:
I love it when the light bulb goes on.
I guess predictive text figured "I love ..." should be followed by "you".
I guess I love you too. :)
I love it when you the light bulb goes on.
> Did the IT director ever put in a request for additional personnel, funding, or authorizations to address their poor security?
Equifax, throughout the company, had a culture of sloppy. It was sloppy before that IT director arrived. More people doesn't fix sloppy.
The CEO *tried* to blame one of the techs. That didn't go over so well.
You mean like Raymond Williams, Daryl Duncan, Penny Duncan, from U.S. Technology Corporation? And William Terry Wright, president of Explo? Those were last month. In May we had guys like Gavin Rexer, Dennis Paulhamus Timothy Sweitzer, Joseph Powell, and John Joseph from Rockwater Northeast. This month it's Trey Glenn headed to prison.
You bring up some good questions. With a little investigation, you can discover that the CEO did not order the network security tech "be careless about how you configure the zones on the ASA". The CEO doesn't know what an ASA is, and the tech has never met the CEO. So it gets rather complicated.
When there is a specific law related to an overt act, such as dumping toxic waste somewhere, you may be able to follow the chain of command and figure out who knew what and who authorized what. The problem at Equifax was mostly not be careful on general. There was no one item that they did or failed to do which caused the breach. Their security just generally sucked all around, they were sloppy. Notice "they" is plural. Even if they had updated the application that was actually used in the breach, the bad guys would have just used one of their other security holes. Anyway, no boss sent out a memo saying "be sure to be sloppy about updating software".
So I don't think you can pin this on one person, or a few people. What you CAN do is identify who profited from their decision to be sloppy, to not invest in security. That would the shareholders. They can be penalized by taking the money that they inappropriately got by failing to pay for proper security, and perhaps more. The way you get money back from the shareholders is by fining the company.
One way to divide power systems is those that need to be reliable versus those that can be used whenever they happen to be available.
A few hours of storage is useful for "if we happen to have that's cool, if not we'll just use the natural gas plant". Large storm systems and other weather patterns can easily last several days, occasionally a week or more, so if you want to make weather-dependent power reliable, you need at least a week of storage.
> the U.S. Supreme Court has waved for decades
I think you mean centuries. The first business corporations were for road building and other government contracts in ancient Rome. An individual mason couldn't build a road, a baker couldn't feed the army. Together, a thousand craftsmen could bid to do these things. If the project was late, or there were quality problems, the corporation so established would be penalized for the poor performance, rather than trying to figure out which of the many workers caused the delay. If it was finished ahead of schedule, the contract could include a bonus the bakers' corporation. If a road needed certain materials, the road building corporation could make a deal to buy 100 tons of pitch - you didn't need a single ultra-wealthy individual to personally buy enough material to build a road. The corporation meant ordinary workers, together, could do so. If there was a dispute with the pitch merchant, the merchant could bring an action against the corporation before the magistrate, rather than individually suing each of the 1,000 road workers.
> Throw their asses in prison for decades
Okay, which executives? How many decades should the head of accounting, the CFO, serve for the carelessness of some people in IT? The vice president of marketing? How about the head of HR? Penalizing the corporation, and thus the people who made money from it solves this issue.
Suppose you have a gallon of milk. In fact, go grab one from the fridge right now since this is unclear to you. As you've already considered, you can release some potential energy by allowing the gallon of milk to fall - it's weight could power a generator. Let's call the amount of power "one milk-fall". That's our unit of measurement.
Now if you were to lift it back up again and then use it's fall to power the generator again, that wouldn't be generating more power, because you'd be USING energy to lift it, then recovering that energy. You could lift it ten times and let it fall ten times to get 10 milk-fall of power from the generator, but you'd have to use 10 milk-fall of power to lift it, so that would be a waste.
Now suppose *I* do the lifting for you, for free. I keep lifting it up, then you keep powering your generator with its weight, getting power from it. YOU could get 10 milk-fall of power out, I would be putting the power in.
Suppose I have a solar panel, which produces good power from 10AM-3PM on sunny, cloudless days. You need power in the evening, and when it's cloudy. I use my solar power to lift it at 2PM on a sunny day. You can then retrieve that power by letting it fall in the evening, while people are home with their lights on and they are cooking dinner. We've effectively shifted the benefit of solar power from around noon into the evening.
This makes sense at Hoover dam. There is 100 square miles already flooded which can be topped up by pumping water up around noon. The mountains are in place to hold the water where it needs to be. There isn't major city downstream that will be destroyed when the dam eventually fails, etc.
Yes, this makes perfect sense in the right location. Mountains with the right geography, and of course building the dam flooded 100 square miles. So where you have just the right geography, and you don't mind destroying everything upstream for hundreds of square miles, at can make sense. Well, except consider Banqiao.
As Banqiao and other dams show, you also need to be okay with destroying everything downstream for many miles. Given all those conditions, it works well. Hoover dam is one of very few places in the US where it's a good fit.
You're free to hire him to run your projects, directing your people.
As for me, I won't be putting someone who constantly talks about the joy of child molestation in charge of *my* people. O care enough about the people in my sphere of influence that I wouldn't subject them to whatever this sicko may do next. You can, though. Do expect to be sued when he continues to be a sick bastard, because you knew about it when you hired him and put him in a position to hurt others.
> People develop, people change. Maybe he did get help?
Maybe he did, and refused to acknowledge that to Disney executives. Or maybe his interest in child molestation has developed in the way things normally develop. In general, things tend to develop further, whatever something does, it tends to develop to do more so. Small trees become larger trees, they don't generally become carrots. A leaning fence tends tends to lean further until it falls, it doesn't tend to right itself.
I'm not going to put him in charge of any of my people and projects. You can ask him to run your projects and take care of your people. I would suggest that if you choose to do that, you first get a REALLY good liability insurance policy or two, because you're KNOWINGLY putting an admitted pedophile in that position.
> make them think you're incredibly stupid
He did a very good job of making yrm think he's a pedophile, and spends a lot of time smiling while thinking about molesting children. Here's something I learned the hard way in the context of dating:
If a woman you've just met tells you she's crazy and dangerous, BELIEVE HER.
He's told us, over and over, that he thoroughly enjoys his child molestation fantasies. Until I have a darn good reason not to, I'm going to believe him.
> You can watch a vertical video on a phone, a tablet, or a vertical monitor
More specifically, you can watch it on the bottom 20% of your phone, while the top 80% of the screen is wasted. That's for most videos filmed vertically. Far into the sky normally isn't interesting, nor do I need to see somebody's feet while you're interviewing them.
Copying from everything NASA has learned over the years is a bit easier than coming up with everything for the first time.
That said, when you're spending other people's money, taxpayer money, some people tend to be much less frugal than when they are spending their own money. NASA, like nearly all government, has certainly had some wasteful spending.
>> municipalities being able to pick up some of these assets to run on their own?
> not trying to run an ISP dipshit
Reading comprehension fail.
If you really want the details, they are in the paper.
https://misc0110.net/web/files...
> even if only random data now. someone will figure out how to get specific data.
They will and they did, it seems. I just read more about it.
The basic attack would be ~random data, but people have combined it with other very clever ideas to be able to target certain memory locations.
In those cases in which they can access memory through the kernel, such as the networking portion of the kernel, address randomization is bypassed.
Until this attack, the attacker needed to run some code, which could be JavaScript. So infect a site, or lure a victim to your site, trumptweettoomuch.com, and you've got your code execution.
The BASIC idea would be your JavaScript does something with the byte 01010111 10,000 times and measures how long that takes, then compares it to the same operation with byte 01011111. That allows you to know if certain other programs are using either of those bytes in their data. Run through a million iterations of trying combinations and you've retrieved the contents of another processes memory - or the kernel memory. That's the part that let's your code step out of its own process.
Combine the ability to read the memory of other processes with a few other clever hacker techniques and you get the ability to read specific memory contents from specific locations.
What's new in this attack is that the attacker doesn't need to run any code on the victim machine. Instead, they send 20,000 packets, half include the 01010111 byte, half include the 01011111 byte. The timing of the network driver, and therefore the timing of the responses, will vary depending on whether a different piece of system software is using the same byte. Combine that with earlier techniques and you have the ability to read the memory of programs running on the machine, without you running any code on the machine.
These are a BIG deal for the theoretical security of the machine. The practical use is much harder, especially over the network. They achieved 15 bits per hour by saturating a direct gigabit connection. That's not very practical, unless you happen to be attacking a VM, coming from another VM on the same host hardware.
> Using Twitter is like playing Russian Roulette. Every time you tweet, you pull the trigger.
> case in point: James Gunn
So what you're saying is every time you talk, things like this might spill out of your mouth?:
"I like when little boys touch me in my silly place."
-- James Gunn
"The best thing about being raped is when youâ(TM)re done being raped and itâ(TM)s like 'whew this feels great, not being raped!'"
-- James Gunn
"walked over a table to one of the kid actors on set, looked at the kid, and started masturbating right at him. ... A string of semen shot out of the mini-monkey-wood and splash-landed DIRECTLY ON THE KID.
Screaming and freaking out commenced.
I know it might be sick, but that story makes me extremely happy."
-- James Gunn
"Watching Trapped in the Closet, R Kellyâ(TM)s second best video after the one where he urinates on a child.â
-- James Gunn
If these are the kinds of things you might randomly say, your Russian roulette, please - get help.
Legal cabs are limited by the number of taxi licenses, known as medallions. A New York can medallion sells for about $500,000, because that's how limited the supply is.
It would be a REALLY crappy backdoor. In this case, you're leaving looking at 15 bits per hour of random data, which will most likely be one pixel of a YouTube video or something equally interesting. Completely useless in most cases. Theoretically the bits you get might be a key, but they might also be anything else that the computer handled, and most of what computers handle isn't security keys.
Any time you have cache, things in the cache will be faster to access than things not in the cache. That's kinda the whole point of having a cache, to speed up access to data that is used many times in a row. Caches of various are extremely important to computing, too - the can often make operations an order of magnitude faster. So nothing either sinister or stupid there - it's a simple and cheap method to make the computer run much faster.
These general types of mechanisms will continue to exist, too. The only way you get rid of them, or many of them, is to run a completely separate, very simple (and slow) computer inside your desktop which is only used for security-sensitive operations AND have all applications use it, every time. A separate computer inside your computer, that gets ALL of your security keys? The more paranoid amongst us would have a field day with that.
We see how stupid politicians end up being when they try to do their own job. Imagine them trying to run an ISP! ROTFL
> Why would a fund lend that amount to a company they know will blow through it in a matter of days with no real plan for income?
One would have to be pretty stupid to lend money to Moviepass, unless ...
https://tech.slashdot.org/comm...
My own experience has been the opposite. When I do a test or look for data to prove/test my own ideas, no matter how hard I try I can't completely get away from confirmation bias. I suppose if I tried hard enough, I could end up with reverse confirmation bias - designing the experiment and looking at the data in a way designed to prove the opposite. That's still bias.
When I look at results from people who were NOT trying to test my pet theory, who were collecting the data for an unrelated reason, I can both find surprising facts I wasn't looking for and have a degree of confidence that the experiment and data weren't subconsciously (or conciously) biased, because the people collecting the data weren't even interested in the question I'm considering.
Having said all of that, isolating variables is a real thing.