Which is of course not true if "own it" means "access data encrypted with a strong key and a non-trivial-to-brute-force password".
And of course this vulnerability gives you root access in the initramfs, but no access to any of the LUKS protected drives. At best, it's an easier way to perform an Evil Maid Attack, but we already knew that about whole disk encryption.
So really this is just about making it much more convenient to perform an attack that we already knew was feasible (feasible here means not something that can be protected against cryptographically). In the final analysis, only a fully trusted boot path (in some flavor or another) will actually solve that problem.
It's not about modern hardware, it's about hardware with a particular TDP. The engineering choices around the design and the weight/thermal/battery performance gave a certain wattage to be divvied up amongst the components. Maybe you don't like the particular tradeoffs they made, but that's not "bad design".
Those other laptops running Nvidia 10-series chipsets made different tradeoffs. Some are heavier (I saw some on Newegg for 5.5lbs, the MBP is 4.5lbs), some consume battery quicker or take longer to charge. They just picked different points along the power/performance/thermal tradeoff space.
You might as well say a sedan is not a good design because the transmission and tires cannot handle the torque from a sports car engine. Sure you could upgrade the transmission and the tires and the engine, but then you're just asking for a different car entirely.
I understand that Hilary (& Gore) got more votes in the existing contest. But that was in a contest where it was decided in advance that there was a different method of deciding the winner, which in turn informed the campaigns' strategies. In the counterfactual case that it was known well in advance that the contest was going to be decided by popular vote, the campaigns would have adopted different strategies and the outcome of the PV might well have been different. Would Hilary have won that one too? Maybe! Could Trump have won? Maybe!
You can speculate about those maybes and even make an attempt to quantify them. Fundamentally though, it's fundamentally a wrong to state that because Hilary won the PV in an EC race that she would have won the PV in a PV race.
Let's keep in mind that leave was 52% to 48%. Although it is an outcome to leave by the measure of democracy, it's hardly a decisive result.
USian here, but 52/48 is a decisive victory in our Presidential elections (the only really national poll we have). We haven't seen a higher margin since 1984 when Reagan walloped Mondale 58-42 and Madonna released her debut studio album.
"Tentative Conclusion: The battery is right on the verge of being cost effective to buy across most of the US for day/night arbitrage. And itâ(TM)s even more valuable if outages come at a high economic cost."
Except that as the prevalence of storage becomes higher, the day/night arbitrage gets lower and so the cost effectiveness of storage goes down.
California has already hit this for solar, the peak load on the system is now right after dark when the solar cuts out and people get home and turn on their gadgets. People that bought panels and computed the lifetime cost curve based on the old peak plans are now never going to recoup their investment.
without just rate-limiting (which rate-limits your other genuine clients)
What's wrong with rate-limiting my genuine clients for values of "rate" that are not realistic use cases? For instance, if I were DYN and I said "clients (by IP) making more than 100 DNS requests per second are sent to the back of the queue to be processed after requests from other clients", what harm would be caused? If my DNS is not overloaded, it doesn't matter since all requests are processed (e.g. I drain my input queue, so being at the back of the line is not a big deal). If my DNS is overloaded, the clients most responsible for the overloading are de-prioritized and some of their requests are dropped (my input queue is not draining faster than it's being filled, I have to drop requests).
Personally, I don't care WHO digs up the information. Hackers, Private Investigators, whatever.
It does boil down to this: If you're going intelligently elect a leader, you need to know all there is to know about them. There can be no secrets.
Except the first and second sentences have absolutely nothing to do with one another. Hackers with an agenda aren't "telling you all you need to know", they are curating the information according to their own motives.
By allowing ourselves to be drawn to these revelations (no fault there, it's irresistible) we are allowing those agents to feed us the information they want us to know, timed to have the maximum impact on the views they are trying to shape. It's just another weapon the powerful use, mostly against each other.
In case you do not know the scam, you go buy low value gift cards and empty them. You then imprint them with the card data from stolen gift cards of the same brand. The scratch off pin is supposed to help prevent this but does not. The stolen numbers may come from skimmers or data breaches. Now you can spend the stolen numbers.
In case you don't know the scam, retailers have known for ages that mag-stripe is easily copiable, can be skimmed at the reader and that there exist much stronger chip system (not even chip+pin or chip+signature!) cards that are a few  more. They've known for ages that their backend systems are vulnerable to all manner of exploits. But instead of securing their own systems and process, they foist the cost on the rest of society to enforce the law.
Not that the law shouldn't be enforced or that the scammers are blameless. I don't condone them and I'm fairly law-and-order (by internal liberal standards anyway), but when a victim has the historical data of fraud and the means to prevent it, well, blaming the victim a bit for their negligence seems reasonable. Especially when it's costing us a ton of money.
And they have the right to build a pipe line through Native American land....think again Potsy. Reply to This
You mean Dakota Energy land or the river that's run by the Army Core of Engineers?
Or the latest claim that since there are Native Americans buried under some of it, it's all subject to their whim and not that of the democratically elected government?
THAT SAID - the way the authorities have been treating the protesters is absolutely mind boggling. They have a right to protest - and people have a right to film it.
They do not have a right to protest on private land. They don't have the right to obstruct construction crews with their protest. They certainly don't have the right to claim to be about "Democracy Now" based on the opinion of a few thousand (?) unelected protesters to overrule the US Congress and the State of North Dakota (plus a Federal Court and the Army Corps of Engineers).
I don't support punitive jail sentences for any of them, but at the same time I don't support the idea that if you have enough people, you can obstruct things you don't approve of (Planned Parenthood?!) and then hide behind the First Amendment. You have the freedom to express yourself, but no one has to listen or give a shit.
The above post deserves to be seen. It is the only logical response to the power-trip fantasies otherwise being proposed in this thread. Anything else makes Mercedes-Benz liable as a company.
I'm not sure you understand liability, but at least in the US, if a person recklessly or maliciously jumped out in front of traffic, a driver is not liable if that person is hit. Ethically, the driver should try to avoid it, if doing so would not risk his own life, but that's not legally mandatory.
And this is not a power-trip, it's just a simple point that the car has to distinguish between hitting people that were unfortunately in the way of an accident versus hitting people that deliberately or wantonly put themselves in danger. The ethics of those two situations are quite different, in a way that we all surely understand.
The argument is that the car (or generally the humans) need not accord the same ethical weight to running over a person who recklessly or maliciously jumps out in front of traffic as to a pedestrian that happened to be unfortunate and in the path of an accident.
Of course the psycho (or just mental) person can still do it. The question is whether or not I'm required to risk my own limb to save the psycho or whether his risk is his own doing.
The car correctly sensed a risk to human life/health and correctly identified the best alternative to maintain its"prime directive".
It correctly sensed it but it did not accurately assess it. A risk to the life of a human who is a pedestrian innocently minding his own business is not ethically equivalent to the life of a human who jumps out in front of traffic, either maliciously or out of recklessness.
In the US, the aphorism is "even a dog knows the difference between being kicked and being stumbled over". Intent & responsibility are things we all implicitly understand, but which is lost when you say that one should swerve into a tree to avoid a pedestrian, no matter how he or she got to be in the car's way.
I think the point is that there are unethical people and lawbreakers. If the car cannot handle them correctly by identifying that the danger they face is one they created by their own incorrect behavior, then it is deficient.
In other words, humans have an implicit understanding that "person jumping out in front of traffic" and "pedestrian minding their own business who is in the path of an accident" are in two vastly different ethical positions. Colloquially, "even a dog knows the difference between being kicked and being stumbled over.â
In summary, world domination. The protection that the USA gave Denmark against the dreaded communists from the East had the same intent as the protection that Russia gave Czechoslovakia against the dreaded fascists from the West.
Yes, if by "dreaded fascists from the West", you mean the Czech people themselves revolting and being put down by tanks. No one was trying to escape West Berlin to get to the GDR either, for that matter.
No one in the West was perfect, but the "intent" was nowhere near the same.
Saving the occupants of the car is the only choice that makes sense in the context of potentially malicious input. For instance, if Mercedes stated that their car would swerve into a tree instead of hitting a crowd of 5 pedestrians, what's to stop me and 4 friends from jumping out in front of the cars just to laugh as it crashes itself to "save" us.
We have got to start embedding deep into the mind of every software engineer that any information from outside your system can be manipulated to cause maximum damage or disruption. It is your system's responsibility to safely handle malformed and malicious inputs. Until this becomes a common mode of thought, expect more IoT botnets, SQL injections, buffer overflows, DOS amplifiers and the entire realm of "oh crap someone somewhere could be evil, I only engineered for the happy case".
Well, an Amazon worker, since robots help bring him the stuff and a computer micromanages his every action, is probably 5 times as effective at moving product as a retail stocker is. So +20k seasonal jobs = -100k shitty retail jobs elsewhere.
How in the world is this doom and gloom?! This is fantastic, it means that the concept of having goods in a warehouse that are mass-shipped by carriers like UPS is more efficient than a physical store that consumes a much more space, uses power/AC/light 24/7 and where small groups of shoppers inefficiently load a few bags of groceries into their gas-guzzling automobiles.
This is progress, and yes, when the printing press came out, scriveners and monks were SOL. And the ratio of number of jobs replaced was probably far higher than 5:1. We as a society should absolutely help them find something else to do and provide a social safety net if they fail, but that's a far cry from saying it's doom and gloom that we are processing goods faster and cheaper with less environmental impact.
Doing more with less is the magic sauce that makes any of this shit like a specialized economy and your computer even possible. In 1840, 70% of Americans still worked in agriculture meeting our basic needs for food. Today it's 2%, and we've got (way too much!) food for everyone and the other 68% went on to do something else productive (well, in 1840 we didn't have a social safety net, so that's bad for those that didn't, but on the space of generations...).
So yeah, increased productivity, lots of churn, doing things smarter instead of with more labor and helping all people that want to work find a non-make-work thing to do. Much less doomy and gloomy.
... the actual value of a cab ride increases considerably. That's not manipulation, it's actually more valuable to have a car take you the same distance when you don't have the alternate choice.
Meanwhile, any Uber driver that had a bit of flexibility and could jump and make a bit of cash. And in the process, help relieve the crush of people that are stranded by shutting down a system used by more than 50% of commuters.
The wisdom of shutting down our world for each boo-boo remains undecided...
The real issue is that some people want to live in a place where their neighbors can't leave trash out or have cars on their lawn (and to have enforcement that has teeth, unlike some municipalities). Some people want to raise roosters, other people think that owning a rooster violates your neighbors' right to quiet enjoyment of their homes. People that want those restrictions, and are in turn willing to accept the reciprocal restrictions on themselves, can voluntarily and knowingly live in a place where everyone agrees on that basic deal.
Now, that sort of thing isn't for me (and I bought a house in a nice district with functioning public parks and whatnot with no HOA) but it is extremely illiberal to deny a group of people the right to voluntarily associate in a manner than they all find beneficial. And since we are on the topic of choice, I see you are somehow suggesting that the non-HOA living arrangement is somehow in danger, which is patently ridiculous since 20% of existing homes and 40% of new homes don't have one.
TLDR: Freedom includes the right to create your own arrangements. Some of them might seem silly to us, in which case we should just not partake instead of being righteous about it.
Yeah, confiscating all of their assets is a great way to encourage others to do it! What an example you'll be setting for them about the benefits of doing business in your jurisdiction.
I bet you could even pull it off in just five years with the right planning.
All it takes is a quick glance at the URL in question to see that.
To see what? That's it's not labeled as being infringing on something? Can Gawker publish http://gawker.com/definitely.n... and point a 'quick glance at the URL' to claim they didn't distribute it (leaving aside the question of, if they did, was it tortious).
Of course, I'm reasonably confident that the torrent in question was not actually infringing. But to conclude that, you'd have to take a quick glance at the content or compare the hash against one you know is Ubuntu or....
You should look more closely at the data. That 4-year degree (from a real institution, not ITT or Devry) is worth much more than $180,000 in increased wages and increased prospects over the course of a career.
Unemployment in particular drops more than 25% for those with a 4-year degree.
Of course you have the freedom to question, describe, criticise and suggest. But if you open a magazine that does those 4 things, and your building don't follow the fire code, we're gonna shut it down. If you don't pay your employees overtime, we're going to fine you.
Those 4 protected freedoms protect your magazine, but they are not a shield against other law that magazine has to follow.
Slashdot Mirror
"If you can touch it, you can own it"
Which is of course not true if "own it" means "access data encrypted with a strong key and a non-trivial-to-brute-force password".
And of course this vulnerability gives you root access in the initramfs, but no access to any of the LUKS protected drives. At best, it's an easier way to perform an Evil Maid Attack, but we already knew that about whole disk encryption.
So really this is just about making it much more convenient to perform an attack that we already knew was feasible (feasible here means not something that can be protected against cryptographically). In the final analysis, only a fully trusted boot path (in some flavor or another) will actually solve that problem.
It's not about modern hardware, it's about hardware with a particular TDP. The engineering choices around the design and the weight/thermal/battery performance gave a certain wattage to be divvied up amongst the components. Maybe you don't like the particular tradeoffs they made, but that's not "bad design".
Those other laptops running Nvidia 10-series chipsets made different tradeoffs. Some are heavier (I saw some on Newegg for 5.5lbs, the MBP is 4.5lbs), some consume battery quicker or take longer to charge. They just picked different points along the power/performance/thermal tradeoff space.
You might as well say a sedan is not a good design because the transmission and tires cannot handle the torque from a sports car engine. Sure you could upgrade the transmission and the tires and the engine, but then you're just asking for a different car entirely.
I understand that Hilary (& Gore) got more votes in the existing contest. But that was in a contest where it was decided in advance that there was a different method of deciding the winner, which in turn informed the campaigns' strategies. In the counterfactual case that it was known well in advance that the contest was going to be decided by popular vote, the campaigns would have adopted different strategies and the outcome of the PV might well have been different. Would Hilary have won that one too? Maybe! Could Trump have won? Maybe!
You can speculate about those maybes and even make an attempt to quantify them. Fundamentally though, it's fundamentally a wrong to state that because Hilary won the PV in an EC race that she would have won the PV in a PV race.
Let's keep in mind that leave was 52% to 48%. Although it is an outcome to leave by the measure of democracy, it's hardly a decisive result.
USian here, but 52/48 is a decisive victory in our Presidential elections (the only really national poll we have). We haven't seen a higher margin since 1984 when Reagan walloped Mondale 58-42 and Madonna released her debut studio album.
"Tentative Conclusion: The battery is right on the verge of being cost effective to buy across most of the US for day/night arbitrage. And itâ(TM)s even more valuable if outages come at a high economic cost."
Except that as the prevalence of storage becomes higher, the day/night arbitrage gets lower and so the cost effectiveness of storage goes down.
California has already hit this for solar, the peak load on the system is now right after dark when the solar cuts out and people get home and turn on their gadgets. People that bought panels and computed the lifetime cost curve based on the old peak plans are now never going to recoup their investment.
without just rate-limiting (which rate-limits your other genuine clients)
What's wrong with rate-limiting my genuine clients for values of "rate" that are not realistic use cases? For instance, if I were DYN and I said "clients (by IP) making more than 100 DNS requests per second are sent to the back of the queue to be processed after requests from other clients", what harm would be caused? If my DNS is not overloaded, it doesn't matter since all requests are processed (e.g. I drain my input queue, so being at the back of the line is not a big deal). If my DNS is overloaded, the clients most responsible for the overloading are de-prioritized and some of their requests are dropped (my input queue is not draining faster than it's being filled, I have to drop requests).
Personally, I don't care WHO digs up the information. Hackers, Private Investigators, whatever.
It does boil down to this: If you're going intelligently elect a leader, you need to know all there is to know about them. There can be no secrets.
Except the first and second sentences have absolutely nothing to do with one another. Hackers with an agenda aren't "telling you all you need to know", they are curating the information according to their own motives.
By allowing ourselves to be drawn to these revelations (no fault there, it's irresistible) we are allowing those agents to feed us the information they want us to know, timed to have the maximum impact on the views they are trying to shape. It's just another weapon the powerful use, mostly against each other.
In case you do not know the scam, you go buy low value gift cards and empty them. You then imprint them with the card data from stolen gift cards of the same brand. The scratch off pin is supposed to help prevent this but does not. The stolen numbers may come from skimmers or data breaches. Now you can spend the stolen numbers.
In case you don't know the scam, retailers have known for ages that mag-stripe is easily copiable, can be skimmed at the reader and that there exist much stronger chip system (not even chip+pin or chip+signature!) cards that are a few  more. They've known for ages that their backend systems are vulnerable to all manner of exploits. But instead of securing their own systems and process, they foist the cost on the rest of society to enforce the law.
Not that the law shouldn't be enforced or that the scammers are blameless. I don't condone them and I'm fairly law-and-order (by internal liberal standards anyway), but when a victim has the historical data of fraud and the means to prevent it, well, blaming the victim a bit for their negligence seems reasonable. Especially when it's costing us a ton of money.
And they have the right to build a pipe line through Native American land....think again Potsy.
Reply to This
You mean Dakota Energy land or the river that's run by the Army Core of Engineers?
Or the latest claim that since there are Native Americans buried under some of it, it's all subject to their whim and not that of the democratically elected government?
THAT SAID - the way the authorities have been treating the protesters is absolutely mind boggling. They have a right to protest - and people have a right to film it.
They do not have a right to protest on private land. They don't have the right to obstruct construction crews with their protest. They certainly don't have the right to claim to be about "Democracy Now" based on the opinion of a few thousand (?) unelected protesters to overrule the US Congress and the State of North Dakota (plus a Federal Court and the Army Corps of Engineers).
They certainly definitely don't have the right to break into pipeline control systems and start turning valves.
I don't support punitive jail sentences for any of them, but at the same time I don't support the idea that if you have enough people, you can obstruct things you don't approve of (Planned Parenthood?!) and then hide behind the First Amendment. You have the freedom to express yourself, but no one has to listen or give a shit.
The above post deserves to be seen. It is the only logical response to the power-trip fantasies otherwise being proposed in this thread. Anything else makes Mercedes-Benz liable as a company.
I'm not sure you understand liability, but at least in the US, if a person recklessly or maliciously jumped out in front of traffic, a driver is not liable if that person is hit. Ethically, the driver should try to avoid it, if doing so would not risk his own life, but that's not legally mandatory.
And this is not a power-trip, it's just a simple point that the car has to distinguish between hitting people that were unfortunately in the way of an accident versus hitting people that deliberately or wantonly put themselves in danger. The ethics of those two situations are quite different, in a way that we all surely understand.
The argument is that the car (or generally the humans) need not accord the same ethical weight to running over a person who recklessly or maliciously jumps out in front of traffic as to a pedestrian that happened to be unfortunate and in the path of an accident.
Of course the psycho (or just mental) person can still do it. The question is whether or not I'm required to risk my own limb to save the psycho or whether his risk is his own doing.
The car correctly sensed a risk to human life/health and correctly identified the best alternative to maintain its"prime directive".
It correctly sensed it but it did not accurately assess it. A risk to the life of a human who is a pedestrian innocently minding his own business is not ethically equivalent to the life of a human who jumps out in front of traffic, either maliciously or out of recklessness.
In the US, the aphorism is "even a dog knows the difference between being kicked and being stumbled over". Intent & responsibility are things we all implicitly understand, but which is lost when you say that one should swerve into a tree to avoid a pedestrian, no matter how he or she got to be in the car's way.
I think the point is that there are unethical people and lawbreakers. If the car cannot handle them correctly by identifying that the danger they face is one they created by their own incorrect behavior, then it is deficient.
In other words, humans have an implicit understanding that "person jumping out in front of traffic" and "pedestrian minding their own business who is in the path of an accident" are in two vastly different ethical positions. Colloquially, "even a dog knows the difference between being kicked and being stumbled over.â
In summary, world domination. The protection that the USA gave Denmark against the dreaded communists from the East had the same intent as the protection that Russia gave Czechoslovakia against the dreaded fascists from the West.
Yes, if by "dreaded fascists from the West", you mean the Czech people themselves revolting and being put down by tanks. No one was trying to escape West Berlin to get to the GDR either, for that matter.
No one in the West was perfect, but the "intent" was nowhere near the same.
Saving the occupants of the car is the only choice that makes sense in the context of potentially malicious input. For instance, if Mercedes stated that their car would swerve into a tree instead of hitting a crowd of 5 pedestrians, what's to stop me and 4 friends from jumping out in front of the cars just to laugh as it crashes itself to "save" us.
We have got to start embedding deep into the mind of every software engineer that any information from outside your system can be manipulated to cause maximum damage or disruption. It is your system's responsibility to safely handle malformed and malicious inputs. Until this becomes a common mode of thought, expect more IoT botnets, SQL injections, buffer overflows, DOS amplifiers and the entire realm of "oh crap someone somewhere could be evil, I only engineered for the happy case".
Well, an Amazon worker, since robots help bring him the stuff and a computer micromanages his every action, is probably 5 times as effective at moving product as a retail stocker is. So +20k seasonal jobs = -100k shitty retail jobs elsewhere.
How in the world is this doom and gloom?! This is fantastic, it means that the concept of having goods in a warehouse that are mass-shipped by carriers like UPS is more efficient than a physical store that consumes a much more space, uses power/AC/light 24/7 and where small groups of shoppers inefficiently load a few bags of groceries into their gas-guzzling automobiles.
This is progress, and yes, when the printing press came out, scriveners and monks were SOL. And the ratio of number of jobs replaced was probably far higher than 5:1. We as a society should absolutely help them find something else to do and provide a social safety net if they fail, but that's a far cry from saying it's doom and gloom that we are processing goods faster and cheaper with less environmental impact.
Doing more with less is the magic sauce that makes any of this shit like a specialized economy and your computer even possible. In 1840, 70% of Americans still worked in agriculture meeting our basic needs for food. Today it's 2%, and we've got (way too much!) food for everyone and the other 68% went on to do something else productive (well, in 1840 we didn't have a social safety net, so that's bad for those that didn't, but on the space of generations...).
So yeah, increased productivity, lots of churn, doing things smarter instead of with more labor and helping all people that want to work find a non-make-work thing to do. Much less doomy and gloomy.
... the actual value of a cab ride increases considerably. That's not manipulation, it's actually more valuable to have a car take you the same distance when you don't have the alternate choice.
Meanwhile, any Uber driver that had a bit of flexibility and could jump and make a bit of cash. And in the process, help relieve the crush of people that are stranded by shutting down a system used by more than 50% of commuters.
The wisdom of shutting down our world for each boo-boo remains undecided ...
The real issue is that some people want to live in a place where their neighbors can't leave trash out or have cars on their lawn (and to have enforcement that has teeth, unlike some municipalities). Some people want to raise roosters, other people think that owning a rooster violates your neighbors' right to quiet enjoyment of their homes. People that want those restrictions, and are in turn willing to accept the reciprocal restrictions on themselves, can voluntarily and knowingly live in a place where everyone agrees on that basic deal.
Now, that sort of thing isn't for me (and I bought a house in a nice district with functioning public parks and whatnot with no HOA) but it is extremely illiberal to deny a group of people the right to voluntarily associate in a manner than they all find beneficial. And since we are on the topic of choice, I see you are somehow suggesting that the non-HOA living arrangement is somehow in danger, which is patently ridiculous since 20% of existing homes and 40% of new homes don't have one.
TLDR: Freedom includes the right to create your own arrangements. Some of them might seem silly to us, in which case we should just not partake instead of being righteous about it.
Square already supports a bluetooth-paired card reader, one that accepts regular chip cards and NFC (both Apple/Android/Plastic). That's not news.
Any merchant using the old magstripe-to-headphone jack is liable for fraud under the new rules anyway, so that's a non-starter.
Yeah, confiscating all of their assets is a great way to encourage others to do it! What an example you'll be setting for them about the benefits of doing business in your jurisdiction.
I bet you could even pull it off in just five years with the right planning.
All it takes is a quick glance at the URL in question to see that.
To see what? That's it's not labeled as being infringing on something? Can Gawker publish http://gawker.com/definitely.n... and point a 'quick glance at the URL' to claim they didn't distribute it (leaving aside the question of, if they did, was it tortious).
Of course, I'm reasonably confident that the torrent in question was not actually infringing. But to conclude that, you'd have to take a quick glance at the content or compare the hash against one you know is Ubuntu or ....
And even more shocking, they are retailing for $9.
You should look more closely at the data. That 4-year degree (from a real institution, not ITT or Devry) is worth much more than $180,000 in increased wages and increased prospects over the course of a career.
Unemployment in particular drops more than 25% for those with a 4-year degree.
Of course you have the freedom to question, describe, criticise and suggest. But if you open a magazine that does those 4 things, and your building don't follow the fire code, we're gonna shut it down. If you don't pay your employees overtime, we're going to fine you.
Those 4 protected freedoms protect your magazine, but they are not a shield against other law that magazine has to follow.