It can tell you with cryptographic certainty with whom you are talking to and that no one else can eavesdrop on your conversation. It can't tell jack about whether that's actually the entity that you want to talk to -- that's your job:-P
I mean, HTTPS://BANKOFAMERlCA.COM looks pretty legit right? And if it's a valid certificate (for the owner of bankofamerLca.com, which is totally legit) then there's not a whole lot a browser can do besides blacklist 'known phishing sites' one at a time.
This stuff needs to be sandboxed, treated like it's potentially hostile, and locked down from being able to do anything to the host computer. Instead what we have is stuff running which we have no idea what it is, which may or may not be malicious, and which can actively impact the host machine.
That is the intent, and that is how it's meant to be implemented. As properly construed, javascript running in the context of a webpage should never have access to do anything besides modify the current page (and by extension have the page render HTML, including canvas/audio/video now that they are part of HTML5), grab user input (if topmost) and set cookies per the user's cookie policy. To the extent that javascript can do more, or even pwn your computer, that's contrary to the design intent and is a bug in the sandbox.
So other than complaining that the browser sandbox implementations are not perfect (which is conceded), what is your point here?
[ And, as an aside: FlashBlock (or other click-to-start-flash) is a great idea, so is the Java permissions popup. In both cases, that's a workaround for the fact that the Flash and Java VMs are hopelessly insecure and simply not going to be fixed. ]
There is no reason why something like a stored value contactless payment card couldn't make anonymous transactions. The value is stored on the card itself, no need to even send an ID really, just a cryptographic transaction to transfer money in a verifiable and tamper-proof way.
There are very good reasons, relating to the fact that financial transactions are subject to the conflict-resolution system that we refer to as "law". And while I find many faults with the law in general (as with all human systems, it is built from crooked timbers), it seems to me to be a good thing that a court can order a transaction (logically) reversed.
Consider garden-variety fraud, a person scams you into buying something defective, or lacking the legally-required warranty or not being fit for purpose in some other way. If you sue that person, a judge may find in your favor and order some financial restitution. In the existing model, even if that person doesn't cooperate with the judgment, assets can be transferred from their bank account to yours. The fact that the court can order the bank to move money from one account to another is both a feature and a bug.
In cryptographic terms, if your money were all "stored value" in a crypto-currency sense, what we described is like the legal system holding a "master key" for all accounts that can sign transactions from any source/destination. That's not desirable -- putting that kind of power in the hands of the government is far more dangerous than we have, because at least in the current system there is (human, non-cryptographic) verification of orders/dockets/papers that (imperfectly) protect the process.
I don't disagree with anything you have said. In fact, I didn't say anything on the topic of "good" or "bad" or "used responsibly". I made a few claims:
(1) The weight of scientific evidence is that GMOs currently on the market are not harmful to human health. This view is endorsed by all the scientific agencies and groups listed in the GP link.
(2) The nutritional labels on food should describe all things relevant to human health such as calories, nutrients and ingredients.
(3) As a result of the above, GMO foods should not be required to be labeled at this point. If the facts described in (1) change, then so too does this conclusion.
So if they put the innards of whatever 6 or 6s in the SE without removing the NFC I am not going to get one. NFC and wallet and fingerprint reader are bad for security
The NFC chip in the iPhone is in passive mode ("listen only") until you authorize with your fingerprint. But don't believe me, you can verify this for yourself trivially by getting any NFC reader (and some Android phones can be configured as such) and polling for a response. Seriously, try it before you bash it...
I mean, this is a really easy claim to verify empirically, why speculate?
Manufacturers are already required to display all sorts of things they would rather not, including caloric content, nutritional value if any, and actual ingredients used to assemble the product, some of which may resemble food.
Because those things are scientifically proven to be relevant to the health of the human being consuming it. Meanwhile, every single scientific agency and organization has concluded that there is no proven impact to human health from consuming GMOs.
This is the left's Climate Change conspiracy, where the weight of scientific consensus isn't worth as much as your political loyalties.
The relevant part of this win is that a machine using pattern matching, generalization and reinforcement learning has beaten the best human at the only game left where humans bested machines.
It could also be argued to be an act intended to keep the noses of the FIB, CIA, NSA, et al out of places where they don't belong i.e. the private data of every Apple iPhone/iPad/Mac using person on the planet.
I think the idea (not that I agree, I certainly don't on the full picture, but let's at least be fair!) is that an independent judge decides in a court of law whether or not the FBI belongs in a particular phone or not, and that it makes that decision on the basis of the individualized facts around that phone. And that the decision of the court authorizes only the search of that specific phone.
The first step in an honest argument is arguing against the best possible version of your opponent's position, not against a caricature.
My father got called up for jury duty once. He was asked what his profession was. He said he was an electrical engineer working for RCA. Both the District Attorney and the defense attorney wanted him tossed out. My father told me that anyone with half a brain got tossed of the potential jury pool.
There's your fair trial for you . . .
How could it be unfair if attorneys for both sides agree he should be tossed? Unfair to whom?!
I get what you're saying - but they're not rooting their phone with an APK they got, unsolicited, in an SMS, from a total stranger. They're rooting their phone with an APK they got from a site full of people they have at least some level of trust for.
And that package is code-signed by whom?
Because I'll grant that Cyanogen (or...) deserves some trust. What's missing is the part where some entity verifies that the thing to be installed actually originated from the person(s) that are trusted.
If you have an indoor/outdoor cat, it's a pretty major convenience to track them down when it's time to go to the vet or before it's going to rain (cat's too stupid to figure that out, will get soaked and track it in, at least they're sterilized).
Even if, in general, Apple and Google are competitors in many sectors, they certainly aren't here because Apple doesn't have a competing search product. Of course, when you search on the iPhone is has to go somewhere (Bing? Yahoo!) and those queries are worth money, so it's good sense to come to a revenue-sharing arrangement. That's not collusion or conspiracy, it's just a regular business deal for something of value that another party cannot produce on their own.
By comparison, Apple cannot fab their own SOCs so they buy them from Samsung, for billions of dollars yearly. Those two are also competitors (and legal adversaries) in many sectors distinct from chip supply. That's not "collusion" either -- it's the fact that a large business has many interests and generally can keep them separated so each part of the company can function.
Tools are judged by their ability to do the job repeatedly and without fail.
That's not how anything is judged -- they are judged by expected TCO. And that TCO includes initial cost, minus expected performance but plus the expected value of failures multiplied by the cost of each failure. All of these vary by the job that the tool is being asked to do.
To give an example, if the wrench is going onto a deep-sea oil platform where replacement will be very costly and will cause very expensive delays, the last factor is very high and so reliability will be at a premium.
On the other hand, the local auto mechanic probably has a dozen wrenches and a parts truck that comes around every other day that can bring a new one in for nearly zero overhead. So she might be willing to accept a higher failure rate.
On yet another (third?) hand, someone working in aerospace or other sensitive area will likely need a wrench that can accurately deliver a set amount of torque. In this case, the accuracy of the tool will be the most important concern, since failure of the product (satellite, jet engine, space shuttle booster rocket clamp attachment) will be far more costly than failure of the tool.
* The fall of the GPL thanks to people wanting to use truly free licenses like the BSD and MIT licenses.
This is still news. It's an ongoing issue. It's causing the FSF and software like GCC to become irrelevant.
This is silly, GCC is just a technologically inferior option to LLVM/clang -- ask anyone working in the compiler space about it. Even the folks working on GCC admit that's not aging gracefully.
If GCC becomes irrelevant, they will have no one to blame but themselves.
If you're not doing anything storage intense, the PCIe bandwidth is not going to make much of a difference. Same with NVMe, main advantage is at big queue depths.
Actually besides queue depth, a lot of the benefit comes from reducing host CPU usage, contention, latency and context switching. AHCI has a single global queue (of pretty limited depth) and so multiple threads doing IO need to either block or else incur the overhead of bouncing the IO to another thread. For your hypothetical enterprise application actually saturating on 16 cores with 32 threads, Amdahl's law starts to actually become an issue. In NVMe, each physical CPU core has its own personal NVMe command and completion queues, that it can issue to without waiting/snooping/blocking any other cores.
Finally, there's just a lot fewer driver layers needed. AHCI is bulky and complicated by comparison. Less work for the host driver means more cycles for your enterprisey applications.
[ And of course, you're right about the sports car analogy... ]
Meanwhile, books such as those from authors opposing the death penalty, favoring gun control, might cost double.
And that's where this facile comparison finally goes off the rails -- no one even remotely hinted that the introduction of this plan would increase (let alone double) the cost of any other plan. In fact, by lowering barriers to entry and increasing demand, it will likely lower the cost of every other plan.
If I told you that you could live totally free of cost, but it would be in a prison, would you accept?
If I had the choice to enter and leave the prison at will? I certainly don't see anyone claiming that once a person uses the plan they can never leave...
I mean, the salient thing about a prison isn't the lack of freedom to do what you will inside the prison, it's the fact that you can't leave of your own free will. If you can walk out at any time, it's just not a prison -- much the way this plan is not a prison, it's just a kind of not-nice-place.
And now you have x265 that's not hardware accelerated on anything but the most modern GPUs (and even then, only partially -- certainly not suitable for any set-top-box, tablet or mobile phone. Heck, even a laptop that has partial GPU supporting (or none) will burn through tons of battery watching it on a flight with no power plugs.
Netflix has to support all those platforms (and probably worse ones) -- and then you enter the idea of having multiple copies for every asset:-(
It's not good for the environment that people keep binning stuff that is more than adequate for their current needs. If people's main use of computers is browsing the internet and watching cat videos, a ten-year-old computer is more than adequate for the task.
A ten year old computer probably uses about 10x the power of a modern machine, even a cheap one. So it might be adequate for the task, but if a newer one can do for 10W what it does for 300W, then that's a savings of more than a nickel an hour or ~$100/year.
I have a work computer that has such pathetic computing requirements that spending even one penny on something new is one penny too much
Except that you are paying lots of pennies to power that old inefficient Pentium IV. And if you counted the difference in pennies from powering that versus buying a new efficient one every 5-10 years, you'd come up with lots of extra pennies.
Shouldn't this be the other way around? The default should be x86-64 unless there is a specific software/driver/whatever that doesn't work properly in that configuration (in which case, hopefully you don't have to browse the web for it).
I mean, the last time anyone sold processors that didn't support was the Pentium 4, sometime a decade ago. Given Moore's law (and the rising price of electricity), you could replace that with a RaspberryPI of equivalent horsepower that will probably pay itself back in power in under a year (the P4 was a power hog...).
And if you do have some custom setup that doesn't run on 64bit, I'm really sorry. Legacy support sucks (I know firsthand), but don't expect the rest of the world to keep updating their shit just because you have to.
Slashdot Mirror
It can tell you with cryptographic certainty with whom you are talking to and that no one else can eavesdrop on your conversation. It can't tell jack about whether that's actually the entity that you want to talk to -- that's your job :-P
I mean, HTTPS://BANKOFAMERlCA.COM looks pretty legit right? And if it's a valid certificate (for the owner of bankofamerLca.com, which is totally legit) then there's not a whole lot a browser can do besides blacklist 'known phishing sites' one at a time.
This stuff needs to be sandboxed, treated like it's potentially hostile, and locked down from being able to do anything to the host computer. Instead what we have is stuff running which we have no idea what it is, which may or may not be malicious, and which can actively impact the host machine.
That is the intent, and that is how it's meant to be implemented. As properly construed, javascript running in the context of a webpage should never have access to do anything besides modify the current page (and by extension have the page render HTML, including canvas/audio/video now that they are part of HTML5), grab user input (if topmost) and set cookies per the user's cookie policy. To the extent that javascript can do more, or even pwn your computer, that's contrary to the design intent and is a bug in the sandbox.
So other than complaining that the browser sandbox implementations are not perfect (which is conceded), what is your point here?
[ And, as an aside: FlashBlock (or other click-to-start-flash) is a great idea, so is the Java permissions popup. In both cases, that's a workaround for the fact that the Flash and Java VMs are hopelessly insecure and simply not going to be fixed. ]
After your recycling program is implemented, you also need to dig up Claude Shannon and convince his dead corpse that it is possible to transmit an unlimited amount of data over a noisy channel using a finite chunk of spectrum.
There is no reason why something like a stored value contactless payment card couldn't make anonymous transactions. The value is stored on the card itself, no need to even send an ID really, just a cryptographic transaction to transfer money in a verifiable and tamper-proof way.
There are very good reasons, relating to the fact that financial transactions are subject to the conflict-resolution system that we refer to as "law". And while I find many faults with the law in general (as with all human systems, it is built from crooked timbers), it seems to me to be a good thing that a court can order a transaction (logically) reversed.
Consider garden-variety fraud, a person scams you into buying something defective, or lacking the legally-required warranty or not being fit for purpose in some other way. If you sue that person, a judge may find in your favor and order some financial restitution. In the existing model, even if that person doesn't cooperate with the judgment, assets can be transferred from their bank account to yours. The fact that the court can order the bank to move money from one account to another is both a feature and a bug.
In cryptographic terms, if your money were all "stored value" in a crypto-currency sense, what we described is like the legal system holding a "master key" for all accounts that can sign transactions from any source/destination. That's not desirable -- putting that kind of power in the hands of the government is far more dangerous than we have, because at least in the current system there is (human, non-cryptographic) verification of orders/dockets/papers that (imperfectly) protect the process.
I don't disagree with anything you have said. In fact, I didn't say anything on the topic of "good" or "bad" or "used responsibly". I made a few claims:
(1) The weight of scientific evidence is that GMOs currently on the market are not harmful to human health. This view is endorsed by all the scientific agencies and groups listed in the GP link.
(2) The nutritional labels on food should describe all things relevant to human health such as calories, nutrients and ingredients.
(3) As a result of the above, GMO foods should not be required to be labeled at this point. If the facts described in (1) change, then so too does this conclusion.
So if they put the innards of whatever 6 or 6s in the SE without removing the NFC I am not going to get one. NFC and wallet and fingerprint reader are bad for security
The NFC chip in the iPhone is in passive mode ("listen only") until you authorize with your fingerprint. But don't believe me, you can verify this for yourself trivially by getting any NFC reader (and some Android phones can be configured as such) and polling for a response. Seriously, try it before you bash it ...
I mean, this is a really easy claim to verify empirically, why speculate?
Manufacturers are already required to display all sorts of things they would rather not, including caloric content, nutritional value if any, and actual ingredients used to assemble the product, some of which may resemble food.
Because those things are scientifically proven to be relevant to the health of the human being consuming it. Meanwhile, every single scientific agency and organization has concluded that there is no proven impact to human health from consuming GMOs.
This is the left's Climate Change conspiracy, where the weight of scientific consensus isn't worth as much as your political loyalties.
The relevant part of this win is that a machine using pattern matching, generalization and reinforcement learning has beaten the best human at the only game left where humans bested machines.
Let's not forget Calvinball!
It could also be argued to be an act intended to keep the noses of the FIB, CIA, NSA, et al out of places where they don't belong i.e. the private data of every Apple iPhone/iPad/Mac using person on the planet.
I think the idea (not that I agree, I certainly don't on the full picture, but let's at least be fair!) is that an independent judge decides in a court of law whether or not the FBI belongs in a particular phone or not, and that it makes that decision on the basis of the individualized facts around that phone. And that the decision of the court authorizes only the search of that specific phone.
The first step in an honest argument is arguing against the best possible version of your opponent's position, not against a caricature.
How could it be unfair if attorneys for both sides agree he should be tossed? Unfair to whom?!
I get what you're saying - but they're not rooting their phone with an APK they got, unsolicited, in an SMS, from a total stranger. They're rooting their phone with an APK they got from a site full of people they have at least some level of trust for.
And that package is code-signed by whom?
Because I'll grant that Cyanogen (or ...) deserves some trust. What's missing is the part where some entity verifies that the thing to be installed actually originated from the person(s) that are trusted.
If you have an indoor/outdoor cat, it's a pretty major convenience to track them down when it's time to go to the vet or before it's going to rain (cat's too stupid to figure that out, will get soaked and track it in, at least they're sterilized).
So yeah, nothing new here, ....
Even if, in general, Apple and Google are competitors in many sectors, they certainly aren't here because Apple doesn't have a competing search product. Of course, when you search on the iPhone is has to go somewhere (Bing? Yahoo!) and those queries are worth money, so it's good sense to come to a revenue-sharing arrangement. That's not collusion or conspiracy, it's just a regular business deal for something of value that another party cannot produce on their own.
By comparison, Apple cannot fab their own SOCs so they buy them from Samsung, for billions of dollars yearly. Those two are also competitors (and legal adversaries) in many sectors distinct from chip supply. That's not "collusion" either -- it's the fact that a large business has many interests and generally can keep them separated so each part of the company can function.
Tools are judged by their ability to do the job repeatedly and without fail.
That's not how anything is judged -- they are judged by expected TCO. And that TCO includes initial cost, minus expected performance but plus the expected value of failures multiplied by the cost of each failure. All of these vary by the job that the tool is being asked to do.
To give an example, if the wrench is going onto a deep-sea oil platform where replacement will be very costly and will cause very expensive delays, the last factor is very high and so reliability will be at a premium.
On the other hand, the local auto mechanic probably has a dozen wrenches and a parts truck that comes around every other day that can bring a new one in for nearly zero overhead. So she might be willing to accept a higher failure rate.
On yet another (third?) hand, someone working in aerospace or other sensitive area will likely need a wrench that can accurately deliver a set amount of torque. In this case, the accuracy of the tool will be the most important concern, since failure of the product (satellite, jet engine, space shuttle booster rocket clamp attachment) will be far more costly than failure of the tool.
So there you have it, three examples of how making general statements about how we judge things is complete bollocks. The "right tool for the right job" might be cliché but the lesson is less about picking the right tool and more about thinking about the properties that are priorities for the job.
... is not a "purely local crime". Those unruly rivers have a nasty tendency to flow right past State boundaries.
* The fall of the GPL thanks to people wanting to use truly free licenses like the BSD and MIT licenses.
This is still news. It's an ongoing issue. It's causing the FSF and software like GCC to become irrelevant.
This is silly, GCC is just a technologically inferior option to LLVM/clang -- ask anyone working in the compiler space about it. Even the folks working on GCC admit that's not aging gracefully.
If GCC becomes irrelevant, they will have no one to blame but themselves.
If you're not doing anything storage intense, the PCIe bandwidth is not going to make much of a difference. Same with NVMe, main advantage is at big queue depths.
Actually besides queue depth, a lot of the benefit comes from reducing host CPU usage, contention, latency and context switching. AHCI has a single global queue (of pretty limited depth) and so multiple threads doing IO need to either block or else incur the overhead of bouncing the IO to another thread. For your hypothetical enterprise application actually saturating on 16 cores with 32 threads, Amdahl's law starts to actually become an issue. In NVMe, each physical CPU core has its own personal NVMe command and completion queues, that it can issue to without waiting/snooping/blocking any other cores.
Finally, there's just a lot fewer driver layers needed. AHCI is bulky and complicated by comparison. Less work for the host driver means more cycles for your enterprisey applications.
[ And of course, you're right about the sports car analogy ... ]
Protip: I would have modded this up if you removed the first four words.
So many good posts end up at +1 because of hyperbole or bombast. Make a good point and it stands on its own.
Meanwhile, books such as those from authors opposing the death penalty, favoring gun control, might cost double.
And that's where this facile comparison finally goes off the rails -- no one even remotely hinted that the introduction of this plan would increase (let alone double) the cost of any other plan. In fact, by lowering barriers to entry and increasing demand, it will likely lower the cost of every other plan.
If I told you that you could live totally free of cost, but it would be in a prison, would you accept?
If I had the choice to enter and leave the prison at will? I certainly don't see anyone claiming that once a person uses the plan they can never leave ...
I mean, the salient thing about a prison isn't the lack of freedom to do what you will inside the prison, it's the fact that you can't leave of your own free will. If you can walk out at any time, it's just not a prison -- much the way this plan is not a prison, it's just a kind of not-nice-place.
First World problems right there.
That's where I live. That's what I got.
And now you have x265 that's not hardware accelerated on anything but the most modern GPUs (and even then, only partially -- certainly not suitable for any set-top-box, tablet or mobile phone. Heck, even a laptop that has partial GPU supporting (or none) will burn through tons of battery watching it on a flight with no power plugs.
Netflix has to support all those platforms (and probably worse ones) -- and then you enter the idea of having multiple copies for every asset :-(
It's not good for the environment that people keep binning stuff that is more than adequate for their current needs. If people's main use of computers is browsing the internet and watching cat videos, a ten-year-old computer is more than adequate for the task.
A ten year old computer probably uses about 10x the power of a modern machine, even a cheap one. So it might be adequate for the task, but if a newer one can do for 10W what it does for 300W, then that's a savings of more than a nickel an hour or ~$100/year.
I have a work computer that has such pathetic computing requirements that spending even one penny on something new is one penny too much
Except that you are paying lots of pennies to power that old inefficient Pentium IV. And if you counted the difference in pennies from powering that versus buying a new efficient one every 5-10 years, you'd come up with lots of extra pennies.
Shouldn't this be the other way around? The default should be x86-64 unless there is a specific software/driver/whatever that doesn't work properly in that configuration (in which case, hopefully you don't have to browse the web for it).
I mean, the last time anyone sold processors that didn't support was the Pentium 4, sometime a decade ago. Given Moore's law (and the rising price of electricity), you could replace that with a RaspberryPI of equivalent horsepower that will probably pay itself back in power in under a year (the P4 was a power hog ...).
And if you do have some custom setup that doesn't run on 64bit, I'm really sorry. Legacy support sucks (I know firsthand), but don't expect the rest of the world to keep updating their shit just because you have to.