The way to do that is to literally pull out capabilities.
If you don't want it to be able to open files, you need to make it impossible to express "open a local filesystem file".
The browser DOMs are quite locked down in this regard, but they are still programs in themselves vulnerable to buffer overflows, etc. but - pretty much - you can't just access my camera, microphone, USB devices, arbitrary memory, etc. from a webpage.
If you're parsing the WebGL into a strict subset of OpenGL and providing virtualising memory etc. addresses that cannot be misconstrued or reveal other RAM, that's as good as you can get. And that's what browsers do.
The problem you describe is really just "I'm running a third-party program to run my other programs", not something different or defensible against.
Try writing a program in WebAssembly, though. Emscripten will compile C to WebAssembly if you want. On any up-to-date browser it's virtually impossible to make it do anything untoward except (maybe) use up CPU time. But you also can't access filesystems (Emscripten fakes a filesystem into a loopback area of memory, pre-allocated in one contiguous block at startup), access the network (Emscripten requires you to WebSocket anything you want to do on the net, and C sockets come out as WebSocket traffic requiring a WebSocet server somewhere - e.g. websockify - for it to interact with and convert the WebSockets back to normal network traffic. Not something you're going to be able to get a user to set up.), access devices or graphics RAM (but you can use WebGL), etc.
The browser is the interface, coupled with not being able to express malicious actions. Try to bypass it. Of course, it's not going to 100% impenetrable but NOTHING has yet proven to be except literally not doing anything useful. Hell, with RowHammer, code can actually interfere with "physically nearby" memory, and you can even detect the RF coming from a chip and intercept encryption by listening to the emissions. You have NO defence against those kinds of attacks.
But a browser running WebAssembly is no worse than a browser rendering plain HTML. An innocent action in a limited space. Until enough attention is garnered to warrant thousands of hours of attention from dedicated hackers trying to bypass it.
The fact is, however, that you still want to go on Netflix and watch your programs, log into your bank account, buy stuff on Amazon. And there's NO WAY to do that without taking exactly the same risks as running WebAssembly, which is contained only by your browser security model (Unlike Java and.NET which had their OWN security model separately and the browser just had to execute their code on the local machine and hope they'd done their job - they rarely had, which is why plugins are dead nowadays).
You think that you can bring all this stuff back to plain HTML, and - what? - Perl on the CGI backend of a server and be immune? We thought that 20 years ago, it didn't work out.
At some point you have to take user input, or input from a remote website, and interpret it in a way that cannot possibly be compromised while letting the user accomplish what they want to (e.g. play a movie, log in securely, etc.). If you find a way to do that, sell it to the world. Because they'd pay through the nose for it.
Indeed. The History of Middle Earth bored me to tears, but it's certainly a work in itself, even if it's just the research and collation of someone else's work too.
He could have just sold off his father's works before he hit 90 himself, and lived off the proceeds but that's not what happened. He worked at them, and it's hard enough to keep track of reading his collations, let alone the effort to collate it all. And, it was all his father's legacy and he gets a bad rap for that because he doesn't write "original" stuff (at least, anything I've heard of).
Imagine that, having a famous dad and in your 90's still being accused of getting a free ride after you spent all that time producing more books that most published authors ABOUT your dad's works, and clinging to the rights right up until your final years.
He's not got long now, likely his own children / grandchildren aren't at all interested in continuing that work because of the amount of effort and vitriol involved. Probably that's why he's sold them off, to actually pay for his final years.
Yeah, he could have coasted for decades, sold out back in the 1970's (or even decades before) when people started making animated versions and so on. But he didn't.
Much as I hate The History Of past about the second or third book because it's just not my thing, the one thing you realise is the effort and life's work that both Tolkien and his son put into what is now just a mass-market movie and 99.9% of what he wrote and even "designed" is niche and ignored (like Beren & Luthien).
So let's not get nasty here. They could have done an AWFUL LOT WORSE against the memory of their father and didn't. Instead putting all their effort into becoming "the son that tidied up the famous father's work so fans could read it". And he doesn't even seem bitter about that.
They don't need to. It's much easier to make a compliant petrol car than a diesel one.
It's the shit in burning diesel that's the problem, which is why these engines aren't just "slightly over in one particular model" but the entire diesel engine industry are seeing things like FORTY TIMES over the limits when used in normal driving.
When I was a kid, my dad used to work as a mechanic. He explained the pluses and minuses of diesel vs petrol. And, pretty much, a "performance diesel" was unheard of that the time. When I started buying cars, suddenly I heard of people with diesels that were out-performing everyone and I couldn't understand why. I didn't really pay much attention, as even petrol cars had come so far in the intervening years too.
But now it's starting to make sense - the performance diesels came about at least partially because, basically, manufacturing are fucking over the limits. As the petrol engines started to be regulated (and relatively easy to do so with catalytic convertors, engine management, etc., but affected performance somewhat), the car manufacturers moved to diesel and suddenly found all that missing performance just floating somewhere.
Then the limits on diesel were tightened and, it turns out, they were able to continue that trend by cheating the limits.
What you'll see now is everyone having their diesels taken back and the diesel engine prices soar, and we'll move back to petrol or even on to electric engines, and there'll be a focus on something else... gadgets and technology in the car is the current distraction from raw performance.
It's incredibly ironic, because what makes modern cars dangerous is the sheer amount of power they have. Your little run-around could out-perform a Formula 1 car from the 1960's most likely. A Lotus 18 from that era is out-horsepowered by a Ford Focus nowadays, for example. I question why that's necessary at all. Sure, the safety features and tech, I get that, but why are we all running things that beat car that were - in the 60's - the fastest racecars on Earth? So we can run the kids to school and then pop home for lunch? Why do road-legal cars even HAVE a speedometer that goes past 80, or an engine capable of doing so?
But manufacturers are still appealing to that metric above all others, even in huge diesel-guzzling SUV's that mums are buying to run the little darlings to their nativity play, to the point of breaking the law (in spirit, even if not the letter) to do so.
And Volvo - just one of the many manufacturers affected by all the diesel emissions scandals - were historically regarded as the "safest" of all cars. Not only are they slowly killing us with fumes, but they're also doing so to enable you go to faster in case you complain that you can't go fast enough.
The car market is going to be radically different in ten years time. I see an even more heavy focus on "safety" and little runarounds with tiny engines coming, rather than sporty-looking things.
What I say below applies to almost any country based on English law.
The significant difference is "reasonable belief".
If a kidnapper takes a child, hides her away, and then gets arrested without her, your scenarios also apply to the location of the child. It's information, in his head, that you can't torture him or whatever into giving up. He might well refuse to tell you.
If, however, you have a reasonable belief that he KNOWS where the child is hidden away, i.e. you arrested him while he was on the run and it was clearly him who took her, but you just can't find the child, then you CAN force him (legally, not physically) to give up the location. Failing to divulge it would normally be punished by harsher penalties than, say, the inevitable kidnap/child-death charges that they would cause by not doing so. The point is to give them the option.
If there's reasonable doubt over whether he could know the location of the child (she ran from him while he was still on the run, and he shows you the point where she wriggled free and ran away), then maybe you wouldn't be justified in punishing him for not divulging her location.
Similarly, is it REALLY that so far-fetched that a man with a smartphone doesn't remember his code? Has he been carrying around a useless phone for days? Charging it?
Making calls on it? Paying for it? When he can't even get into it himself? The courts will sometimes decide that, actually, that's not a realistic scenario. Especially if, for instance, the person in question was recently arrested for having child porn and he's been using his phone up until that point.
Unless he can prove reasonable doubt (e.g. that he was in the Apple Store that week asking how to unlock it because he'd forgotten the code), there's "reasonable belief" that he is merely withholding that information.
In some legal jurisdictions, questions over this are removed by the creation of specific offences. Encryption is a big one. But also things like the driver of a vehicle. If my car is spotted speeding but they don't catch the driver at the time, they can ask me to identify the driver. If I fail to identify the driver and don't have reasonable cause for doing so (e.g. the car was stolen), then I can get a harsher punishment that the driver ever would have. Because it's my car and I either authorised or enabled the driver to drive it, or it's been taken without permission and hence the driver is up for TWO charges - even if I know him!
Boiling down law to "catchphrases" (e.g. freedom of speech) is an incomplete and somewhat ineffective legal system. Nothing is that clear-cut. And if you want justice, it's not unreasonable to assume that - in a situation like this - the guy does know the passcode but doesn't want to say. The reason for that is likely that whatever's on his phone will incriminate him, yes. And thus the punishment for failing to reveal - if there is deemed reasonable cause - such passcode is worse than whatever could come out of giving the passcode.
This is the way that justice sometimes forces you to comply in order to detect and prevent crime.
If nothing else, even at the end of the 180 days, there's little to say that that would be the end of the matter. Most places would just impose that sentence and be done. But it wouldn't be unheard of for that sentence to merely be the deterrent to refusing the NEXT legal request along the same lines.
Outside of the law - The attitude of the guy would tell you a lot in the circumstances, too. Was it refusal from the start? Had he been using it before the arrest? Has he requested the phone to try the code himself in case he got the pattern wrong? Is he co-operating? Is he devastated at the accusation? Or is he just sitting grinning. A lot about how much further evidence is likely to be gleaned and where/how much he might not be revealing is often given away by cockiness. And, it has to be said, by people giving your kinds of rants when arrested, even if innocent.
"The affected Audi models with so-called Euro-5 emission standards emit about twice the legal limit of nitrogen oxides when the steering wheel is turned more than 15 degrees, the ministry said."
When the wheel is turned, the emission controls are turned off, and it pollutes more. When the wheel is straight, it pretends to be less polluting.
And hence bridge-builders, movie-theater architects, and airplane designers SHOULD BE QUALIFIED.
Rather than go on the fact that they call themselves an engineer, why not CHECK THEIR QUALIFICATIONS / LICENSES? That they exist, are what you require, are still valid, were not revoked?
And at that point, it matter not whether they refer to themselves as "architectural grand wizard" or "high lord of the fucking-bridge-making-stuff", but that they have the appropriate licence, insurance, etc. that you require.
The name is meaningless precisely because of the erosion. But being a company charged with building a bridge and having to get your professionals to provide proof that they are appropriately licensed or members of a particular organisation is lost in the due-diligence paperwork anyway.
Exactly my point. You can't hire an electrician without a qualification and put him to work on a building site, without checking his qualification. What makes you think you can hire an architect or a civil engineer without the same, no matter what they call themselves?
What someone refers to themselves as "engineer", "technician", "manager", "consultant", etc. is arbitrary and liable to interpretation, misrepresentation (e.g. a "doctor" of mathematics), etc.
If you are AT ALL interested in hiring a qualified person, you go by qualifications. Being a member of a particular organisation, holding a certain certificate or licence, etc. Not by what they refer to themselves as.
Given that every electrician, gas-fitter, window-installer, etc. in my country has to be registered for their work to be building-reg compliant or legal, no matter what they call themselves or whether they were calling themselves an electrician for 30 years before "part P" certifications were a thing, I don't see that it's a burden.
And then you don't have to live in fear that, despite calling myself a mathematician because I have a mathematics degree, and calling myself a scientist because I have a scientific outlook on life and a computer science degree, someone might take me to court for saying that informally in a complaint letter.
Protecting a generalised word like "engineer" should be treated like trademarking it. You shouldn't be able to. But equally someone shouldn't be able to say they are a "Engineer Registered with the Institute of Engineering" unless they actually are.
"Doctor" is the precedent here. Doctor's of geography, mathematics, art, even are all over the world. But you wouldn't expect them to be able to work in a hospital performing surgery without being appropriately qualified. You wouldn't expect them to be able to misrepresent their doctorate (e.g. by saying "it's okay, just take your top off and show me, I'm a doctor"). You also wouldn't expect them to be fined to oblivion for booking a restaurant table in the name of Dr Smith, either. Because that's what they are and referring to that title isn't compulsory or indicative of a specific qualification at that point.
The judge has called this right.
And if you want to protect something, protect the qualification. Which you can certificate, number, provide a searchable list so anyone can verify that Fred Bloggs is actually the Dipl.Ing. that he claims to be and it hasn't been rescinded in the years since. And which anyone who relies on them actually BEING a qualified engineer (e.g. skyscraper building firms, aircraft manufacturers, etc.) is required to check before they rely on their work.
In any extended power outage (let's say a week or more), pretty much communication is going to be the least of your worries in most places.
No power = dangerous roads (lighting) + no fuel (pumps) + no shops (payments, refrigeration, etc.) + no medical (hospital power, etc.) + no mass media (emergency broadcasts, etc.)
Although you certainly would appreciate a way to talk to others, there's not going to be an awful lot that anyone could do unless they were power-independent too, and they're unlikely to be able to do much.
Any extended power outage will be akin to just going back to pre-electrical times and no amount of solar panels are going to help the big infrastructure.
The solution, as pointed out by others, is to make those people invest in the proper infrastructure. In the same way that copper telephony stayed up because of things like batteries in street cabinets, and independent power in local exchanges, the only way for the modern stuff to stay up is exactly the same kinds of kit.
And though you might put things on a UPS (which is NOT a solution past a handful of hours of outage), your ham kit will suffer the same problem too. Sure, you can battery power it for a while. Maybe longer than a phone line. But eventually it will still fail too.
But I could make a full-HD LCD laptop screen light up and interact with the keyboard, with no obvious outside differences, and even run a full OS like Windows or Linux quite easily.
It wouldn't be particularly fast, but it would be convincing enough that you'd have to be a REAL techy to notice anything was odd, and it would take you a dismantling to prove it.
It's not at all hard to get tiny Windows-10-running portable handheld games consoles now. Take out the board from one, a couple of interfaces to screen/keyboard/touchpad and you're done.
If you can make a charge that can get past security and is only the size of a laptop battery, there are an almost infinite number of things you could hide it in. And laptops would probably be the LAST thing to bother with because they are oddly-shaped, have to work, are often separate in scanning, etc.
At that point, you could just put it in a small statue and carry it in your overhead luggage.
Again, security through "imaginary" scenarios.
If someone can get an bomb through security onto a plane disguised as a laptop, the problem is not the laptop. It's the bomb. Because the second you crack-down on laptops, they can make ANYTHING ELSE to disguise that bomb too.
Try getting better scanning that doesn't let you put bombs through it. If you can't distinguish between explosive and lithium-ion batteries (although flammable, it's hard to take down a plane with one of laptop size), I suggest you employ a proper scientist rather than a "security consultant" who's being paid by the hour.
The book analogy often works out best for digital entertainment.
Just because your friend has a book, that you would read if they lent it to you, or you were in their house with nothing else to do, doesn't mean you'll rush out and pay for a copy of that book for yourself.
Equally, NOT being able to borrow it from a friend doesn't mean you'll pay for it either.
It's also a victim of its own protections too. If you make a system where you can cut off people for one incident, kids are going to destroy their household's ability to ever sign up again, while pirates will happily just carry on doing what they've always done. Who's going to use that system? No-one except the pirates.
It's is DOZENS of ORDERS OF MAGNITUDE more complex than even chess, which we only "beat" in the last, what? 20 years?
It's some many DOZENS of ORDERS OF MAGNITUDE more complex, that nobody was realistically expecting computers to outclass humans this century.
Look at my previous posts and you'll see that I *HATE* the term AI, deep learning or anything else, because those things that claim to be that categorically are not.
But Google beating Go is way more impressive than "we built a big computer". It's even more than "we built millions of big computers and joined them together". It's honestly something slightly different - towards thinking and away from brute-force.
I'm not claiming it's anything NEAR being actual AI. But it's been surprising to anyone who understands this field.
My professor in university (professor means something in the UK, way beyond "doctor" or "teacher") was writing these kinds of Go-playing programs for his research. He was a mathematician that dedicated his life to analysing the game and game theory around it, and would travel to Go conferences the world over. And he would never have expected this result to be possible in his lifetime.
The average petty thief isn't guessing a four-digit PIN that locks out after too many attempts either.
Anyone with a basic modicum of security realises that what you're paying for is a VERY VERY VERY expensive way to tap in four digits automatically.
But at least you have to give up the PIN, whereas your iris scan can be taken from you without your knowledge. And I'm sure a non-petty thief (i.e. a guy on a moped swiping phones from city centres all day long) would love to have a way to turn your lock screen off to get the full resale value rather than a useless brick. Whether that be from fingerprints on the screen itself or an accomplice's selfie of you just before he nicks your phone.
But think more of: You're at an airport, in the middle of nowhere. And a cop demands you unlock your phone. He could just get you to look in it. Or he could have to force a four-digit passcode from you, and/or get a warrant.
Surely protecting against the former makes sense in any security situation, especially when even Apple refuse to help the FBI unlock people's phones.
20 years experience running the IT in million-dollar companies.
Now tell me... what was your actual answer again?
And who mentioned PowerPoint? Nobody scripts Powerpoint.
We're not saying "Who uses Office?". Word processors and spreadsheets are necessary and vital tools for day-to-day operations.
But we're saying "Who scripts their office suite and then runs their business on that script?". Because the answer is as I said: People in tiny companies, who are happy with bodges, who never put in a proper system.
As soon as you step beyond mail-merge, you can afford a system to do what you're doing. Even if it's software designed especially for that one task, at least you have some accountability and support, rather than "Oh, the macro's broke - we'll have to get John back in to fix it to take account of the new dates".
Exactly - better tools, more suited to the task. And if you're programming in VBA (like the OP), chances are you don't have those better tools.
What job do you need to perform in Word, Excel or Access that can't be done better using something else more suited to the task?
The reason people use them is because they have them there. And then they carry on buying them because they are so accustomed to having them there. On Linux etc. you have OTHER things there. But you're not accustomed to them.
But still, whenever I see an Excel spreadsheet used as anything other than a sheet to tinker in, or Word used as some automated letter-creator from a CSV, or an Access database that sits standalone instead of ODBC to a proper SQL server (of any kind), it makes me wonder why people have done that.
And the reason is "because we already have it, and it can be bodged to do what we're doing today". You can't convert those kind of people to ANYTHING else, even another office suite, while that's true.
It's nothing to do with architectural purity. It's to do with not running your business on the basis of there always being the one guy who understands the VBA code that does something virtually-the-same-but-with-a-tiny-business-rule as everyone else on the planet, coupled with the thing you bought to write letters or check your email.
And, again, I'd question - what business task are you running that requires Office? How often? What does it save? What kind of investment in development? Because putting that investment into proper tools would return dividends, and cost less in the long run.
VBA is job security in places that don't know that they shouldn't be hacking things together in Excel and Access. It's fine for running numbers and interfacing with a proper database, but it's at best an ad-hoc query/reporting/prototyping tool, not a thing for building business-critical processes.
I have run entire schools from a single desktop re-purposed as a router. It easily handled everything necessary, including captive transparent web filter and firewalling.
There are a number of Mini-ITX and Pico-ITX boards that are packaged in router-like or UTM cases , some with several Ethernet ports on board making them perfect. It's what people like Smoothwall and Watchguard sell as commercial products - Linux or equivalent on a UTM.
Trying to cobble them together from RPi makes no sense. Connectivity and speed of response (e.g. VPN's) are critical. The more gigabit ports, the better.
But the best option has always been "just use a PC in some form", even since the days of DOS / floppy disks / 10Base2 networking. Lookup Freesco. You used to be able to do more on an old throwaway desktop with two ISA NICs and a live-floppy-disk version of Linux than you could for anywhere near the same kind of price with a dedicated device.
Even NAS etc. are nothing more than embedded boards that you can buy and build your own Mini-ITX equivalent of, and buy a NAS chassis for it that connects to all the drives as plain SATA. FreeNAS is basically built for that too.
You buy commercial when you want support warranties and no tinkering. Anything else, you deploy yourself.
Hell, the primary router/firewall/web filter at my current school is nothing more than a Smoothwall VM running on a Windows hypervisor. The network limits incoming lines to a VLAN, only that VM can talk on that VLAN. And it has several other virtual network interfaces for NATing and connecting to, e.g. telephony networks (QoS'd VLAN), guest wifi networks, printer networks, etc. It all "just works" managing several leased lines, hundreds of users Internet access, VPNs for all kinds of things, and an entire telephony/SIP network - and apart from a decent switch with VLAN capability, you don't need any specialist hardware at all.
ReactOS is an OS. And is free. And open-source. And works as a plug-in Win32 API compatible replacement, including drivers and low-level interactions.
Crossover is just a program that runs on Linux. And costs money. And is closed-source but based on WINE. And is basically a shim to convert certain Win32 API calls so can't work for low-level drivers, etc.
If you don't know the difference, you haven't done a single Google search.
"Methane's lifetime in the atmosphere is much shorter than carbon dioxide (CO2), but CH4 is more efficient at trapping radiation than CO2. Pound for pound, the comparative impact of CH4 is more than 25 times greater than CO2 over a 100-year period."
You could say the same about every emulator author, about every piece of FreeDOS, about every legacy piece of software that people still use.
Nobody is seriously suggesting running a multinational corporation on this.
But it's a great project for someone to hack on, make visible progress, and which others can utilise and check the success of without having to licence software.
P.S. What's a license cost to run Windows NT in a VM? Because for sure it's a use-case that won't be covered under any non-volume licences, and the volume ones don't stretch below XP do they?
And nobody in their right mind would run MS software contrary to licensing in a business when any employee could dob them in, no matter how old the software.
They'd probably need to licence it. Or, if it was some random piece of Windows-98 based expensive CAD software that's not made any more, drives a huge machine, there is no replacement that less than the cost of all the machinery too, they'd probably want a Windows-like emulation environment that doesn't cost them anything and which they don't need to buy licenses for, and which they could customise to their usage... gosh, wonder where they could find that...
Also, the ReactOS bits feed back into things like Wine, and there have been success companies who made money on the basis of charging people to let them run bespoke versions of Wine to run their legacy Windows software on other OS. Crossover comes to mind. Which I own licences for. Because at one point it was the only way to run certain things on OS that I needed them to run on.
Just because YOU would just pirate Windows NT in a VM, doesn't mean that you're at all a use-case for something like ReactOS and can speak for everyone.
P.S. No, I don't use ReactOS or develop it. But I can see why people would. Hell, DOS, AmigaOS, RiscOS, OS/2 etc. and/or their clones were all still alive and well.last I checked.
In the UK, it's not hard to get a working pre-pay phone and SIM without ever giving name or address or credit card or ID. You can often pick them up in supermarkets, and buy top-up-cards in cash.
To be honest, even having to provide ID is hardly a blocker. I'm sure a potential terrorist either a) doesn't care (i.e. by the time you know he was arranging something, it's too late), b) using other means (e.g. buy phone, install Whatsapp or any of a million-and-one OTR message apps), c) isn't hindered (e.g. fake ID, stolen credit card, pre-pay credit card which requires no ID, etc.)
Slashdot Mirror
The way to do that is to literally pull out capabilities.
If you don't want it to be able to open files, you need to make it impossible to express "open a local filesystem file".
The browser DOMs are quite locked down in this regard, but they are still programs in themselves vulnerable to buffer overflows, etc. but - pretty much - you can't just access my camera, microphone, USB devices, arbitrary memory, etc. from a webpage.
If you're parsing the WebGL into a strict subset of OpenGL and providing virtualising memory etc. addresses that cannot be misconstrued or reveal other RAM, that's as good as you can get. And that's what browsers do.
The problem you describe is really just "I'm running a third-party program to run my other programs", not something different or defensible against.
Try writing a program in WebAssembly, though. Emscripten will compile C to WebAssembly if you want. On any up-to-date browser it's virtually impossible to make it do anything untoward except (maybe) use up CPU time. But you also can't access filesystems (Emscripten fakes a filesystem into a loopback area of memory, pre-allocated in one contiguous block at startup), access the network (Emscripten requires you to WebSocket anything you want to do on the net, and C sockets come out as WebSocket traffic requiring a WebSocet server somewhere - e.g. websockify - for it to interact with and convert the WebSockets back to normal network traffic. Not something you're going to be able to get a user to set up.), access devices or graphics RAM (but you can use WebGL), etc.
The browser is the interface, coupled with not being able to express malicious actions. Try to bypass it. Of course, it's not going to 100% impenetrable but NOTHING has yet proven to be except literally not doing anything useful. Hell, with RowHammer, code can actually interfere with "physically nearby" memory, and you can even detect the RF coming from a chip and intercept encryption by listening to the emissions. You have NO defence against those kinds of attacks.
But a browser running WebAssembly is no worse than a browser rendering plain HTML. An innocent action in a limited space. Until enough attention is garnered to warrant thousands of hours of attention from dedicated hackers trying to bypass it.
The fact is, however, that you still want to go on Netflix and watch your programs, log into your bank account, buy stuff on Amazon. And there's NO WAY to do that without taking exactly the same risks as running WebAssembly, which is contained only by your browser security model (Unlike Java and .NET which had their OWN security model separately and the browser just had to execute their code on the local machine and hope they'd done their job - they rarely had, which is why plugins are dead nowadays).
You think that you can bring all this stuff back to plain HTML, and - what? - Perl on the CGI backend of a server and be immune? We thought that 20 years ago, it didn't work out.
At some point you have to take user input, or input from a remote website, and interpret it in a way that cannot possibly be compromised while letting the user accomplish what they want to (e.g. play a movie, log in securely, etc.). If you find a way to do that, sell it to the world. Because they'd pay through the nose for it.
Indeed. The History of Middle Earth bored me to tears, but it's certainly a work in itself, even if it's just the research and collation of someone else's work too.
He could have just sold off his father's works before he hit 90 himself, and lived off the proceeds but that's not what happened. He worked at them, and it's hard enough to keep track of reading his collations, let alone the effort to collate it all. And, it was all his father's legacy and he gets a bad rap for that because he doesn't write "original" stuff (at least, anything I've heard of).
Imagine that, having a famous dad and in your 90's still being accused of getting a free ride after you spent all that time producing more books that most published authors ABOUT your dad's works, and clinging to the rights right up until your final years.
He's not got long now, likely his own children / grandchildren aren't at all interested in continuing that work because of the amount of effort and vitriol involved. Probably that's why he's sold them off, to actually pay for his final years.
Yeah, he could have coasted for decades, sold out back in the 1970's (or even decades before) when people started making animated versions and so on. But he didn't.
Much as I hate The History Of past about the second or third book because it's just not my thing, the one thing you realise is the effort and life's work that both Tolkien and his son put into what is now just a mass-market movie and 99.9% of what he wrote and even "designed" is niche and ignored (like Beren & Luthien).
So let's not get nasty here. They could have done an AWFUL LOT WORSE against the memory of their father and didn't. Instead putting all their effort into becoming "the son that tidied up the famous father's work so fans could read it". And he doesn't even seem bitter about that.
The purchase price wasn't enough to fund one engineer.
What the hell makes you think they can afford anything in the way of maintenance, while the site is even still on the Internet.
The lie, if anything, is the word "engineers". Who's paying those people, and what with? Because it sure wasn't the purchase price.
Non-diesels.
They don't need to. It's much easier to make a compliant petrol car than a diesel one.
It's the shit in burning diesel that's the problem, which is why these engines aren't just "slightly over in one particular model" but the entire diesel engine industry are seeing things like FORTY TIMES over the limits when used in normal driving.
When I was a kid, my dad used to work as a mechanic. He explained the pluses and minuses of diesel vs petrol. And, pretty much, a "performance diesel" was unheard of that the time. When I started buying cars, suddenly I heard of people with diesels that were out-performing everyone and I couldn't understand why. I didn't really pay much attention, as even petrol cars had come so far in the intervening years too.
But now it's starting to make sense - the performance diesels came about at least partially because, basically, manufacturing are fucking over the limits. As the petrol engines started to be regulated (and relatively easy to do so with catalytic convertors, engine management, etc., but affected performance somewhat), the car manufacturers moved to diesel and suddenly found all that missing performance just floating somewhere.
Then the limits on diesel were tightened and, it turns out, they were able to continue that trend by cheating the limits.
What you'll see now is everyone having their diesels taken back and the diesel engine prices soar, and we'll move back to petrol or even on to electric engines, and there'll be a focus on something else... gadgets and technology in the car is the current distraction from raw performance.
It's incredibly ironic, because what makes modern cars dangerous is the sheer amount of power they have. Your little run-around could out-perform a Formula 1 car from the 1960's most likely. A Lotus 18 from that era is out-horsepowered by a Ford Focus nowadays, for example. I question why that's necessary at all. Sure, the safety features and tech, I get that, but why are we all running things that beat car that were - in the 60's - the fastest racecars on Earth? So we can run the kids to school and then pop home for lunch? Why do road-legal cars even HAVE a speedometer that goes past 80, or an engine capable of doing so?
But manufacturers are still appealing to that metric above all others, even in huge diesel-guzzling SUV's that mums are buying to run the little darlings to their nativity play, to the point of breaking the law (in spirit, even if not the letter) to do so.
And Volvo - just one of the many manufacturers affected by all the diesel emissions scandals - were historically regarded as the "safest" of all cars. Not only are they slowly killing us with fumes, but they're also doing so to enable you go to faster in case you complain that you can't go fast enough.
The car market is going to be radically different in ten years time. I see an even more heavy focus on "safety" and little runarounds with tiny engines coming, rather than sporty-looking things.
What I say below applies to almost any country based on English law.
The significant difference is "reasonable belief".
If a kidnapper takes a child, hides her away, and then gets arrested without her, your scenarios also apply to the location of the child. It's information, in his head, that you can't torture him or whatever into giving up. He might well refuse to tell you.
If, however, you have a reasonable belief that he KNOWS where the child is hidden away, i.e. you arrested him while he was on the run and it was clearly him who took her, but you just can't find the child, then you CAN force him (legally, not physically) to give up the location. Failing to divulge it would normally be punished by harsher penalties than, say, the inevitable kidnap/child-death charges that they would cause by not doing so. The point is to give them the option.
If there's reasonable doubt over whether he could know the location of the child (she ran from him while he was still on the run, and he shows you the point where she wriggled free and ran away), then maybe you wouldn't be justified in punishing him for not divulging her location.
Similarly, is it REALLY that so far-fetched that a man with a smartphone doesn't remember his code? Has he been carrying around a useless phone for days? Charging it?
Making calls on it? Paying for it? When he can't even get into it himself? The courts will sometimes decide that, actually, that's not a realistic scenario. Especially if, for instance, the person in question was recently arrested for having child porn and he's been using his phone up until that point.
Unless he can prove reasonable doubt (e.g. that he was in the Apple Store that week asking how to unlock it because he'd forgotten the code), there's "reasonable belief" that he is merely withholding that information.
In some legal jurisdictions, questions over this are removed by the creation of specific offences. Encryption is a big one. But also things like the driver of a vehicle. If my car is spotted speeding but they don't catch the driver at the time, they can ask me to identify the driver. If I fail to identify the driver and don't have reasonable cause for doing so (e.g. the car was stolen), then I can get a harsher punishment that the driver ever would have. Because it's my car and I either authorised or enabled the driver to drive it, or it's been taken without permission and hence the driver is up for TWO charges - even if I know him!
Boiling down law to "catchphrases" (e.g. freedom of speech) is an incomplete and somewhat ineffective legal system. Nothing is that clear-cut. And if you want justice, it's not unreasonable to assume that - in a situation like this - the guy does know the passcode but doesn't want to say. The reason for that is likely that whatever's on his phone will incriminate him, yes. And thus the punishment for failing to reveal - if there is deemed reasonable cause - such passcode is worse than whatever could come out of giving the passcode.
This is the way that justice sometimes forces you to comply in order to detect and prevent crime.
If nothing else, even at the end of the 180 days, there's little to say that that would be the end of the matter. Most places would just impose that sentence and be done. But it wouldn't be unheard of for that sentence to merely be the deterrent to refusing the NEXT legal request along the same lines.
Outside of the law - The attitude of the guy would tell you a lot in the circumstances, too. Was it refusal from the start? Had he been using it before the arrest? Has he requested the phone to try the code himself in case he got the pattern wrong? Is he co-operating? Is he devastated at the accusation? Or is he just sitting grinning. A lot about how much further evidence is likely to be gleaned and where/how much he might not be revealing is often given away by cockiness. And, it has to be said, by people giving your kinds of rants when arrested, even if innocent.
You misread the summary.
"The affected Audi models with so-called Euro-5 emission standards emit about twice the legal limit of nitrogen oxides when the steering wheel is turned more than 15 degrees, the ministry said."
When the wheel is turned, the emission controls are turned off, and it pollutes more.
When the wheel is straight, it pretends to be less polluting.
And hence bridge-builders, movie-theater architects, and airplane designers SHOULD BE QUALIFIED.
Rather than go on the fact that they call themselves an engineer, why not CHECK THEIR QUALIFICATIONS / LICENSES? That they exist, are what you require, are still valid, were not revoked?
And at that point, it matter not whether they refer to themselves as "architectural grand wizard" or "high lord of the fucking-bridge-making-stuff", but that they have the appropriate licence, insurance, etc. that you require.
The name is meaningless precisely because of the erosion. But being a company charged with building a bridge and having to get your professionals to provide proof that they are appropriately licensed or members of a particular organisation is lost in the due-diligence paperwork anyway.
Exactly my point. You can't hire an electrician without a qualification and put him to work on a building site, without checking his qualification. What makes you think you can hire an architect or a civil engineer without the same, no matter what they call themselves?
Why does there need to be a distinction in name?
What someone refers to themselves as "engineer", "technician", "manager", "consultant", etc. is arbitrary and liable to interpretation, misrepresentation (e.g. a "doctor" of mathematics), etc.
If you are AT ALL interested in hiring a qualified person, you go by qualifications. Being a member of a particular organisation, holding a certain certificate or licence, etc. Not by what they refer to themselves as.
Given that every electrician, gas-fitter, window-installer, etc. in my country has to be registered for their work to be building-reg compliant or legal, no matter what they call themselves or whether they were calling themselves an electrician for 30 years before "part P" certifications were a thing, I don't see that it's a burden.
And then you don't have to live in fear that, despite calling myself a mathematician because I have a mathematics degree, and calling myself a scientist because I have a scientific outlook on life and a computer science degree, someone might take me to court for saying that informally in a complaint letter.
Protecting a generalised word like "engineer" should be treated like trademarking it. You shouldn't be able to. But equally someone shouldn't be able to say they are a "Engineer Registered with the Institute of Engineering" unless they actually are.
"Doctor" is the precedent here. Doctor's of geography, mathematics, art, even are all over the world. But you wouldn't expect them to be able to work in a hospital performing surgery without being appropriately qualified. You wouldn't expect them to be able to misrepresent their doctorate (e.g. by saying "it's okay, just take your top off and show me, I'm a doctor"). You also wouldn't expect them to be fined to oblivion for booking a restaurant table in the name of Dr Smith, either. Because that's what they are and referring to that title isn't compulsory or indicative of a specific qualification at that point.
The judge has called this right.
And if you want to protect something, protect the qualification. Which you can certificate, number, provide a searchable list so anyone can verify that Fred Bloggs is actually the Dipl.Ing. that he claims to be and it hasn't been rescinded in the years since. And which anyone who relies on them actually BEING a qualified engineer (e.g. skyscraper building firms, aircraft manufacturers, etc.) is required to check before they rely on their work.
Let's be honest.
In any extended power outage (let's say a week or more), pretty much communication is going to be the least of your worries in most places.
No power = dangerous roads (lighting) + no fuel (pumps) + no shops (payments, refrigeration, etc.) + no medical (hospital power, etc.) + no mass media (emergency broadcasts, etc.)
Although you certainly would appreciate a way to talk to others, there's not going to be an awful lot that anyone could do unless they were power-independent too, and they're unlikely to be able to do much.
Any extended power outage will be akin to just going back to pre-electrical times and no amount of solar panels are going to help the big infrastructure.
The solution, as pointed out by others, is to make those people invest in the proper infrastructure. In the same way that copper telephony stayed up because of things like batteries in street cabinets, and independent power in local exchanges, the only way for the modern stuff to stay up is exactly the same kinds of kit.
And though you might put things on a UPS (which is NOT a solution past a handful of hours of outage), your ham kit will suffer the same problem too. Sure, you can battery power it for a while. Maybe longer than a phone line. But eventually it will still fail too.
I'm not a terrorist.
But I could make a full-HD LCD laptop screen light up and interact with the keyboard, with no obvious outside differences, and even run a full OS like Windows or Linux quite easily.
It wouldn't be particularly fast, but it would be convincing enough that you'd have to be a REAL techy to notice anything was odd, and it would take you a dismantling to prove it.
It's not at all hard to get tiny Windows-10-running portable handheld games consoles now. Take out the board from one, a couple of interfaces to screen/keyboard/touchpad and you're done.
If you can make a charge that can get past security and is only the size of a laptop battery, there are an almost infinite number of things you could hide it in. And laptops would probably be the LAST thing to bother with because they are oddly-shaped, have to work, are often separate in scanning, etc.
At that point, you could just put it in a small statue and carry it in your overhead luggage.
Again, security through "imaginary" scenarios.
If someone can get an bomb through security onto a plane disguised as a laptop, the problem is not the laptop. It's the bomb. Because the second you crack-down on laptops, they can make ANYTHING ELSE to disguise that bomb too.
Try getting better scanning that doesn't let you put bombs through it. If you can't distinguish between explosive and lithium-ion batteries (although flammable, it's hard to take down a plane with one of laptop size), I suggest you employ a proper scientist rather than a "security consultant" who's being paid by the hour.
Exactly.
The book analogy often works out best for digital entertainment.
Just because your friend has a book, that you would read if they lent it to you, or you were in their house with nothing else to do, doesn't mean you'll rush out and pay for a copy of that book for yourself.
Equally, NOT being able to borrow it from a friend doesn't mean you'll pay for it either.
It's also a victim of its own protections too. If you make a system where you can cut off people for one incident, kids are going to destroy their household's ability to ever sign up again, while pirates will happily just carry on doing what they've always done. Who's going to use that system? No-one except the pirates.
You just used it.
You don't understand Go.
It's is DOZENS of ORDERS OF MAGNITUDE more complex than even chess, which we only "beat" in the last, what? 20 years?
It's some many DOZENS of ORDERS OF MAGNITUDE more complex, that nobody was realistically expecting computers to outclass humans this century.
Look at my previous posts and you'll see that I *HATE* the term AI, deep learning or anything else, because those things that claim to be that categorically are not.
But Google beating Go is way more impressive than "we built a big computer". It's even more than "we built millions of big computers and joined them together". It's honestly something slightly different - towards thinking and away from brute-force.
I'm not claiming it's anything NEAR being actual AI. But it's been surprising to anyone who understands this field.
My professor in university (professor means something in the UK, way beyond "doctor" or "teacher") was writing these kinds of Go-playing programs for his research. He was a mathematician that dedicated his life to analysing the game and game theory around it, and would travel to Go conferences the world over. And he would never have expected this result to be possible in his lifetime.
The average petty thief isn't guessing a four-digit PIN that locks out after too many attempts either.
Anyone with a basic modicum of security realises that what you're paying for is a VERY VERY VERY expensive way to tap in four digits automatically.
But at least you have to give up the PIN, whereas your iris scan can be taken from you without your knowledge. And I'm sure a non-petty thief (i.e. a guy on a moped swiping phones from city centres all day long) would love to have a way to turn your lock screen off to get the full resale value rather than a useless brick. Whether that be from fingerprints on the screen itself or an accomplice's selfie of you just before he nicks your phone.
But think more of: You're at an airport, in the middle of nowhere. And a cop demands you unlock your phone. He could just get you to look in it. Or he could have to force a four-digit passcode from you, and/or get a warrant.
Surely protecting against the former makes sense in any security situation, especially when even Apple refuse to help the FBI unlock people's phones.
20 years experience running the IT in million-dollar companies.
Now tell me... what was your actual answer again?
And who mentioned PowerPoint? Nobody scripts Powerpoint.
We're not saying "Who uses Office?". Word processors and spreadsheets are necessary and vital tools for day-to-day operations.
But we're saying "Who scripts their office suite and then runs their business on that script?". Because the answer is as I said: People in tiny companies, who are happy with bodges, who never put in a proper system.
As soon as you step beyond mail-merge, you can afford a system to do what you're doing. Even if it's software designed especially for that one task, at least you have some accountability and support, rather than "Oh, the macro's broke - we'll have to get John back in to fix it to take account of the new dates".
Exactly - better tools, more suited to the task. And if you're programming in VBA (like the OP), chances are you don't have those better tools.
What job do you need to perform in Word, Excel or Access that can't be done better using something else more suited to the task?
The reason people use them is because they have them there. And then they carry on buying them because they are so accustomed to having them there. On Linux etc. you have OTHER things there. But you're not accustomed to them.
But still, whenever I see an Excel spreadsheet used as anything other than a sheet to tinker in, or Word used as some automated letter-creator from a CSV, or an Access database that sits standalone instead of ODBC to a proper SQL server (of any kind), it makes me wonder why people have done that.
And the reason is "because we already have it, and it can be bodged to do what we're doing today". You can't convert those kind of people to ANYTHING else, even another office suite, while that's true.
It's nothing to do with architectural purity. It's to do with not running your business on the basis of there always being the one guy who understands the VBA code that does something virtually-the-same-but-with-a-tiny-business-rule as everyone else on the planet, coupled with the thing you bought to write letters or check your email.
And, again, I'd question - what business task are you running that requires Office? How often? What does it save? What kind of investment in development? Because putting that investment into proper tools would return dividends, and cost less in the long run.
VBA is job security in places that don't know that they shouldn't be hacking things together in Excel and Access. It's fine for running numbers and interfacing with a proper database, but it's at best an ad-hoc query/reporting/prototyping tool, not a thing for building business-critical processes.
I have run entire schools from a single desktop re-purposed as a router. It easily handled everything necessary, including captive transparent web filter and firewalling.
There are a number of Mini-ITX and Pico-ITX boards that are packaged in router-like or UTM cases , some with several Ethernet ports on board making them perfect. It's what people like Smoothwall and Watchguard sell as commercial products - Linux or equivalent on a UTM.
Trying to cobble them together from RPi makes no sense. Connectivity and speed of response (e.g. VPN's) are critical. The more gigabit ports, the better.
But the best option has always been "just use a PC in some form", even since the days of DOS / floppy disks / 10Base2 networking. Lookup Freesco. You used to be able to do more on an old throwaway desktop with two ISA NICs and a live-floppy-disk version of Linux than you could for anywhere near the same kind of price with a dedicated device.
Even NAS etc. are nothing more than embedded boards that you can buy and build your own Mini-ITX equivalent of, and buy a NAS chassis for it that connects to all the drives as plain SATA. FreeNAS is basically built for that too.
You buy commercial when you want support warranties and no tinkering. Anything else, you deploy yourself.
Hell, the primary router/firewall/web filter at my current school is nothing more than a Smoothwall VM running on a Windows hypervisor. The network limits incoming lines to a VLAN, only that VM can talk on that VLAN. And it has several other virtual network interfaces for NATing and connecting to, e.g. telephony networks (QoS'd VLAN), guest wifi networks, printer networks, etc. It all "just works" managing several leased lines, hundreds of users Internet access, VPNs for all kinds of things, and an entire telephony/SIP network - and apart from a decent switch with VLAN capability, you don't need any specialist hardware at all.
I'd query why places think they need to run their business logic in a desktop OS via a word processor's macro language (effectively).
All the office-integration I see looks like it should be no more than a temporary, or rarely used, system of operation.
What kind of things do you script in VBA that you can't do effectively with a dedicated system?
ReactOS is an OS. And is free. And open-source. And works as a plug-in Win32 API compatible replacement, including drivers and low-level interactions.
Crossover is just a program that runs on Linux. And costs money. And is closed-source but based on WINE. And is basically a shim to convert certain Win32 API calls so can't work for low-level drivers, etc.
If you don't know the difference, you haven't done a single Google search.
"Methane's lifetime in the atmosphere is much shorter than carbon dioxide (CO2), but CH4 is more efficient at trapping radiation than CO2. Pound for pound, the comparative impact of CH4 is more than 25 times greater than CO2 over a 100-year period."
https://www.epa.gov/ghgemissio...
You could say the same about every emulator author, about every piece of FreeDOS, about every legacy piece of software that people still use.
Nobody is seriously suggesting running a multinational corporation on this.
But it's a great project for someone to hack on, make visible progress, and which others can utilise and check the success of without having to licence software.
P.S. What's a license cost to run Windows NT in a VM? Because for sure it's a use-case that won't be covered under any non-volume licences, and the volume ones don't stretch below XP do they?
And nobody in their right mind would run MS software contrary to licensing in a business when any employee could dob them in, no matter how old the software.
They'd probably need to licence it. Or, if it was some random piece of Windows-98 based expensive CAD software that's not made any more, drives a huge machine, there is no replacement that less than the cost of all the machinery too, they'd probably want a Windows-like emulation environment that doesn't cost them anything and which they don't need to buy licenses for, and which they could customise to their usage... gosh, wonder where they could find that...
Also, the ReactOS bits feed back into things like Wine, and there have been success companies who made money on the basis of charging people to let them run bespoke versions of Wine to run their legacy Windows software on other OS. Crossover comes to mind. Which I own licences for. Because at one point it was the only way to run certain things on OS that I needed them to run on.
Just because YOU would just pirate Windows NT in a VM, doesn't mean that you're at all a use-case for something like ReactOS and can speak for everyone.
P.S. No, I don't use ReactOS or develop it. But I can see why people would. Hell, DOS, AmigaOS, RiscOS, OS/2 etc. and/or their clones were all still alive and well.last I checked.
Less smog-producing pollution.
Same amount - or worse - of greenhouse gas effect at the end of the day.
It's not the only thing it does.
It also makes people just stop using Netflix.
In the UK, it's not hard to get a working pre-pay phone and SIM without ever giving name or address or credit card or ID. You can often pick them up in supermarkets, and buy top-up-cards in cash.
To be honest, even having to provide ID is hardly a blocker. I'm sure a potential terrorist either a) doesn't care (i.e. by the time you know he was arranging something, it's too late), b) using other means (e.g. buy phone, install Whatsapp or any of a million-and-one OTR message apps), c) isn't hindered (e.g. fake ID, stolen credit card, pre-pay credit card which requires no ID, etc.)