I took to highlighting emails for "Short version" and "Long version". The only people who bother with the long version are the people with an axe-to-grind with what the email is about, people who are similarly autistic-like (yeah, I'm definitely on there somewhere too), and those with an interest in the actual fine details of that particular area.
But I work in schools so I can tell you now that, however hypocritical, the entirety of education is set up as "lies to children", in fact "lies of decreasing magnitude". At first atoms are the smallest thing. Then electrons. Then quarks. Then strings or whatever. We do it to ease them in, and allow them to understand at whatever macroscopic scale is necessary at that time.
I'm not sure it's an entirely bad method, but the phrase "You'll see later / when you get older that this isn't exactly true" doesn't HURT anyone to say and we rarely say it.
To be honest, when I'm asked to summarise, e.g. in meetings, I struggle immensely because I don't see that you can sum up anything that easily without just providing opinion rather than fact.
"So what's best, X or Y?" "Well...".
I can give an impartial, fact-based, long answer. But if you want one or the other it will be opinion unless the answer is blindingly obvious. And your opinion may differ.
The problem I get is that when opinion differs, the next question is always "Why" and despite lots of reasoning from an expert hired for exactly that purpose, there's often no convincing someone anyway.
But, as this post probably shows, I find that the REASONING for an answer is often more important than the answer itself. It tells you how much people have thought about it, how long they've been working with such things, how detailed their knowledge is, and that - ultimately - tells you whether you should be trusting their opinion against others.
I get told off for overly-long emails and posts all the time, and yet I often hold back much more than people know.
(Pity the poor guy who tried to argue Data Protection legislation with me and got a written-up explanation, with citations, all my own wording, from memory, in under an hour that took him a day to read).
Then it's nothing to do with the bulbs. If incandescents barely last a couple of months, you have bigger issues.
I'd honestly suggest you get a whole house filter because you're just in a really bad shape, electrically. That's not the fault of any kind of bulb, and you're probably destroying all kinds of hardware.
To be honest, a lighting circuit can generally be UPS'd quite easily and has more than one advantage (less bulbs blowing, and a backup lighting in the case of a blackout). If you replace with LEDs and UPS, you can probably run your lighting for a couple of days off even a cheap one.
What you need to find is what's killing them, though, because that's damaging all kinds of stuff down the line. I'd suggest over-voltages and surges.
Typed out a massive post. Got blocked by the lameness filter.
Removed all references to DNS, round-robin, DDoS and anything else that might be tripping it up (destroying the prose at the same time) and still got blocked.
Spent 20 minutes editing, still got blocked.
Gave up, closed Chrome window.
Basically, the target in this instance was Dyn. Secondary DNS would only help if only Dyn were targetted. The second the target is not Dyn but you (or Twitter or Microsoft), it doesn't matter how many secondaries or tertiaries you have, you still fall over.
That's effectively the same as applying encryption to the stream, albeit for a different purpose. Though you can rate-limit SSL requests, and require them to all be valid before you continue processing, you hit a problem either way - either you're throwing lots of time/effort at verifying the challenge yourself against a lot of bots faking it, or you're handling a lot of connections that are indistinguishable from genuine ones.
Every if you reset the counter for each unique IP (because of NAT etc. that's your only identifier), you'd have visitors from large organisations (e.g. universities) lumped together and subject to many more delays than necessary while the millions of home routers on the FOUR BILLION other IP addresses would just still be pinging you a request a minute that - by sheer weight of numbers - will still overwhelm your system.
And a Raspberry Pi, for example, operates at over 1GHz. Embedded hardware - especially video-processing like CCTV etc. - is not necessarily "not powerful" and often runs off general purpose ARM chips that can do a lot more than you think.
Plus, the attackers don't care that the devices they have taken control of, and don't own or need for any other purpose than to attack you, are delayed slightly, so long as they keep challenging your system to their utmost.
It's also just an arms race then, and I guarantee that a botnet of compromised devices has more CPU that you can ever handle at the other end to throw at such problems, even if they are doing the hard part (e.g. factorising primes) and you are doing the easy part (e.g. checking they are factors).
As speeds escalate, you'll lose the war even faster over time.
That's the "new" part of this attack. It's not trying to pretend it's anything that it isn't. It's literally just millions of devices requested advertised services and responding to their responses in the correct manner.
Imagine a DDoS of just asking for Wikipedia pages. It's hard to combat because you have no way to distinguish it from just a sudden surge of genuine traffic.
As most of this traffic was "genuine", i.e. not spoofed, not faked, not bouncebacks, not violation of the protocol, etc. it's hard to do much about it. Even if you were running protocols where each packet had to be part of an authenticated stream, you would still have the same problem.
The only technical solution I can think of is a protocol with which you can communicate with an upstream host and have them implement a filter of your choice to the traffic they send you before it comes down your line.
Quite literally "please block anything from these IP's or traffic that matches this pattern".
But I cannot imagine such a thing ever be implemented as it pushes the burden further and further upstream and the top-layer will be overwhelmed with traffic and their filters running hot all day long, especially if they have millions of customers all specifying complex rules.
There's no way I can see to stop something like this, where millions of random devices starting genuine full connections and responding as any other client, without just rate-limiting (which rate-limits your other genuine clients) or engaging in the packet conversation as you normally would (which would be enough to cause a DoS in itself).
Even if you can spot a pattern, it'll be changed in the next iteration, or dynamically and randomly generated in time. It's like spam-filtering at packet-speeds, and as stupendously unreliable.
Previously, it was faking source IPs, which can be solved by ISPs being required to only allow their announced ranges. Now, with just millions of valid connections, a DoS is indistinguishable from a service just suddenly becoming incredibly popular with real users.
Any method, protocol, or setup where they have to connect to you like that and you perform some kind of check or measure against their connection (even, say, setting up a TLS session) can be replicated by the botnet just as easily.
There's no solution to what is effectively "junk mail" inside a TCP/UDP packet.
Both have been in the news in recent years for falling into obsolescence where nobody was actually checking the code properly any more (because of a lack of developers) and both retained serious security flaws for many years.
And both have much more active development on their "Libre" equivalents (LibreSSL and LibreOffice) where those kinds of things are found and fixed pretty damn quickly and all the legacy cruft that nobody was looking at, let alone maintaining, is removed.
If you haven't seen the actual cause of HeartBleed and the Apache OpenOffice vulnerabilities, I suggest you go read up.
Fuck knows what shit it is that you're buying, but there's a CF replacement bulb in every socket in my house and I've literally never changed one.
The outdoors one is on from dusk to 11pm all year round and is a CF. Still going.
In fact, all that's happened is that I've started replacing the CFs with LED lights - and same thing there. Not one in the bin yet. In fact I've still got a box of 20 LED bulbs which are just waiting for the CFs to die but I don't get up on a chair to change them unless they do and NOT ONE has. In the same time, I've replaced 12 halogens and about 7 incandescents.
And I'm using the cheapest thing on Amazon that I can buy in bulk and is supplied in a direct-replacement for an existing bulb-shape.
Hell, I even replaced all the tiny little high-power halogens that were popular in light fittings with bigger-but-same-output LEDs that take 1/50th the power.
I honestly don't know what junk you're using or what's wrong with your house electrics, but CF's do what they claim, and so do LEDs.
Pisses me off that the biggest IT investments and supercomputers exist for meteorogical purposes that perform little better than chance.
Though important, for shipping, air travel, etc. it's not THAT important to get a tiny little percentage over just looking around and thinking it's going to piss down in a moment, or sticking a box in the North that lets you guess how long until the same weather hits the South.
Just seems one enormous waste of money to me. And who exactly PAYS for their weather forecasts? Are airlines really paying millions of pounds a year to find out if the skies are going to be a bit rough?
I'd be MUCH more worried if said audit produced nothing at all.
The fact that the flaws are mostly in the new bootloader code - new, untested, complicated - is EXACTLY right. You don't need to use that bootloader, and TrueCrypt NEVER had that kind of bootloader (so the choice is nothing or VeraCrypt in that instance).
There is nothing to suggest that the people behind TrueCrypt were any better - their audit turned up stuff too, and that was YEARS and YEARS after their first releases. VeraCrypt code hasn't had even have that amount of time to catch up.
So I don't see a problem. I've used both. TrueCrypt is going to stop working eventually - whether that's because UEFI bootloaders become ubiquitous, which is what MS are pushing for, or some other reason.
Where security is concerned, better a project that people are actively working on (i.e. looking for, and fixing, flaws) than something that was once secure stagnating because nobody is coding on it. Take OpenSSL and OpenOffice as the prime examples of this lately.
What? Dozens of Wifi points in the middle of a residential and commerce centre in the middle of London? And the 4G? And nobody else notices and the next-door-neighbours go about their evening with no Wifi without saying a word?
Don't think so, somehow.
You know that point, where the bollocks you made up drifts from "plausible but stupid" into "yeah, right, sure"?
At absolute worst, just get a Pringles tin and make a cheap Yagi and you could pick up hundreds, if not thousands of networks. We're talking a couple of streets away from Soho and massive public museums.
And, yes, ubiquitous 4G in that area. If anything, you'll have more trouble with 4G as the airwaves will be overcrowded during working hours.
The whole thing's a farce to get him in the news again. This guy's in THE MOST CONNECTED PLACE IN BRITAIN.
You don't need to stand outside and offer your 4G to Wifi which will reach about an inch. THE 4G IS ALREADY THERE. And the mobile hotspot will be being swamped by the million-and-one other Wifi networks on 2.4GHz in that area.
Like they won't let any web browser app use anything but their web controls (Chrome on iPad/iPhone? Yeah, that's not Chrome. It's a UIWebView. The only other allowed alternative is a WKWebView control.
And these people are only just realising that Apple are closed and controlling?
Just people some idiot paid that much to run that name, it doesn't mean that's what it's worth (except to that one seller, that one time).
How do you profit from, say.xyz? By selling domains at.xyz. If those domains are expensive, nobody will touch them. If they are cheap, you'll never make your money back.
You would need to sell tens of millions of TLD addresses to recoup the money invested, even over a ten year period. That's unlikely. Hell, by that time, TLD's might be entirely dead and we've all moved on to something else.
Translation: "I haven't been in the news for at least a week and nobody cares about the shit that I have little to do with releasing any more".
Honestly, given that he lives IN THE EMBASSY how has someone targeted HIS connection alone, how do you know it was intentional, how do you know it was a state actor? It's all bullshit until you pull prove, Julian.
And you're in the middle of fucking London. Order a can of pringles, point it at the centre of town, presto!
More likely, he's forgotten his fucking login but he had to "Assange" it to make it sound like he's important or anyone gives a shit.
Just another performer that I wouldn't go and see live then.
Sorry, but recording devices are not new.
Interruptions from the audience are not new.
Why we feel the need to act on them now that copyright law is VASTLY in favour of the artists, whereas before it wasn't, I can't fathom. But that also seems to be the trigger for this kind of reaction.
If you want me to effectively cripple my phone, something that stays with me all the time EVEN THOUGH I WORK IN SCHOOLS, then we're going to clash heads. I either won't come and see you perform, or I have to jump through a specific, special, nuisance every time I want to do so. Like a form of DRM on a live performance. That will affect my enjoyment, and the rate I'd be willing to pay for that performance.
There's a time and a place for smartphones. I happily agree with you throwing out ANYONE whose phone goes off at a classical concert, for instance. No problem at all. Their own fault for failing to manage their device when they were given the opportunity to voluntarily manage their device.
Even chicken-wire cages around the venue, or whatever. Fine. But to demand I start putting useful items in little bags, you're just trying to be like the TSA and other places who are overstepping their remit under the name of something else (terrorism, etc.). And do you demand the same of, say, a smartwatch?
I can get a mobile phone with camera and wireless and bluetooth that's the size and thickness of a credit card. Literally, now, on Amazon, for 30 GBP. You can't police that kind of thing. And you're at a large venue with people who've paid to see you and you object to them immortalising that special performance?
Wholesale copyright infringement is an entirely different problem. Taking people's phones away doesn't solve that either.
But the problem of "how can I convince an audience that they want to pay money to come and see me?" That's a difficult enough prospect as it is without adding obstacles for yourself.
If I ever did want to go to such a thing, and there was a warning on booking that this was required, I'd cancel. If I turned up and this was an ad-hoc policy, not notified and only implemented on the door? We're going to have an argument and I'm going to seek a refund for more than just my ticket and time wasted.
"If you think about what makes games so fantastic, it's the experiences you have with your friends,"
Er... not really.
I mean, sometimes. I can remember a handful of really fun sessions on games across LANs (using everything from 10Base2 to Gigabit, and serial, and even - at one point - IP over daisy-chained parallel cables using a DOS-based packet driver).
But usually on games that, from the point of their release until several months later when we could organise a session, were only played on single computers by one person. And the vast majority of games that I love are inherently single-player.
And though I run multiplayer servers for a number of games, and a few of them are incredibly popular in that little niche game, the multiplayer experience is there because the game demands it, and then because I can't stand playing with the majority of morons that exist online today. I honestly cannot play online any more without a KICK/BAN button that I can guarantee will work without the democracy of opening it up to a vote. And, yes, even with that kind of dictatorship admin, I still run extremely popular servers.
The latest one for me is Factorio. Love the game. It's fantastic and sucks time like all those games of old that I used to play but had to give up when real-life intervened.
It's multiplayer. It's online multiplayer. I have a server for it. Myself and a random guy spent three hours setting up a factory. Then another guy joined. 20 minutes later, I found missing pieces of transport systems and entire buildings destroyed, and then the new guy started attacking us both. By the time I kicked him, the game was ruined.
Even amongst friends, the problem is not that it's not possible - multiplayer over the Internet is easier than ever. It's that friends don't have the time, money, inclination, or play in ways that make it fun to play with them. My brother is a gamer, I can't remember the last time we played together. I think it was when AOE2 was remastered on Steam, because it worked and we'd always played that with each other.
Some of it is age, but when you go play with younger people who are "into games", their attention span is incredibly limited, they piss about not playing the game half the time, there's no semblance of teamwork or organisation and I "ragequit" (as they say - I mean, they have a specific phrase for "we're so shit that we make other people mad and not want to play with us"!).
That's why I run my own servers.
That's why - unless it's casual games at a party - I don't bother to try to play even with people on my Steam friends list.
That's why I very much prefer games that don't require that kind of interaction and are playable in their own right - not by having friends on the same service.
And even if you have a great set of friends and a lot of games and interests in common, and all the facilities in the world - the number of times you can play in a game against or (more difficult) with a significant number of your own friends, for any significant amount of time is truly limited.
Hell, I'm a CS-player from since before 1.6, and some of my best gaming moments were had in things like TIS-1000, Flight Control, and Master of Orion (the original) than anything else. And rarely were my friends crowded around the PC going "Oh, wow" at them (because nobody has any need to crowd round a PC like that any more).
The best gaming moments ever are things like playing Half-life 2 for the first time. Or getting through Syndicate to that impossible last mission. Very rarely do they involve other people, and certainly not playing against random strangers.
I've just cut TF2 out of my life, after years of casual play on it. Everything became "serious" and competitive, and that's not what the game is about. So everyone ends up peeing about and ruining the game to get some relief from even the "casual" server setups that are no fun at all.
5-year-old website nobody's ever heard of, with no business plan, little to no profit ever and obvious misuse for piracy that offers yet-another-file-download service bouyed up for even that long by a handful of ads.
vs
100-year-old bricks-and-mortar, household-name geek store, which we all have nostalgia for the local equivalent of, slowly pushed out of the high street, as a sign of declining necessity and changing use of technology, after a long-established and massively profitable business in many countries for nearly a century, until last year.
"Unprofitable business model leads to business not making enough profit"
Honestly, where's the news or the shocking surprise.
A high-end, tech-heavy hosting site that you can upload stuff to for free, and share to people for free, and they can all watch it for free, not making money? Amazing.
And their premium offering gave you:
- Ad-free access and no waiting (So you pay to make the ads go away) - No daily streaming limitations (Amazing - how much time do you think one person will spend on such a website streaming videos from it exclusively, such that they will pay to remove the restriction?) - Unlimited parallel downloads (Ooooh... so I can download more than a handful of videos at the same time. Or just do a few and wait) - Upload larger files - up to 5GB (5Gb of MP4 is a LONG movie) - Files never removed due to inactivity (Except if the company goes bankrupt...) - Special dedicated servers just for PREMIUM Members (Oooh! But if the free service was shit, nobody would bother to pay for the premium one anyway) - Mobile access - iPhone and Android (You mean I can watch videos on my smartphone too!?) - Download original files (You mean I can download the thing I'm watching?!) - Upload more files simultaneously (See "Unlimited parallel downloads") - Create custom links to track traffic (Because there's no other way to do that) - Ultimate file security with AES encryption (WTF does that even mean in the context of a video-sharing website?)
Amazon Prime? People queried why I bought it. Because my usage pattern makes it have value enough for me even if theirs doesn't.
But what these people have made is a pay-for YouTube. One of thousands of them. A website that's incredibly annoying to download anything significant from, and would confuse people for even casual use (e.g. your family video), and which nobody with a brain would ever pay for against other sites offering the same or more.
And I imagine the costs of DMCA takedowns alone would wipe out anything that you've got coming people. People will badly abuse a site like this, and maybe even pay to do so, just like any other file download site.
Where was the profit, ever?
There should be a register of people who have owned a company with a turnover over a certain amount, which later closes business, so that you can deny these people ever running a business again.
Fuck taking notes in a lecture on advanced maths with anything approaching markup or GUI maths entry.
I studied maths and computer science at uni, many years ago. It was before tablets or laptops or phones were practical for everyone to own one and carry to each lecture.
But Maths lectures were the one place I just put any concept of typing on a device to one side and just dug out the pen and paper, even if I then spent the evening on Maple or LaTeX working out what I needed.
"Our old API was shit and didn't take account that touchpads existed, thus forcing mouse emulation and proprietary third-party drivers that don't work on anything else.
After 20 YEARS of laptops having touchpads, we've exposed the underlying data of the devices in question and made it an API that will fuck up the second "3D touchpads" or whatever come along.
Despite having had touchscreens for all that time too, and smartphones for much of it (with capacitative screens, hover, etc.) and entire other OS being designed to take account of those kinds of input devices as the primary input."
And they're supposed to get congratulations for this?
You can also guarantee that the API will be incomplete or difficult to manage, or not backward-compatible breaking all your old laptops, thus still ending up with third-party junk to do the job for us that doesn't work for any other manufacturer.
I'm STILL waiting for the day when the whole keyboard surface is flat-but-springy (like, oh my god, a touchscreen!) so you can type on it, hold a pen on it, or use it as a giant trackpad in the keyboard layout of your choice (numpad or trackpad? Trackpad below and center or off to one side? etc.).
Tech moves SO SLOWLY in this regard until someone spots it after many years and puts out a mass-market device like that and everyone goes "at fucking last".
Slashdot Mirror
I have the same problem.
I took to highlighting emails for "Short version" and "Long version". The only people who bother with the long version are the people with an axe-to-grind with what the email is about, people who are similarly autistic-like (yeah, I'm definitely on there somewhere too), and those with an interest in the actual fine details of that particular area.
But I work in schools so I can tell you now that, however hypocritical, the entirety of education is set up as "lies to children", in fact "lies of decreasing magnitude". At first atoms are the smallest thing. Then electrons. Then quarks. Then strings or whatever. We do it to ease them in, and allow them to understand at whatever macroscopic scale is necessary at that time.
I'm not sure it's an entirely bad method, but the phrase "You'll see later / when you get older that this isn't exactly true" doesn't HURT anyone to say and we rarely say it.
To be honest, when I'm asked to summarise, e.g. in meetings, I struggle immensely because I don't see that you can sum up anything that easily without just providing opinion rather than fact.
"So what's best, X or Y?"
"Well...".
I can give an impartial, fact-based, long answer.
But if you want one or the other it will be opinion unless the answer is blindingly obvious. And your opinion may differ.
The problem I get is that when opinion differs, the next question is always "Why" and despite lots of reasoning from an expert hired for exactly that purpose, there's often no convincing someone anyway.
But, as this post probably shows, I find that the REASONING for an answer is often more important than the answer itself. It tells you how much people have thought about it, how long they've been working with such things, how detailed their knowledge is, and that - ultimately - tells you whether you should be trusting their opinion against others.
I get told off for overly-long emails and posts all the time, and yet I often hold back much more than people know.
(Pity the poor guy who tried to argue Data Protection legislation with me and got a written-up explanation, with citations, all my own wording, from memory, in under an hour that took him a day to read).
Then it's nothing to do with the bulbs. If incandescents barely last a couple of months, you have bigger issues.
I'd honestly suggest you get a whole house filter because you're just in a really bad shape, electrically. That's not the fault of any kind of bulb, and you're probably destroying all kinds of hardware.
To be honest, a lighting circuit can generally be UPS'd quite easily and has more than one advantage (less bulbs blowing, and a backup lighting in the case of a blackout). If you replace with LEDs and UPS, you can probably run your lighting for a couple of days off even a cheap one.
What you need to find is what's killing them, though, because that's damaging all kinds of stuff down the line. I'd suggest over-voltages and surges.
Typed out a massive post. Got blocked by the lameness filter.
Removed all references to DNS, round-robin, DDoS and anything else that might be tripping it up (destroying the prose at the same time) and still got blocked.
Spent 20 minutes editing, still got blocked.
Gave up, closed Chrome window.
Basically, the target in this instance was Dyn. Secondary DNS would only help if only Dyn were targetted. The second the target is not Dyn but you (or Twitter or Microsoft), it doesn't matter how many secondaries or tertiaries you have, you still fall over.
That's effectively the same as applying encryption to the stream, albeit for a different purpose. Though you can rate-limit SSL requests, and require them to all be valid before you continue processing, you hit a problem either way - either you're throwing lots of time/effort at verifying the challenge yourself against a lot of bots faking it, or you're handling a lot of connections that are indistinguishable from genuine ones.
Every if you reset the counter for each unique IP (because of NAT etc. that's your only identifier), you'd have visitors from large organisations (e.g. universities) lumped together and subject to many more delays than necessary while the millions of home routers on the FOUR BILLION other IP addresses would just still be pinging you a request a minute that - by sheer weight of numbers - will still overwhelm your system.
And a Raspberry Pi, for example, operates at over 1GHz. Embedded hardware - especially video-processing like CCTV etc. - is not necessarily "not powerful" and often runs off general purpose ARM chips that can do a lot more than you think.
Plus, the attackers don't care that the devices they have taken control of, and don't own or need for any other purpose than to attack you, are delayed slightly, so long as they keep challenging your system to their utmost.
It's also just an arms race then, and I guarantee that a botnet of compromised devices has more CPU that you can ever handle at the other end to throw at such problems, even if they are doing the hard part (e.g. factorising primes) and you are doing the easy part (e.g. checking they are factors).
As speeds escalate, you'll lose the war even faster over time.
I can't see that it's a solution.
They are.
No source addresses were faked here.
Just millions of "genuine", unfaked connections.
That's the "new" part of this attack. It's not trying to pretend it's anything that it isn't. It's literally just millions of devices requested advertised services and responding to their responses in the correct manner.
Imagine a DDoS of just asking for Wikipedia pages. It's hard to combat because you have no way to distinguish it from just a sudden surge of genuine traffic.
As most of this traffic was "genuine", i.e. not spoofed, not faked, not bouncebacks, not violation of the protocol, etc. it's hard to do much about it. Even if you were running protocols where each packet had to be part of an authenticated stream, you would still have the same problem.
The only technical solution I can think of is a protocol with which you can communicate with an upstream host and have them implement a filter of your choice to the traffic they send you before it comes down your line.
Quite literally "please block anything from these IP's or traffic that matches this pattern".
But I cannot imagine such a thing ever be implemented as it pushes the burden further and further upstream and the top-layer will be overwhelmed with traffic and their filters running hot all day long, especially if they have millions of customers all specifying complex rules.
There's no way I can see to stop something like this, where millions of random devices starting genuine full connections and responding as any other client, without just rate-limiting (which rate-limits your other genuine clients) or engaging in the packet conversation as you normally would (which would be enough to cause a DoS in itself).
Even if you can spot a pattern, it'll be changed in the next iteration, or dynamically and randomly generated in time. It's like spam-filtering at packet-speeds, and as stupendously unreliable.
Previously, it was faking source IPs, which can be solved by ISPs being required to only allow their announced ranges. Now, with just millions of valid connections, a DoS is indistinguishable from a service just suddenly becoming incredibly popular with real users.
Any method, protocol, or setup where they have to connect to you like that and you perform some kind of check or measure against their connection (even, say, setting up a TLS session) can be replicated by the botnet just as easily.
There's no solution to what is effectively "junk mail" inside a TCP/UDP packet.
How wonderfully naive and wrong your analysis and solution is.
Both have been in the news in recent years for falling into obsolescence where nobody was actually checking the code properly any more (because of a lack of developers) and both retained serious security flaws for many years.
And both have much more active development on their "Libre" equivalents (LibreSSL and LibreOffice) where those kinds of things are found and fixed pretty damn quickly and all the legacy cruft that nobody was looking at, let alone maintaining, is removed.
If you haven't seen the actual cause of HeartBleed and the Apache OpenOffice vulnerabilities, I suggest you go read up.
Fuck knows what shit it is that you're buying, but there's a CF replacement bulb in every socket in my house and I've literally never changed one.
The outdoors one is on from dusk to 11pm all year round and is a CF. Still going.
In fact, all that's happened is that I've started replacing the CFs with LED lights - and same thing there. Not one in the bin yet. In fact I've still got a box of 20 LED bulbs which are just waiting for the CFs to die but I don't get up on a chair to change them unless they do and NOT ONE has. In the same time, I've replaced 12 halogens and about 7 incandescents.
And I'm using the cheapest thing on Amazon that I can buy in bulk and is supplied in a direct-replacement for an existing bulb-shape.
Hell, I even replaced all the tiny little high-power halogens that were popular in light fittings with bigger-but-same-output LEDs that take 1/50th the power.
I honestly don't know what junk you're using or what's wrong with your house electrics, but CF's do what they claim, and so do LEDs.
Little better than random chance, then.
Pisses me off that the biggest IT investments and supercomputers exist for meteorogical purposes that perform little better than chance.
Though important, for shipping, air travel, etc. it's not THAT important to get a tiny little percentage over just looking around and thinking it's going to piss down in a moment, or sticking a box in the North that lets you guess how long until the same weather hits the South.
Just seems one enormous waste of money to me. And who exactly PAYS for their weather forecasts? Are airlines really paying millions of pounds a year to find out if the skies are going to be a bit rough?
I'd be MUCH more worried if said audit produced nothing at all.
The fact that the flaws are mostly in the new bootloader code - new, untested, complicated - is EXACTLY right. You don't need to use that bootloader, and TrueCrypt NEVER had that kind of bootloader (so the choice is nothing or VeraCrypt in that instance).
There is nothing to suggest that the people behind TrueCrypt were any better - their audit turned up stuff too, and that was YEARS and YEARS after their first releases. VeraCrypt code hasn't had even have that amount of time to catch up.
So I don't see a problem. I've used both. TrueCrypt is going to stop working eventually - whether that's because UEFI bootloaders become ubiquitous, which is what MS are pushing for, or some other reason.
Where security is concerned, better a project that people are actively working on (i.e. looking for, and fixing, flaws) than something that was once secure stagnating because nobody is coding on it. Take OpenSSL and OpenOffice as the prime examples of this lately.
It takes a lot of parsing but it is English.
I got stuck on that, and on:
"On average, about 1 out of 1,000 times does a record-setting campaign continue beyond its halfway point..."
If you have to re-read sentences multiple times, it's NOT good writing, even if it uses all English words.
What? Dozens of Wifi points in the middle of a residential and commerce centre in the middle of London? And the 4G? And nobody else notices and the next-door-neighbours go about their evening with no Wifi without saying a word?
Don't think so, somehow.
You know that point, where the bollocks you made up drifts from "plausible but stupid" into "yeah, right, sure"?
It's smack-bang in the middle of fucking London.
There's wifi all over that place.
At absolute worst, just get a Pringles tin and make a cheap Yagi and you could pick up hundreds, if not thousands of networks. We're talking a couple of streets away from Soho and massive public museums.
And, yes, ubiquitous 4G in that area. If anything, you'll have more trouble with 4G as the airwaves will be overcrowded during working hours.
The whole thing's a farce to get him in the news again. This guy's in THE MOST CONNECTED PLACE IN BRITAIN.
You don't need to stand outside and offer your 4G to Wifi which will reach about an inch. THE 4G IS ALREADY THERE. And the mobile hotspot will be being swamped by the million-and-one other Wifi networks on 2.4GHz in that area.
Honestly, it's just pandering to media.
Yep.
Apple won't let any app use the NFC for payment.
Like they won't let any web browser app use anything but their web controls (Chrome on iPad/iPhone? Yeah, that's not Chrome. It's a UIWebView. The only other allowed alternative is a WKWebView control.
And these people are only just realising that Apple are closed and controlling?
Just people some idiot paid that much to run that name, it doesn't mean that's what it's worth (except to that one seller, that one time).
How do you profit from, say .xyz? By selling domains at .xyz. If those domains are expensive, nobody will touch them. If they are cheap, you'll never make your money back.
You would need to sell tens of millions of TLD addresses to recoup the money invested, even over a ten year period. That's unlikely. Hell, by that time, TLD's might be entirely dead and we've all moved on to something else.
And that's why it says ALLEGATION.
Cock.
Translation: "I haven't been in the news for at least a week and nobody cares about the shit that I have little to do with releasing any more".
Honestly, given that he lives IN THE EMBASSY how has someone targeted HIS connection alone, how do you know it was intentional, how do you know it was a state actor? It's all bullshit until you pull prove, Julian.
And you're in the middle of fucking London. Order a can of pringles, point it at the centre of town, presto!
More likely, he's forgotten his fucking login but he had to "Assange" it to make it sound like he's important or anyone gives a shit.
Just another performer that I wouldn't go and see live then.
Sorry, but recording devices are not new.
Interruptions from the audience are not new.
Why we feel the need to act on them now that copyright law is VASTLY in favour of the artists, whereas before it wasn't, I can't fathom. But that also seems to be the trigger for this kind of reaction.
If you want me to effectively cripple my phone, something that stays with me all the time EVEN THOUGH I WORK IN SCHOOLS, then we're going to clash heads. I either won't come and see you perform, or I have to jump through a specific, special, nuisance every time I want to do so. Like a form of DRM on a live performance. That will affect my enjoyment, and the rate I'd be willing to pay for that performance.
There's a time and a place for smartphones. I happily agree with you throwing out ANYONE whose phone goes off at a classical concert, for instance. No problem at all. Their own fault for failing to manage their device when they were given the opportunity to voluntarily manage their device.
Even chicken-wire cages around the venue, or whatever. Fine. But to demand I start putting useful items in little bags, you're just trying to be like the TSA and other places who are overstepping their remit under the name of something else (terrorism, etc.). And do you demand the same of, say, a smartwatch?
I can get a mobile phone with camera and wireless and bluetooth that's the size and thickness of a credit card. Literally, now, on Amazon, for 30 GBP. You can't police that kind of thing. And you're at a large venue with people who've paid to see you and you object to them immortalising that special performance?
Wholesale copyright infringement is an entirely different problem. Taking people's phones away doesn't solve that either.
But the problem of "how can I convince an audience that they want to pay money to come and see me?" That's a difficult enough prospect as it is without adding obstacles for yourself.
If I ever did want to go to such a thing, and there was a warning on booking that this was required, I'd cancel. If I turned up and this was an ad-hoc policy, not notified and only implemented on the door? We're going to have an argument and I'm going to seek a refund for more than just my ticket and time wasted.
"If you think about what makes games so fantastic, it's the experiences you have with your friends,"
Er... not really.
I mean, sometimes. I can remember a handful of really fun sessions on games across LANs (using everything from 10Base2 to Gigabit, and serial, and even - at one point - IP over daisy-chained parallel cables using a DOS-based packet driver).
But usually on games that, from the point of their release until several months later when we could organise a session, were only played on single computers by one person. And the vast majority of games that I love are inherently single-player.
And though I run multiplayer servers for a number of games, and a few of them are incredibly popular in that little niche game, the multiplayer experience is there because the game demands it, and then because I can't stand playing with the majority of morons that exist online today. I honestly cannot play online any more without a KICK/BAN button that I can guarantee will work without the democracy of opening it up to a vote. And, yes, even with that kind of dictatorship admin, I still run extremely popular servers.
The latest one for me is Factorio. Love the game. It's fantastic and sucks time like all those games of old that I used to play but had to give up when real-life intervened.
It's multiplayer. It's online multiplayer. I have a server for it. Myself and a random guy spent three hours setting up a factory. Then another guy joined. 20 minutes later, I found missing pieces of transport systems and entire buildings destroyed, and then the new guy started attacking us both. By the time I kicked him, the game was ruined.
Even amongst friends, the problem is not that it's not possible - multiplayer over the Internet is easier than ever. It's that friends don't have the time, money, inclination, or play in ways that make it fun to play with them. My brother is a gamer, I can't remember the last time we played together. I think it was when AOE2 was remastered on Steam, because it worked and we'd always played that with each other.
Some of it is age, but when you go play with younger people who are "into games", their attention span is incredibly limited, they piss about not playing the game half the time, there's no semblance of teamwork or organisation and I "ragequit" (as they say - I mean, they have a specific phrase for "we're so shit that we make other people mad and not want to play with us"!).
That's why I run my own servers.
That's why - unless it's casual games at a party - I don't bother to try to play even with people on my Steam friends list.
That's why I very much prefer games that don't require that kind of interaction and are playable in their own right - not by having friends on the same service.
And even if you have a great set of friends and a lot of games and interests in common, and all the facilities in the world - the number of times you can play in a game against or (more difficult) with a significant number of your own friends, for any significant amount of time is truly limited.
Hell, I'm a CS-player from since before 1.6, and some of my best gaming moments were had in things like TIS-1000, Flight Control, and Master of Orion (the original) than anything else. And rarely were my friends crowded around the PC going "Oh, wow" at them (because nobody has any need to crowd round a PC like that any more).
The best gaming moments ever are things like playing Half-life 2 for the first time. Or getting through Syndicate to that impossible last mission. Very rarely do they involve other people, and certainly not playing against random strangers.
I've just cut TF2 out of my life, after years of casual play on it. Everything became "serious" and competitive, and that's not what the game is about. So everyone ends up peeing about and ruining the game to get some relief from even the "casual" server setups that are no fun at all.
And lawyers up its backside every minute of the day looking for any profiting from that venture in order to claim triple-damages on later.
Sometimes, there's a reason to go bankrupt.
5-year-old website nobody's ever heard of, with no business plan, little to no profit ever and obvious misuse for piracy that offers yet-another-file-download service bouyed up for even that long by a handful of ads.
vs
100-year-old bricks-and-mortar, household-name geek store, which we all have nostalgia for the local equivalent of, slowly pushed out of the high street, as a sign of declining necessity and changing use of technology, after a long-established and massively profitable business in many countries for nearly a century, until last year.
Yeah. Same thing.
"Unprofitable business model leads to business not making enough profit"
Honestly, where's the news or the shocking surprise.
A high-end, tech-heavy hosting site that you can upload stuff to for free, and share to people for free, and they can all watch it for free, not making money? Amazing.
And their premium offering gave you:
- Ad-free access and no waiting
(So you pay to make the ads go away)
- No daily streaming limitations
(Amazing - how much time do you think one person will spend on such a website streaming videos from it exclusively, such that they will pay to remove the restriction?)
- Unlimited parallel downloads
(Ooooh... so I can download more than a handful of videos at the same time. Or just do a few and wait)
- Upload larger files - up to 5GB
(5Gb of MP4 is a LONG movie)
- Files never removed due to inactivity
(Except if the company goes bankrupt...)
- Special dedicated servers just for PREMIUM Members
(Oooh! But if the free service was shit, nobody would bother to pay for the premium one anyway)
- Mobile access - iPhone and Android
(You mean I can watch videos on my smartphone too!?)
- Download original files
(You mean I can download the thing I'm watching?!)
- Upload more files simultaneously
(See "Unlimited parallel downloads")
- Create custom links to track traffic
(Because there's no other way to do that)
- Ultimate file security with AES encryption
(WTF does that even mean in the context of a video-sharing website?)
Amazon Prime? People queried why I bought it. Because my usage pattern makes it have value enough for me even if theirs doesn't.
But what these people have made is a pay-for YouTube. One of thousands of them. A website that's incredibly annoying to download anything significant from, and would confuse people for even casual use (e.g. your family video), and which nobody with a brain would ever pay for against other sites offering the same or more.
And I imagine the costs of DMCA takedowns alone would wipe out anything that you've got coming people. People will badly abuse a site like this, and maybe even pay to do so, just like any other file download site.
Where was the profit, ever?
There should be a register of people who have owned a company with a turnover over a certain amount, which later closes business, so that you can deny these people ever running a business again.
I'm a mathematician.
Fuck taking notes in a lecture on advanced maths with anything approaching markup or GUI maths entry.
I studied maths and computer science at uni, many years ago. It was before tablets or laptops or phones were practical for everyone to own one and carry to each lecture.
But Maths lectures were the one place I just put any concept of typing on a device to one side and just dug out the pen and paper, even if I then spent the evening on Maple or LaTeX working out what I needed.
"Our old API was shit and didn't take account that touchpads existed, thus forcing mouse emulation and proprietary third-party drivers that don't work on anything else.
After 20 YEARS of laptops having touchpads, we've exposed the underlying data of the devices in question and made it an API that will fuck up the second "3D touchpads" or whatever come along.
Despite having had touchscreens for all that time too, and smartphones for much of it (with capacitative screens, hover, etc.) and entire other OS being designed to take account of those kinds of input devices as the primary input."
And they're supposed to get congratulations for this?
You can also guarantee that the API will be incomplete or difficult to manage, or not backward-compatible breaking all your old laptops, thus still ending up with third-party junk to do the job for us that doesn't work for any other manufacturer.
I'm STILL waiting for the day when the whole keyboard surface is flat-but-springy (like, oh my god, a touchscreen!) so you can type on it, hold a pen on it, or use it as a giant trackpad in the keyboard layout of your choice (numpad or trackpad? Trackpad below and center or off to one side? etc.).
Tech moves SO SLOWLY in this regard until someone spots it after many years and puts out a mass-market device like that and everyone goes "at fucking last".