"If I keep tossing this coin, eventually it will disappear into thin air and magically turn into a unicorn".
Scientifically speaking, there's virtually no difference, in fact. There's experimentation, there's pushing for new science, and then there's just bollocks.
It doesn't work like that. You find something unusual ("Hey, this part of the air is slightly warmer than expected... I wonder if...") and investigate the cause, or you hypothesise more accurate explanations of what we can observe and try to predict something entirely new (which you can then confirm by a single good experiment).
You don't just insist that flipping enough coins will make magic happen which will cause enough anomalies that will break existing laws that have held through countless billions of experiments consistently.
You are literally suggesting discovering new science by brute force, in an infinite-sized universe, with infinite levels of precision available.
I am infinitely more impressed by someone performing a stunt, once, for real, after a thousand takes, by chance, with the help of cleverly-chosen camera angles, than anything that CGI can produce. Fuck, Jackie Chan movies and the like basically give you a broken-bone count in the outtakes over the credits.
Why movies haven't lauded "No special effects or post-production - everything you see was captured on video in real-time" for the last 20 years, I can't fathom.
When everything is fake, anything is possible, and it becomes boring and unreal.
I'm still waiting for the Bond-like remake that features no weapons, no CGI, no stupendous car-stunts (unless someone really did them - with safety gear etc. is fair enough, but you have to have really done them).
If I see one one "car goes up ramp and jumps something" piece of shit, I swear I'll just stop bothering to watch movies at all.
It could be something you put in-house and thus can access via a HTTPS site from anywhere. Be able to work from home without needing specialist tools installed, and utilize the power of your servers to do, e.g. distcc, rather than your workstation.
I'd quite like an "OwnCloud" version of Eclipse. Then I could quite literally log on and code from anywhere without needing to replicate what is quite a complicated multi-platform, multi-language, highly integrated IDE setup elsewhere.
Board positions flip back and forth all the time as you capture territory, and then your opponent recaptures a portion, and so on.
Think more of Othello/Reversi - although there are only 8x8 board with each square either empty, black or white, the number of positions that flip back to earlier or similar positions is high throughout the game.
Well, it assumes an awful lot. But I think they are saying they can, for example, spoof a ton of responses to any machine that MIGHT be about to connect to you, and thus gain some privilege escalation from that conversation. Quite how they get higher than the privileges assigned to the user making those requests isn't clear, but it sounds like it could be possible.
But they even think SMB signing might defeat it, but haven't finished looking into that (which is suggestive that it does indeed defeat it, to be honest).
The fake WPAD responses? I don't know about you, by my WPAD data is given out by my DHCP server, not by anything else, and I believe that overrides most things. It's then double-set by a GPO and a DNS entry too. You'd have be in my network faking DHCP or able to override GPO settings and that's quite a way past what you need to be able to attack me anyway (P.S. my network switches will go ape-shit and cut you off if you do that).
They seem to be claiming that when something makes a request from the network for a WPAD query, they can fake every possible response until whatever was asking takes the FAKE response as genuine. That might well cause a machine to switch a proxy. But it would seem by that point to be already inside the network and able to do an awful lot worse damage anyway.
"Extended Protection for Authentication" is the mitigation for "the last stage of the attack" (where they are already spoofing WPAD settings and intercepting all web access from the machine in question, and just attack NTLM authentication via that for services that still try to use NTLM and WPAD entries). That was introduced in XP and Vista, by the way. I think by that point, you're fucked anyway.
I'm more interested in quite how something gets to do things like take up EVERY UDP socket on your system without otherwise cocking up and giving you tons of warnings elsewhere, and then manages to be in the line of fire for replying to a WPAD setting that's overridden by other browsers, by GPO, by DHCP settings, etc. and then use that to suddenly send all your requests to... yourself it looks like, and try to defeat NTLM auth.
It seems like one of these "LOOK HOW DANGEROUS" attacks that, although technically they aren't lying when they say they've got it to work on all these things, requires a combination of circumstances so extraordinary that you're already fucked before they start sending a packet.
The biggest problem I have? Minus some keywords that are pure filler in this article, there isn't a single mention of this that I can find anywhere else on a search engine. Literally, it's all regurgitated press releases with the same phrasing, ALL pointing to the same article. Yet it was supposedly released a while ago.
And the only thing we can apparently do about it at the moment is enable an option that breaks shit and only combats the very last stage, where it's already game over and they get to choose from a myriad of services that might trigger an NTLM-authenticated HTTP connection using a given WPAD proxy (which I imagine can't be that hard to find in major pieces of software or other areas of Windows).
Wait for a fix, or at least a decent analysis, but I wouldn't really go into a panic.
We'll talk when your presidential candidates understand the difference between "race", "religion" and "political idealogy".
America is a 21st Century country still living with social norms made in the 15th Century (police abuse, civil war levels of personal armament, no healthcare service worth mentioning unless you have money, and wanting to bar all "foreigners" because they don't understand the differences between them).
And a paper/plastic bag blowing across the road is almost impossible to distinguish at speed with "sensors" and will cause your car to come to a screaming halt.
Or else it would similarly drive straight over the top of a toddler running out in front of you.
Personally, I think the car could be made safe. The driver behind you driving a "non-safe" car is what's going to kill you every time. And that will only be made worse if cars take it upon themselves to perform ever-more-drastic actions on the basis of sensor inputs.
Not being funny, but if incremental upgrades are supported, or were at one point, is there not a blindingly obvious fact that you could get an old one, and update it twice in a row transparently, and not tell the user?
I understand that a properly non-incremental upgrade might be slightly faster but also it's likely to cock a lot of things up. I just don't get why - if there's an upgrade path from 1.0 to 2.0, and from 2.0 to 3.0, and from 3.0 to 3.1, you can't just install 3.1 over the top of 1.0. You don't need to contain the bulk of the 2.0, 3.0 etc. updates because most of them are again overwritten by later versions. Just conversion scripts, upgrade scripts, and then the latest package, surely? It's a nonsense that you can't upgrade like this in one fell swoop, even if it means the distro goes "Hold on, I have to download a handful of intermediary updates to do that which are on this 3.1 disk... is that okay?"
The software I use in work just has thousands of versions. When you upgrade, it goes through a series of updates, of databases, configurations, even data (e.g. splitting out some fields into more than one field so you can add new features, etc). It doesn't matter what version you start with, or are aiming towards, the same process occurs, in the same linear order, and gets you to the same point.
Old data is migrated where necessary, fixes and tweaks (e.g. to database schema) happen for each update as necessary, and rarely do you have to do anything special. If your v83 upgrades to v84 by changing the config files to the new format for v84, and the later update v95 does it again for the new version of that software or to fix a bug, then whether you do them years apart, or within seconds of each other does it really matter?
As such, all you're really doing is bringing forward small scripts that do such (rare) actions, and then extracting a tarball of binaries over the top, after checking dependencies. Is it really that miraculous that you can do this? Jumping two versions? Run the scripts that modify config / db schema for each intermediate version in serial, then unpack the latest binaries for the new version over the top of whatever was there - whatever version - as normal.
I honestly don't get why there's not just one huge version number for distros. Every time a package is changed, increment the version for the entire distro. Mark certain versions as bad as necessary (so upgrades to those versions are ignored). Then keep a list of tags of versions, and their regarded stability, as you expect.
When it comes time to upgrade, oh look, you have version 5434 of the distro and the latest is 6000. So we run updates 5435 - 6000, and those updates skip if you don't have that particular software that changed installed or if there was a bad update published. Would you really know or care?
At least then you can just refer to ONE version number. Bug in MySQL? Oh, yes, we fixed that in 5869. Upgrade to at least that, or you're on your own.
When we are told to upgrade a distro by multiple versions, we all do exactly this. We install linearly, by increments, until we get to a supported configuration. Why that process isn't automatic and supported in all distros, I can't fathom. Even Slackware's done that to me in the past and I've had to snapshot, perform each version upgrade one-by-one and then fix up exactly what I would have needed to anyway.
Unless you're in the UK where it's 999 (but 112 will work).
But maybe you're in Italy where each emergency service has its own phone number (and 112 just delays you by asking which you would like).
Or you could press the "emergency dialling" thing on your phone.
You're missing the point. The NUMBER is just a number. If anything, you're arguing FOR throwaway numbers where the number means even less. Imagine if you could generate a new phone number for your bank like a new wallet address for your Bitcoin. And yet all your old ones still work just fine. But nobody can link your numbers. And when someone spams your number, you can just delete JUST THAT NUMBER. But the actual number means NOTHING.
The number is dead. You're talking about antiquities. And people report crime over Facebook or websites every single day already. You can do it by text. You can do it by Skype (IT HAS EMERGENCY DIALLING FUNCTIONALITY BUILT INTO THE SOFTWARE!). Hell, the numbers for reporting crime are different again (101 if it's not an emergency, in the UK, for example).
Rather than remember a fuck-ton of numbers like we did before the devices could store them, we just need an emergency dialling button, which most of us have on the lock screen of our phone already. Hell, my car can emergency dial for me nowadays if the airbags goes off. What number it ends up dialling is as unimportant as what IP address it picks up over the 4G connection, or what IMEI it uses. Sure, it's listed in a database somewhere but only your phone and the service provider need ever know it.
Do you REALLY want to piss about with numbers in an emergency? And if your bank calls, they need to know "your number". Of course. But people already hold phone numbers that are based on mnemonics, and they already give out phone numbers that can change the next week, and they already DO NOT DIAL other's phone numbers, but select a contact from a list.
It's just one fad away from you getting a "me-code" or whatever it'll be called, where we all grab our domain names or usernames or images or QR codes or whatever's easiest (fuck, NFC is on all phones now and eliminates this "sharing numbers" shite) because they be linked to our phone number (like WhatsApp - do you know the numbers of ANY of your WhatsApp contacts?). So nobody has to remember the fucking number (which is stupid in this day and age), they just have to know what name you go by on that particular service. Like "dial Amazon.com" to be put through to Amazon customer service. Who cares what the NUMBER is?
As such, the numbers are dead. Back in the day, you used to be able to ask for, say, Burnley 312 and be put through to the 312nd house in Burnley to be put on the telephone. We got rid of that shit because it's not a useful way to link a person that you want to contact. Now we literally can say "phone Fred", or tag a QR code, or click a Skype link, or tap a link in a text message. It's literally one step from the number disappearing forever and being replaced with a set of usernames that follow you wherever you go (so no more of this "home phone" and "mobile phone" and "work phone" shite - just generate two accounts for home and work and you can be contacted and accept calls as you like).
People are ALREADY doing this. VoIP basically does this, and guess what the next generation of communication networks have been built on? You're more likely to be giving out something that's actually linked to a SIP account in future than anything to do with an area code.
Stop, and look around you. Seriously. Yes, numbers are still out there. But so are business cards, people who publish their business numbers in the phone book, and rolodexes. It doesn't mean they have a future.
You have an IP address. Do you know it? Your computer can't really function without it nowadays. It's there, but it's not necessary to know.
Your phone has an IMEI number. Do you know it? Do you know what IP address it was assigned? Do you care? No.
But what detail do you remember? What do you login with? How do you give a contact your details? I don't know about you but I don't read out my phone number except in very rare circumstances. At worst, someone dials the other party's number ONCE, and then we both assign the number to a contact on our phones. With name, and photo. The things that remind us of that person. Nobody cares about the number.
Nobody is saying numbers will go away. We're saying nobody needs know them and it would only take a single protocol to come along with a hint of "coolness" to get rid of them forever.
Rather than "My number is..." and then a string of numbers, you'll just say "I'm fredbloggs21 on Whatsbook". And people will be able to get your phone number (which they'll store as Fred in their phones), email, IM, etc. just from that. They already do. The younger generations don't piss about with phone numbers already. They have no need. They find each other on facebook and then from there it's "What your instagram?" or whatever.
Phone numbers will die out of common use, the same way that IP addresses will. Nobody cares about what their particular one is, nobody need know it, nobody need share it. At worst, you give a descriptive name via a service that encompasses that number without you knowing. No different to DNS or email (Do you know what IP of what email server your email goes to when sent to your domain? Or that it goes to port 25? Because 99.9% of people couldn't give a shit).
I deliberately do not tell people what I earn. Especially co-workers.
The reason? I generally earn more than them. Not that I think I'm so much better than them or anything else, but that I negotiate my pay solely on my terms. This is what I earned at my last place, this is what I need to earn to come to you, and I was owed this raise that never happened so if you could do that too I'd look on that extra responsibility you want me to take on in a much better light.
And, as a result, I've earned more than people in similar positions to myself. In one case it was queried. It was queried why I was considered more senior than someone with the same job title, why I earned more than them, etc. There was even a face-off. To the point that - one quiet day - we were both set identical tasks, to build a particular type of server, with a particular new piece of software that nobody had seen, and to do it without instructions or help, basically to do it as we THOUGHT it should be done.
An hour later, I had it up and working, test data into it, and passed it up the line for further testing, providing performance figures and all sorts. The other guy never, in three months of working there, got his one working. I wrote up the documentation on how I did it, gave it to him. He still couldn't do it (but my boss could!). I wrote up security recommendations, testing procedures, etc. and submitted them same-day. When that guy eventually left (because of all kinds of reasons, not least that he was stealing our software licenses and hardware), I found that unfinished server under his desk, still without the software working correctly.
After that day, my salary / perceived seniority never was questioned again, though. I don't claim to be a genius, but it was a simple fact that - compared to my peer - there was a clear discrepancy in skillset and, thus, in salary too. It happens. Even two people hired at the same time from the same place to do the same job with the same criteria will never do it the same way. One will always work slightly better than the other.
At a few places now, I have overrode my peers and even had them removed after my employers saw what they should have been getting all along. Hell, I'm a network manager now, it's hardly genius-level stuff. But when people are still using login scripts instead of group policy, refuse to deploy 64-bit, or Windows 8, or Server 2012R2 just "because", are deploying machines manually instead of using imaging, have no testing, etc. then it's easy to show how much time they are wasting, how much they haven't bothered to learn about their profession, how far from best practice they are, etc.
There's a reason I don't join unions. There's a reason I don't get in wage discussions. There's a reason that I don't like getting into situations where large teams of people basically have the same job (I much prefer there to be clear hierarchies and separate areas of responsibility).
Because, as far as I'm concerned, all it does is create tension, highlight people's inadequacies (and I have those too!), make people bitter, and sour relations. And, at the end of the day, it can cost people their jobs - either because they are shown up, or because they decide to get better deals elsewhere now they know they exist.
Whenever people are there moaning about their pay, hours, responsibility, etc. I can't get involved. I won't offer false sympathy while I'm earning more than them. I won't bring up that I do things in more efficient ways that they deliberately choose to ignore or criticise without reason. That's up to them. They are deciding their own career path, including the salary structure they will get stuck on.
If they wanted more, they could ask what they would need to do that. Nobody EVER does that. Nobody. They just bitch about how it's all unfair, but they don't go to their boss and say "What can I do to overcome this stagnation of my salary, how can I move to something I enjoy more?" because they know the answer will be
Name another media company that went out of their way to develop a patent-free media codec that was independent and competitive with other codecs of the time? (Google Dirac)
The BBC are publicly-funded, and under immense pressure to justify their funding at the moment - there's talk of scrapping the TV licence, and with it the BBC. They receive no advertising revenue in the UK at all. They only get some foreign revenue from sale of media (not even their own codecs or patents), and that goes to their commercial arm which isn't funding stuff like this.
There's no profit in them evaluating codecs, only if they then go out and build their own hardware that uses it. They didn't manage to do that with Dirac either, so why they would with this I have no idea.
All they want to know is what's best to push through iPlayer and store in their archive.
I think that gives them a view of maximum two sides, obscuring everything behind 50% of the car on the far side that's hardest to judge, and likely only two corners, personally.
Compared to the front, sides, and mirrors to the rear when sitting inside the car, even before you get into cameras etc. from a central location where you can see all without moving more than your head.
Or you could just ask people. It's called market research.
The problem I have with modern technology is that no matter how many times I "Fix recommendations" or look for products "Similar to this" or offer up my loyalty card that tracks my purchases, I still only ever get adverts for shite I don't want, coupons for things I don't need (e.g. ladies products), and have to hunt down products I like but finding out their exact name and searching rather than going from things that attach to it, or are related to it.
I can't tell you how many times I've told Facebook what adverts I'm NOT interested in and what ones I am and still I get nothing but shite reality TV crap advertised at me rather than a range of computer suppliers or video games.
I can't tell you how long I've spent reviewing and rating products on Amazon and removing gifts-for-others from my recommended lists to get it to recommend even other series from the TV shows I do like, etc.
Even WHEN I TELL these companies what I'm looking for, I end up with shite foisted on me that I've no interest in, no purchase history of, and would never touch because they are polar opposites to my tastes.
When iCloud went down the other month, I had 500 iPads totally useless, because it forced you to sign in (even if you were already signed in or didn't want to sign in), refused any valid sign-in you gave it, and then repeated that ad nauseum. To the point that we just switched them all for the entire day.
Similar things happen all the time with app installs, even with full Cisco Meraki MDM, and the initial setup? Fuck, don't even get me started.
Maybe if it detects a confused or angry expression it should just shut the fuck up and let you carry on? Or present that hidden "Remember my answer" or "No to All" option that Apple seem to NEVER want to implement on anything.
See my other posts about house-construction the other day.
And my workplace is the same.
Solid brick walls, double-walls for exterior, single solid brick for interior, in a 1930's house.
At work, a 28 acre site with 400-year-old buildings with... stone walls. 1960's, 70's, 80's, 90's extensions with... brick walls.
P.S. throughput identical. Circa 500 iPads on the school site (plus smartphones and whatever have you), 30 WAPs, no problems with propagation.except where we deliberately haven't bothered to provision for wireless.
Cisco Meraki kit, if you're interested in what we have.
It hasn't been their job to insert backdoors into their own and existing systems worldwide, really. Not even the early codebreakers did that kind of thing.
It's their job to produce foreign signals intelligence, yes, but backdooring every piece of hardware in the country doesn't achieve that. All that achieves is compromise of people who were trusting US hardware already. For example, their allies.
All they've done is hurt their other core purpose - the national security of the US - and significantly damage their country's economy in a few specific areas.
Spying is not about having backdoors in hardware you produce in your own country. It's about getting those into foreign countries, foreign hardware, and about defeating encryptions that you're NOT already in control of.
Literally, a signed court order saying that Cisco/Juniper has to put in a backdoor for US intelligence into products X, Y, Z achieves this aim in the same way. With non-disclosure clauses, it's as secret. That's not what the NSA should be wasting their time on, if that's even what the US want to do.
I've got a dual-band router and it covers the whole house to the same extent on both bands.
So much so that neighbours keep asking me why I have two SSIDs with "2" and "5" in the names and what happened to "1", "3" and "4".
Maybe you're just buying cheap junk? I've no doubt there is a difference but not so much to abandon one for another. In work, I deploy site-wide wireless over a school and the 5GHz bands covers just as much as the 2.4Ghz but are much quieter (and hence get more authorised traffic because devices prefer them).
Working in UK schools, I think I'm safe in saying that a homeless child coming to school would be a priority one issue and get solved pretty damn quickly.
Children coming without proper breakfast - yes, we have breakfast clubs for those parents who can't get up and spend ten minutes making cereal (not an insult to them all, some of them just literally do not have the time and must go to work).
But a child (anyone under 18 now) coming in with even unwashed clothes, or hunger? That's an issue that gets referred to social services pretty damn quick. I'm not saying they can act immediately, but we have a range of neglect laws and getting taken into care can happen pretty damn quick if the parents obviously aren't around, can't cope or don't give a shit.
It's not the school's job to be doing this. And it's quite telling of a complete failure of social care, rather than a success story for a school. "We finally fed the kids, now they are doing better"? Well, fucking yes!
Something like 40-50% of kids in the UK are eligible for free school meals, you have to declare the figure as part of being a school and I've been involved in that many times. But even in schools where that's been near 100%, I've yet to see kids suffering complete neglect or lack of suitable social care to this extent.
Slashdot Mirror
This is along the lines of:
"If I keep tossing this coin, eventually it will disappear into thin air and magically turn into a unicorn".
Scientifically speaking, there's virtually no difference, in fact. There's experimentation, there's pushing for new science, and then there's just bollocks.
It doesn't work like that. You find something unusual ("Hey, this part of the air is slightly warmer than expected... I wonder if...") and investigate the cause, or you hypothesise more accurate explanations of what we can observe and try to predict something entirely new (which you can then confirm by a single good experiment).
You don't just insist that flipping enough coins will make magic happen which will cause enough anomalies that will break existing laws that have held through countless billions of experiments consistently.
You are literally suggesting discovering new science by brute force, in an infinite-sized universe, with infinite levels of precision available.
I am infinitely more impressed by someone performing a stunt, once, for real, after a thousand takes, by chance, with the help of cleverly-chosen camera angles, than anything that CGI can produce. Fuck, Jackie Chan movies and the like basically give you a broken-bone count in the outtakes over the credits.
Why movies haven't lauded "No special effects or post-production - everything you see was captured on video in real-time" for the last 20 years, I can't fathom.
When everything is fake, anything is possible, and it becomes boring and unreal.
I'm still waiting for the Bond-like remake that features no weapons, no CGI, no stupendous car-stunts (unless someone really did them - with safety gear etc. is fair enough, but you have to have really done them).
If I see one one "car goes up ramp and jumps something" piece of shit, I swear I'll just stop bothering to watch movies at all.
It doesn't have to be a service, though, doe sit?
It could be something you put in-house and thus can access via a HTTPS site from anywhere. Be able to work from home without needing specialist tools installed, and utilize the power of your servers to do, e.g. distcc, rather than your workstation.
I'd quite like an "OwnCloud" version of Eclipse. Then I could quite literally log on and code from anywhere without needing to replicate what is quite a complicated multi-platform, multi-language, highly integrated IDE setup elsewhere.
Do you realise how big a number 10^(10^48) actually is?
The bit in brackets has 48 digits (say 47 zeroes after a number). Then the total is actually THAT NUMBER of digits.
10^48 = 100000000000000000000000000000000000000000000000
10^(10^48) has ^^^^^^ that many decimal digits in it's expression.
For reference, Giga is 10^9. Tera is 10^12. Exa is 10^18.
And THIS number, has 10^48 DIGITS when you say how big it is. It would take more than the storage of the world to write out how big that number was.
You have failed to understand Go.
Board positions flip back and forth all the time as you capture territory, and then your opponent recaptures a portion, and so on.
Think more of Othello/Reversi - although there are only 8x8 board with each square either empty, black or white, the number of positions that flip back to earlier or similar positions is high throughout the game.
It has to talk to hardware and DMA and all sorts.
The right place for drivers is sitting in-kernel, isolated, and offering a limited, filtered, sanitised interface to user-space.
The driver for the simplest of joysticks is in-kernel, offering up the /dev/input interfaces.
Well, it assumes an awful lot. But I think they are saying they can, for example, spoof a ton of responses to any machine that MIGHT be about to connect to you, and thus gain some privilege escalation from that conversation. Quite how they get higher than the privileges assigned to the user making those requests isn't clear, but it sounds like it could be possible.
But they even think SMB signing might defeat it, but haven't finished looking into that (which is suggestive that it does indeed defeat it, to be honest).
The fake WPAD responses? I don't know about you, by my WPAD data is given out by my DHCP server, not by anything else, and I believe that overrides most things. It's then double-set by a GPO and a DNS entry too. You'd have be in my network faking DHCP or able to override GPO settings and that's quite a way past what you need to be able to attack me anyway (P.S. my network switches will go ape-shit and cut you off if you do that).
They seem to be claiming that when something makes a request from the network for a WPAD query, they can fake every possible response until whatever was asking takes the FAKE response as genuine. That might well cause a machine to switch a proxy. But it would seem by that point to be already inside the network and able to do an awful lot worse damage anyway.
"Extended Protection for Authentication" is the mitigation for "the last stage of the attack" (where they are already spoofing WPAD settings and intercepting all web access from the machine in question, and just attack NTLM authentication via that for services that still try to use NTLM and WPAD entries). That was introduced in XP and Vista, by the way. I think by that point, you're fucked anyway.
I'm more interested in quite how something gets to do things like take up EVERY UDP socket on your system without otherwise cocking up and giving you tons of warnings elsewhere, and then manages to be in the line of fire for replying to a WPAD setting that's overridden by other browsers, by GPO, by DHCP settings, etc. and then use that to suddenly send all your requests to... yourself it looks like, and try to defeat NTLM auth.
It seems like one of these "LOOK HOW DANGEROUS" attacks that, although technically they aren't lying when they say they've got it to work on all these things, requires a combination of circumstances so extraordinary that you're already fucked before they start sending a packet.
The biggest problem I have? Minus some keywords that are pure filler in this article, there isn't a single mention of this that I can find anywhere else on a search engine. Literally, it's all regurgitated press releases with the same phrasing, ALL pointing to the same article. Yet it was supposedly released a while ago.
And the only thing we can apparently do about it at the moment is enable an option that breaks shit and only combats the very last stage, where it's already game over and they get to choose from a myriad of services that might trigger an NTLM-authenticated HTTP connection using a given WPAD proxy (which I imagine can't be that hard to find in major pieces of software or other areas of Windows).
Wait for a fix, or at least a decent analysis, but I wouldn't really go into a panic.
We'll talk when your presidential candidates understand the difference between "race", "religion" and "political idealogy".
America is a 21st Century country still living with social norms made in the 15th Century (police abuse, civil war levels of personal armament, no healthcare service worth mentioning unless you have money, and wanting to bar all "foreigners" because they don't understand the differences between them).
And a paper/plastic bag blowing across the road is almost impossible to distinguish at speed with "sensors" and will cause your car to come to a screaming halt.
Or else it would similarly drive straight over the top of a toddler running out in front of you.
Personally, I think the car could be made safe. The driver behind you driving a "non-safe" car is what's going to kill you every time. And that will only be made worse if cars take it upon themselves to perform ever-more-drastic actions on the basis of sensor inputs.
"We've had similar natural events in the past"
And thus it's probably not the doomsday scenario it's been prophesied as?
Not being funny, but if incremental upgrades are supported, or were at one point, is there not a blindingly obvious fact that you could get an old one, and update it twice in a row transparently, and not tell the user?
I understand that a properly non-incremental upgrade might be slightly faster but also it's likely to cock a lot of things up. I just don't get why - if there's an upgrade path from 1.0 to 2.0, and from 2.0 to 3.0, and from 3.0 to 3.1, you can't just install 3.1 over the top of 1.0. You don't need to contain the bulk of the 2.0, 3.0 etc. updates because most of them are again overwritten by later versions. Just conversion scripts, upgrade scripts, and then the latest package, surely? It's a nonsense that you can't upgrade like this in one fell swoop, even if it means the distro goes "Hold on, I have to download a handful of intermediary updates to do that which are on this 3.1 disk... is that okay?"
The software I use in work just has thousands of versions. When you upgrade, it goes through a series of updates, of databases, configurations, even data (e.g. splitting out some fields into more than one field so you can add new features, etc). It doesn't matter what version you start with, or are aiming towards, the same process occurs, in the same linear order, and gets you to the same point.
Old data is migrated where necessary, fixes and tweaks (e.g. to database schema) happen for each update as necessary, and rarely do you have to do anything special. If your v83 upgrades to v84 by changing the config files to the new format for v84, and the later update v95 does it again for the new version of that software or to fix a bug, then whether you do them years apart, or within seconds of each other does it really matter?
As such, all you're really doing is bringing forward small scripts that do such (rare) actions, and then extracting a tarball of binaries over the top, after checking dependencies. Is it really that miraculous that you can do this? Jumping two versions? Run the scripts that modify config / db schema for each intermediate version in serial, then unpack the latest binaries for the new version over the top of whatever was there - whatever version - as normal.
I honestly don't get why there's not just one huge version number for distros. Every time a package is changed, increment the version for the entire distro. Mark certain versions as bad as necessary (so upgrades to those versions are ignored). Then keep a list of tags of versions, and their regarded stability, as you expect.
When it comes time to upgrade, oh look, you have version 5434 of the distro and the latest is 6000. So we run updates 5435 - 6000, and those updates skip if you don't have that particular software that changed installed or if there was a bad update published. Would you really know or care?
At least then you can just refer to ONE version number. Bug in MySQL? Oh, yes, we fixed that in 5869. Upgrade to at least that, or you're on your own.
When we are told to upgrade a distro by multiple versions, we all do exactly this. We install linearly, by increments, until we get to a supported configuration. Why that process isn't automatic and supported in all distros, I can't fathom. Even Slackware's done that to me in the past and I've had to snapshot, perform each version upgrade one-by-one and then fix up exactly what I would have needed to anyway.
Yeah, it's always 911.
Unless you're in Europe where it's 112.
Unless you're in the UK where it's 999 (but 112 will work).
But maybe you're in Italy where each emergency service has its own phone number (and 112 just delays you by asking which you would like).
Or you could press the "emergency dialling" thing on your phone.
You're missing the point. The NUMBER is just a number. If anything, you're arguing FOR throwaway numbers where the number means even less. Imagine if you could generate a new phone number for your bank like a new wallet address for your Bitcoin. And yet all your old ones still work just fine. But nobody can link your numbers. And when someone spams your number, you can just delete JUST THAT NUMBER. But the actual number means NOTHING.
The number is dead. You're talking about antiquities. And people report crime over Facebook or websites every single day already. You can do it by text. You can do it by Skype (IT HAS EMERGENCY DIALLING FUNCTIONALITY BUILT INTO THE SOFTWARE!). Hell, the numbers for reporting crime are different again (101 if it's not an emergency, in the UK, for example).
Rather than remember a fuck-ton of numbers like we did before the devices could store them, we just need an emergency dialling button, which most of us have on the lock screen of our phone already. Hell, my car can emergency dial for me nowadays if the airbags goes off. What number it ends up dialling is as unimportant as what IP address it picks up over the 4G connection, or what IMEI it uses. Sure, it's listed in a database somewhere but only your phone and the service provider need ever know it.
Do you REALLY want to piss about with numbers in an emergency? And if your bank calls, they need to know "your number". Of course. But people already hold phone numbers that are based on mnemonics, and they already give out phone numbers that can change the next week, and they already DO NOT DIAL other's phone numbers, but select a contact from a list.
It's just one fad away from you getting a "me-code" or whatever it'll be called, where we all grab our domain names or usernames or images or QR codes or whatever's easiest (fuck, NFC is on all phones now and eliminates this "sharing numbers" shite) because they be linked to our phone number (like WhatsApp - do you know the numbers of ANY of your WhatsApp contacts?). So nobody has to remember the fucking number (which is stupid in this day and age), they just have to know what name you go by on that particular service. Like "dial Amazon.com" to be put through to Amazon customer service. Who cares what the NUMBER is?
As such, the numbers are dead. Back in the day, you used to be able to ask for, say, Burnley 312 and be put through to the 312nd house in Burnley to be put on the telephone. We got rid of that shit because it's not a useful way to link a person that you want to contact. Now we literally can say "phone Fred", or tag a QR code, or click a Skype link, or tap a link in a text message. It's literally one step from the number disappearing forever and being replaced with a set of usernames that follow you wherever you go (so no more of this "home phone" and "mobile phone" and "work phone" shite - just generate two accounts for home and work and you can be contacted and accept calls as you like).
People are ALREADY doing this. VoIP basically does this, and guess what the next generation of communication networks have been built on? You're more likely to be giving out something that's actually linked to a SIP account in future than anything to do with an area code.
Stop, and look around you. Seriously. Yes, numbers are still out there. But so are business cards, people who publish their business numbers in the phone book, and rolodexes. It doesn't mean they have a future.
You have an IP address. Do you know it? Your computer can't really function without it nowadays. It's there, but it's not necessary to know.
Your phone has an IMEI number. Do you know it? Do you know what IP address it was assigned? Do you care? No.
But what detail do you remember? What do you login with? How do you give a contact your details? I don't know about you but I don't read out my phone number except in very rare circumstances. At worst, someone dials the other party's number ONCE, and then we both assign the number to a contact on our phones. With name, and photo. The things that remind us of that person. Nobody cares about the number.
Nobody is saying numbers will go away. We're saying nobody needs know them and it would only take a single protocol to come along with a hint of "coolness" to get rid of them forever.
Rather than "My number is..." and then a string of numbers, you'll just say "I'm fredbloggs21 on Whatsbook". And people will be able to get your phone number (which they'll store as Fred in their phones), email, IM, etc. just from that. They already do. The younger generations don't piss about with phone numbers already. They have no need. They find each other on facebook and then from there it's "What your instagram?" or whatever.
Phone numbers will die out of common use, the same way that IP addresses will. Nobody cares about what their particular one is, nobody need know it, nobody need share it. At worst, you give a descriptive name via a service that encompasses that number without you knowing. No different to DNS or email (Do you know what IP of what email server your email goes to when sent to your domain? Or that it goes to port 25? Because 99.9% of people couldn't give a shit).
I deliberately do not tell people what I earn. Especially co-workers.
The reason? I generally earn more than them. Not that I think I'm so much better than them or anything else, but that I negotiate my pay solely on my terms. This is what I earned at my last place, this is what I need to earn to come to you, and I was owed this raise that never happened so if you could do that too I'd look on that extra responsibility you want me to take on in a much better light.
And, as a result, I've earned more than people in similar positions to myself. In one case it was queried. It was queried why I was considered more senior than someone with the same job title, why I earned more than them, etc. There was even a face-off. To the point that - one quiet day - we were both set identical tasks, to build a particular type of server, with a particular new piece of software that nobody had seen, and to do it without instructions or help, basically to do it as we THOUGHT it should be done.
An hour later, I had it up and working, test data into it, and passed it up the line for further testing, providing performance figures and all sorts. The other guy never, in three months of working there, got his one working. I wrote up the documentation on how I did it, gave it to him. He still couldn't do it (but my boss could!). I wrote up security recommendations, testing procedures, etc. and submitted them same-day. When that guy eventually left (because of all kinds of reasons, not least that he was stealing our software licenses and hardware), I found that unfinished server under his desk, still without the software working correctly.
After that day, my salary / perceived seniority never was questioned again, though. I don't claim to be a genius, but it was a simple fact that - compared to my peer - there was a clear discrepancy in skillset and, thus, in salary too. It happens. Even two people hired at the same time from the same place to do the same job with the same criteria will never do it the same way. One will always work slightly better than the other.
At a few places now, I have overrode my peers and even had them removed after my employers saw what they should have been getting all along. Hell, I'm a network manager now, it's hardly genius-level stuff. But when people are still using login scripts instead of group policy, refuse to deploy 64-bit, or Windows 8, or Server 2012R2 just "because", are deploying machines manually instead of using imaging, have no testing, etc. then it's easy to show how much time they are wasting, how much they haven't bothered to learn about their profession, how far from best practice they are, etc.
There's a reason I don't join unions. There's a reason I don't get in wage discussions. There's a reason that I don't like getting into situations where large teams of people basically have the same job (I much prefer there to be clear hierarchies and separate areas of responsibility).
Because, as far as I'm concerned, all it does is create tension, highlight people's inadequacies (and I have those too!), make people bitter, and sour relations. And, at the end of the day, it can cost people their jobs - either because they are shown up, or because they decide to get better deals elsewhere now they know they exist.
Whenever people are there moaning about their pay, hours, responsibility, etc. I can't get involved. I won't offer false sympathy while I'm earning more than them. I won't bring up that I do things in more efficient ways that they deliberately choose to ignore or criticise without reason. That's up to them. They are deciding their own career path, including the salary structure they will get stuck on.
If they wanted more, they could ask what they would need to do that. Nobody EVER does that. Nobody. They just bitch about how it's all unfair, but they don't go to their boss and say "What can I do to overcome this stagnation of my salary, how can I move to something I enjoy more?" because they know the answer will be
Name another media company that went out of their way to develop a patent-free media codec that was independent and competitive with other codecs of the time? (Google Dirac)
The BBC are publicly-funded, and under immense pressure to justify their funding at the moment - there's talk of scrapping the TV licence, and with it the BBC. They receive no advertising revenue in the UK at all. They only get some foreign revenue from sale of media (not even their own codecs or patents), and that goes to their commercial arm which isn't funding stuff like this.
There's no profit in them evaluating codecs, only if they then go out and build their own hardware that uses it. They didn't manage to do that with Dirac either, so why they would with this I have no idea.
All they want to know is what's best to push through iPlayer and store in their archive.
Why the huge PCIe card for such a tiny device on a relatively unpopulated PCB?
I think that gives them a view of maximum two sides, obscuring everything behind 50% of the car on the far side that's hardest to judge, and likely only two corners, personally.
Compared to the front, sides, and mirrors to the rear when sitting inside the car, even before you get into cameras etc. from a central location where you can see all without moving more than your head.
But, hell, I'm only a mathematician.
Or you could just ask people. It's called market research.
The problem I have with modern technology is that no matter how many times I "Fix recommendations" or look for products "Similar to this" or offer up my loyalty card that tracks my purchases, I still only ever get adverts for shite I don't want, coupons for things I don't need (e.g. ladies products), and have to hunt down products I like but finding out their exact name and searching rather than going from things that attach to it, or are related to it.
I can't tell you how many times I've told Facebook what adverts I'm NOT interested in and what ones I am and still I get nothing but shite reality TV crap advertised at me rather than a range of computer suppliers or video games.
I can't tell you how long I've spent reviewing and rating products on Amazon and removing gifts-for-others from my recommended lists to get it to recommend even other series from the TV shows I do like, etc.
Even WHEN I TELL these companies what I'm looking for, I end up with shite foisted on me that I've no interest in, no purchase history of, and would never touch because they are polar opposites to my tastes.
If the parking space is too narrow, all you've done is fuck the drivers next to you who can't get into their cars until you move yours.
Who is responsible for if it damages a car or runs over a toddler?
The driver? Nobody will use it after the first news report of an accident.
The car manufacturer? Nobody will be able to afford one once the insurance liability kicks into the retail price.
Tie it into the user experience.
When iCloud went down the other month, I had 500 iPads totally useless, because it forced you to sign in (even if you were already signed in or didn't want to sign in), refused any valid sign-in you gave it, and then repeated that ad nauseum. To the point that we just switched them all for the entire day.
Similar things happen all the time with app installs, even with full Cisco Meraki MDM, and the initial setup? Fuck, don't even get me started.
Maybe if it detects a confused or angry expression it should just shut the fuck up and let you carry on? Or present that hidden "Remember my answer" or "No to All" option that Apple seem to NEVER want to implement on anything.
See my other posts about house-construction the other day.
And my workplace is the same.
Solid brick walls, double-walls for exterior, single solid brick for interior, in a 1930's house.
At work, a 28 acre site with 400-year-old buildings with... stone walls. 1960's, 70's, 80's, 90's extensions with... brick walls.
P.S. throughput identical. Circa 500 iPads on the school site (plus smartphones and whatever have you), 30 WAPs, no problems with propagation.except where we deliberately haven't bothered to provision for wireless.
Cisco Meraki kit, if you're interested in what we have.
So I still call nonsense.
Not really.
It hasn't been their job to insert backdoors into their own and existing systems worldwide, really. Not even the early codebreakers did that kind of thing.
It's their job to produce foreign signals intelligence, yes, but backdooring every piece of hardware in the country doesn't achieve that. All that achieves is compromise of people who were trusting US hardware already. For example, their allies.
All they've done is hurt their other core purpose - the national security of the US - and significantly damage their country's economy in a few specific areas.
Spying is not about having backdoors in hardware you produce in your own country. It's about getting those into foreign countries, foreign hardware, and about defeating encryptions that you're NOT already in control of.
Literally, a signed court order saying that Cisco/Juniper has to put in a backdoor for US intelligence into products X, Y, Z achieves this aim in the same way. With non-disclosure clauses, it's as secret. That's not what the NSA should be wasting their time on, if that's even what the US want to do.
Really?
I've got a dual-band router and it covers the whole house to the same extent on both bands.
So much so that neighbours keep asking me why I have two SSIDs with "2" and "5" in the names and what happened to "1", "3" and "4".
Maybe you're just buying cheap junk? I've no doubt there is a difference but not so much to abandon one for another. In work, I deploy site-wide wireless over a school and the 5GHz bands covers just as much as the 2.4Ghz but are much quieter (and hence get more authorised traffic because devices prefer them).
Working in UK schools, I think I'm safe in saying that a homeless child coming to school would be a priority one issue and get solved pretty damn quickly.
Children coming without proper breakfast - yes, we have breakfast clubs for those parents who can't get up and spend ten minutes making cereal (not an insult to them all, some of them just literally do not have the time and must go to work).
But a child (anyone under 18 now) coming in with even unwashed clothes, or hunger? That's an issue that gets referred to social services pretty damn quick. I'm not saying they can act immediately, but we have a range of neglect laws and getting taken into care can happen pretty damn quick if the parents obviously aren't around, can't cope or don't give a shit.
It's not the school's job to be doing this. And it's quite telling of a complete failure of social care, rather than a success story for a school. "We finally fed the kids, now they are doing better"? Well, fucking yes!
Something like 40-50% of kids in the UK are eligible for free school meals, you have to declare the figure as part of being a school and I've been involved in that many times. But even in schools where that's been near 100%, I've yet to see kids suffering complete neglect or lack of suitable social care to this extent.