Maybe they presume that you live in the 21st century, and in the unlikely case that you actually care about exactly where that is, you have tools available at your fingertips.
I'm nowhere near the "Bay Area" (BTW, this term you used is completely generic, but you nevertheless assume we know the context). However, I pasted "Valencia Street and 16th Street" into Google maps and it showed me the exact location, which is at 37deg 45'53.9"N 122deg 25'19.0"W, which is in San Francisco, CA, USA. This took less than 5 seconds.
Geologists are concerned that the magnetic poles might soon go through one of their cyclic reversals, flipping north and south. This would result in a number of years where the earth has no net magnetic field.
If that happens, the FAA will have to direct airports to rename every single runway in this country to "NULL".
Maybe it would be better for those countries to take the free clothes, and use the savings to develop their economies by focusing on other stuff that we're not sending them. That way they would end up with both the clothes and the other stuff.
Deep space is not completely empty. Interstellar space averages about one million particles per m^3, and those particles to indeed have a temperature. In some places that temperature is high, but presumably they're talking about the lowest it can get, which is the temperature of the cosmic background radiation.
It's crazy to think that we still don't quite understand the mechanism behind one of the most common medical interventions -- general anaesthetic
But don't dare suggest that there is anything we don't understand about climate science. In that case, the science is fully settled and there is no sense questioning our understanding.
Since we don't fully understand how they work, the only rational course of action is to deny that anesthetics exist.
The main reason that so many people are confused about the difference between Meltdown and Spectre is that Intel has been intentionally trying to conflate the two issues.
Are you seriously thinking of typing that phrase every time you want to check an incoming text message?
I also think those four common words don't have entropy exceeding maybe 30,000^4, or about 60 bits. That could likely be brute forced by anyone equipped with a Bitcoin mining rig.
Actually, for most phones the encryption keys *are* kept in the phone and obfuscated; they're kept in tamper-resistant hardware storage (which must be rather effective, otherwise the spies wouldn't be complaining).
The info kept in the user's head is just a short PIN that could be cracked in seconds if they were actually used as the key. The security lies in the phone firmware/hardware only allowing a small number of PIN guesses before it wipes out the real keys.
Google isn't even trust worthy enough to handle my email without (trying) to monetizing it. So I sure as hell aren't going to give them access to my financial services.
Damned straight!
I'm never going to let any organization monetize my money.
It's too bad Asshole Torvalds isn't still employed by CPU maker Transmeta, so Linus can't tell his loyal following of Linux idiots to boycott Intel crap and buy Transmeta perfection instead. Transmeta CPUs were the bestest ever and that's why Transmeta went out of business, right.
The idea behind the Transmeta architecture may not have panned out, but I'm guessing that it had one redeeming feature compared to the current CPUs on the market: If their CPUs did have this problem, they probably could have fixed them with a firmware update.
I understand that nobody here reads the linked articles before they pontificate on topics, but it would really help if you could at least read the short summary at the top of the page.
Think whatever you want. Just don't forget that a whole bunch of smarter people than you have determined that a 30% performance hit is a justifiable price to pay in order to avert this vulnerability.
Since large fractions of all systems run the exact same OS images, people DO know much of the system state ahead of time.
You also don't need to know much about leaked kernel information to make use of it. In a scattershot approach, you try whatever bits you infer to decrypt data. If you're lucky, you find a match. If you attack thousands of systems, you're likely to get lucky.
In summary, you're just way too overconfident. It only takes one really smart person to package up a hard-to-execute attack and make it conveniently available to everyone else.
It still requires dereferencing kernel address space. How do you pull that off otherwise?
With a timing attack, you don't need to dereference anything. From the Wikipedia article:
Likewise, if an application is trusted, but its paging/caching is affected by branching logic, it may be possible for a second application to determine the values of the data compared to the branch condition by monitoring access time changes; in extreme examples, this can allow recovery of cryptographic key bits.
I don't know the particulars of this vulnerability, but in many similar cases they use a timing attack to infer memory contents that they can't directly access.
You don't need to have a "binary" for that to work. But as I pointed out, the article summary at the top of this page said that the issue was vulnerable to Javascript in browsers, so don't get overconfident.
Maybe I'm missing something, but a tank had a leak, but since it is double walled nothing escaped and they agreed to stop using it and have a plan to deal with the waste.
Am I missing something?
Why, yes: This leak has essentially rendered the new double-walled tank into a single walled tank.
Now, what is the Hanford site most famous for? It's the fact that so many of its single-walled tanks have leaked like sieves. So now we have a new potential sieve.
I'm not in the habit of running random binaries downloaded from the Internet
As TFS implies, given that Javascript required to do almost anything on the web, you are most likely downloading and running random code from the internet that could potentially exploit this bug hundreds of times every day.
well, then I will only be rewarded for a brief period.
No, you are supposed to be rewarded for a brief period. The US Constitution plainly states that; it's not just the article's author's opinion. The Constitution even points out that the *purpose* of depriving people of their natural rights to copy things they see for a limited period of time is to enhance the public domain.
However, with the current unconstitutional laws in effect, you are rewarded for an absurdly long period, until long after you and probably your children are dead. So you can stop your bitching and whining. You got what you wanted.
Slashdot Mirror
Get a skill and earn some money.
OK: "Alexa, how many bags of dried beans weigh precisely the same as a 750ml bottle of Courvoisier?"
What about irrationals, which are as numerous as the whole of real numbers?
Approximate them as 22/7.
Maybe they presume that you live in the 21st century, and in the unlikely case that you actually care about exactly where that is, you have tools available at your fingertips.
I'm nowhere near the "Bay Area" (BTW, this term you used is completely generic, but you nevertheless assume we know the context). However, I pasted "Valencia Street and 16th Street" into Google maps and it showed me the exact location, which is at 37deg 45'53.9"N 122deg 25'19.0"W, which is in San Francisco, CA, USA. This took less than 5 seconds.
Geologists are concerned that the magnetic poles might soon go through one of their cyclic reversals, flipping north and south. This would result in a number of years where the earth has no net magnetic field.
If that happens, the FAA will have to direct airports to rename every single runway in this country to "NULL".
Maybe it would be better for those countries to take the free clothes, and use the savings to develop their economies by focusing on other stuff that we're not sending them. That way they would end up with both the clothes and the other stuff.
Trains can unload a 1000 passengers in a minute or so.
The solution is called 'doors'.
Trains also solved the question of variable capacity demand two centuries ago with a simple solution: articulation.
Maybe Airbus should have done that, too.
It's problem is that it's an ugliest plane ever made. Now if only it had the graceful lines of 747.
Ah yes, that 747 which is also going out of production...
Maybe that's because the kept extending the originally graceful-looking bump until it started to push into the ugly zone.
Covering your face doesn't matter much when they have tools like gait and Kinematics recognition at their disposal.
I heard that in the UK they shut down the Ministry of Silly Walks last year and classified all of its old research. Now we know why.
Deep space is not completely empty. Interstellar space averages about one million particles per m^3, and those particles to indeed have a temperature. In some places that temperature is high, but presumably they're talking about the lowest it can get, which is the temperature of the cosmic background radiation.
I am just curious about how much human activity really has to do with climate change..
No, you're not.
It's crazy to think that we still don't quite understand the mechanism behind one of the most common medical interventions -- general anaesthetic
But don't dare suggest that there is anything we don't understand about climate science. In that case, the science is fully settled and there is no sense questioning our understanding.
Since we don't fully understand how they work, the only rational course of action is to deny that anesthetics exist.
The main reason that so many people are confused about the difference between Meltdown and Spectre is that Intel has been intentionally trying to conflate the two issues.
Are you seriously thinking of typing that phrase every time you want to check an incoming text message?
I also think those four common words don't have entropy exceeding maybe 30,000^4, or about 60 bits. That could likely be brute forced by anyone equipped with a Bitcoin mining rig.
Actually, for most phones the encryption keys *are* kept in the phone and obfuscated; they're kept in tamper-resistant hardware storage (which must be rather effective, otherwise the spies wouldn't be complaining).
The info kept in the user's head is just a short PIN that could be cracked in seconds if they were actually used as the key. The security lies in the phone firmware/hardware only allowing a small number of PIN guesses before it wipes out the real keys.
Google isn't even trust worthy enough to handle my email without (trying) to monetizing it. So I sure as hell aren't going to give them access to my financial services.
Damned straight!
I'm never going to let any organization monetize my money.
Only the CLI version.
It's too bad Asshole Torvalds isn't still employed by CPU maker Transmeta, so Linus can't tell his loyal following of Linux idiots to boycott Intel crap and buy Transmeta perfection instead. Transmeta CPUs were the bestest ever and that's why Transmeta went out of business, right.
The idea behind the Transmeta architecture may not have panned out, but I'm guessing that it had one redeeming feature compared to the current CPUs on the market: If their CPUs did have this problem, they probably could have fixed them with a firmware update.
I understand that nobody here reads the linked articles before they pontificate on topics, but it would really help if you could at least read the short summary at the top of the page.
Think whatever you want. Just don't forget that a whole bunch of smarter people than you have determined that a 30% performance hit is a justifiable price to pay in order to avert this vulnerability.
Since large fractions of all systems run the exact same OS images, people DO know much of the system state ahead of time.
You also don't need to know much about leaked kernel information to make use of it. In a scattershot approach, you try whatever bits you infer to decrypt data. If you're lucky, you find a match. If you attack thousands of systems, you're likely to get lucky.
In summary, you're just way too overconfident. It only takes one really smart person to package up a hard-to-execute attack and make it conveniently available to everyone else.
It still requires dereferencing kernel address space. How do you pull that off otherwise?
With a timing attack, you don't need to dereference anything. From the Wikipedia article:
Likewise, if an application is trusted, but its paging/caching is affected by branching logic, it may be possible for a second application to determine the values of the data compared to the branch condition by monitoring access time changes; in extreme examples, this can allow recovery of cryptographic key bits.
I don't know the particulars of this vulnerability, but in many similar cases they use a timing attack to infer memory contents that they can't directly access.
You don't need to have a "binary" for that to work. But as I pointed out, the article summary at the top of this page said that the issue was vulnerable to Javascript in browsers, so don't get overconfident.
Maybe I'm missing something, but a tank had a leak, but since it is double walled nothing escaped and they agreed to stop using it and have a plan to deal with the waste.
Am I missing something?
Why, yes: This leak has essentially rendered the new double-walled tank into a single walled tank.
Now, what is the Hanford site most famous for? It's the fact that so many of its single-walled tanks have leaked like sieves. So now we have a new potential sieve.
I'm not in the habit of running random binaries downloaded from the Internet
As TFS implies, given that Javascript required to do almost anything on the web, you are most likely downloading and running random code from the internet that could potentially exploit this bug hundreds of times every day.
well, then I will only be rewarded for a brief period.
No, you are supposed to be rewarded for a brief period. The US Constitution plainly states that; it's not just the article's author's opinion. The Constitution even points out that the *purpose* of depriving people of their natural rights to copy things they see for a limited period of time is to enhance the public domain.
However, with the current unconstitutional laws in effect, you are rewarded for an absurdly long period, until long after you and probably your children are dead. So you can stop your bitching and whining. You got what you wanted.