USD has been depreciating, but it's not unstable. It has been slowly losing value in a predictable way. CFOs know how to deal with this. They can pre-exchange their projected sales for their desired currently at a fixed price. (The mechanism is to buy options). They can adjust their local / USD prices based on anticipated currency fluctuations. The USD doesn't swing nearly as wildly as Bitcoin. I can'f figure out if this is a troll, just terribly uninformed, or somebody just couldn't resist taking a jab at the US. I guess that's the danger is reading AC posts on a non-political topic.
This comment is an exercise in having only one hair and trying to turn it into two. I could also price my product randomly. It will be somewhere between $1 and $100. Neither you nor I know until after we both agree to do the transaction.
You're right that there is a difference between something being impossible and simply being absurd. But you don't stay in business by doing too many absurd things, so in this context, the practical difference is pretty much non-existent.
I think you would get along with my wife.
For a gaming machine, it's not clear that you even need to accept the update. Although this defect is ugly, in order to exploit it, you have to get a malicious program onto the machine initially. For a single-user system, such malware probably doesn't gain anything extra from this. The real impact will be to shared server machines. I'm not saying that this isn't ugly. It's problematic for any system that needs to ensure confidentiality as the patch will have to be applied and the performance hit taken. For gaming machines the increased risk from leaving this unpatched is almost zero.
Right, so this doesn't factor into what type of vehicle they buy. Those costs really ought to be reflected in the petrol price. In the case of Norway, though, they have plenty of fossil fuels of their own so really don't incur this cost. But they still tax gasoline very highly. And yet the economics of hybrids aren't working out without additional subsidies. Another poster has commented that the incremental costs of hybrid / BEV are closing and that's good news.
My understanding is that Norway has a 25% tax on new petrol cars. Also taxes on petrol are quite high. I'm pretty green but, at this point, I'm not sure tax incentives to promote hybrids / BEVs make sense. The reality is that a high-end pure electric vehicle is way more fun to drive than one powered by gasoline. A 4 cylinder supercharged engine combined with an electric motor is a much *better* vehicle than a V8. But both are (tens of) thousands of dollars more expensive than a basic gasoline counterpart. It's not clear that the current incentives will lead to the price gap closing. Without that, we'll have to provide the incentives forever or hybrids / BEVs just won't sell.
I suspect that Intel shares will go way up in the medium-term as people suddenly find themselves refreshing hardware that was previously just fine. Intel will still get the bulk of the orders.
This isn't about virtual memory. It's about memory dependence prediction. https://en.wikipedia.org/wiki/... The idea is that the microprocessor will speculatively load some memory so that the pipeline doesn't stall waiting for the load. If it's wrong, so what, just flush it out and stall the pipeline just like you would have with in-order execution. But when the out-of-order execution mechanism does this, it doesn't know what memory the current process actually has access to. So it could potentially load something from kernel space. Not a big deal as the "proper" load would replace this (i.e. pipeline stall, load continue, just as if there were no out-of-order execution). It seems that somebody has found a way, however to access the improperly loaded memory during the transient period when it was in a register. This is the type of creative exploit that it's fun to read about. Now the OS designers have to go back and somehow try to prevent this from happening presumably using some other feature of the micro-processor but the effect will be that the ability to do out-of-order execution will be significantly reduced thus slowing the machine down considerably.
I imagine that there are a few things in play here. First, learning hacking is (relatively) cheap. You can setup a system, compromise it, and then re-image with no incremental cost. You should be able to get started just using information freely available on the Internet and some very cheap equipment. Second, opportunistic hacking (to mine cryptocurrencies) is much harder than targeted hacking. Basically you just do reconnaissance until you find something with a known weakness. You don't even really have to know much about the vulnerability. Finally, the hardest part of getting *good* at hacking is that one mistake and you land up in jail. If you are working for the NK state apparatus, you are beyond the reach of western law enforcement, so you can just learn from your mistakes and keep going.
In terms of more capable adversaries, they probably aren't getting caught as often. They have to be more careful since they do care not to get caught. They're not trying to mine crypto-currenies or embarrass a movie production company. They're trying to infiltrate high-value systems and, even if they are successful (especially when they are successful), it is kept quiet rather than publicized.
Well sometimes a "digital version" of something is really analogous and sometimes it's not. With a picket sign, you aren't anonymous and if what you present is factually wrong, you may find yourself paying damages so it's somewhat of a fair venue. Also, with a picket sign, you will eventually get tired and go home. So it's similar but not the same. It's the same reason that, in a recent SCOTUS case, it was ruled that you have the right to stand and protest in the park, but you can't erect a monument to your beliefs. Disgruntled employee stories are closer to a digital monument.
People running web sites are continuously making this choice poorly. This was initially considered okay to give the people running the web sites a choice since, if they choose poorly, users wouldn't visit. But since users aren't able to independently make the decision about whether or not to visit and since those users are usually the victims when a web site chooses poorly, the browser makers are doing what's in the best interest of their customers (the users) and simplifying the problem such that people running web sites are no longer empowered to make poor decisions that harm users.
I'm with the AC on this one. I think your comment proves my point. If the Wordpress team can't make decisions on what needs to be secured/secret, the *users* certainly can't. Encrypt everything end-to-end and don't offer an insecure options. There are a few down sides to this which have been offered up. Mostly that things can't be cached by ISPs to speed up browsing in remote areas. It's probably worth looking for solutions to those problems. But having the users make decisions about what data should be secured in transit does not seem like a viable answer.
There is little hard to sending everything over HTTPs and it takes users (who won't know any better) out of security decisions. Everything's encrypted. They don't have to think. "Well, I'm only entering what high school I went to. Do I care if this is http or https?" The downsides of forcing https are minimal and it eliminates human error from the security equation.
If the content is signed, the signature will either match of it won't. So the OPs proposal would work. But I have no idea what the benefit would be over just sending the content over HTTPs. CPU cycles are so cheap that it worth the effort to implement this. Plus it would still make it harder for the user to determine whether or not the security was acceptable for the intended action.
The first few posts in this thread made me question whether HTTPs everywhere was a good idea. They made their points well and got modded up. The reason for HTTPs everywhere is it means that the users don't have to make security decisions that they will invariably get wrong. Secure by default is a good principle. The null cipher idea was interesting but is probably the exception that proves the rule.
No, the raw data doesn't show this. What crime data shows is who is more likely to be *charged* with a crime rather than who is more likely to *commit* a crime. I don't know of any 200 number so that sounds like a citation needed. Maybe you are confusing 200% with 200 times. But if a white and black person get into an altercation, the black person is more likely to get charged. Therefore, black people tend to avoid this type of situation. Also urban poor tend to be black and being a member of the urban poor is a pretty tough lot in life.
Maybe. Or maybe the air pollution will lead to people dying young and less social services for the elderly. That's not a nice outcome and not something I would want, but the pollution may actually have some interesting side effects. The young still seem to be able to work.
I don't think that the original comment was well thought out. But I do suspect that what happens is that well-connected students make business deals with each other rather than with the best qualified. Keep in mind not when dealing with their *own* money but when they have positions at places like publicly traded companies so they can tap into other's money.
Engineers (people with engineering licenses, not the sanitary engineers who collect the trash or the software engineers who hack together computer programmers) take competency examinations and nobody cares *how* they learned, only that they've demonstrated that they have the knowledge.
The article presents a false premise. Chains like sonic are now offering burgers that blend beef and mushroom to improve health and still taste good (well, for some value of good. I guess Sonic isn't the epitome of gourmet.) It seems quite reasonable that we should be able to come up with a plant-based product close enough to beef that we can blend it in burgers in a way that is either unnoticeable or actually improves the flavor. We don't really need to get to 100% in order to have significant impact.
No, but the next time you apply for a visa, it may get denied. Although I suspect, as others have more eloquently pointed out, that there is a more nefarious purpose. Historically we haven't worried very much about overstays.
Take your kid to a playground and look around. There's no clock. Go hiking or camping. There's no clock. Go to a trampoline park. No idea why they make the clocks so hard to see. Go to any restaurant.
Beginning athlete's are most in need of heart rate monitors.
It's not for the tracking. An instantaneous heart rate readout is a measure of whether you are taking it too easy or about to send yourself to the hospital. For those who are fitness enthusiasts they can probably estimate their heart rate even without the monitor. And even if not, if you're in good condition, you're not at high risk of a cardiac event. On the other hand, those whose conditioning is poor really should track heart rate during exercise. I'm not talking about time-series plots. Just "Hey, I'm 50 years old and this thing says my heart rate is 190. Maybe I should slow down." Or "Hey, I'm 20 years old and I took this class because the instructor is cute, but my heart rate is only 10bpm above resting. Maybe I can do a little work."
Or maybe it's because customers scale horizontally to meet demand. Having a dozen cashiers standing around just in case there is an unexpected rush is inefficient. But having a dozen self checkout stands available doesn't really cost anything extra. And if you suddenly get a rush of people, each customer is a cashier. It has nothing to do with individual performance and more about having demand and supply always be balanced. If there was a +1 Snark mod, though, I'd give it to you.
I don't think that anybody wants to wear a computer. However, smart watch fitness trackers (yes they really have to do both to be useful) are quite nice. It lets you see the time without taking out your phone (and getting distracted). It tracks your sleep. And serves as a heart-rate monitor while exercising. Remember when we all used to have chest straps with a wrist watch that showed the heart rate? Back then those were $50-$70 which is what a smart watch now costs that serves as the HR monitor plus other stuff. And a watch also serves as jewelry. So unless health, exercise, and jewelry are all three against your religion, a $50 wearable seems like a pretty reasonable thing to have.
Slashdot Mirror
USD has been depreciating, but it's not unstable. It has been slowly losing value in a predictable way. CFOs know how to deal with this. They can pre-exchange their projected sales for their desired currently at a fixed price. (The mechanism is to buy options). They can adjust their local / USD prices based on anticipated currency fluctuations. The USD doesn't swing nearly as wildly as Bitcoin. I can'f figure out if this is a troll, just terribly uninformed, or somebody just couldn't resist taking a jab at the US. I guess that's the danger is reading AC posts on a non-political topic.
This comment is an exercise in having only one hair and trying to turn it into two. I could also price my product randomly. It will be somewhere between $1 and $100. Neither you nor I know until after we both agree to do the transaction. You're right that there is a difference between something being impossible and simply being absurd. But you don't stay in business by doing too many absurd things, so in this context, the practical difference is pretty much non-existent. I think you would get along with my wife.
For a gaming machine, it's not clear that you even need to accept the update. Although this defect is ugly, in order to exploit it, you have to get a malicious program onto the machine initially. For a single-user system, such malware probably doesn't gain anything extra from this. The real impact will be to shared server machines. I'm not saying that this isn't ugly. It's problematic for any system that needs to ensure confidentiality as the patch will have to be applied and the performance hit taken. For gaming machines the increased risk from leaving this unpatched is almost zero.
Right, so this doesn't factor into what type of vehicle they buy. Those costs really ought to be reflected in the petrol price. In the case of Norway, though, they have plenty of fossil fuels of their own so really don't incur this cost. But they still tax gasoline very highly. And yet the economics of hybrids aren't working out without additional subsidies. Another poster has commented that the incremental costs of hybrid / BEV are closing and that's good news.
My understanding is that Norway has a 25% tax on new petrol cars. Also taxes on petrol are quite high. I'm pretty green but, at this point, I'm not sure tax incentives to promote hybrids / BEVs make sense. The reality is that a high-end pure electric vehicle is way more fun to drive than one powered by gasoline. A 4 cylinder supercharged engine combined with an electric motor is a much *better* vehicle than a V8. But both are (tens of) thousands of dollars more expensive than a basic gasoline counterpart. It's not clear that the current incentives will lead to the price gap closing. Without that, we'll have to provide the incentives forever or hybrids / BEVs just won't sell.
I suspect that Intel shares will go way up in the medium-term as people suddenly find themselves refreshing hardware that was previously just fine. Intel will still get the bulk of the orders.
This isn't about virtual memory. It's about memory dependence prediction. https://en.wikipedia.org/wiki/... The idea is that the microprocessor will speculatively load some memory so that the pipeline doesn't stall waiting for the load. If it's wrong, so what, just flush it out and stall the pipeline just like you would have with in-order execution. But when the out-of-order execution mechanism does this, it doesn't know what memory the current process actually has access to. So it could potentially load something from kernel space. Not a big deal as the "proper" load would replace this (i.e. pipeline stall, load continue, just as if there were no out-of-order execution). It seems that somebody has found a way, however to access the improperly loaded memory during the transient period when it was in a register. This is the type of creative exploit that it's fun to read about. Now the OS designers have to go back and somehow try to prevent this from happening presumably using some other feature of the micro-processor but the effect will be that the ability to do out-of-order execution will be significantly reduced thus slowing the machine down considerably.
I imagine that there are a few things in play here. First, learning hacking is (relatively) cheap. You can setup a system, compromise it, and then re-image with no incremental cost. You should be able to get started just using information freely available on the Internet and some very cheap equipment. Second, opportunistic hacking (to mine cryptocurrencies) is much harder than targeted hacking. Basically you just do reconnaissance until you find something with a known weakness. You don't even really have to know much about the vulnerability. Finally, the hardest part of getting *good* at hacking is that one mistake and you land up in jail. If you are working for the NK state apparatus, you are beyond the reach of western law enforcement, so you can just learn from your mistakes and keep going. In terms of more capable adversaries, they probably aren't getting caught as often. They have to be more careful since they do care not to get caught. They're not trying to mine crypto-currenies or embarrass a movie production company. They're trying to infiltrate high-value systems and, even if they are successful (especially when they are successful), it is kept quiet rather than publicized.
Well sometimes a "digital version" of something is really analogous and sometimes it's not. With a picket sign, you aren't anonymous and if what you present is factually wrong, you may find yourself paying damages so it's somewhat of a fair venue. Also, with a picket sign, you will eventually get tired and go home. So it's similar but not the same. It's the same reason that, in a recent SCOTUS case, it was ruled that you have the right to stand and protest in the park, but you can't erect a monument to your beliefs. Disgruntled employee stories are closer to a digital monument.
People running web sites are continuously making this choice poorly. This was initially considered okay to give the people running the web sites a choice since, if they choose poorly, users wouldn't visit. But since users aren't able to independently make the decision about whether or not to visit and since those users are usually the victims when a web site chooses poorly, the browser makers are doing what's in the best interest of their customers (the users) and simplifying the problem such that people running web sites are no longer empowered to make poor decisions that harm users.
I'm with the AC on this one. I think your comment proves my point. If the Wordpress team can't make decisions on what needs to be secured/secret, the *users* certainly can't. Encrypt everything end-to-end and don't offer an insecure options. There are a few down sides to this which have been offered up. Mostly that things can't be cached by ISPs to speed up browsing in remote areas. It's probably worth looking for solutions to those problems. But having the users make decisions about what data should be secured in transit does not seem like a viable answer.
There is little hard to sending everything over HTTPs and it takes users (who won't know any better) out of security decisions. Everything's encrypted. They don't have to think. "Well, I'm only entering what high school I went to. Do I care if this is http or https?" The downsides of forcing https are minimal and it eliminates human error from the security equation.
If the content is signed, the signature will either match of it won't. So the OPs proposal would work. But I have no idea what the benefit would be over just sending the content over HTTPs. CPU cycles are so cheap that it worth the effort to implement this. Plus it would still make it harder for the user to determine whether or not the security was acceptable for the intended action. The first few posts in this thread made me question whether HTTPs everywhere was a good idea. They made their points well and got modded up. The reason for HTTPs everywhere is it means that the users don't have to make security decisions that they will invariably get wrong. Secure by default is a good principle. The null cipher idea was interesting but is probably the exception that proves the rule.
No, the raw data doesn't show this. What crime data shows is who is more likely to be *charged* with a crime rather than who is more likely to *commit* a crime. I don't know of any 200 number so that sounds like a citation needed. Maybe you are confusing 200% with 200 times. But if a white and black person get into an altercation, the black person is more likely to get charged. Therefore, black people tend to avoid this type of situation. Also urban poor tend to be black and being a member of the urban poor is a pretty tough lot in life.
Maybe. Or maybe the air pollution will lead to people dying young and less social services for the elderly. That's not a nice outcome and not something I would want, but the pollution may actually have some interesting side effects. The young still seem to be able to work.
I don't think that the original comment was well thought out. But I do suspect that what happens is that well-connected students make business deals with each other rather than with the best qualified. Keep in mind not when dealing with their *own* money but when they have positions at places like publicly traded companies so they can tap into other's money.
If you are rich, you want a situation where you invest money and somebody else does all the work and then you get most of the profits.
Engineers (people with engineering licenses, not the sanitary engineers who collect the trash or the software engineers who hack together computer programmers) take competency examinations and nobody cares *how* they learned, only that they've demonstrated that they have the knowledge.
The article presents a false premise. Chains like sonic are now offering burgers that blend beef and mushroom to improve health and still taste good (well, for some value of good. I guess Sonic isn't the epitome of gourmet.) It seems quite reasonable that we should be able to come up with a plant-based product close enough to beef that we can blend it in burgers in a way that is either unnoticeable or actually improves the flavor. We don't really need to get to 100% in order to have significant impact.
No, but the next time you apply for a visa, it may get denied. Although I suspect, as others have more eloquently pointed out, that there is a more nefarious purpose. Historically we haven't worried very much about overstays.
Take your kid to a playground and look around. There's no clock. Go hiking or camping. There's no clock. Go to a trampoline park. No idea why they make the clocks so hard to see. Go to any restaurant. Beginning athlete's are most in need of heart rate monitors.
It's not for the tracking. An instantaneous heart rate readout is a measure of whether you are taking it too easy or about to send yourself to the hospital. For those who are fitness enthusiasts they can probably estimate their heart rate even without the monitor. And even if not, if you're in good condition, you're not at high risk of a cardiac event. On the other hand, those whose conditioning is poor really should track heart rate during exercise. I'm not talking about time-series plots. Just "Hey, I'm 50 years old and this thing says my heart rate is 190. Maybe I should slow down." Or "Hey, I'm 20 years old and I took this class because the instructor is cute, but my heart rate is only 10bpm above resting. Maybe I can do a little work."
Or maybe it's because customers scale horizontally to meet demand. Having a dozen cashiers standing around just in case there is an unexpected rush is inefficient. But having a dozen self checkout stands available doesn't really cost anything extra. And if you suddenly get a rush of people, each customer is a cashier. It has nothing to do with individual performance and more about having demand and supply always be balanced. If there was a +1 Snark mod, though, I'd give it to you.
Wearing during exercise is one of the primary benefits. The optical heart rate monitors are now as good as the chest straps.
I don't think that anybody wants to wear a computer. However, smart watch fitness trackers (yes they really have to do both to be useful) are quite nice. It lets you see the time without taking out your phone (and getting distracted). It tracks your sleep. And serves as a heart-rate monitor while exercising. Remember when we all used to have chest straps with a wrist watch that showed the heart rate? Back then those were $50-$70 which is what a smart watch now costs that serves as the HR monitor plus other stuff. And a watch also serves as jewelry. So unless health, exercise, and jewelry are all three against your religion, a $50 wearable seems like a pretty reasonable thing to have.