No guarantee that the FTC would even touch it or, if they did, side with either side ("something else" is still an option) . The internet possesses international, interstate, and intrastate trade as well as communication. Both agencies have a say.
The FCC as an organization certainly isn't. As far as the decisions made that are directed specifically at states, it's a question of nature. Mention was at an unverified source, namely a different posting of Slashdot https://tech.slashdot.org/stor..., but apparently FCC intends on preempting state and local laws. It has be previously done by Federal agencies in some cases, but in others, it has not. There is then the question on which is correct. The Constitution does not prevent states from making laws that contradict Federal law; although, in cases where the Federal is in the right, the state law is unenforceable and effectively void (as I understand it). Essentially, I see passing the laws as a quicker way of referring the question to court system. I pointed out a case where the FCC did not win; of course, there are other cases in which they did. The reference to the Article/section and the amendment is just my opinion as to the nature of the two opposition forces.
3. Make attempt to contact state level officials to make laws to override: States, under 10th Amendment are not without sovereignty in spite of Article I, Section 8. The FCC would need to take legal action against the state in order to invalidate such laws. It may be to note that Tom Wheeler lost a battle against Tennessee a few years back.
4. Where not restricted by legalized monopolies, either have local governments, or if not possible organized co-ops for internet access (a can of worms in and of itself, but then the customers and the owners will be the same).
5. If still wishing to do protests, make sure a reasonably large crowd also shows up at the the House of Representative local offices. Prominent is good, but keep everything peaceful and non-disruptive at whatever location and invite the local press.
6. If one suspects the FCC to be in the pockets of ISPs, simple discontinue all services of those providers
At the last several companies in which I worked, Excel format was sometimes used in part as a "data exchange" format similar to CSV, pipe-delimited, or schema-defined XML (since even the ones such as CSV which opens just fine in Excel was "friendly enough") since individuals on the "business-side" like the ability to inspect and alter data in "a familiar application." While many of the intermediate "data inspectors" (users) had an appreciation for consistent formatting of the file, there was those that were under the indoctrination in regards to any software or data, "It just works" must apply (up to and including computer handling data with intelligence that rivals SkyNet... and "correct" automatic color choices for cell backgrounds and pie chart slices are paramount;-)). This had led to some rather custom Excel import and export libraries and utilities (usually built upon an existing one, but there have been exceptions). Fortunately, there were those that did not mind a simple CSV or Excel file dumped from a query using the normal BI tools.
I cannot speak to your "Data Diodes," which sounds like a marketing term for a firewall (several types of common network interfaces have, for performance reasons, separate send and receive lines) or your virtual machine idea which resembles a micro-kernel architechure with container based applications.
Concerning principal of least privilege itself, it can be applied to end-users or "system/application resources/providers," e.g., services (which I shall use a blanket term). From a programming point of view, this involves having a sufficient granularity of privileges which then can be assigned to roles, groups, users, etc. The one configuring and managing the security of the system only gives access to users and services that require it: an end-user might need to the privilege to change the current display settings or a service might need the privilege to access the filesystem while temporarily inheriting the privileges of the caller. Those would be given the privileges they require, and no other. As another consideration, from a programming view, let us say that the service needs the privilege to check the status and potentially start another service, but only while initializing. The original service would be given that privilege, but as soon as it is done initializing it, it would, in more colloquial terms, waive its right to further check on and start other services.
One of the first difficulties is cost versus benefit. If the business needs the application in one month (to use the extreme, yet common excuse of "otherwise we miss the market and goes closes doors"; although "we'll fix it later when we're caught up" is pretty common as well), if there are exactly two users of an application in the specifications with reasonably well defined roles. The might decide to forgo the cost of a granular system for a fixed role system. As long as there are only two types of users, this is not a problem. If users' responsibilities become more specialized or overlapped, then the business will need to make the decision on how much it is willing to spend in money, time, and development resources to change the system, assuming that it even has any to spend. This is even before considering the impact of changing the security model has on any user, application, service, or business process downstream. This also does not consider the human element of "I'm the boss/VP/CEO, I should be able to change the database or log into any system any time I want" or similar scenario.
Even with such things, principal of least privilege is not a silver bullet. A common task for a user is to open a file. Let's say, for example, that the file is clip art file and a "non-privileged user" cannot import it into their document and the program crashes. The user submits their ticket. We'll say that a IT helpdesk (arguably with sed -e 's/p/l/gi' been applied) member just has finished a dozen requests that requires escalated privileged roles carelessly remains logged into their separate superuser/admin account to work on that ticket. The ticket worker opens the word processor and tries to import the file. But then the clincher, the clipart file type is from an earlier era that where it was necessary to speed up the drawing by having it directly include kernel calls and the word processor just used the original library to display the file in the appropriate part of the document. The file displays normally, the worker emails the user stating they cannot reproduce the problem, and a newly spawned minimized shell task just downloaded and ran an installer for malware. Yes, the worker was careless and maybe the wordprocessor developer could have put some type of protection, but then why spend the cost of doing so if the library does the job and the problem was not detected since the developing company's developers and QA are not familiar with the fine details of the format or bugs in the library's implementation.
In other words, Article I, Section 8 vs 9th Amendment... Round 3!
I do recall that John Marshall was the first that did the expansion of Section 8. I forget who did Wickard v Filburn, but I think it was related to FDR and the Depression.
I had stated, though, in another comment that I recall the FCC having an order under Wheeler that was overturned in favor of Tennessee's state law that prevented local jurisdictions from making their own providers. Maybe as a compromise: the state or local cannot make law enforcing network neutrality, but then state laws that prevent local jurisdictions from making their own network neutral ISPs are automatically overturned.
If he can manage to build a safe vehicle, get his permits, launch, collect his data, safely land, and do a proper analysis... It will be a triumph... for science.
Last time I looked I have NEVER seen a bios attack
Found a millennial.
Hardly a discerning statement for millennials. A BIOS that has a physical switch to prevent reflashing is difficult to attack, put not impossible. Non-volatile memory used for configuration is a potential vector, but would likely need to be specific to BIOS vendor and version. In the case that a physical control is not present, or just left on, malware could, after gaining a privilege execution level attempt to replace or patch the BIOS. I would imagine some systems protect against this with a non-flashable ROM portion that verifies the signature of the flashable BIOS prior to executing. In infection would effectively (hopefully soft) "brick" the system, but the integrity could be at least partially preserved. (I have also heard tall tales about keyboard buffers [or was it initialization firmware] and the A20 line [part of the bus] being used as an attack vector, but never actually bothered to check the validity)
UEFI does remove the potential vector of "boot sector infections" since it uses a different method of loading the operating system. While I lack knowledge of specifics, I am aware that UEFI does have a means of providing extensions as well as its own support for non-volatile storage. Hypothetically, these are vectors for attack. Concerning secure-boot, I would consider it, on paper, to be more secure; however, in the same fashion someone getting their hands on the private key to sign a BIOS or other firmware could attack the system, someone could also sign a UEFI loader application and have a privilege-escalated malware use it for an attack vector. Also, as with any loader chaining, if an already signed loader is exploitable, there is still a vector of attack.
For the TL;DR, pretty much everything is attackable. If security matters to you, understand what kind of system you have and what are the acceptable risks for the cost and effort you are willing to undertake.
Also, concerning a thought from another comment that UEFI is malicious by design, there is an economic pressure that major OS vendors would have on Intel and motherboard manufacturers to keep things in their court, but there is also pressure from consumers (both retail and business) that wish to maintain control of their systems.
NOT EVERY JOB out there is meant to be made a career of, nor sole source of income to support yourself/family.
[citation needed]
I do not have a specific citation to offer, but I am aware that it is part of the basics of Laissez-faire economics. Of course, the opposite of that would be found in Roosevelt's "Fireside chats" where every job should have not just a bare-essentials livable wage, but a "decent living" one. Someone can use their favorite search engine should be able to cherry-pick citations for either for both economics and ethics/philosophy. The US is primarily a capitalistic economy which, at first blush, would imply the former; however, in the 19th century we started to regulate business to reduce the negative effects of raw capitalism and in the early 20th century, partly due to the Depression, the culture shifted the responsibility of social welfare from family and religion to the government. Which way one leans depends both on how one weighs and interpret the natural rights, law-given rights, and responsibilities of individuals versus other individuals and society. I might add that it may be useful to have a clearer definition of the target of the livable wage. It is easier to justify setting a minimal wage to a livable wage of an individual versus that of the livable wage of a family to those that see minimal wage are starter or "teenage" jobs.
Do you think a burger flipper should make the same as a highly skilled computer programmer?
One like you, Mr Awesome? But I don't recall anyone actually suggesting that, so find your strawman's ass and go fuck it.
Torching the strawman will not only result in a PG-13 rating rather than the suggested R-rated scene, but it will also be a good lead into an entertaining Michael Bay style explosion. Snarkiness aside, I certainly did not see it in the previous comments that I read, but, just to state, I have heard the argument being discussed on several previous occasions, not that they have any real bearing. I think a better question would have been how to deal with the wage/salary devaluation that occurs when minimal wage increases. Rather than a computer programmer, whose salaries can often be large enough to absorb wage increases, let's look at the much lower paid parametric who would probably has the national median pay close to $15/hr (similar to prescribed minimal wage), but has more difficult prerequisites and potentially greater risk. If minimal wage is raised, there is nothing that requires that employers raise pay proportionally if even at all. Of course, giving a "fair" (which tends to be in the eye of the behold), might increase costs enough to offset the required wage to be livable faster than desired (depending on which economist you ask). Concerning minimal wage for traditional employment, I would be willing support smaller, local-based regularly scheduled, inflation-relative targeted periodic minimal wage increases along with matching minimal salary for "exempt" employees and percentage scaled (higher the pay, lower the mandatory increase percentage) minimal increases for those with yearly salaries below the minimal "exempt" level. Of course, I only took Economics I in college so my opinion of such should be considered that of an interested amateur.
Now concerning the OP, I do agree and support the workers right and reason to strike. While not necessarily a moral imperative, I do think there should be a certain level of balance in power between the worker (whether employee or contractor) and employer. Striking as a virtual union is one way to push the pendulum in the other direction. That aside, I do not think it is practical to use traditional minimal wage in regards to this "gig economy" nor do I think that people should be forced into a "traditional" labour model in order to make it easy "to keep things fair." If I were to make a suggestion, I would do two things
Do you realize that stating that the universe will expand unbounded?! Everyone knows that spacetime will eventually stretch until it causes an volume of lower minimal vacuum energy which will nucleate, expand, and replace the laws of physics with a higher gravitational constant that will result in a big crunch.;-)
I can see them having the charging stations, but targeting those in a hurry and have a compatible car: for the low, low price of $39.95 + tax, take advantage of our battery swap service; we'll have you driving again in 8.5 minutes.
Not all of the stations have the timer or the marks. For the "subway" ones in Tokyo, I had humored myself a bit by comparing to a timer. I never saw it more than a second off. There was slightly more variation in the shinkansen, but we left every stop within 5-6 seconds of the schedule time. While impressive, I was more impressed with the number of people that road them versus how ridiculously sparkling clean they were.
Humour aside, while attending the earlier era Black Friday events, the sale events were not as common among retailers and attracted smaller crowd. The sales were always single day, usually limited hours, mostly had the same merchandise seen throughout the year, and sometime had very deep discounts (70% off or better). The sales became more popular as it got more press. Retailers saw the trend and adapted to the consumers. Merchandise that was discounted started being specifically ordered for Black Friday, sometimes of very different quality than the usual merchandise. Online retailers started making pre- and post- sales, essentially transforming it into a week event. This is to increase the money made from the event. Of course, while people are generally assumed to be "dumb," given enough time, people will adapt resistances and will not be caught in the spun web.
I have no specific objections to the first two paragraphs; however, "honest politician" is an oxymoron and Mr. Trump is in politics the same as the others you have mentioned.
That aside, unless the Paris treaty has some enforcement mechanism, it will be only as meaningful as the overall adherence to the goals. This means that Germany is pretty much no better or worse off than the US that had exited the Paris treaty. It makes sense for Germany to look after economic interests of its citizens; however, there are other aspects of governance that also must be attended. To take a random quote from a popular move, "A person is smart. People are dumb, panicky dangerous animals and you know it." People want their future "handled" while they deal with the day-to-day stuff, and many probably considers that they have too much on their plate to worry about things such as gross national product vs. global warming vs "why should I have to give up stuff when there are practically 7 billion people out there that can" (depending of your definition of billion and whatever that is in German).
Beyond those things, nothing is really free as some seems to believe. Battery technology used in solar and wind technologies often required rare-earth metals which sometimes require strip-mining (because they are rare; also, strip mining is not very good for the environment). Solar cells typically require special "forms" of silicon which produces hazardous byproducts (the byproducts can be collected and made safe and sometimes even recycled back into the process, but is not cheap with current technology). Indirect solar can be cleaner, but does not as effectively scale. Wind power look promising in areas which have near constant wind (while there might be risk for flying wildlife such as birds, bats, etc, spinning blades isn't the only possible design). Areas with near constant wind are not that common and for the other areas, it has to be supported by other power sources. Hydroelectric is also promising, but must be carefully built to minimize the hazard of flooding and negative impacts on the environment (particularly aquatic wildlife). "Cleaner" hydrocarbons only delay the problem and usage of them sometimes mean political and economic hurdles (not every country has a good supply of natural gas in their back yard and buying foreign sometimes mean yielding in other areas). Nuclear comes in two main flavors: fission and fusion. Fission reactors are normally fueled by Uranium, which is uncommon and due to both safety and security concerns has a very tight extraction to plant to disposal chain. Various incidents have also added stigma (maybe rightfully so, maybe not) to its usage. Thorium fueled is supposedly an alternative, but I have not seen clear data concerning the economics or safety. Fission also must concern itself with the longevity and eventual decommission of plants as they do have limited lifespans (turns out neutrons are quite erosive over 60 years). Fusion shows quite a bit of promise as an energy source since hydrogen is quite abundant and the waste product of helium is not all that dangerous. It is, however, probably about 50 years away from being able to consistently net energy, same as last decade.
With the wall of text of the previous paragraph, it is not to say there is no solution. It just means that there is no silver bullet. More than likely, we are in something similar to a Nash equilibrium and with both the scale of billions of people and hundreds of sovereign governments fixing the situation will be difficult, particularly since people do not like trade-offs. Germany, specially, will need to evaluate their short term and long term economic goals against theirs (and the worlds) climate protection goals and let something give. The US is in no different of a position in that regard-- perhaps with the difference that staying in the treaty might look weak and leaving the treaty might look stupid depending upon whom you ask. I personally would want to research some new power storage technology (that does n
I heard it both ways. I suspect in practice that it depends upon the economic strength of the one doing the tariff vs the ones targeted by the tariff, who else are buyers, and political fudge factor. If the alternate sellers have either economic leverage to apply such as a tariff or legal restriction on market segments valuable to the original country, especially if the country originally targeted has internal sources or cheap alternatives vs the original country. The effect can be amplified if they have political and economic leverage against countries that are markets for the original. The US no longer has the same level of clout in which it previously had, such tactics probably will not be useful for a while unless something turns around. China, on the other hand, had built up both economic and political strength. I would weakly compare it to the 1%, more power you have, easier it is to make bold moves to protect that power.
I remember something about FDR experiencing an attempted assassination in the early 1930's. I would imagine that is related. I know that John F. Kennedy was killed in 1963, and later his brother(?) and Martin Luther King, Jr a few years later. That probably would have pushed through the 1968 one. There was, however, a substantial amount of gun crime during the prohibition period. I am not certain, however, that the prohibition itself was the only source for organized crime and related firearm usage.
I am aware that near the time of the US Civil War that the population of pretty much every major city was less than a million individuals with NYC being one of the few even approaching a million. By the 1920's and the beginning of the prohibition, three or four major cities had at least a million people of population and several were almost a million. I think I recall NYC having close to 4 million.
This is not, however, to say that population is a direct indicator of gun problems. I would assume, however, that more people in the same area does increase the chance of encounters with crime (even if the percentage of crime is flat between urban and rural).
Different areas and times would have difference causes for violence and the firearm violence that goes with it. I do not think that unrestricting firearms will solve the problem. I do not think that banning them, particularly considering their prevalence, will solve the problem either (likely to cause just short of a civil war). I think that better enforcement and maybe refining of existing laws will help. I also think that solving the problems (poverty, racial tensions, organized crime, mental health) that lead to violence will also reduce firearm violence.
Concerning drug related crime. I think that there are trade offs involved. Some types of drug usage results in compromised decision making that can directly generate crime; others can cause significant harm to the person using. Considering that, I would say that there should be education to reduce drug usage and replacement of criminalization of certain types of drug usage with taxation so that the black markets (and the related organized crimes) are not profitable. Of course, this means that people will have to accept a extra level of personal and societal responsibility.
I will add in that the reason that firearms are used in crime is that they are more readily available and "directable" than explosives, more compact than the easily just as dangerous vehicles, quicker than poisons, and have greater range than melee weapons. This, of course, creates a strong focus upon them for eliminating a symptom and sometimes treating symptoms is the fastest action for big problems. There will have to be some restraint in responses as we do not want to ban guns, then big knives, then kitchen knives, then club-like objects (baseball bats), then pencils (beware of the slippery slope... and the related fallacy).
Concerning the previous, I do not have data, but merely applying personal assumptions, observation, and previous readings; please take with a grain of salt.
Back to the original post, I think concerning encryption, my understanding of encryption suggests that it is completely impractical, maybe impossible, to design an encryption system that both provides adequate protection and privacy to serve its purpose while simultaneously given investigators ease of investigating. It is not the same thing as a physical lock. Also, even if there was such a mechanism, how can abuses be minimized?
I would agree. If I were doing it, I would probably scale the images to a fixed set of different very low resolutions and create a histogram of segments each resulting image. If there is a more than an arbitrary number of fuzzy matches to each histogram, it's likely the same image. The image identification would be independent of the file hash and if enough (overlapping) segments, it may be possible match cropped images to uncropped with very few false positives. Beyond that, feature identification might be a good, albeit processing intensive, approach that possibly could be combined with the former as a second-stage. Those are, however, just ideas that come to mind to approach the problem.
While I type fine on a full sized keyboard, typing on a virtual keyboard is a pain on anything smaller than a tablet. Even on a physical keyboard, it is pretty easy to type homonyms if in a hurry (only a few minutes to post and no time to proofread). I wouldn't worry too much about errors from posts: people expecting perfection in a casual forum are probably either jerks or attempting to make an ad hominem argument (or if among friends they might be trolling each other for fun). That said, I see your point concerning not allowing post edits.
If I did not already comment, I would mod this up.
But you have to involve QA early in the game.
Particularly that part, not all developers are QA minded, so having them give feedback early in the game, particularly when designing tests, can improve the overall quality. I also have found that while it doesn't quite affect quality directly, having the QA team send a member or two to actually join meetings such as "daily standup" and code review creates a better working relationship: the QA team isn't viewed as an "unknown enemy just waiting to spring an ambush" but instead as "someone who has your back and keeps you from making a fool of yourself."
I was a team lead (not manager) at my previous employer. I had the pleasure of working with two of the best QA people that I have yet came across. The first one, he could moderately code and made effective automated UI tests and improved the unit tests we had already made as part of the development (including finding bugs in the unit tests themselves). He was also an expert at breaking stuff (it is amazing how easily many things break when fed trash, operated too quickly, suddenly removed of network connection, or given malformed unicode sequences if the developer is not careful; although 80/20 rule should apply). The second one, she could read code, but was overall was unable to write code beyond a simple "Hello World." She probably was the better of the two concerning QA. She could recognize poorly thought out UI design and could look over a set of user stories with minimal data create, anticipate the client's actual acceptance criteria (known to be sometimes vague and she would verify), and create effective test plans. While I am reasonably confident in my ability to do QA, having specialists for the task did reduce both defects and misinterpreted requirements significantly compared to not having one. That said, I still did schedule time for code reviews as a team and did encourage peer review of code whenever there wasn't crunch time, both of which lessened defects and improved overall skill of those teams. When push comes to shove, disciples developers can QA their own and each others' code, but I think there is a tangible benefit to having high quality specialists. On the other hand, I also have met more than my share of ineffective QA personnel. Those individuals usually provide little, if any, benefit over the developers QAing their own code and sometimes acts as an impediment when a few choice people decide use their positions to "gatekeep" in relation to personal grudges.
My previous company, it was not bad, but they were relatively restrictive on work from home. Basically, I really only could do it on days where I would otherwise need to take a personal day. My employer was 2 1/2 hour drive away and moving closer is not easily done when one has a mortgage. The reasoning for the policy was not as arbitrary as "so we can make sure you are working," however. It was part of it, but it was also due to larger number of what I will call "junior skill workers." A number of the people there were fresh out of college and, prior to employment there, had worked not even a day in the industry. The responsibility of the more senior workers was to help get the new hires up to speed (aka, train them) since, in spite of what some had said while I was in high school, college does not actually train one for the workforce (at least not effectively). While I did have plenty of direct work such as planning, class and workflow design, schema design, coding, writing reports (documents as opposed to report generators, although did that too), writing excessively-incomplete documentation, etc., a portion of my week was reviewing code, giving feedback on both code and non-coding tasks such as updating tickets; writing effective, grammatically correct emails; balancing incoming "priority" tasks; etc, and monitoring progress of deadlines. (I bet people just *love* embedded clauses and lists...) The new hires have not yet worked long enough to development self-management habits, so they need help, usually in person.
That said, the cost of driving to work (both in money and personal time) is excessively expensive, so I eventually managed to find a work-from-home job. I can self-manage (I meet all my deadlines and then some in spite of glancing at Slashdot off-and-on) so it works for me. Some people needs the change of location to do the mental switch and some jobs such as my previous needs the "face-time." For those, I think it is appropriate to work in office; however, I think that if it is not required for the job and the individual can show themselves to work effective from a home or otherwise remote location, it think it should be allowed.
Slashdot Mirror
No guarantee that the FTC would even touch it or, if they did, side with either side ("something else" is still an option) . The internet possesses international, interstate, and intrastate trade as well as communication. Both agencies have a say.
The FCC as an organization certainly isn't. As far as the decisions made that are directed specifically at states, it's a question of nature. Mention was at an unverified source, namely a different posting of Slashdot https://tech.slashdot.org/stor..., but apparently FCC intends on preempting state and local laws. It has be previously done by Federal agencies in some cases, but in others, it has not. There is then the question on which is correct. The Constitution does not prevent states from making laws that contradict Federal law; although, in cases where the Federal is in the right, the state law is unenforceable and effectively void (as I understand it). Essentially, I see passing the laws as a quicker way of referring the question to court system. I pointed out a case where the FCC did not win; of course, there are other cases in which they did. The reference to the Article/section and the amendment is just my opinion as to the nature of the two opposition forces.
If people want to actually get results start by:
1. Writing (hardcopy and sent by "snailmail") letters to public officials with formal-language grammar expressing displeasure and politely offering solution of law to override: district representatives for the House, state representatives for the Senate, and President
https://www.senate.gov/senator...
https://www.house.gov/represen...
https://www.whitehouse.gov/con...
2. It does not hurt to submit or virtually sign a petition here: https://petitions.whitehouse.g...
3. Make attempt to contact state level officials to make laws to override: States, under 10th Amendment are not without sovereignty in spite of Article I, Section 8. The FCC would need to take legal action against the state in order to invalidate such laws. It may be to note that Tom Wheeler lost a battle against Tennessee a few years back.
4. Where not restricted by legalized monopolies, either have local governments, or if not possible organized co-ops for internet access (a can of worms in and of itself, but then the customers and the owners will be the same).
5. If still wishing to do protests, make sure a reasonably large crowd also shows up at the the House of Representative local offices. Prominent is good, but keep everything peaceful and non-disruptive at whatever location and invite the local press.
6. If one suspects the FCC to be in the pockets of ISPs, simple discontinue all services of those providers
At the last several companies in which I worked, Excel format was sometimes used in part as a "data exchange" format similar to CSV, pipe-delimited, or schema-defined XML (since even the ones such as CSV which opens just fine in Excel was "friendly enough") since individuals on the "business-side" like the ability to inspect and alter data in "a familiar application." While many of the intermediate "data inspectors" (users) had an appreciation for consistent formatting of the file, there was those that were under the indoctrination in regards to any software or data, "It just works" must apply (up to and including computer handling data with intelligence that rivals SkyNet... and "correct" automatic color choices for cell backgrounds and pie chart slices are paramount ;-)). This had led to some rather custom Excel import and export libraries and utilities (usually built upon an existing one, but there have been exceptions). Fortunately, there were those that did not mind a simple CSV or Excel file dumped from a query using the normal BI tools.
I cannot speak to your "Data Diodes," which sounds like a marketing term for a firewall (several types of common network interfaces have, for performance reasons, separate send and receive lines) or your virtual machine idea which resembles a micro-kernel architechure with container based applications.
Concerning principal of least privilege itself, it can be applied to end-users or "system/application resources/providers," e.g., services (which I shall use a blanket term). From a programming point of view, this involves having a sufficient granularity of privileges which then can be assigned to roles, groups, users, etc. The one configuring and managing the security of the system only gives access to users and services that require it: an end-user might need to the privilege to change the current display settings or a service might need the privilege to access the filesystem while temporarily inheriting the privileges of the caller. Those would be given the privileges they require, and no other. As another consideration, from a programming view, let us say that the service needs the privilege to check the status and potentially start another service, but only while initializing. The original service would be given that privilege, but as soon as it is done initializing it, it would, in more colloquial terms, waive its right to further check on and start other services.
One of the first difficulties is cost versus benefit. If the business needs the application in one month (to use the extreme, yet common excuse of "otherwise we miss the market and goes closes doors"; although "we'll fix it later when we're caught up" is pretty common as well), if there are exactly two users of an application in the specifications with reasonably well defined roles. The might decide to forgo the cost of a granular system for a fixed role system. As long as there are only two types of users, this is not a problem. If users' responsibilities become more specialized or overlapped, then the business will need to make the decision on how much it is willing to spend in money, time, and development resources to change the system, assuming that it even has any to spend. This is even before considering the impact of changing the security model has on any user, application, service, or business process downstream. This also does not consider the human element of "I'm the boss/VP/CEO, I should be able to change the database or log into any system any time I want" or similar scenario.
Even with such things, principal of least privilege is not a silver bullet. A common task for a user is to open a file. Let's say, for example, that the file is clip art file and a "non-privileged user" cannot import it into their document and the program crashes. The user submits their ticket. We'll say that a IT helpdesk (arguably with sed -e 's/p/l/gi' been applied) member just has finished a dozen requests that requires escalated privileged roles carelessly remains logged into their separate superuser/admin account to work on that ticket. The ticket worker opens the word processor and tries to import the file. But then the clincher, the clipart file type is from an earlier era that where it was necessary to speed up the drawing by having it directly include kernel calls and the word processor just used the original library to display the file in the appropriate part of the document. The file displays normally, the worker emails the user stating they cannot reproduce the problem, and a newly spawned minimized shell task just downloaded and ran an installer for malware. Yes, the worker was careless and maybe the wordprocessor developer could have put some type of protection, but then why spend the cost of doing so if the library does the job and the problem was not detected since the developing company's developers and QA are not familiar with the fine details of the format or bugs in the library's implementation.
In other words, Article I, Section 8 vs 9th Amendment... Round 3!
I do recall that John Marshall was the first that did the expansion of Section 8. I forget who did Wickard v Filburn, but I think it was related to FDR and the Depression.
I had stated, though, in another comment that I recall the FCC having an order under Wheeler that was overturned in favor of Tennessee's state law that prevented local jurisdictions from making their own providers. Maybe as a compromise: the state or local cannot make law enforcing network neutrality, but then state laws that prevent local jurisdictions from making their own network neutral ISPs are automatically overturned.
I remember something about Tennessee...
http://www.opn.ca6.uscourts.go...
Maybe related?
I stand corrected. *tips hat*
If he can manage to build a safe vehicle, get his permits, launch, collect his data, safely land, and do a proper analysis... It will be a triumph... for science.
Hardly a discerning statement for millennials. A BIOS that has a physical switch to prevent reflashing is difficult to attack, put not impossible. Non-volatile memory used for configuration is a potential vector, but would likely need to be specific to BIOS vendor and version. In the case that a physical control is not present, or just left on, malware could, after gaining a privilege execution level attempt to replace or patch the BIOS. I would imagine some systems protect against this with a non-flashable ROM portion that verifies the signature of the flashable BIOS prior to executing. In infection would effectively (hopefully soft) "brick" the system, but the integrity could be at least partially preserved. (I have also heard tall tales about keyboard buffers [or was it initialization firmware] and the A20 line [part of the bus] being used as an attack vector, but never actually bothered to check the validity)
UEFI does remove the potential vector of "boot sector infections" since it uses a different method of loading the operating system. While I lack knowledge of specifics, I am aware that UEFI does have a means of providing extensions as well as its own support for non-volatile storage. Hypothetically, these are vectors for attack. Concerning secure-boot, I would consider it, on paper, to be more secure; however, in the same fashion someone getting their hands on the private key to sign a BIOS or other firmware could attack the system, someone could also sign a UEFI loader application and have a privilege-escalated malware use it for an attack vector. Also, as with any loader chaining, if an already signed loader is exploitable, there is still a vector of attack.
For the TL;DR, pretty much everything is attackable. If security matters to you, understand what kind of system you have and what are the acceptable risks for the cost and effort you are willing to undertake.
Also, concerning a thought from another comment that UEFI is malicious by design, there is an economic pressure that major OS vendors would have on Intel and motherboard manufacturers to keep things in their court, but there is also pressure from consumers (both retail and business) that wish to maintain control of their systems.
I do not have a specific citation to offer, but I am aware that it is part of the basics of Laissez-faire economics. Of course, the opposite of that would be found in Roosevelt's "Fireside chats" where every job should have not just a bare-essentials livable wage, but a "decent living" one. Someone can use their favorite search engine should be able to cherry-pick citations for either for both economics and ethics/philosophy. The US is primarily a capitalistic economy which, at first blush, would imply the former; however, in the 19th century we started to regulate business to reduce the negative effects of raw capitalism and in the early 20th century, partly due to the Depression, the culture shifted the responsibility of social welfare from family and religion to the government. Which way one leans depends both on how one weighs and interpret the natural rights, law-given rights, and responsibilities of individuals versus other individuals and society. I might add that it may be useful to have a clearer definition of the target of the livable wage. It is easier to justify setting a minimal wage to a livable wage of an individual versus that of the livable wage of a family to those that see minimal wage are starter or "teenage" jobs.
Torching the strawman will not only result in a PG-13 rating rather than the suggested R-rated scene, but it will also be a good lead into an entertaining Michael Bay style explosion. Snarkiness aside, I certainly did not see it in the previous comments that I read, but, just to state, I have heard the argument being discussed on several previous occasions, not that they have any real bearing. I think a better question would have been how to deal with the wage/salary devaluation that occurs when minimal wage increases. Rather than a computer programmer, whose salaries can often be large enough to absorb wage increases, let's look at the much lower paid parametric who would probably has the national median pay close to $15/hr (similar to prescribed minimal wage), but has more difficult prerequisites and potentially greater risk. If minimal wage is raised, there is nothing that requires that employers raise pay proportionally if even at all. Of course, giving a "fair" (which tends to be in the eye of the behold), might increase costs enough to offset the required wage to be livable faster than desired (depending on which economist you ask). Concerning minimal wage for traditional employment, I would be willing support smaller, local-based regularly scheduled, inflation-relative targeted periodic minimal wage increases along with matching minimal salary for "exempt" employees and percentage scaled (higher the pay, lower the mandatory increase percentage) minimal increases for those with yearly salaries below the minimal "exempt" level. Of course, I only took Economics I in college so my opinion of such should be considered that of an interested amateur.
Now concerning the OP, I do agree and support the workers right and reason to strike. While not necessarily a moral imperative, I do think there should be a certain level of balance in power between the worker (whether employee or contractor) and employer. Striking as a virtual union is one way to push the pendulum in the other direction. That aside, I do not think it is practical to use traditional minimal wage in regards to this "gig economy" nor do I think that people should be forced into a "traditional" labour model in order to make it easy "to keep things fair." If I were to make a suggestion, I would do two things
Do you realize that stating that the universe will expand unbounded?! Everyone knows that spacetime will eventually stretch until it causes an volume of lower minimal vacuum energy which will nucleate, expand, and replace the laws of physics with a higher gravitational constant that will result in a big crunch. ;-)
I can see them having the charging stations, but targeting those in a hurry and have a compatible car: for the low, low price of $39.95 + tax, take advantage of our battery swap service; we'll have you driving again in 8.5 minutes.
Not all of the stations have the timer or the marks. For the "subway" ones in Tokyo, I had humored myself a bit by comparing to a timer. I never saw it more than a second off. There was slightly more variation in the shinkansen, but we left every stop within 5-6 seconds of the schedule time. While impressive, I was more impressed with the number of people that road them versus how ridiculously sparkling clean they were.
... and it became unfit to survive.
Humour aside, while attending the earlier era Black Friday events, the sale events were not as common among retailers and attracted smaller crowd. The sales were always single day, usually limited hours, mostly had the same merchandise seen throughout the year, and sometime had very deep discounts (70% off or better). The sales became more popular as it got more press. Retailers saw the trend and adapted to the consumers. Merchandise that was discounted started being specifically ordered for Black Friday, sometimes of very different quality than the usual merchandise. Online retailers started making pre- and post- sales, essentially transforming it into a week event. This is to increase the money made from the event. Of course, while people are generally assumed to be "dumb," given enough time, people will adapt resistances and will not be caught in the spun web.
I have no specific objections to the first two paragraphs; however, "honest politician" is an oxymoron and Mr. Trump is in politics the same as the others you have mentioned.
That aside, unless the Paris treaty has some enforcement mechanism, it will be only as meaningful as the overall adherence to the goals. This means that Germany is pretty much no better or worse off than the US that had exited the Paris treaty. It makes sense for Germany to look after economic interests of its citizens; however, there are other aspects of governance that also must be attended. To take a random quote from a popular move, "A person is smart. People are dumb, panicky dangerous animals and you know it." People want their future "handled" while they deal with the day-to-day stuff, and many probably considers that they have too much on their plate to worry about things such as gross national product vs. global warming vs "why should I have to give up stuff when there are practically 7 billion people out there that can" (depending of your definition of billion and whatever that is in German).
Beyond those things, nothing is really free as some seems to believe. Battery technology used in solar and wind technologies often required rare-earth metals which sometimes require strip-mining (because they are rare; also, strip mining is not very good for the environment). Solar cells typically require special "forms" of silicon which produces hazardous byproducts (the byproducts can be collected and made safe and sometimes even recycled back into the process, but is not cheap with current technology). Indirect solar can be cleaner, but does not as effectively scale. Wind power look promising in areas which have near constant wind (while there might be risk for flying wildlife such as birds, bats, etc, spinning blades isn't the only possible design). Areas with near constant wind are not that common and for the other areas, it has to be supported by other power sources. Hydroelectric is also promising, but must be carefully built to minimize the hazard of flooding and negative impacts on the environment (particularly aquatic wildlife). "Cleaner" hydrocarbons only delay the problem and usage of them sometimes mean political and economic hurdles (not every country has a good supply of natural gas in their back yard and buying foreign sometimes mean yielding in other areas). Nuclear comes in two main flavors: fission and fusion. Fission reactors are normally fueled by Uranium, which is uncommon and due to both safety and security concerns has a very tight extraction to plant to disposal chain. Various incidents have also added stigma (maybe rightfully so, maybe not) to its usage. Thorium fueled is supposedly an alternative, but I have not seen clear data concerning the economics or safety. Fission also must concern itself with the longevity and eventual decommission of plants as they do have limited lifespans (turns out neutrons are quite erosive over 60 years). Fusion shows quite a bit of promise as an energy source since hydrogen is quite abundant and the waste product of helium is not all that dangerous. It is, however, probably about 50 years away from being able to consistently net energy, same as last decade.
With the wall of text of the previous paragraph, it is not to say there is no solution. It just means that there is no silver bullet. More than likely, we are in something similar to a Nash equilibrium and with both the scale of billions of people and hundreds of sovereign governments fixing the situation will be difficult, particularly since people do not like trade-offs. Germany, specially, will need to evaluate their short term and long term economic goals against theirs (and the worlds) climate protection goals and let something give. The US is in no different of a position in that regard-- perhaps with the difference that staying in the treaty might look weak and leaving the treaty might look stupid depending upon whom you ask. I personally would want to research some new power storage technology (that does n
I heard it both ways. I suspect in practice that it depends upon the economic strength of the one doing the tariff vs the ones targeted by the tariff, who else are buyers, and political fudge factor. If the alternate sellers have either economic leverage to apply such as a tariff or legal restriction on market segments valuable to the original country, especially if the country originally targeted has internal sources or cheap alternatives vs the original country. The effect can be amplified if they have political and economic leverage against countries that are markets for the original. The US no longer has the same level of clout in which it previously had, such tactics probably will not be useful for a while unless something turns around. China, on the other hand, had built up both economic and political strength. I would weakly compare it to the 1%, more power you have, easier it is to make bold moves to protect that power.
I remember something about FDR experiencing an attempted assassination in the early 1930's. I would imagine that is related. I know that John F. Kennedy was killed in 1963, and later his brother(?) and Martin Luther King, Jr a few years later. That probably would have pushed through the 1968 one. There was, however, a substantial amount of gun crime during the prohibition period. I am not certain, however, that the prohibition itself was the only source for organized crime and related firearm usage.
I am aware that near the time of the US Civil War that the population of pretty much every major city was less than a million individuals with NYC being one of the few even approaching a million. By the 1920's and the beginning of the prohibition, three or four major cities had at least a million people of population and several were almost a million. I think I recall NYC having close to 4 million.
This is not, however, to say that population is a direct indicator of gun problems. I would assume, however, that more people in the same area does increase the chance of encounters with crime (even if the percentage of crime is flat between urban and rural).
Different areas and times would have difference causes for violence and the firearm violence that goes with it. I do not think that unrestricting firearms will solve the problem. I do not think that banning them, particularly considering their prevalence, will solve the problem either (likely to cause just short of a civil war). I think that better enforcement and maybe refining of existing laws will help. I also think that solving the problems (poverty, racial tensions, organized crime, mental health) that lead to violence will also reduce firearm violence.
Concerning drug related crime. I think that there are trade offs involved. Some types of drug usage results in compromised decision making that can directly generate crime; others can cause significant harm to the person using. Considering that, I would say that there should be education to reduce drug usage and replacement of criminalization of certain types of drug usage with taxation so that the black markets (and the related organized crimes) are not profitable. Of course, this means that people will have to accept a extra level of personal and societal responsibility.
I will add in that the reason that firearms are used in crime is that they are more readily available and "directable" than explosives, more compact than the easily just as dangerous vehicles, quicker than poisons, and have greater range than melee weapons. This, of course, creates a strong focus upon them for eliminating a symptom and sometimes treating symptoms is the fastest action for big problems. There will have to be some restraint in responses as we do not want to ban guns, then big knives, then kitchen knives, then club-like objects (baseball bats), then pencils (beware of the slippery slope... and the related fallacy).
Concerning the previous, I do not have data, but merely applying personal assumptions, observation, and previous readings; please take with a grain of salt.
Back to the original post, I think concerning encryption, my understanding of encryption suggests that it is completely impractical, maybe impossible, to design an encryption system that both provides adequate protection and privacy to serve its purpose while simultaneously given investigators ease of investigating. It is not the same thing as a physical lock. Also, even if there was such a mechanism, how can abuses be minimized?
It is doubly Slashdot's fault, not only have they not fixed the issue, but tags are not whitelisted and get filtered out.
I would agree. If I were doing it, I would probably scale the images to a fixed set of different very low resolutions and create a histogram of segments each resulting image. If there is a more than an arbitrary number of fuzzy matches to each histogram, it's likely the same image. The image identification would be independent of the file hash and if enough (overlapping) segments, it may be possible match cropped images to uncropped with very few false positives. Beyond that, feature identification might be a good, albeit processing intensive, approach that possibly could be combined with the former as a second-stage. Those are, however, just ideas that come to mind to approach the problem.
While I type fine on a full sized keyboard, typing on a virtual keyboard is a pain on anything smaller than a tablet. Even on a physical keyboard, it is pretty easy to type homonyms if in a hurry (only a few minutes to post and no time to proofread). I wouldn't worry too much about errors from posts: people expecting perfection in a casual forum are probably either jerks or attempting to make an ad hominem argument (or if among friends they might be trolling each other for fun). That said, I see your point concerning not allowing post edits.
I've met two myself, at the same employer (my previous job). I'm still wondering how they got so lucky.
But you have to involve QA early in the game.
Particularly that part, not all developers are QA minded, so having them give feedback early in the game, particularly when designing tests, can improve the overall quality. I also have found that while it doesn't quite affect quality directly, having the QA team send a member or two to actually join meetings such as "daily standup" and code review creates a better working relationship: the QA team isn't viewed as an "unknown enemy just waiting to spring an ambush" but instead as "someone who has your back and keeps you from making a fool of yourself."
I was a team lead (not manager) at my previous employer. I had the pleasure of working with two of the best QA people that I have yet came across. The first one, he could moderately code and made effective automated UI tests and improved the unit tests we had already made as part of the development (including finding bugs in the unit tests themselves). He was also an expert at breaking stuff (it is amazing how easily many things break when fed trash, operated too quickly, suddenly removed of network connection, or given malformed unicode sequences if the developer is not careful; although 80/20 rule should apply). The second one, she could read code, but was overall was unable to write code beyond a simple "Hello World." She probably was the better of the two concerning QA. She could recognize poorly thought out UI design and could look over a set of user stories with minimal data create, anticipate the client's actual acceptance criteria (known to be sometimes vague and she would verify), and create effective test plans. While I am reasonably confident in my ability to do QA, having specialists for the task did reduce both defects and misinterpreted requirements significantly compared to not having one. That said, I still did schedule time for code reviews as a team and did encourage peer review of code whenever there wasn't crunch time, both of which lessened defects and improved overall skill of those teams. When push comes to shove, disciples developers can QA their own and each others' code, but I think there is a tangible benefit to having high quality specialists. On the other hand, I also have met more than my share of ineffective QA personnel. Those individuals usually provide little, if any, benefit over the developers QAing their own code and sometimes acts as an impediment when a few choice people decide use their positions to "gatekeep" in relation to personal grudges.
My previous company, it was not bad, but they were relatively restrictive on work from home. Basically, I really only could do it on days where I would otherwise need to take a personal day. My employer was 2 1/2 hour drive away and moving closer is not easily done when one has a mortgage. The reasoning for the policy was not as arbitrary as "so we can make sure you are working," however. It was part of it, but it was also due to larger number of what I will call "junior skill workers." A number of the people there were fresh out of college and, prior to employment there, had worked not even a day in the industry. The responsibility of the more senior workers was to help get the new hires up to speed (aka, train them) since, in spite of what some had said while I was in high school, college does not actually train one for the workforce (at least not effectively). While I did have plenty of direct work such as planning, class and workflow design, schema design, coding, writing reports (documents as opposed to report generators, although did that too), writing excessively-incomplete documentation, etc., a portion of my week was reviewing code, giving feedback on both code and non-coding tasks such as updating tickets; writing effective, grammatically correct emails; balancing incoming "priority" tasks; etc, and monitoring progress of deadlines. (I bet people just *love* embedded clauses and lists...) The new hires have not yet worked long enough to development self-management habits, so they need help, usually in person.
That said, the cost of driving to work (both in money and personal time) is excessively expensive, so I eventually managed to find a work-from-home job. I can self-manage (I meet all my deadlines and then some in spite of glancing at Slashdot off-and-on) so it works for me. Some people needs the change of location to do the mental switch and some jobs such as my previous needs the "face-time." For those, I think it is appropriate to work in office; however, I think that if it is not required for the job and the individual can show themselves to work effective from a home or otherwise remote location, it think it should be allowed.