They don't also care if they lose the war either, they also don't care about the people under them.
Agree with the second bit, but disagree with the first. 99% of NK might live in the dark ages, but I'm sure Kim Jong-un lives a nicer life than most Americans.
This stuff is like the daily burn the US flag thing that other countries do. It is about getting people thinking about the big bad enemy over there so that they're not busy talking about the fact that they are risking their lives if they just watch some bootleg movies. It is also about making the rest of the world reluctant to do anything, since he can potentially cause a huge massacre in Seoul.
The only thing the guy cares about is himself no-doubt. The thing is that if he gets into a war, he can probably kill thousands of South Koreans that he ultimately cares little about, but that will come at the cost of his own life, which he cares a great deal about.
So, unless the guy really is off his rocker, he's going to keep talking big, but stop short of doing anything that would actually drive anybody to go to actual war.
Yup. For the most part the only way I can capture a panic/dump is by phone anyway, and a QR code would allow me to capture a lot more info than 25 lines of text in an image file.
If I post an image, I'm lucky if anybody looks at it. If I post the text of the error, there is a good chance that somebody will stumble on it using Google and actually make some use of it.
Eh, I'm not that knowledgeable on ChromeOS it self, but there is one component it uses that I am fairly familiar with... I can deploy a heuristic filter for CVE-2013-1860 in roughly 15 minutes with some fairly simple pattern matching through a text file and my software/security management console. It doesn't require a reboot or interaction from users, nor does it interrupt the user.
Your antivirus software is capable of intercepting and preventing buffer overflow attacks coming in via the USB port?
However, it is just as likely a pilot bent on suicide or something
Or a fire and a divert to another airport that didn't make it.
What airport? They turned west towards nowhere, and then after a significant period of time heading out to sea they turned south towards an even bigger nowhere.
That is why everybody thinks it was deliberate. Autopilots don't do turns unless somebody tells them to (either by giving it a new heading to fly, or programming a course into the FMS).
The basic equations for fluid dynamics are the Navier-Stokes equation.
So, I fully grok your argument, but I am wondering about one thing.
Is the Navier-Stokes equation REALLY the basic equation for fluid dynamics?.
No, of course not, there is a lower level of particle interactions. You can't really usefully compute them either.
My question was rhetorical. I was just pointing out that the analogies aren't equivalent. I don't really buy the argument in TFA, but when you're trying to prove/disprove something in math an analogy isn't always useful unless it is a perfect analogy.
You claim the time required to update a definition vs patch a vulnerability is significantly different, but I don't really see any evidence supporting this.
I just gave you some.
You keep coming back to Java, but Java is not a component of ChromeOS. I'm sure there are incompetent antivirus vendors who release new signatures 18 months after a threat is detected, but that really has no bearing on the usefulness of antivirus software. In the same way, the fact that Oracle can't figure out how to do security updates is just one of the reasons why ChromeOS doesn't support Java at all.
I'm looking for evidence that an actual component of ChromeOS can't be updated as quickly as a virus definition.
So, flip off a few switches, set the autopilot for a new course, and go read a book until you run out of fuel.
What happened to the OTHER pilot who would notice you doing one or more of those things, certainly within an hour noticing on a map they were headed the wrong way even if they missed everything else you did. And how would a co-pilot miss the turn you performed even if he was not in the cabin?
Perhaps he was complicit. Perhaps he was clunked over the head.
Also you would have to turn off the entertainment system for every passenger because that ALSO lets them see a map of where they are going. Which means every stewardess is going to be beating on your door for seven hours straight to get you to turn back on the entertainment system.
Just tell them it is broken, and it will be serviced when you land. I can't imagine an Asian airline tolerates stewardesses who talk back.
It's not at all simple to just head a plane elsewhere and not have a lot of people notice. It takes a lot of work to pull that off for any length of time.
What are the passengers going to do about it? Stage a revolt? Breaking down the door would be pretty hard, and the captain could always just depressurize the cabin - just takes two switches to do it. The captain might just do that anyway if his goal is suicide.
Keep in mind the universe doesn't need to be a simulation to be a computation. If I punch 5+3 in a calculator, or I throw 3 beads in a pile of 5 beads, I've done a computation. I can calculate a vector problem using trigonometry, or I can draw little triangles on a piece of paper with a protractor, or I can literally take off in a plane in a crosswind and see where I end up. They're all "computing" the same thing.
You are correct though that you can't directly observe superimposed states. In fact, even inferring their existence is tricky to do. Most experiments can easily be explained by assuming the particle had whatever state it is observed in all along. Apparently, however, not all experiments can.
The thing is that if you can observe superposition in simple systems, why would the physics be fundamentally different for complex systems, in the sense that the behavior is just mathematically different?
It makes far more sense to just say that superposition isn't seen for macroscopic objects because there are such an insanely high number of particle interactions that all we see are statistical averages. The number of degrees of freedom (including all internal states) in a baseball is incredibly large. The energy difference between any two of them is incredibly small.
That just doesn't make sense though if the satellite/radar data is accurate. The aircraft deviated, flew for quite a while to the west (not towards anything in particular), and then turned south.
Climbing to starve a fire doesn't really make much sense - the air at 45k feet isn't that much thinner than the air at 35k where it probably was previously. Plus the passengers only have something like 10min of oxygen, while the pilots have hours, which any competent pilot should know. The passengers might run out of oxygen before the plane even makes it to the service ceiling in the first place (climbing gets exponentially slower as you exceed your optimum altitude). The pilot would also put the plane on a course towards some airport - perhaps direct to the origin, not just west into the ocean. And even if he did, why then would he turn south after a considerable delay?
Couldn't they have bought a whole new plane for that kind of money?
They would have to do that anyway. It isn't like anything that came off of this flight is likely to ever be useful again, unless it really was landed on a runway somewhere.
This is all about preventing future accidents, and providing closure.
And it's pretty clear that anybody with the skills to make it disappear as completely as it did is capable of more than just a little direction.
Sure, it could be some plot from a spy thriller - no way to discount that.
However, it is just as likely a pilot bent on suicide or something. Just fly in a direction nobody is expecting and then out over the ocean. That's pretty much all you have to do to make an airliner disappear. Oh, and he switched off the transponder and ACARS - that is just a few switches, which pilots need to be familiar with anyway.
So, flip off a few switches, set the autopilot for a new course, and go read a book until you run out of fuel. Or maybe have some fun exploring the performance limits of the plane while you're at it (thus explaining the apparently odd altitude behavior). Turn the autopilot altitude setting to 55k feet and hit the level change button and see how high it gets before the climb rate drops to zero, etc. The passengers probably wouldn't even notice it if you started that at optimum cruise altitude (the climb wouldn't be all that steep from there).
With something like a multiplayer game service, that isn't an option.
If it were possible to implement the same matchmaking API on a different server, of course it would be an option.
That is always possible, as is a clean-room re-implementation of Gmail. That doesn't mean that either is likely to happen. I imagine the feasibility will depend on just what the server actually does - if it is ONLY matchmaking then it would be more likely to happen than if the server actually executes game logic.
Sure, but only until the underlying vulnerability gets patched. Your antivirus wouldn't do anything about it until it is updated either.
Anti-virus software does not usually require software updates to catch identified viruses, it's usually just updating a definition/heuristic file.
By update I was speaking of definition updates. Without them, the software can't detect a new form of virus.
How can a heuristic handle a virus using a new infection mechanism?
Avast has a heuristic built in for files that have no reputation, it runs these files inside a sandbox and observes it's behaviour. If the program in question starts doing dodgy things like delivering typical infection payloads, avast will close the sandboxed and block the file from being ran on the actual system.
In the case of worms, Avast also passively monitors applications generally and when it detects a typical payload that worms use (such as trying to install a system root kit and a bunch of start up entries) will intercept the system API calls that being used to perform this and prevent that from happening.
So, either the virus is using a known mechanism/payload/etc or not.
If it is, then the OS will be patched against it, and the virus won't be able to install a rootkit/etc.
If it is unknown, then Avast will carefully examine it and detect nothing suspicious going on, and allow it to proceed, and it will install a rootkit. That will happen under ChromeOS as well, but the system will catch it on the next boot if it is persistent. If it isn't persistent then it will be lost until the next boot, and after the next update it won't be able to be re-installed.
What makes you think that a heuristic scanner will be able to discover a virus, but the OS vendor won't be able to patch the vulnerability that allowed it in?
How many Chrome exploits have you mitigated against using antivirus alone, and for how long?
Chrome being unauthorized software on some systems I manage is blocked on multiple levels.
I didn't ask whether you blocked the installation of Chrome. I asked you if you had prevented anything from exploiting Chrome using antivirus software that otherwise could have actually exploited it. It sounds like the answer is nothing, but that doesn't really mean much since you choose not to use it, which is of course fine.
Patching exploits is what keeps new infections out.
Sure, but until that happens, you're vulnerable, the time it takes to patch something verses adding a signature or a heuristic definition is significantly different.
Do you have any examples pertaining to some component of ChromeOS where an antivirus software package could detect an exploit for a significant period of time before ChromeOS was patched?
You claim the time required to update a definition vs patch a vulnerability is significantly different, but I don't really see any evidence supporting this. At least, not as concerns ChromeOS. Sure, you can pick something like Java or Windows where they sit on vulnerabilities for ages, but the whole point of using ChromeOS is that you're avoiding those unmaintained platforms.
I don't deal in security around historical infections, I deal in the possibility of how a system can be compromised and then mitigating that risk as fast as possible and then through better means later if possible.
Sure, but you have to decide what risks are actually worth protecting against, and history can be helpful there. I'm sure your systems are completely vulnerable to a comet impact that destroys all life on earth, and that is because the risk of that happening is low compared to the effort required to mitigate it.
Besides, what is your alternative? I'm not aware of any
Agree. Something like Google Docs is more of a long-term thing than a video game as well. You can still buy WordPerfect, after all.
I tend to put as much of my stuff in the cloud as I can. However, I regularly back up everything I have in the cloud locally, in some file format I'm likely to be able to do something with if the need arises. With something like a multiplayer game service, that isn't an option. I don't really care about multiplayer games much, so to me it wouldn't be a big loss. If I really cared about multiplayer, I'd certainly favor games where you can run your own server.
If the device were using secure boot, the device would refuse to boot at next reboot.
You misunderstand, it did not change the windows system on the flash device. The system when it booted was always clean and got infected after boot; rebooting it would restart with a clean windows install again.
Sure, but only until the underlying vulnerability gets patched. Your antivirus wouldn't do anything about it until it is updated either.
An antivirus provides no protection against an unknown virus using a new infection mechanism.
Actually, it does. Modern anti-virus software still has heuristics that will kick in and many use 'community' based data to help determine the risk of a binary.
How can a heuristic handle a virus using a new infection mechanism? They only protect against viruses using known mechanisms, but which have a signature not in the database.
Any virus with a known mechanism would also be blocked by fixing the underlying browser exploit.
Anytime there is a known exploit it is patched to prevent the virus from being installed in the first place
Then you maybe surprised to learn that producing patches for software takes longer than simply adding a few heuristic patterns or scripted rules to block it. There have been a few instances where I have pushed rules through firewalls and various anti-virus blocklist schemas to block problematic issues while vendors were still trying to resolve them (the last one I dealt with involved Java vulnerabilities, where Oracle spent a lot of time making patches while I simply blocked it's use on untrusted sites with a few rules supplied to the URL filters in anti-virus control panels).
I guess it is a good thing that ChromeOS doesn't support Java then.:)
There is no reason that it should take longer to update a browser/OS than to issue a new heuristic detection code. They both involve software development and are more complex than just adding a signature. How many Chrome exploits have you mitigated against using antivirus alone, and for how long?
When you have an exploit that lets you run remote code on the system, you're running remote code. Maybe not on boot if there are code signing checks all the way, but that won't matter when it gets exploited on next boot...In other words, you can still run malicious userland regardless if it got onto the system which is why a reactive Intrusion Detection System such as Anti-Virus software is extremely helpful.
Why would an antivirus software package be more likely to stop a new virus using a previously-unknown exploit than simply fixing the exploit in the first place? The only real argument I can see is that the one is faster to update than the other. In practice, I haven't really seen this as a problem for Chrome. They don't limit themselves to only issuing updates once a month, etc.
Patching exploits is what keeps new infections out. Secure boot is what ensures the system is clean after a known exploit has been patched.
I can see the argument that having both is better than one or the other. However, if I had to pick and choose I'd pick secure-boot and frequent updates over an antivirus. XP installations suffering from viruses are common despite the OS fully supporting antivirus software. ChromeOS installations suffering viruses are unheard of, despite not supporting antivirus.
Being Kay a Red Hat paid developer, perhaps it's not his entirely fault what's happening. But it's his name on the table, so it's his responsability nevertheless.
Somehow I doubt RedHat is paying him to abuse people in their bugzilla. I suspect they tolerate him because he is a rock star. In some sense Linus just put them at a disadvantage competitively so it is now more in their interest to reign things in.
If I posted something like that on a forum owned by my employer or using an email address that named my employer I'd get a strong reprimand at the very least. I'd like to think that they wouldn't fire me over it on a first offense, but no doubt it would cross their mind, and if I kept it up I'd be gone for sure (and rightly so). Kay's reputation isn't the only one at stake.
The basic equations for fluid dynamics are the Navier-Stokes equation.
So, I fully grok your argument, but I am wondering about one thing.
Is the Navier-Stokes equation REALLY the basic equation for fluid dynamics? Or is it just a really good approximation?
That is the difference between classical physics and quantum mechanics. The former only generally works on macroscopic objects that are governed by the statistical average behaviors of the constituent particles. If I hit a baseball so hard, it flies so far, and I don't need to know how many C-12 vs C-13 vs C-14 atoms are inside of it to make the math work.
The Schrodinger equation does actually purport to describe the behavior of quantum systems at a level where they are indivisible.
So, in that sense a hurricane is governed more by the Schrodinger equation than Navier-Stokes, even if the latter is more useful in practice (precisely because you can solve it without modeling it to the subatomic level).
I think you still raised a great argument. It just might not be mathematically rigorous in the sense that proving/disproving the one analogy has a certain bearing on the other.
Also, nature doesn't have to solve the Napier-Stokes equation. Unless you take the resulting arrangement of stuff as a solution.
I think that was exactly the argument being employed - you can model a hurricane simply by building another Earth and letting it run. Does that mean that modeling hurricanes isn't actually NP?
I'm not knowledgeable enough about the technical definition of P vs NP to say whether NP problems can never be calculated by a quantum computer (which ultimately is what the whole of the universe is).
Actually, the real problem with modelling hurricanes is that the system is chaotic - unless you know the position and velocity of every subatomic particle (including photons/etc) within a few light-days of the storm you can't run a simulation that truly takes everything into account. All it takes is one cosmic ray triggering a bolt of lightning somewhere to make your simulation start to deviate. So, even if you could create another Earth to run the simulation on, you could never initialize it properly. I'm not sure if that really has any bearing on the NP-ness of the problem, though.
Uh, the TSA very much wants to know the identity of anybody boarding a plane. Any airline that allows somebody on a plane who wasn't on the manifest will get in really hot water, as will any passenger attempting something like this.
In the US a background check was run on you before you even arrive at the airport.
Maps are of course drawn with real latitude/longitude markers, not the GPS approximation.
This right here is the problem. If you're going to compute a position using GPS, then the map should be referenced to GPS.
I'm not saying the US has it right. I'm saying that having a single standard and using it everywhere makes a lot more sense than each country picking their own.
The bottom line is that if I ask "what is my current lat/long" there are 47 different answers depending on what definitions you make. By all means pick the best overall model, but don't use one model for one system and another for another. Change the maps to fit the model, and not the other way around.
It is as crazy as the practice in aviation of aligning everything to magnetic headings (in the US at least). Since magnetic north moves around all the time, things like VOR radials and runway headings are never quite right, and disagree with each other even in a local area based on when they were set up. It would make way more sense to just use true north for everything and stick a correction setting on the compass if it is actually used as anything but a backup.
The OS is read-only and uses secure-boot. If something does manage to install itself there
There was a time I had imaged Windows XP systems that booted from a read only flash device, this didn't stop those Windows XP systems from getting infected with a worm that sat on top of the famous Blaster worm, it's payload was a key logger reporting back to it's controller (was a problematic situation as I had no control of the network these were connected to).
If the device were using secure boot, the device would refuse to boot at next reboot.
What does an anti-virus do which a Chromebook isn't already doing?
Combat worms, viruses etc. in real time as opposed to just on boot.
The browser already does this. Anytime there is a known exploit it is patched to prevent the virus from being installed in the first place. An antivirus provides no protection against an unknown virus using a new infection mechanism. Both ChromeOS and an antivirus require regular updates to provide active protection.
At least with ChromeOS if a virus does get in it will be reliably detected at the next reboot. With an antivirus if you get a zero-day infection there is no reliable way of removing it.
Most of the traditional advantages of antivirus go away in an environment like ChromeOS. These include: 1. Antivirus vendor becomes aware of a threat and can deploy a solution faster than Microsoft. Google doesn't tend to sit on zero-days. 2. Since the OS is designed to execute arbitrary code without whitelisting, you need to enumerate all possible evil. ChromeOS isn't designed to let the user execute arbitrary code, and anytime a way to do this is detected it gets patched out as quickly as an antivirus update could be distributed anyway.
I do get the objection that secure boot only kicks in at boot, but I think when you consider how antivirus and ChromeOS updates work in practice, the latter actually provides more security.
But, if you have a specific threat model I haven't considered, I'm all ears. I don't get paid by anybody to like ChromeOS...
Anyone keeping coins in an exchange for any longer than necessary to exchange them is an idiot.
If nobody kept their coins on the exchange it would be not very usefull because there would be nobody to exchange with.
There is no need for an exchange to own the commodity it trades. When you buy/sell stock on an exchange you don't buy/sell it from the exchange itself, and you don't need to keep your money in an account owned/controlled by the exchange.
And even if it made sense to put the funds into escrow with the exchange while a bid/ask is pending, there is no reason that the money needs to stay in the exchange for any significant period of time.
Seems like the issue is that every nation wants to have its own standard for the shape of the Earth and use it for all the local maps, and rather than standardizing globally the solution is to launch multiple redundant location systems each designed around the local custom.
The whole thing seems silly, like arguing over where to draw the prime meridian. If every country wanted the prime meridian to go through their own capital, then you couldn't use a single lat/long coordinate to find yourself on any map. It really shouldn't matter what the shape of the reference globe is as long as everybody uses the same one and measures all their elevations relative to it.
But, these are the same legislatures that keep putting us through daylight savings time, so getting them to come up with a policy other than "let everybody else redraw their maps to our standards" is a hopeless cause...
Interesting, thanks. However, I believe it is possible to do TDMA without dedicating particular frames to particular users.
Instead of a tower assigning a frame to a phone, the phone could randomly pick one. Some packets will get lost due to collisions. This is how ADS-B works.
However, it probably wouldn't scale nearly as well as CDMA, unless the frames are REALLY short so that there can be many of them (in which case overhead becomes a problem). If there are only 10 frames on a channel, then even a few phones will have collisions frequently, while with dedicated frame assignments there won't be any. With CDMA the spread-spectrum nature of things will result in just individual bits being lost and not entire frames, allowing error correction to work its magic.
Disclaimer, I'm hardly an expert in any of this, and know just enough about *DMA to be dangerous.
Slashdot Mirror
They don't also care if they lose the war either, they also don't care about the people under them.
Agree with the second bit, but disagree with the first. 99% of NK might live in the dark ages, but I'm sure Kim Jong-un lives a nicer life than most Americans.
This stuff is like the daily burn the US flag thing that other countries do. It is about getting people thinking about the big bad enemy over there so that they're not busy talking about the fact that they are risking their lives if they just watch some bootleg movies. It is also about making the rest of the world reluctant to do anything, since he can potentially cause a huge massacre in Seoul.
The only thing the guy cares about is himself no-doubt. The thing is that if he gets into a war, he can probably kill thousands of South Koreans that he ultimately cares little about, but that will come at the cost of his own life, which he cares a great deal about.
So, unless the guy really is off his rocker, he's going to keep talking big, but stop short of doing anything that would actually drive anybody to go to actual war.
Yup. For the most part the only way I can capture a panic/dump is by phone anyway, and a QR code would allow me to capture a lot more info than 25 lines of text in an image file.
If I post an image, I'm lucky if anybody looks at it. If I post the text of the error, there is a good chance that somebody will stumble on it using Google and actually make some use of it.
Eh, I'm not that knowledgeable on ChromeOS it self, but there is one component it uses that I am fairly familiar with... I can deploy a heuristic filter for CVE-2013-1860 in roughly 15 minutes with some fairly simple pattern matching through a text file and my software/security management console. It doesn't require a reboot or interaction from users, nor does it interrupt the user.
Your antivirus software is capable of intercepting and preventing buffer overflow attacks coming in via the USB port?
Or a fire and a divert to another airport that didn't make it.
What airport? They turned west towards nowhere, and then after a significant period of time heading out to sea they turned south towards an even bigger nowhere.
That is why everybody thinks it was deliberate. Autopilots don't do turns unless somebody tells them to (either by giving it a new heading to fly, or programming a course into the FMS).
The basic equations for fluid dynamics are the Navier-Stokes equation.
So, I fully grok your argument, but I am wondering about one thing.
Is the Navier-Stokes equation REALLY the basic equation for fluid dynamics? .
No, of course not, there is a lower level of particle interactions. You can't really usefully compute them either.
My question was rhetorical. I was just pointing out that the analogies aren't equivalent. I don't really buy the argument in TFA, but when you're trying to prove/disprove something in math an analogy isn't always useful unless it is a perfect analogy.
I just gave you some.
You keep coming back to Java, but Java is not a component of ChromeOS. I'm sure there are incompetent antivirus vendors who release new signatures 18 months after a threat is detected, but that really has no bearing on the usefulness of antivirus software. In the same way, the fact that Oracle can't figure out how to do security updates is just one of the reasons why ChromeOS doesn't support Java at all.
I'm looking for evidence that an actual component of ChromeOS can't be updated as quickly as a virus definition.
So, flip off a few switches, set the autopilot for a new course, and go read a book until you run out of fuel.
What happened to the OTHER pilot who would notice you doing one or more of those things, certainly within an hour noticing on a map they were headed the wrong way even if they missed everything else you did. And how would a co-pilot miss the turn you performed even if he was not in the cabin?
Perhaps he was complicit. Perhaps he was clunked over the head.
Also you would have to turn off the entertainment system for every passenger because that ALSO lets them see a map of where they are going. Which means every stewardess is going to be beating on your door for seven hours straight to get you to turn back on the entertainment system.
Just tell them it is broken, and it will be serviced when you land. I can't imagine an Asian airline tolerates stewardesses who talk back.
It's not at all simple to just head a plane elsewhere and not have a lot of people notice. It takes a lot of work to pull that off for any length of time.
What are the passengers going to do about it? Stage a revolt? Breaking down the door would be pretty hard, and the captain could always just depressurize the cabin - just takes two switches to do it. The captain might just do that anyway if his goal is suicide.
Keep in mind the universe doesn't need to be a simulation to be a computation. If I punch 5+3 in a calculator, or I throw 3 beads in a pile of 5 beads, I've done a computation. I can calculate a vector problem using trigonometry, or I can draw little triangles on a piece of paper with a protractor, or I can literally take off in a plane in a crosswind and see where I end up. They're all "computing" the same thing.
You are correct though that you can't directly observe superimposed states. In fact, even inferring their existence is tricky to do. Most experiments can easily be explained by assuming the particle had whatever state it is observed in all along. Apparently, however, not all experiments can.
The thing is that if you can observe superposition in simple systems, why would the physics be fundamentally different for complex systems, in the sense that the behavior is just mathematically different?
It makes far more sense to just say that superposition isn't seen for macroscopic objects because there are such an insanely high number of particle interactions that all we see are statistical averages. The number of degrees of freedom (including all internal states) in a baseball is incredibly large. The energy difference between any two of them is incredibly small.
That just doesn't make sense though if the satellite/radar data is accurate. The aircraft deviated, flew for quite a while to the west (not towards anything in particular), and then turned south.
Climbing to starve a fire doesn't really make much sense - the air at 45k feet isn't that much thinner than the air at 35k where it probably was previously. Plus the passengers only have something like 10min of oxygen, while the pilots have hours, which any competent pilot should know. The passengers might run out of oxygen before the plane even makes it to the service ceiling in the first place (climbing gets exponentially slower as you exceed your optimum altitude). The pilot would also put the plane on a course towards some airport - perhaps direct to the origin, not just west into the ocean. And even if he did, why then would he turn south after a considerable delay?
Couldn't they have bought a whole new plane for that kind of money?
They would have to do that anyway. It isn't like anything that came off of this flight is likely to ever be useful again, unless it really was landed on a runway somewhere.
This is all about preventing future accidents, and providing closure.
And it's pretty clear that anybody with the skills to make it disappear as completely as it did is capable of more than just a little direction.
Sure, it could be some plot from a spy thriller - no way to discount that.
However, it is just as likely a pilot bent on suicide or something. Just fly in a direction nobody is expecting and then out over the ocean. That's pretty much all you have to do to make an airliner disappear. Oh, and he switched off the transponder and ACARS - that is just a few switches, which pilots need to be familiar with anyway.
So, flip off a few switches, set the autopilot for a new course, and go read a book until you run out of fuel. Or maybe have some fun exploring the performance limits of the plane while you're at it (thus explaining the apparently odd altitude behavior). Turn the autopilot altitude setting to 55k feet and hit the level change button and see how high it gets before the climb rate drops to zero, etc. The passengers probably wouldn't even notice it if you started that at optimum cruise altitude (the climb wouldn't be all that steep from there).
With something like a multiplayer game service, that isn't an option.
If it were possible to implement the same matchmaking API on a different server, of course it would be an option.
That is always possible, as is a clean-room re-implementation of Gmail. That doesn't mean that either is likely to happen. I imagine the feasibility will depend on just what the server actually does - if it is ONLY matchmaking then it would be more likely to happen than if the server actually executes game logic.
Anti-virus software does not usually require software updates to catch identified viruses, it's usually just updating a definition/heuristic file.
By update I was speaking of definition updates. Without them, the software can't detect a new form of virus.
Avast has a heuristic built in for files that have no reputation, it runs these files inside a sandbox and observes it's behaviour. If the program in question starts doing dodgy things like delivering typical infection payloads, avast will close the sandboxed and block the file from being ran on the actual system.
In the case of worms, Avast also passively monitors applications generally and when it detects a typical payload that worms use (such as trying to install a system root kit and a bunch of start up entries) will intercept the system API calls that being used to perform this and prevent that from happening.
So, either the virus is using a known mechanism/payload/etc or not.
If it is, then the OS will be patched against it, and the virus won't be able to install a rootkit/etc.
If it is unknown, then Avast will carefully examine it and detect nothing suspicious going on, and allow it to proceed, and it will install a rootkit. That will happen under ChromeOS as well, but the system will catch it on the next boot if it is persistent. If it isn't persistent then it will be lost until the next boot, and after the next update it won't be able to be re-installed.
What makes you think that a heuristic scanner will be able to discover a virus, but the OS vendor won't be able to patch the vulnerability that allowed it in?
Chrome being unauthorized software on some systems I manage is blocked on multiple levels.
I didn't ask whether you blocked the installation of Chrome. I asked you if you had prevented anything from exploiting Chrome using antivirus software that otherwise could have actually exploited it. It sounds like the answer is nothing, but that doesn't really mean much since you choose not to use it, which is of course fine.
Sure, but until that happens, you're vulnerable, the time it takes to patch something verses adding a signature or a heuristic definition is significantly different.
Do you have any examples pertaining to some component of ChromeOS where an antivirus software package could detect an exploit for a significant period of time before ChromeOS was patched?
You claim the time required to update a definition vs patch a vulnerability is significantly different, but I don't really see any evidence supporting this. At least, not as concerns ChromeOS. Sure, you can pick something like Java or Windows where they sit on vulnerabilities for ages, but the whole point of using ChromeOS is that you're avoiding those unmaintained platforms.
I don't deal in security around historical infections, I deal in the possibility of how a system can be compromised and then mitigating that risk as fast as possible and then through better means later if possible.
Sure, but you have to decide what risks are actually worth protecting against, and history can be helpful there. I'm sure your systems are completely vulnerable to a comet impact that destroys all life on earth, and that is because the risk of that happening is low compared to the effort required to mitigate it.
Besides, what is your alternative? I'm not aware of any
Agree. Something like Google Docs is more of a long-term thing than a video game as well. You can still buy WordPerfect, after all.
I tend to put as much of my stuff in the cloud as I can. However, I regularly back up everything I have in the cloud locally, in some file format I'm likely to be able to do something with if the need arises. With something like a multiplayer game service, that isn't an option. I don't really care about multiplayer games much, so to me it wouldn't be a big loss. If I really cared about multiplayer, I'd certainly favor games where you can run your own server.
You misunderstand, it did not change the windows system on the flash device. The system when it booted was always clean and got infected after boot; rebooting it would restart with a clean windows install again.
Sure, but only until the underlying vulnerability gets patched. Your antivirus wouldn't do anything about it until it is updated either.
Actually, it does. Modern anti-virus software still has heuristics that will kick in and many use 'community' based data to help determine the risk of a binary.
How can a heuristic handle a virus using a new infection mechanism? They only protect against viruses using known mechanisms, but which have a signature not in the database.
Any virus with a known mechanism would also be blocked by fixing the underlying browser exploit.
Then you maybe surprised to learn that producing patches for software takes longer than simply adding a few heuristic patterns or scripted rules to block it. There have been a few instances where I have pushed rules through firewalls and various anti-virus blocklist schemas to block problematic issues while vendors were still trying to resolve them (the last one I dealt with involved Java vulnerabilities, where Oracle spent a lot of time making patches while I simply blocked it's use on untrusted sites with a few rules supplied to the URL filters in anti-virus control panels).
I guess it is a good thing that ChromeOS doesn't support Java then. :)
There is no reason that it should take longer to update a browser/OS than to issue a new heuristic detection code. They both involve software development and are more complex than just adding a signature. How many Chrome exploits have you mitigated against using antivirus alone, and for how long?
When you have an exploit that lets you run remote code on the system, you're running remote code. Maybe not on boot if there are code signing checks all the way, but that won't matter when it gets exploited on next boot...In other words, you can still run malicious userland regardless if it got onto the system which is why a reactive Intrusion Detection System such as Anti-Virus software is extremely helpful.
Why would an antivirus software package be more likely to stop a new virus using a previously-unknown exploit than simply fixing the exploit in the first place? The only real argument I can see is that the one is faster to update than the other. In practice, I haven't really seen this as a problem for Chrome. They don't limit themselves to only issuing updates once a month, etc.
Patching exploits is what keeps new infections out. Secure boot is what ensures the system is clean after a known exploit has been patched.
I can see the argument that having both is better than one or the other. However, if I had to pick and choose I'd pick secure-boot and frequent updates over an antivirus. XP installations suffering from viruses are common despite the OS fully supporting antivirus software. ChromeOS installations suffering viruses are unheard of, despite not supporting antivirus.
A good manager should have pulled this guy up a long time ago...
I think Linus isn't really a manager so much as a gatekeeper. As such he does a pretty good job.
Being Kay a Red Hat paid developer, perhaps it's not his entirely fault what's happening. But it's his name on the table, so it's his responsability nevertheless.
Somehow I doubt RedHat is paying him to abuse people in their bugzilla. I suspect they tolerate him because he is a rock star. In some sense Linus just put them at a disadvantage competitively so it is now more in their interest to reign things in.
If I posted something like that on a forum owned by my employer or using an email address that named my employer I'd get a strong reprimand at the very least. I'd like to think that they wouldn't fire me over it on a first offense, but no doubt it would cross their mind, and if I kept it up I'd be gone for sure (and rightly so). Kay's reputation isn't the only one at stake.
The basic equations for fluid dynamics are the Navier-Stokes equation.
So, I fully grok your argument, but I am wondering about one thing.
Is the Navier-Stokes equation REALLY the basic equation for fluid dynamics? Or is it just a really good approximation?
That is the difference between classical physics and quantum mechanics. The former only generally works on macroscopic objects that are governed by the statistical average behaviors of the constituent particles. If I hit a baseball so hard, it flies so far, and I don't need to know how many C-12 vs C-13 vs C-14 atoms are inside of it to make the math work.
The Schrodinger equation does actually purport to describe the behavior of quantum systems at a level where they are indivisible.
So, in that sense a hurricane is governed more by the Schrodinger equation than Navier-Stokes, even if the latter is more useful in practice (precisely because you can solve it without modeling it to the subatomic level).
I think you still raised a great argument. It just might not be mathematically rigorous in the sense that proving/disproving the one analogy has a certain bearing on the other.
Also, nature doesn't have to solve the Napier-Stokes equation. Unless you take the resulting arrangement of stuff as a solution.
I think that was exactly the argument being employed - you can model a hurricane simply by building another Earth and letting it run. Does that mean that modeling hurricanes isn't actually NP?
I'm not knowledgeable enough about the technical definition of P vs NP to say whether NP problems can never be calculated by a quantum computer (which ultimately is what the whole of the universe is).
Actually, the real problem with modelling hurricanes is that the system is chaotic - unless you know the position and velocity of every subatomic particle (including photons/etc) within a few light-days of the storm you can't run a simulation that truly takes everything into account. All it takes is one cosmic ray triggering a bolt of lightning somewhere to make your simulation start to deviate. So, even if you could create another Earth to run the simulation on, you could never initialize it properly. I'm not sure if that really has any bearing on the NP-ness of the problem, though.
Uh, the TSA very much wants to know the identity of anybody boarding a plane. Any airline that allows somebody on a plane who wasn't on the manifest will get in really hot water, as will any passenger attempting something like this.
In the US a background check was run on you before you even arrive at the airport.
Maps are of course drawn with real latitude/longitude markers, not the GPS approximation.
This right here is the problem. If you're going to compute a position using GPS, then the map should be referenced to GPS.
I'm not saying the US has it right. I'm saying that having a single standard and using it everywhere makes a lot more sense than each country picking their own.
The bottom line is that if I ask "what is my current lat/long" there are 47 different answers depending on what definitions you make. By all means pick the best overall model, but don't use one model for one system and another for another. Change the maps to fit the model, and not the other way around.
It is as crazy as the practice in aviation of aligning everything to magnetic headings (in the US at least). Since magnetic north moves around all the time, things like VOR radials and runway headings are never quite right, and disagree with each other even in a local area based on when they were set up. It would make way more sense to just use true north for everything and stick a correction setting on the compass if it is actually used as anything but a backup.
Note: I am not the grand parent.
There was a time I had imaged Windows XP systems that booted from a read only flash device, this didn't stop those Windows XP systems from getting infected with a worm that sat on top of the famous Blaster worm, it's payload was a key logger reporting back to it's controller (was a problematic situation as I had no control of the network these were connected to).
If the device were using secure boot, the device would refuse to boot at next reboot.
Combat worms, viruses etc. in real time as opposed to just on boot.
The browser already does this. Anytime there is a known exploit it is patched to prevent the virus from being installed in the first place. An antivirus provides no protection against an unknown virus using a new infection mechanism. Both ChromeOS and an antivirus require regular updates to provide active protection.
At least with ChromeOS if a virus does get in it will be reliably detected at the next reboot. With an antivirus if you get a zero-day infection there is no reliable way of removing it.
Most of the traditional advantages of antivirus go away in an environment like ChromeOS. These include:
1. Antivirus vendor becomes aware of a threat and can deploy a solution faster than Microsoft. Google doesn't tend to sit on zero-days.
2. Since the OS is designed to execute arbitrary code without whitelisting, you need to enumerate all possible evil. ChromeOS isn't designed to let the user execute arbitrary code, and anytime a way to do this is detected it gets patched out as quickly as an antivirus update could be distributed anyway.
I do get the objection that secure boot only kicks in at boot, but I think when you consider how antivirus and ChromeOS updates work in practice, the latter actually provides more security.
But, if you have a specific threat model I haven't considered, I'm all ears. I don't get paid by anybody to like ChromeOS...
Anyone keeping coins in an exchange for any longer than necessary to exchange them is an idiot.
If nobody kept their coins on the exchange it would be not very usefull because there would be nobody to exchange with.
There is no need for an exchange to own the commodity it trades. When you buy/sell stock on an exchange you don't buy/sell it from the exchange itself, and you don't need to keep your money in an account owned/controlled by the exchange.
And even if it made sense to put the funds into escrow with the exchange while a bid/ask is pending, there is no reason that the money needs to stay in the exchange for any significant period of time.
Seems like the issue is that every nation wants to have its own standard for the shape of the Earth and use it for all the local maps, and rather than standardizing globally the solution is to launch multiple redundant location systems each designed around the local custom.
The whole thing seems silly, like arguing over where to draw the prime meridian. If every country wanted the prime meridian to go through their own capital, then you couldn't use a single lat/long coordinate to find yourself on any map. It really shouldn't matter what the shape of the reference globe is as long as everybody uses the same one and measures all their elevations relative to it.
But, these are the same legislatures that keep putting us through daylight savings time, so getting them to come up with a policy other than "let everybody else redraw their maps to our standards" is a hopeless cause...
Interesting, thanks. However, I believe it is possible to do TDMA without dedicating particular frames to particular users.
Instead of a tower assigning a frame to a phone, the phone could randomly pick one. Some packets will get lost due to collisions. This is how ADS-B works.
However, it probably wouldn't scale nearly as well as CDMA, unless the frames are REALLY short so that there can be many of them (in which case overhead becomes a problem). If there are only 10 frames on a channel, then even a few phones will have collisions frequently, while with dedicated frame assignments there won't be any. With CDMA the spread-spectrum nature of things will result in just individual bits being lost and not entire frames, allowing error correction to work its magic.
Disclaimer, I'm hardly an expert in any of this, and know just enough about *DMA to be dangerous.