The mail in envelopes are opened under supervision of election judges from both parties,
Which is why I said that you have to trust that they don't record the information. All of the description you provided is how they operate so that they create this trust.
As for the ballot ID, as you said, it was removed from the ballot before being counted.
No, it was removed from the ballot before it was mixed into the box with the other ballots, and I saw it happen with my own eyes. Counting took place after the polls closed. If they had waited until "before counting" then I would have to trust that it was being done.
So they counted them before they mixed them? Otherwise, pretty sure I'm still correct. Also do you not trust yourself? You witnessed it.
Do you not understand the difference between "know" and "trust"?
Just like you have to trust the local coffee shop not to serve everyone cyanide, or your mailman to not plant bombs in your mailbox. The odds of recording your vote info from either of the scenarios you mention is astronomically small. It's because we don't trust them that checks are put in place. If you can't trust anyone, well, you're screwed anyway. It would require vast conspiracies, involving tens of thousands of people, from polling places to county offices, to state office, and across the federal government, spanning across decades of time to keep it secret. So, I stand by my original statement: "It's pretty much impossible". Prove me wrong.
In my state the ballot is sealed in an envelope inside the one you mail in, which by law cannot have your identity on it. It gets thrown out if it does, which is why it has got big, bold letters telling you to not write anything on it. The mail in envelopes are opened under supervision of election judges from both parties, and the ballot envelopes are deposited into containers, taken to a different room, opened, and counted (again under supervision of election judges), so it would take a pretty solid conspiracy by the county clerk and both political parties to break that privacy. Even if they did, where would they record it? Everything is official, public record. They aren't going to keep some secret database of mail in voters. That would, inevitably, get discovered.
As for the ballot ID, as you said, it was removed from the ballot before being counted.
That means they have plenty of backdoors in the systems..
Backdoors? You can just go download it from many states. It's not considered private info. When I was involved with local politics I used to download the county records several times a year, straight from the county clerk's website. No login or anything. Just a pinky-swear and threat of prosecution if you used it for unauthorized purposes (like non-political marketing).
How the fuck is this public info? Anyone can view your voting history? Is the USA a banana republic?
Voter rolls (name and contact info) are public in most states. Additional data available is usually what elections you voted in, and in some states what primary ballot you pulled. These are usually restricted to campaign and other political uses by state law (marketers, not working on political issues, are usually barred from using it, for example).
Note that how you voted (i.e. who you voted for) is not recorded and not part of any record.
I'm not sure of many non-enterprise workloads that would use that much, but it's nice to be given the option. My current i9 supports 128GB and I have 64 in it currently, using it for most of my daily activities, running a hand full of lab VMs in the background, and gaming. All at the same time if I want. If it wasn't for the VMs I could easily get away with half of that.
For enterprise users, it means they can build beefy workstations without having to resort to Xeon W processors. There is a Xeon W version of my i9 7980xe and it cost $500 more than my i9. For that $500, you ECC RAM and slower clock speeds.
Looks like Chrome, Safari, and Firefox are also planning to depreciate TLS 1.0 and 1.1 in the first half of 2020.
Article updated two hours after publication to include similar announcements made by Apple and Google. While Mozilla did not issue a blog post about the upcoming deprecation, a Mozilla spokesperson confirmed the company will deprecate TLS 1.0 and TLS 1.1 in 2020. The original version of this article only mentioned Microsoft plan to deprecate TLS 1.0 and TLS 1.1.
Not really. A big part of their job is to explain to patients what the results mean, what they don't mean, and answer questions they have. This is the problem 23andMe had with their health reports. The reports showed the technical interpretation but a lot of people didn't understand what it meant, even though it was laid out fairly comprehensively. Their forums were littered with "according to the test I have __________" when what the reports really said was that they had a SNIP that research showed might be related to ________________ and that research supported a x% genetic component to the condition, with y% being lifestyle or just random bad luck. People need people to help explain the actual impact of the results to them. Right now computers aren't up to that task. Not every condition that comes out of these tests is a binary you-have-it-or-you-don't genetic disorder.
What, you a phone company lobbyist or something? Your "solution" puts all the cost on the legit business users and would actually be a huge boon to the phone company profits forcing companies to buy huge numbers of physical lines they don't need. Mine puts the costs on the phone companies.
They sell the original Apple parts to repair centers. Since Apple won't sell parts to most repair shops, there is a lucrative market for them. In the scam they buy a phone, remove and sell parts, replace with junk, return for warranty swap, rinse, repeat.
If it's Apple Owned content, then they can distribute it as they see fit. For add-on subscriptions it would be based on what's available in the region.
The problem isn't the spoofing itself, that's not going away, it can't. Companies don't have 1:1 physical lines to extensions, and the numbers assigned to the physical lines usually don't route since they are never actually used in the company phone system. The problem is the phone company systems allow the customer to set any number they want, not just numbers assigned to them. That's the part that needs to change. They need to force the phone companies to start to apply some damn security to the process and prevent assigning numbers not assigned to the customer from being used. Yes it's going to cost money so they won't do it by themselves. They also need to require VOIP companies with outbound calling gateways in the US to log outbound calls and assign to the customer making the calls. Make them financially liable if the customer can't be identified.
If the boards were off the shelf, then they wouldn’t be in Apple or Amazon data centers anyway because they both use custom gear.
They were video encoding servers, designed by Elemental Technologies (which Amazon later purchased, and according to the story, how the chips were found) and manufactured by Supermicro. So yes, they were off the shelf and yes, they are in Amazon and Apple datacenters. Did you even RTFA? Wait what the hell am I asking, of course not.
How would Supermicro know unless they fucked up the modifications and Supermicro started getting boards back and investigated? They aren't going to carefully inspect every passive, x-ray, and rip apart every board that gets made. The first few sure, but after that QA is pretty much an automated process. To get the PCB made and boards assembled requires them to share the designs with the manufacturing partners already. And, as I seem to have to keep reminding people, this isn't some 1337 H4X0r kid we are talking about. This is a government, with nearly unlimited money and engineering resources at its disposal, supposedly modifying hardware built in its borders by third party subcontractors for Supermicro. It's far, far from impossible to do.
As we are on Slashdot, technological details matter much more than mere speculations
So playing devil's advocate here: They could have modified the design, burying the extra traces in interior layers
Please watch the two videos below.
First link, the making of PCB.
https://www.youtube.com/watch?...
Second one, the 'pick and place machines' which put and solder in the various components (capacitors, resistors, et cetera) on PCBs.
https://www.youtube.com/watch?...
There are multiple check and verification processes, and if the design had been tampered with, the motherboard would have failed the myriads of built-in verification processes.
I already know how they are made, thanks. If you are the company building the boards then you have access, by necessity, to the to design of the boards. If you are also working covertly with a government to modify those boards, you would have the expertise and support available to you to do so successfully. This isn't some script kiddie, this is a nation state we are talking about. They could have entire production facilities at their control where they could build compromised boards and then sneak them back into the supply chain after assembly if they wanted to. I mean what's a small board fab and assembly facility cost to spin up in China, $10-$20 million? It's a government, they could do that easily.
As for failing verification, not likely. Again: nation state. They will have access to top engineers and intelligence on the QA process the boards would go through.
Consider this info from public sources... Apple and AWS both operate custom hardware in their data centers and both companies design this hardware themselves. They have dedicated hardware, OS and network security teams... both have hardware design review and acceptance criteria for new designs, and both have security acceptance testing and inspection for incoming parts. Both perform integration testing and network commissioning procedures, and both have operational security and application security controls and alarms monitoring their production environments. The idea that a single downstream supplier could break all of these controls without leaving any evidence is extremely unlikely. I'd say it's more likely a disinformation campaign than an actual data security risk.
Is it unlikely? They will test and inspect server #1 off the line like crazy. They won't do the same level of testing for server #100. or #1000. The compromise we are talking about here was a small component to enable access, not something shipping out data by itself. And remember, these are servers being built by contractors in China, so they are out of the control of the designers here in the US during manufacturing. And we are talking about a state actor with, from a practical standpoint, unlimited resources here, so covering it up becomes a bit easier.
Also, this wasn't a Amazon design, it was a third party company and Amazon's audit of the equipment is what uncovered it.
So one interesting aspect of this is that these are video encoding servers for streaming video that Bloomberg claims were compromised. Now if I'm a state actor wanting to exfiltrate data that type of application has some interesting possibilities.
Slashdot Mirror
The mail in envelopes are opened under supervision of election judges from both parties,
Which is why I said that you have to trust that they don't record the information. All of the description you provided is how they operate so that they create this trust.
As for the ballot ID, as you said, it was removed from the ballot before being counted.
No, it was removed from the ballot before it was mixed into the box with the other ballots, and I saw it happen with my own eyes. Counting took place after the polls closed. If they had waited until "before counting" then I would have to trust that it was being done.
So they counted them before they mixed them? Otherwise, pretty sure I'm still correct. Also do you not trust yourself? You witnessed it.
Do you not understand the difference between "know" and "trust"?
Just like you have to trust the local coffee shop not to serve everyone cyanide, or your mailman to not plant bombs in your mailbox. The odds of recording your vote info from either of the scenarios you mention is astronomically small. It's because we don't trust them that checks are put in place. If you can't trust anyone, well, you're screwed anyway. It would require vast conspiracies, involving tens of thousands of people, from polling places to county offices, to state office, and across the federal government, spanning across decades of time to keep it secret. So, I stand by my original statement: "It's pretty much impossible". Prove me wrong.
Link?
In my state the ballot is sealed in an envelope inside the one you mail in, which by law cannot have your identity on it. It gets thrown out if it does, which is why it has got big, bold letters telling you to not write anything on it. The mail in envelopes are opened under supervision of election judges from both parties, and the ballot envelopes are deposited into containers, taken to a different room, opened, and counted (again under supervision of election judges), so it would take a pretty solid conspiracy by the county clerk and both political parties to break that privacy. Even if they did, where would they record it? Everything is official, public record. They aren't going to keep some secret database of mail in voters. That would, inevitably, get discovered.
As for the ballot ID, as you said, it was removed from the ballot before being counted.
Oh, OH!
Here's the part where I make it go BOOM!
Actually no, it was surprisingly in-depth. He makes better commentary tracks than movies.
Apparently Microsoft has also neglected to "Google why TLS 1.0 is insecure" apparently they don't even know.
Well I guess, ironicly, Google also neglected to "Google why TLS 1.0 is insecure" because they are removing it as well.
That means they have plenty of backdoors in the systems. .
Backdoors? You can just go download it from many states. It's not considered private info. When I was involved with local politics I used to download the county records several times a year, straight from the county clerk's website. No login or anything. Just a pinky-swear and threat of prosecution if you used it for unauthorized purposes (like non-political marketing).
It's pretty much impossible to collect that data. Your identifying data isn't anywhere on the ballot or machine.
How the fuck is this public info? Anyone can view your voting history? Is the USA a banana republic?
Voter rolls (name and contact info) are public in most states. Additional data available is usually what elections you voted in, and in some states what primary ballot you pulled. These are usually restricted to campaign and other political uses by state law (marketers, not working on political issues, are usually barred from using it, for example).
Note that how you voted (i.e. who you voted for) is not recorded and not part of any record.
If you build it, a software developer will find a way to exhaust it.
I'm not sure of many non-enterprise workloads that would use that much, but it's nice to be given the option. My current i9 supports 128GB and I have 64 in it currently, using it for most of my daily activities, running a hand full of lab VMs in the background, and gaming. All at the same time if I want. If it wasn't for the VMs I could easily get away with half of that.
For enterprise users, it means they can build beefy workstations without having to resort to Xeon W processors. There is a Xeon W version of my i9 7980xe and it cost $500 more than my i9. For that $500, you ECC RAM and slower clock speeds.
Article updated two hours after publication to include similar announcements made by Apple and Google. While Mozilla did not issue a blog post about the upcoming deprecation, a Mozilla spokesperson confirmed the company will deprecate TLS 1.0 and TLS 1.1 in 2020. The original version of this article only mentioned Microsoft plan to deprecate TLS 1.0 and TLS 1.1.
Not really. A big part of their job is to explain to patients what the results mean, what they don't mean, and answer questions they have. This is the problem 23andMe had with their health reports. The reports showed the technical interpretation but a lot of people didn't understand what it meant, even though it was laid out fairly comprehensively. Their forums were littered with "according to the test I have __________" when what the reports really said was that they had a SNIP that research showed might be related to ________________ and that research supported a x% genetic component to the condition, with y% being lifestyle or just random bad luck. People need people to help explain the actual impact of the results to them. Right now computers aren't up to that task. Not every condition that comes out of these tests is a binary you-have-it-or-you-don't genetic disorder.
Michael Bay does pretty good commentaries. The one he did for Bad Boys was really interesting.
But is the violin on the blockchain?
What, you a phone company lobbyist or something? Your "solution" puts all the cost on the legit business users and would actually be a huge boon to the phone company profits forcing companies to buy huge numbers of physical lines they don't need. Mine puts the costs on the phone companies.
They sell the original Apple parts to repair centers. Since Apple won't sell parts to most repair shops, there is a lucrative market for them. In the scam they buy a phone, remove and sell parts, replace with junk, return for warranty swap, rinse, repeat.
If it's Apple Owned content, then they can distribute it as they see fit. For add-on subscriptions it would be based on what's available in the region.
The problem isn't the spoofing itself, that's not going away, it can't. Companies don't have 1:1 physical lines to extensions, and the numbers assigned to the physical lines usually don't route since they are never actually used in the company phone system. The problem is the phone company systems allow the customer to set any number they want, not just numbers assigned to them. That's the part that needs to change. They need to force the phone companies to start to apply some damn security to the process and prevent assigning numbers not assigned to the customer from being used. Yes it's going to cost money so they won't do it by themselves. They also need to require VOIP companies with outbound calling gateways in the US to log outbound calls and assign to the customer making the calls. Make them financially liable if the customer can't be identified.
but the upshot is every console game ever released still works on its respective hardware.
So do PC games, plus many of them also work on hardware released years later as well. 100% of my old PS1 game discs won't load in my PS4.
Man in the Middleware
If the boards were off the shelf, then they wouldn’t be in Apple or Amazon data centers anyway because they both use custom gear.
They were video encoding servers, designed by Elemental Technologies (which Amazon later purchased, and according to the story, how the chips were found) and manufactured by Supermicro. So yes, they were off the shelf and yes, they are in Amazon and Apple datacenters. Did you even RTFA? Wait what the hell am I asking, of course not.
How would Supermicro know unless they fucked up the modifications and Supermicro started getting boards back and investigated? They aren't going to carefully inspect every passive, x-ray, and rip apart every board that gets made. The first few sure, but after that QA is pretty much an automated process. To get the PCB made and boards assembled requires them to share the designs with the manufacturing partners already. And, as I seem to have to keep reminding people, this isn't some 1337 H4X0r kid we are talking about. This is a government, with nearly unlimited money and engineering resources at its disposal, supposedly modifying hardware built in its borders by third party subcontractors for Supermicro. It's far, far from impossible to do.
As we are on Slashdot, technological details matter much more than mere speculations
So playing devil's advocate here: They could have modified the design, burying the extra traces in interior layers
Please watch the two videos below. First link, the making of PCB. https://www.youtube.com/watch?... Second one, the 'pick and place machines' which put and solder in the various components (capacitors, resistors, et cetera) on PCBs. https://www.youtube.com/watch?... There are multiple check and verification processes, and if the design had been tampered with, the motherboard would have failed the myriads of built-in verification processes.
I already know how they are made, thanks. If you are the company building the boards then you have access, by necessity, to the to design of the boards. If you are also working covertly with a government to modify those boards, you would have the expertise and support available to you to do so successfully. This isn't some script kiddie, this is a nation state we are talking about. They could have entire production facilities at their control where they could build compromised boards and then sneak them back into the supply chain after assembly if they wanted to. I mean what's a small board fab and assembly facility cost to spin up in China, $10-$20 million? It's a government, they could do that easily.
As for failing verification, not likely. Again: nation state. They will have access to top engineers and intelligence on the QA process the boards would go through.
Consider this info from public sources... Apple and AWS both operate custom hardware in their data centers and both companies design this hardware themselves. They have dedicated hardware, OS and network security teams... both have hardware design review and acceptance criteria for new designs, and both have security acceptance testing and inspection for incoming parts. Both perform integration testing and network commissioning procedures, and both have operational security and application security controls and alarms monitoring their production environments. The idea that a single downstream supplier could break all of these controls without leaving any evidence is extremely unlikely. I'd say it's more likely a disinformation campaign than an actual data security risk.
Is it unlikely? They will test and inspect server #1 off the line like crazy. They won't do the same level of testing for server #100. or #1000. The compromise we are talking about here was a small component to enable access, not something shipping out data by itself. And remember, these are servers being built by contractors in China, so they are out of the control of the designers here in the US during manufacturing. And we are talking about a state actor with, from a practical standpoint, unlimited resources here, so covering it up becomes a bit easier.
Also, this wasn't a Amazon design, it was a third party company and Amazon's audit of the equipment is what uncovered it.
If any of this is actually true, of course.
So one interesting aspect of this is that these are video encoding servers for streaming video that Bloomberg claims were compromised. Now if I'm a state actor wanting to exfiltrate data that type of application has some interesting possibilities.