nVidia already competes on price and performance... AMD is just not a great competitor, and basically nobody else is bothering to try.
There is no way in hell a system designer is going to substitute a newer part, unless they can:
(A) do it without a redesign/board relayout
(B) do it in a way that lets them back out of the decision when the newer part screws up horribly
If you object to the "when" in option "(B)", then you can object by making the part not fail, when I have the option of backing out the part choice. If you don't fail, I don't back out the part choice.
The quoted statement from Apple about discontinuing the Apple Thunderbolt Display is close to confirmation that they're exiting that line of business. If the displays go fully out of stock for more than about a week, I will take it as full confirmation even if Apple doesn't formally say so.
They just came out with a whole bunch of USB-C stuff... and you are concerned about the Thunderbolt display? Looks to me as if actual Thunderbolt is about as dead as actual Firewire.
Perhaps if nVidia would quit changing BGA pinouts, companies would be more likely to substitute their newer processors.
Of course if they did that, companies might also substitute a competitors part instead. Then nVidia would end up having to compete on price/performance. And no one wants that.
> If the primaries were at Dyn, and the secondaries were not at Dyn, none of the sites would have experienced any downtime.
Until Dyn's secondaries are hit 5 minutes later... it's true that 2 is better than 1, but how about potentially tens of thousands?
You are still not getting this...
Dyn's secondaries were hit. If the secondaries were at Google, Yahoo, Hover, and other companies, they would need to DDOS every DNS server on the entire freaking Internet at the same time.
Say you have 12 domains, and you have a primary DNS (P) and a secondary DNS (S), and then you have 4 hosting primary companies A, B, C, and D, and the four of them get together and form a DNS pool, so that one of the other hosting companies acts as secondary for each of the domains for which they themselves are primary:
domains P....S --------------- abc.com A -> B def.com A -> C ghi.com A -> D jkl.com B -> A mno.com B -> C pqr.com B -> D stu.com C -> A vwx.com C -> B abc.org C -> D def.org D -> A ghi.org D -> B jkl.org D -> C
Now expand that to 10,000 hosting companies. Get it now? It's called a multiply connected network.
They have 258 positions currently open in sales, concurrent with laying off 300 people.
Intuitively, that means that the people being ejected are mostly underperforming sales account managers.
Other jobs are in machine learning, data analytics, and data scientists, which likely means that they are also having content control problems with troll and sock-puppet accounts, and they have little understanding of network effects, despite being a "social network".
Or... it means they have a tender offer, and want to reduce the PPE numbers to inflate (temporarily) the asking price for the company, in the same way that Word Perfect laid off all their people working on future product releases, prior to selling themselves to Novell.
Secondary DNS would not have helped here. The issue with DNS is that it's a centralizing service.
I understand that you have a particular drum to beat in this regard, but the problem is actually that Dyn hosted both the primaries and the secondaries, and they took Dyn offline.
If the primaries were at Dyn, and the secondaries were not at Dyn, none of the sites would have experienced any downtime.
So my IoT thing sends out a http request on port 80 of your web server, is that a DDOS attack or is that a valid request?
In my personal opinion?
It's always an attack, since IoT devices should connect to an Intranet server under your control, and not be vended routable addresses under any circumstances.
If your TTL is high enough, attacking a DNS service wouldn't deny service. The RFC says at least 1800s. Most of these sites have such poor uptime/architecture that their TTL is set to 120 or less.
Most caching servers at ISPs are set up in violation of the RFCs anyway:
* If they do not have an IPv6 upstream, they fail to filter IPv6 addresses out of their responses to downstream DNS requests.
* If they get some TTL value with less than their idea of a "minimum", they modify the TTL to be 300 or more seconds.
The first makes it hard to be "IPv6 by default", i.e. listing the IPv6 responses first in preference order over the IPv4, since it makes it not work for some people on the downstream side (the IPv6 addresses have to each time out before an IPv4 address, if there is one, is attempted).
The second makes it a real time consuming thing to do to have to wait 5 minutes between testing DNS reconfigurations to see if they work (and then you get 5 minutes of downtime when they don't, before you can fix them).
But I will. If you spit it up into two sections, then the attacker will simply attack both servers. How many secondary servers would you need before the attack is spread too thin to deny service? Who knows.
That's easy. You put ALL of them in the peering pool. If you don't put your servers in the peering pool, then an attack can take you down... but no one else. Good luck getting customers in the future.
It's very easy: 10,000 DNS servers means a 1:10,000 chance of them hitting both your primary and secondary servers for your domain. Unless it's YOU the bad guys are attacking, instead of the DNS infrastructure (and if it's YOU, you have other problems), then it's unlikely that both your primary and secondary will get hit.
But don't forget that the companies are paying for all this bandwidth.
Yes. And to make it fair, you scale your presence in the pool by the number of domains you are personally hosting. If you host 1,000 domains, then at most you will also be secondary for 1,000 domains. If you host 1,000,000 domains, then you will host at most 1,000,000 secondaries.
This is why it's a peering pool.
Even if their services stay online they're spending $$$ to keep them online while the attacker isn't spending any money.
One company is an acceptable casualty. It's likely, however, that the Bad Guys(tm) were either targeting a number of specific domains, or they were targeting Dyn itself.
Either way, you'd set up collective defense resources for all pool members (that way, even if they were just going after Dyn, you could still afford to go after the culprit).
Properly configured DNS secondaries hosted at different ISPs would have completely mitigated the problem for everyone but Dyn. Because Dyn hosts its own secondaries, hitting Dyn downed both primary and secondary servers.
ISPs need a peering pool arrangement for DNS secondaries, where secondaries are distributed over the entire pool.
This is how it was designed to work: multiply connected redundant secondaries.
The worst damage possible in that scenario is the inability to update DNS information hosted at Dyn itself, or to initiate zone transfers in or out of Dyn.
That reduces it from an attack on the DNS infrastructure to an attack on Dyn itself (which is much less important to everyone but Dyn).
If the secondaries had not been hosted at the same company, but instead at various companies around the world, the attack would have had no effect on anything but traffic.
This is, by the way, how multiply connected networks are supposed to work.
This could be easily accomplished at no additional cost by having a peering-pool arrangement between all the host registrars, so that we ended up with a multiply connected redundant network.
Kind of how we designed the thing to work in the 1960's and 1970's, and DNS itself in the 1980's.
But a lot harder for law enforcement to issue DNS-based takedowns on, of course. Since it would route around the damage and keep functioning. As designed.
He may in some cases be forced to surrender a key to a strongbox containing incriminating documents, but I do not believe he can be compelled to reveal the combination to his wall safe —- by word or deed
Meaning the fingerprint gathering for the use of opening the phone is tantamount to compelled testimony in the general case, while the fingerprint gathering for the use of identification and matching is not.
Keys don't change. Fingerprints don't change. A biometric identifier is therefore not affirmative.
Combinations can change. Pin codes can change. Utilizing either requires active participation in a process. And is therefore affirmative.
Fingerprint usage is therefore tantamount to using a key, and if you are stupid enough to use a biometric identifier as an access method, you've picked a non-affirmative access method.
In a premises search, they can compel an unlock of phones by fingerprint, assuming you lock your phone that way.
The specific legal decision was the 1988 John DOE, Petitioner v. UNITED STATES. 487 U.S. 201 (108 S.Ct. 2341, 101 L.Ed.2d 184) decision.
It came down to whether on not an affirmative action was required on the part of someone, or if it was a non-affirmative action. Use of a key on a safe or lockbox is not affirmative. Being forced to enter the combination is not affirmative; it's tantamount to compelled testimony.
Here's the part of the decision of interest:
A defendant can be compelled to produce material evidence that is incriminating. Fingerprints, blood samples, voice exemplars, handwriting specimens, or other items of physical evidence may be extracted from a defendant against his will. But can he be compelled to use his mind to assist the prosecution in convicting him of a crime? I think not. He may in some cases be forced to surrender a key to a strongbox containing incriminating documents, but I do not believe he can be compelled to reveal the combination to his wall safe —- by word or deed.
Moral of this story: use a pin code, rather than using the fingerprint unlock. It may be a cool feature, but it offers you no legal protection.
I believe the theory is that if you practice something, you get better at it. An Uber driver (presumably) practices driving, which means they get better at it, which means that they don't automatically slow down any time they see a huge ball of fire in the sky (try 101 Northbound at 4-5 PM), or other stupid things that less practiced drivers do, meaning they end up not clogging things up, like less practiced drivers tend to do.
The expression "Sunday driver" is actually based on observations.
Slashdot Mirror
nVidia already competes on price and performance... AMD is just not a great competitor, and basically nobody else is bothering to try.
There is no way in hell a system designer is going to substitute a newer part, unless they can:
(A) do it without a redesign/board relayout
(B) do it in a way that lets them back out of the decision when the newer part screws up horribly
If you object to the "when" in option "(B)", then you can object by making the part not fail, when I have the option of backing out the part choice. If you don't fail, I don't back out the part choice.
It's really very simple.
The quoted statement from Apple about discontinuing the Apple Thunderbolt Display is close to confirmation that they're exiting that line of business. If the displays go fully out of stock for more than about a week, I will take it as full confirmation even if Apple doesn't formally say so.
They just came out with a whole bunch of USB-C stuff... and you are concerned about the Thunderbolt display? Looks to me as if actual Thunderbolt is about as dead as actual Firewire.
Perhaps if nVidia would quit changing BGA pinouts, companies would be more likely to substitute their newer processors.
Of course if they did that, companies might also substitute a competitors part instead. Then nVidia would end up having to compete on price/performance. And no one wants that.
According to the GP, you can...
"all but confirms"
So in other words, it's not confirmed, it's just speculation and rumor, right?
Does it mean we'll have to become racist to Spanish refugees again? it's so 1936...
I'm sure the 1918 Spanish flu pandemic had nothing whatsoever to do with a reluctance to have Spanish people anywhere near oneself...
They supply HALF of Europe's fruit and vegetables around Almeria, with the world's largest concentration of greenhouses.
You can see it from SPACE.
Southern Spain is one of the most beautiful parts of the earth.
When viewed from SPACE...
You might have noticed that back then the continents were in a different position.
Clearly, as the sea levels rise, they will float back! Duh!
They failed to double-blind the experiment.
They also failed to have a set of test subjects which they tested, and *post hoc* asked them to self-identify their social class.
It would also be interesting to scale "self identified social class" vs. "actual social class", across the results vectors.
Pretty crappy experiment. Sorry.
Shouldn't they have called it DRAMP?
> If the primaries were at Dyn, and the secondaries were not at Dyn, none of the sites would have experienced any downtime.
Until Dyn's secondaries are hit 5 minutes later... it's true that 2 is better than 1, but how about potentially tens of thousands?
You are still not getting this...
Dyn's secondaries were hit. If the secondaries were at Google, Yahoo, Hover, and other companies, they would need to DDOS every DNS server on the entire freaking Internet at the same time.
Say you have 12 domains, and you have a primary DNS (P) and a secondary DNS (S), and then you have 4 hosting primary companies A, B, C, and D, and the four of them get together and form a DNS pool, so that one of the other hosting companies acts as secondary for each of the domains for which they themselves are primary:
domains P....S
---------------
abc.com A -> B
def.com A -> C
ghi.com A -> D
jkl.com B -> A
mno.com B -> C
pqr.com B -> D
stu.com C -> A
vwx.com C -> B
abc.org C -> D
def.org D -> A
ghi.org D -> B
jkl.org D -> C
Now expand that to 10,000 hosting companies. Get it now? It's called a multiply connected network.
Its unlikely they are a sinking ship.
They have 258 positions currently open in sales, concurrent with laying off 300 people.
Intuitively, that means that the people being ejected are mostly underperforming sales account managers.
Other jobs are in machine learning, data analytics, and data scientists, which likely means that they are also having content control problems with troll and sock-puppet accounts, and they have little understanding of network effects, despite being a "social network".
Or... it means they have a tender offer, and want to reduce the PPE numbers to inflate (temporarily) the asking price for the company, in the same way that Word Perfect laid off all their people working on future product releases, prior to selling themselves to Novell.
Secondary DNS would not have helped here. The issue with DNS is that it's a centralizing service.
I understand that you have a particular drum to beat in this regard, but the problem is actually that Dyn hosted both the primaries and the secondaries, and they took Dyn offline.
If the primaries were at Dyn, and the secondaries were not at Dyn, none of the sites would have experienced any downtime.
So my IoT thing sends out a http request on port 80 of your web server, is that a DDOS attack or is that a valid request?
In my personal opinion?
It's always an attack, since IoT devices should connect to an Intranet server under your control, and not be vended routable addresses under any circumstances.
If your TTL is high enough, attacking a DNS service wouldn't deny service. The RFC says at least 1800s. Most of these sites have such poor uptime/architecture that their TTL is set to 120 or less.
Most caching servers at ISPs are set up in violation of the RFCs anyway:
* If they do not have an IPv6 upstream, they fail to filter IPv6 addresses out of their responses to downstream DNS requests.
* If they get some TTL value with less than their idea of a "minimum", they modify the TTL to be 300 or more seconds.
The first makes it hard to be "IPv6 by default", i.e. listing the IPv6 responses first in preference order over the IPv4, since it makes it not work for some people on the downstream side (the IPv6 addresses have to each time out before an IPv4 address, if there is one, is attempted).
The second makes it a real time consuming thing to do to have to wait 5 minutes between testing DNS reconfigurations to see if they work (and then you get 5 minutes of downtime when they don't, before you can fix them).
But I will. If you spit it up into two sections, then the attacker will simply attack both servers. How many secondary servers would you need before the attack is spread too thin to deny service? Who knows.
That's easy. You put ALL of them in the peering pool. If you don't put your servers in the peering pool, then an attack can take you down... but no one else. Good luck getting customers in the future.
It's very easy: 10,000 DNS servers means a 1:10,000 chance of them hitting both your primary and secondary servers for your domain. Unless it's YOU the bad guys are attacking, instead of the DNS infrastructure (and if it's YOU, you have other problems), then it's unlikely that both your primary and secondary will get hit.
But don't forget that the companies are paying for all this bandwidth.
Yes. And to make it fair, you scale your presence in the pool by the number of domains you are personally hosting. If you host 1,000 domains, then at most you will also be secondary for 1,000 domains. If you host 1,000,000 domains, then you will host at most 1,000,000 secondaries.
This is why it's a peering pool.
Even if their services stay online they're spending $$$ to keep them online while the attacker isn't spending any money.
One company is an acceptable casualty. It's likely, however, that the Bad Guys(tm) were either targeting a number of specific domains, or they were targeting Dyn itself.
Either way, you'd set up collective defense resources for all pool members (that way, even if they were just going after Dyn, you could still afford to go after the culprit).
Properly configured DNS secondaries hosted at different ISPs would have completely mitigated the problem for everyone but Dyn. Because Dyn hosts its own secondaries, hitting Dyn downed both primary and secondary servers.
ISPs need a peering pool arrangement for DNS secondaries, where secondaries are distributed over the entire pool.
This is how it was designed to work: multiply connected redundant secondaries.
The worst damage possible in that scenario is the inability to update DNS information hosted at Dyn itself, or to initiate zone transfers in or out of Dyn.
That reduces it from an attack on the DNS infrastructure to an attack on Dyn itself (which is much less important to everyone but Dyn).
Set up correct secondary DNS servers.
If the secondaries had not been hosted at the same company, but instead at various companies around the world, the attack would have had no effect on anything but traffic.
This is, by the way, how multiply connected networks are supposed to work.
This could be easily accomplished at no additional cost by having a peering-pool arrangement between all the host registrars, so that we ended up with a multiply connected redundant network.
Kind of how we designed the thing to work in the 1960's and 1970's, and DNS itself in the 1980's.
But a lot harder for law enforcement to issue DNS-based takedowns on, of course. Since it would route around the damage and keep functioning. As designed.
He may in some cases be forced to surrender a key to a strongbox containing incriminating documents, but I do not believe he can be compelled to reveal the combination to his wall safe —- by word or deed
Meaning the fingerprint gathering for the use of opening the phone is tantamount to compelled testimony in the general case, while the fingerprint gathering for the use of identification and matching is not.
Keys don't change. Fingerprints don't change. A biometric identifier is therefore not affirmative.
Combinations can change. Pin codes can change. Utilizing either requires active participation in a process. And is therefore affirmative.
Fingerprint usage is therefore tantamount to using a key, and if you are stupid enough to use a biometric identifier as an access method, you've picked a non-affirmative access method.
In a premises search, they can compel an unlock of phones by fingerprint, assuming you lock your phone that way.
The specific legal decision was the 1988 John DOE, Petitioner v. UNITED STATES. 487 U.S. 201 (108 S.Ct. 2341, 101 L.Ed.2d 184) decision.
It came down to whether on not an affirmative action was required on the part of someone, or if it was a non-affirmative action. Use of a key on a safe or lockbox is not affirmative. Being forced to enter the combination is not affirmative; it's tantamount to compelled testimony.
Here's the part of the decision of interest:
A defendant can be compelled to produce material evidence that is incriminating. Fingerprints, blood samples, voice exemplars, handwriting specimens, or other items of physical evidence may be extracted from a defendant against his will. But can he be compelled to use his mind to assist the prosecution in convicting him of a crime? I think not. He may in some cases be forced to surrender a key to a strongbox containing incriminating documents, but I do not believe he can be compelled to reveal the combination to his wall safe —- by word or deed.
Moral of this story: use a pin code, rather than using the fingerprint unlock. It may be a cool feature, but it offers you no legal protection.
I wouldn't be suprised if some men (circumsised with dry penis heads) do just that, as there are crease patterns all over it's dome
Of course they do. Then the phone camera is already in the right area for the drunken picture sent to their mom instead of their girlfriend.
"Wouldn't they be stuck in the traffic as well?"
I believe the theory is that if you practice something, you get better at it. An Uber driver (presumably) practices driving, which means they get better at it, which means that they don't automatically slow down any time they see a huge ball of fire in the sky (try 101 Northbound at 4-5 PM), or other stupid things that less practiced drivers do, meaning they end up not clogging things up, like less practiced drivers tend to do.
The expression "Sunday driver" is actually based on observations.
I foresee a big market in ablative popcorn armor.
They're introducing the new Note 7 battery technology so the phones can be remote immolated if you carry them out.
What moderation is the intersection between "Funny" and "Flamebait, but in a funny way"?
4) As a bonus, you can push it as 1980's retro and grab a few more of the 'get off my lawn' crowd here.
I see a flaw with this step in your plan: Casio is unlikely to license their logo and trademark.