Google and facebook have realized that some problems are not (economically) surmountable.
The problems are the following: The closer you fly your satelite to the earth, the more resistance it has from the atmosphere. The density of the atmosphere reduces by a factor of 100 each 46 km of height. So at "100km", you have about 10000 times less air than at the surface. Some people call that space. At 200km the air pressure is about 100 million times less than what it is over here. That is enough to have a reasonable decay rate of weeks/months/years. "skylab" came down after a few decades, right?
The further away you fly your satellites, the longer the travel times will be for the signals. This equates to ping-times. Hmm. 200km is 0.6 ms, quite acceptable. Both ways. 1.3ms. Still fine. Double the distance to 400km for slower decay times, and you're still about 10 times faster than a normal ADSL line. Acceptable. Not a problem. (the problem here is the same for everybody. The satellites will then play "pass the hot potato" to one that's flying above the ground station and beam your packet down to earth. Assuming your halfway around the globe, that will be about 10000 km. That's with 66ms (round trip) already more than what you get with a residential ADSL line. Still not too shabby.)
The problem with putting satellites high is that the distance to the user becomes large. You want them as close as possible.
The closer you put them, the more you need. -> 4000 of them. This however is not just a one-time investment: because they are low, their orbits decay and they fall back to earth on relatively short notice. If you need 4000 of them, they are not going to be large. So they are small. If you have a cubesate (10cm cubed) weighing 1kg, its orbit will decay just like a 100kg satellite of 10x100x100cm (flying the wrong side towards the front). But a bigger satellite is likely to be 100x100x100cm and weigh not 100, but 1000kg. The extra weight helps keep it in orbit, the extra size in the flying direction does not make a big difference. So the small satellites decay fast as well!
... arrest the 5-year-old with glasses in a superman costume. Everybody knows that Superman's glasses are a lethal weapon.
The shoot first, ask questions later attitude in the US is making me afraid. And the willingness of the police to come up with "charges" when they find nothing out of the ordinary.
The idea of a free country is that you can go about your business without getting arrested and thrown in jail for nothing. That "business" should include say hobbies that not everybody shares. Some people like to dress up. Some girls "fancy", some guys "as girls" and some nerds "as TV characters".
If on the report of a "gun sighted" the police rush out: Great. If they then arrest him, take him to the police station and then tell him: You had us scared for a moment, please don't do this again, that's "so so". But if they then CHARGE him with things just to make their trip seem useful then that's bad.
If they tell the man who reported this: Hey, that was just a guy in a costume from a TV show, please look better before you call us over. Then that's good. If they tell him: "great! we arrested the guy", then that's bad.
Glad I don't live in the US. This kind of story makes me want to go to a supermarket, buy a pressure cooker and take it home by public transport. Then forget it somewhere on the bus....
What if the protection on planes is so bad that a passenger can use the inflight entertainment system to gain virtual access to the controls of the plane?
Suppose you are a security researcher and find this out. What do you do? Tell boeing! They... do nothing. Tell the airline! They.... do nothing.
It all starts with a belief issue. You hack into the entertainment system, compromise the firewall and see plane-control messages flying around on the network you now have gained access to. This is enough for a sufficiently technical person to be convinced of having gotten too far for comfort. At that point you know you are only one step away from taking control of the airplane.
Tell anybody less technical about it and they will not be convinced that you'd be able to move the plane. For example, today with this news today someone already voiced: "he might only THINK he moved the plane" (... while in fact the pilots initiated that maneuver).
So... to prove to the world that there indeed is a dangerous situation, you need to actually make the plane move.
And this is where everybody gets their panties in a knot. Suddenly the guy who reports that the planes are not secure enough is the bad guy and needs to be thrown in jail.
Examples of people reporting security problems and being ignored include: On a saturday night two men walking their dogs notice that the bank has left a window open. A person can just climb into.. the bank! So monday morning they walk into the bank, tell them about it, bank says thank you and... nothing happens. Next weekend, window is again left open. So they tell the bank again. And again. After a few times, to prove the point, they decide to climb in, and photograph what access they have once inside the bank. They got into a lot of trouble for that. But since then, the window has been closed.
Personally I have reported security problems in computers without going that extra mile of "making the plane move". In one instance I've reported such a misconfiguration to over 100 system administrators. Two hours later, saturday afternoon, the first response: "Thanks, fixed". Come monday morning, one response: "we know, not a security issue, get lost.". And all others were "no response". A year later more than 50% of the computers where I reported the configuration error were still vulnerable.
With laws being written in such a way that the "white hats" (*) can be thrown in jail, we create an environment where the white hats are either ignored or thrown in jail. Before you know it, the "white hats" are too afraid to report anything and stop reporting real problems. In that situation, you only find out the problems when a bad guy ends up crashing a plane.
Boeing: invite the guy over to show you the problem. Once that hole has been closed, invite him over, pay his hotel an meals for a week while he hacks at a "fixed" plane on the ground at your facilities. Credit him for making aviation safer.
(Do this, before someone makes it stick that: "Boeing created this system with such bad security that it put passengers at risk.").
(*) the researchers that report the problems they find without causing real harm,
They found a statistical relationship between the results from "normal" people and "people with cancer". This means that it MIGHT be possible to develop this into a test.
But this "result" (a statistical difference) might be that they got an average score of 98 +/- 10 for the healty people and 102 +/- 10 for the people-with-cancer. So someone who scores 100, healty or has cancer? 105? Can still go both ways.
I take such news with a grain of salt. In my experience/estimates, about 80% of security experts report "not possible to reproduce/impossible to exploit" for REAL exploitable bugs.
I'm guessing that of the hundreds of thousands of people who get that "mass mailing", some are reporting the mails as SPAM to the authorities. Even if there is an "unsubscribe link" somewhere.
Those that do this, might have subscribed in the past and now no longer use Microsoft software. Or maybe Microsoft at one point decided to add a class-of-users to the list automatically (which I think they shouldn't have done if they did).
In any case, with so many users, the chances of being reported as spammers are 100%. So I understand the pressure to stop.
Here in holland and across europe the same is being done. The thing is, technically, many homes are hooked up with a line physically capable of say 20mpbs, but with only a 10mbps subscription. The extra bandwidth can be alotted to "guest users".
Similarly, even if someone has a 20(or more) mbps subscription on a 20mbps line, he/she won't be using all of it all of the time. So you can again use part of the bandwidth for guests. In this case it would be fair to give the original subscriber priority to use whatever he/she wants, and put the guests at a lower priority.
Oh, security wise they also separate the original subscriber from the guests.
I have the impression they do this "sensibly": the subscribers don't really have a valid reason to be upset about it.
And the thing is: If you're a subscriber, suddenly there are hundreds or thousands of places where you won't be using your 3G datalink but a wifi hotspot. Faster, cheaper!
Getting into "admin" mode is a big deal. Even if you don't see a direct way of making money off that, someone else might. (see ingenium's post).
And even then, it should be "confidential information" how much money is in there. If the crooks get to check on the amount that's in there over a period, they can decide to crack it open at "just" the right time. Should improve their "profits" by a factor of two on average.
If you're right and absolutely the only thing they can do is to dispense bills into the "not-dispensed" basket, there is a "denial-of-service" attack: Dispense all bills into the wastebasket just after the machine has been filled. Now the machine will be empty until the next refill. VERY annoying for the people who out-of-habit only go to one ATM.
You have this creditcard. It works in the mall, it works at the cinema. You go somewhere where you know your brother/friend/whatever also has a creditcard that also works in the obvious places. Do you remember to call the credit card company?
What if the bad guys manage to find your account details at a badly protected webshop? They call the creditcard company saying you'll e doing a few purchases across the country (or abroad). Try it once or twice to see what the creditcard company asks to verify it's you, and most likely the crooks will be able to prepare that information.
This doesn't fix the problem. It makes the chances of exploitation a bit smaller, on a "per-try" basis.
Back in the old days, some daemons or setuid programs would do insecure things with/tmp. So the hacker would make a program: target = "/tmp/somefile"; while (1) {
unlink (target);
link ("/etc/passwd", target);
unlink (target);
link ("/tmp/myfile", target); } The daemon would check access permissions of the "target", hopefully after the last line in the loop, then open and write the target, hopefully after the second line inside the loop. Leave this running, trigger the target app, and you get the target app to write somewhere where it shouldn't (in this case/etc/passwd. Get it to add "\nmyroot::0:0::::\n" to make the system allow you to login as root without a password....)
The same applies to this stack/compiler randomization tricks: The hacker first tries at a slow pace, but instead of hacking your system, fails to get in because he's crashing your service deamon. You notice your service going down every day or so. Buggy software. Stupid randomization! No time to fix, and you make the daemon restart automatically. And bingo! Now the hacker can try thousands of times!
In cryptography, care has been taken that you can't figure out one of the "bits" of the key by a simple search. So that the exponential search (find the key among 2^256 possible keys) does not become "256 times: find bit n". To guarantee that no "bit leaking" will happen in a buggy program is very, very difficult: The designers of the program don't know where the bug is, the compiler doesn't know where the bug is, but the attacker does!
So... if this goes mainstream, the hackers will find a way to extract little bits of knowledge of the randomization, determine what the actual randomization was, and then attack the service as usual.
Of course, there will be cases where say: the time for the attack is increased beyond the attack-detection-time. So instead of the attack being succesful, the attack might be detected and averted.
Anyway, I much rather have something that actually WORKS instead of "has a chance of working". But maybe that's just me.
As this is from a western company (HP), I expect such technical claims to be reasonably reliable. They claim 1024x768 resolution, which is 100% correct. For something less easy to measure (for me), if they claim 2000 ANSI-lumen, I expect at least say 1800, with the "excuse" something like: we put it on the "boost" setting for that measurement (and then decided not to put it in the final product because it reduces lamp-life a lot).
I decided 15 years ago when I bought my DLP projector that I wouldn't settle for less than 2000 Lumen. Back then this was an expensive "restriction". But 75????
To be taken serously, the home page needs to mention something more recent than 2008 in the "on the web" section. And the "we're active, see the git log" link needs to point somewhere other than a 404....
Haha. I worked on a project where the machine doesn't const a lowly $50K. The machine costs on the order of $2M. The machine has processed (I just looked it up) about $40B worth of product... And it's still running software from around '2000. (installed in '97, upgraded in '00)
I wrote software that is now cloned to 5 machines. The machine runs a terribly old OS, no longer supported. But the rest of the machine cost about $2M each....replacing them or part is not an option! So: don't connect it to the internet. These machines have processed countless billions worth of product. The product is worth more than whatever can be found on the machine, so yes the operators will be able to use a privilege escalation bug to gain root access.
> Yes.... but I belive that's more about HONORING What you advertise. > If the printed price they stuck on the goods says "$300" on a $3000 on > a brand new Macbook pro; they better honor it. In The Netherlands, the law states that they have to honour the advertized price as long as it can be reasonably assumed not to be an error. With mega-discounts and super-cheap deals for various products the "spot the error" can become difficult. On the other hand, the $300 on the $3000 macbook would be considered an "obvious error". The $80 for a $800 flight however cannot! The cheap airlines have been selling fights for that kind of rates for ages, so even when an airline that normally doens't do this proposes such a deal, that should be considered "entirely plausible" by the consumer.
The "bends" in the curve they plot are too abrupt. There must be something else going on.
Looking at the original article, they had only about 3500 drives around 2009. That's 4 years ago. So their "4 year" survival rate is not based on the 25000 drives they have now, but only on the 3500 that they had in 2009. With the sharp bends in the curves around 1.5 years and 3 years, I think they significantly changed their buying policy around those moments. Or the manufacturers started shipping them different drives.
How else can the drive "know" that it's been on for 1.5 years? The annual failure rate drops by a factor of four inside a month.
The explanation of the bathtub curve eplains it a bit, the random failures is apparently about 1.4% per year. The initial failure is about 5.1-1.4= 3.7 per year. But instead of the initial failures "tapering off" to "small" values around 1.5 years, they stay constant for 1.5 years, and then suddenly drop to zero. To me this points to something like: "they bought a big batch of drives about 1.5 years ago that has such a high random-failure-rate to pull the average first-1.5-year average up to 5.1%/year".
Do the same analysis 3 months from now, and the "1.5 year bend" moves over to 1.75 years. That's my hypothesis based on the data they publish. Having the underlying data and some time to spare, the current data may debunk or prove my hypothesis already. (e.g. if you run the analysis on the data that is now older than 3 months will, if my hypothesis is correct, show the bend around 1.25 years. If that happens, it makes my hypothesis very likely.....)
You don't need a GPU at all. A screen is 2Mpixels. Refreshing that about 60 times per second is enough to create the illusion of fluid motion for most humans. So that's only 120Mpixels per second. Any modern CPU can do that!
Why do you have a GPU? Because it's not enough to just refresh the pixels. You need (for some applications, e.g. gaming) complex 3D calculations to determine which pixels go where. And in complex scenes, it is not known in advance what objects will be visible and which ones (or part) will be obscured by other objecs. So instead of doing the complex calculations to determine what part of what object is visible, it has been shown to be faster to just draw all objects, but to check on drawing each pixel which object is closer, the already drawn object or the currently being drawn object.
In Holland, 100% of the car-cyclist collisions are "caused" by the car. The law was modified to DEFINE it that way. The motorist is ALWAYS responsible.
On the other hand, "poor decisions by the cyclist" is still compatible with: "caused by the motorist". If the cyclist takes more "margin" a traffic violation (would've "caused" the accident) by a motorist will avoid injury.
One of the things I always do while cycling is: if they don't CLEARLY give me the right-of-way that I have, I slow down so that I can stop in time for them without getting hurt. This will COST them time. Because I can't speed up infinitely fast once they HAVE clearly stoped for me (and I might pretend to be speeding up quickly afterwards, while in fact... not..:-) . If 10-20% of the cyclists do this, the motorists will learn to properly respect the right-of-way rules soon enough....
Slashdot Mirror
Google and facebook have realized that some problems are not (economically) surmountable.
The problems are the following: The closer you fly your satelite to the earth, the more resistance it has from the atmosphere. The density of the atmosphere reduces by a factor of 100 each 46 km of height. So at "100km", you have about 10000 times less air than at the surface. Some people call that space. At 200km the air pressure is about 100 million times less than what it is over here. That is enough to have a reasonable decay rate of weeks/months/years. "skylab" came down after a few decades, right?
The further away you fly your satellites, the longer the travel times will be for the signals. This equates to ping-times. Hmm. 200km is 0.6 ms, quite acceptable. Both ways. 1.3ms. Still fine. Double the distance to 400km for slower decay times, and you're still about 10 times faster than a normal ADSL line. Acceptable. Not a problem. (the problem here is the same for everybody. The satellites will then play "pass the hot potato" to one that's flying above the ground station and beam your packet down to earth. Assuming your halfway around the globe, that will be about 10000 km. That's with 66ms (round trip) already more than what you get with a residential ADSL line. Still not too shabby.)
The problem with putting satellites high is that the distance to the user becomes large. You want them as close as possible.
The closer you put them, the more you need. -> 4000 of them. This however is not just a one-time investment: because they are low, their orbits decay and they fall back to earth on relatively short notice. If you need 4000 of them, they are not going to be large. So they are small. If you have a cubesate (10cm cubed) weighing 1kg, its orbit will decay just like a 100kg satellite of 10x100x100cm (flying the wrong side towards the front). But a bigger satellite is likely to be 100x100x100cm and weigh not 100, but 1000kg. The extra weight helps keep it in orbit, the extra size in the flying direction does not make a big difference. So the small satellites decay fast as well!
... arrest the 5-year-old with glasses in a superman costume. Everybody knows that Superman's glasses are a lethal weapon.
The shoot first, ask questions later attitude in the US is making me afraid. And the willingness of the police to come up with "charges" when they find nothing out of the ordinary.
The idea of a free country is that you can go about your business without getting arrested and thrown in jail for nothing. That "business" should include say hobbies that not everybody shares. Some people like to dress up. Some girls "fancy", some guys "as girls" and some nerds "as TV characters".
If on the report of a "gun sighted" the police rush out: Great. If they then arrest him, take him to the police station and then tell him: You had us scared for a moment, please don't do this again, that's "so so". But if they then CHARGE him with things just to make their trip seem useful then that's bad.
If they tell the man who reported this: Hey, that was just a guy in a costume from a TV show, please look better before you call us over. Then that's good. If they tell him: "great! we arrested the guy", then that's bad.
Your "speeding ticket" got thrown out of court due to mismanagement and slowness of the court.
In my case I had GPS proof I wasn't speeding at the time on the ticket. Went to court was convicted. "We have the pictures you were speeding". Sigh.
Glad I don't live in the US. This kind of story makes me want to go to a supermarket, buy a pressure cooker and take it home by public transport. Then forget it somewhere on the bus....
What if the protection on planes is so bad that a passenger can use the inflight entertainment system to gain virtual access to the controls of the plane?
Suppose you are a security researcher and find this out. What do you do? Tell boeing! They... do nothing. Tell the airline! They.... do nothing.
It all starts with a belief issue. You hack into the entertainment system, compromise the firewall and see plane-control messages flying around on the network you now have gained access to. This is enough for a sufficiently technical person to be convinced of having gotten too far for comfort. At that point you know you are only one step away from taking control of the airplane.
Tell anybody less technical about it and they will not be convinced that you'd be able to move the plane. For example, today with this news today someone already voiced: "he might only THINK he moved the plane" (... while in fact the pilots initiated that maneuver).
So... to prove to the world that there indeed is a dangerous situation, you need to actually make the plane move.
And this is where everybody gets their panties in a knot. Suddenly the guy who reports that the planes are not secure enough is the bad guy and needs to be thrown in jail.
Examples of people reporting security problems and being ignored include: On a saturday night two men walking their dogs notice that the bank has left a window open. A person can just climb into.. the bank! So monday morning they walk into the bank, tell them about it, bank says thank you and... nothing happens. Next weekend, window is again left open. So they tell the bank again. And again. After a few times, to prove the point, they decide to climb in, and photograph what access they have once inside the bank. They got into a lot of trouble for that. But since then, the window has been closed.
Personally I have reported security problems in computers without going that extra mile of "making the plane move". In one instance I've reported such a misconfiguration to over 100 system administrators. Two hours later, saturday afternoon, the first response: "Thanks, fixed". Come monday morning, one response: "we know, not a security issue, get lost.". And all others were "no response". A year later more than 50% of the computers where I reported the configuration error were still vulnerable.
With laws being written in such a way that the "white hats" (*) can be thrown in jail, we create an environment where the white hats are either ignored or thrown in jail. Before you know it, the "white hats" are too afraid to report anything and stop reporting real problems. In that situation, you only find out the problems when a bad guy ends up crashing a plane.
Boeing: invite the guy over to show you the problem. Once that hole has been closed, invite him over, pay his hotel an meals for a week while he hacks at a "fixed" plane on the ground at your facilities. Credit him for making aviation safer.
(Do this, before someone makes it stick that: "Boeing created this system with such bad security that it put passengers at risk.").
(*) the researchers that report the problems they find without causing real harm,
They found a statistical relationship between the results from "normal" people and "people with cancer". This means that it MIGHT be possible to develop this into a test.
But this "result" (a statistical difference) might be that they got an average score of 98 +/- 10 for the healty people and 102 +/- 10 for the people-with-cancer. So someone who scores 100, healty or has cancer? 105? Can still go both ways.
The number of passengers has been adjusted from 280 to 283. There were 15 crew on board.
I take such news with a grain of salt. In my experience/estimates, about 80% of security experts report "not possible to reproduce/impossible to exploit" for REAL exploitable bugs.
I'm guessing that of the hundreds of thousands of people who get that "mass mailing", some are reporting the mails as SPAM to the authorities. Even if there is an "unsubscribe link" somewhere.
Those that do this, might have subscribed in the past and now no longer use Microsoft software. Or maybe Microsoft at one point decided to add a class-of-users to the list automatically (which I think they shouldn't have done if they did).
In any case, with so many users, the chances of being reported as spammers are 100%. So I understand the pressure to stop.
Here in holland and across europe the same is being done. The thing is, technically, many homes are hooked up with a line physically capable of say 20mpbs, but with only a 10mbps subscription. The extra bandwidth can be alotted to "guest users".
Similarly, even if someone has a 20(or more) mbps subscription on a 20mbps line, he/she won't be using all of it all of the time. So you can again use part of the bandwidth for guests. In this case it would be fair to give the original subscriber priority to use whatever he/she wants, and put the guests at a lower priority.
Oh, security wise they also separate the original subscriber from the guests.
I have the impression they do this "sensibly": the subscribers don't really have a valid reason to be upset about it.
And the thing is: If you're a subscriber, suddenly there are hundreds or thousands of places where you won't be using your 3G datalink but a wifi hotspot. Faster, cheaper!
Getting into "admin" mode is a big deal. Even if you don't see a direct way of making money off that, someone else might. (see ingenium's post).
And even then, it should be "confidential information" how much money is in there. If the crooks get to check on the amount that's in there over a period, they can decide to crack it open at "just" the right time. Should improve their "profits" by a factor of two on average.
If you're right and absolutely the only thing they can do is to dispense bills into the "not-dispensed" basket, there is a "denial-of-service" attack: Dispense all bills into the wastebasket just after the machine has been filled. Now the machine will be empty until the next refill. VERY annoying for the people who out-of-habit only go to one ATM.
You have this creditcard. It works in the mall, it works at the cinema. You go somewhere where you know your brother/friend/whatever also has a creditcard that also works in the obvious places. Do you remember to call the credit card company?
What if the bad guys manage to find your account details at a badly protected webshop? They call the creditcard company saying you'll e doing a few purchases across the country (or abroad). Try it once or twice to see what the creditcard company asks to verify it's you, and most likely the crooks will be able to prepare that information.
This doesn't fix the problem. It makes the chances of exploitation a bit smaller, on a "per-try" basis.
Back in the old days, some daemons or setuid programs would do insecure things with /tmp. So the hacker would make a program: /etc/passwd. Get it to add "\nmyroot::0:0::::\n" to make the system allow you to login as root without a password....)
target = "/tmp/somefile";
while (1) {
unlink (target);
link ("/etc/passwd", target);
unlink (target);
link ("/tmp/myfile", target);
}
The daemon would check access permissions of the "target", hopefully after the last line in the loop, then open and write the target, hopefully after the second line inside the loop. Leave this running, trigger the target app, and you get the target app to write somewhere where it shouldn't (in this case
The same applies to this stack/compiler randomization tricks: The hacker first tries at a slow pace, but instead of hacking your system, fails to get in because he's crashing your service deamon. You notice your service going down every day or so. Buggy software. Stupid randomization! No time to fix, and you make the daemon restart automatically. And bingo! Now the hacker can try thousands of times!
In cryptography, care has been taken that you can't figure out one of the "bits" of the key by a simple search. So that the exponential search (find the key among 2^256 possible keys) does not become "256 times: find bit n". To guarantee that no "bit leaking" will happen in a buggy program is very, very difficult: The designers of the program don't know where the bug is, the compiler doesn't know where the bug is, but the attacker does!
So... if this goes mainstream, the hackers will find a way to extract little bits of knowledge of the randomization, determine what the actual randomization was, and then attack the service as usual.
Of course, there will be cases where say: the time for the attack is increased beyond the attack-detection-time. So instead of the attack being succesful, the attack might be detected and averted.
Anyway, I much rather have something that actually WORKS instead of "has a chance of working". But maybe that's just me.
As this is from a western company (HP), I expect such technical claims to be reasonably reliable. They claim 1024x768 resolution, which is 100% correct. For something less easy to measure (for me), if they claim 2000 ANSI-lumen, I expect at least say 1800, with the "excuse" something like: we put it on the "boost" setting for that measurement (and then decided not to put it in the final product because it reduces lamp-life a lot).
I decided 15 years ago when I bought my DLP projector that I wouldn't settle for less than 2000 Lumen. Back then this was an expensive "restriction". But 75????
Daniel phillips, where have I heard that name before? It was in the last few days.... :-) Ah! :-)
To be taken serously, the home page needs to mention something more recent than 2008 in the "on the web" section. And the "we're active, see the git log" link needs to point somewhere other than a 404....
Haha. I worked on a project where the machine doesn't const a lowly $50K. The machine costs on the order of $2M. The machine has processed (I just looked it up) about $40B worth of product... And it's still running software from around '2000. (installed in '97, upgraded in '00)
I wrote software that is now cloned to 5 machines. The machine runs a terribly old OS, no longer supported. But the rest of the machine cost about $2M each....replacing them or part is not an option! So: don't connect it to the internet. These machines have processed countless billions worth of product. The product is worth more than whatever can be found on the machine, so yes the operators will be able to use a privilege escalation bug to gain root access.
Anyway, they run Linux 2.4 on Suse 7.2....
Same here.
> Yes.... but I belive that's more about HONORING What you advertise.
> If the printed price they stuck on the goods says "$300" on a $3000 on
> a brand new Macbook pro; they better honor it.
In The Netherlands, the law states that they have to honour the advertized price as long as it can be reasonably assumed not to be an error. With mega-discounts and super-cheap deals for various products the "spot the error" can become difficult. On the other hand, the $300 on the $3000 macbook would be considered an "obvious error".
The $80 for a $800 flight however cannot! The cheap airlines have been selling fights for that kind of rates for ages, so even when an airline that normally doens't do this proposes such a deal, that should be considered "entirely plausible" by the consumer.
The "bends" in the curve they plot are too abrupt. There must be something else going on.
Looking at the original article, they had only about 3500 drives around 2009. That's 4 years ago. So their "4 year" survival rate is not based on the 25000 drives they have now, but only on the 3500 that they had in 2009. With the sharp bends in the curves around 1.5 years and 3 years, I think they significantly changed their buying policy around those moments. Or the manufacturers started shipping them different drives.
How else can the drive "know" that it's been on for 1.5 years? The annual failure rate drops by a factor of four inside a month.
The explanation of the bathtub curve eplains it a bit, the random failures is apparently about 1.4% per year. The initial failure is about 5.1-1.4= 3.7 per year. But instead of the initial failures "tapering off" to "small" values around 1.5 years, they stay constant for 1.5 years, and then suddenly drop to zero. To me this points to something like: "they bought a big batch of drives about 1.5 years ago that has such a high random-failure-rate to pull the average first-1.5-year average up to 5.1%/year".
Do the same analysis 3 months from now, and the "1.5 year bend" moves over to 1.75 years. That's my hypothesis based on the data they publish. Having the underlying data and some time to spare, the current data may debunk or prove my hypothesis already. (e.g. if you run the analysis on the data that is now older than 3 months will, if my hypothesis is correct, show the bend around 1.25 years. If that happens, it makes my hypothesis very likely.....)
What I'm trying to say is: In theory a CPU is fast enough to refresh all pixels within the time of a single frame.
But having a GPU that can do things to the screen while the CPU does other neccessary stuff makes sense. It starts with 2D bitblits.
You don't need a GPU at all. A screen is 2Mpixels. Refreshing that about 60 times per second is enough to create the illusion of fluid motion for most humans. So that's only 120Mpixels per second. Any modern CPU can do that!
Why do you have a GPU? Because it's not enough to just refresh the pixels. You need (for some applications, e.g. gaming) complex 3D calculations to determine which pixels go where. And in complex scenes, it is not known in advance what objects will be visible and which ones (or part) will be obscured by other objecs. So instead of doing the complex calculations to determine what part of what object is visible, it has been shown to be faster to just draw all objects, but to check on drawing each pixel which object is closer, the already drawn object or the currently being drawn object.
In Holland, 100% of the car-cyclist collisions are "caused" by the car. The law was modified to DEFINE it that way. The motorist is ALWAYS responsible.
On the other hand, "poor decisions by the cyclist" is still compatible with: "caused by the motorist". If the cyclist takes more "margin" a traffic violation (would've "caused" the accident) by a motorist will avoid injury.
One of the things I always do while cycling is: if they don't CLEARLY give me the right-of-way that I have, I slow down so that I can stop in time for them without getting hurt. This will COST them time. Because I can't speed up infinitely fast once they HAVE clearly stoped for me (and I might pretend to be speeding up quickly afterwards, while in fact... not.. :-) . If 10-20% of the cyclists do this, the motorists will learn to properly respect the right-of-way rules soon enough....