So the moral of the story here ought to be that while the USA may be a tech leader, it isn't as if there are not tech centers in the rest of the world more than capable of building technology on the leading edge.
So when people the like the FBI director make asinine statements like how people will switch to non US crypto technologies and message platforms only 'theoretically' they should respond with laughter.
CONgress and the Administration need to pull their heads out of their assess (which will be hard given how far up there they are) and realize that if they insist on stupid export controls and technology that legally has to be broken by design; they will accomplish none of their security goals and only harm our economy in the process.
He might have foolishly tried to slow or stop the car, or maybe he was walking to the mailbox to get mail after exiting the car, its possible it did not start rolling immediately and picked up speed before he heard it coming.
So here is your PSA. When parking a car with a manual transmission always set the parking break AND leave the vehicle in first gear or reverse. This protects you in case the parking break should fail and if you make it habit to do both its very like you will always remember to do at least one even if you are distracted or your mind is elsewhere.
I realize you can't leave the vehicle running and in gear, but in general you should not leave a vehicle running without a driver present anyway except in unusually situations where you can be mindful enough to double check you have set the break and verify the car will not roll upon exit by giving it a slight push.
A second technical reason that prevents even me from running games included in the distro or distributed as.deb : I can't install a 600MB game or smaller at all, that's more than there's free space on the / partition
So to clarify, you don't want to use sane package management and would prefer to basically spray software all over the place like the Windows drive letter model because you can't mange your storage effectively? Look first off it 2016, you don't have a good excuse for not have 600MB free on a volume especially root.
Second you should be using some kind of pooled storage. In fact just about everyone should. You should also be using a file system that handles that well. Severs with specific performance needs might be an exception but no desktop linux should be using extX on partitions. The right thing to do for the average end user is Btrfs or ZFS with the different top directories in their own subvolumes. That way they can grow and share space with each other efficiently. You don't need to decide ahead of time how big partition X ought to be. You still get an easy way to handle different backup requirements, and nice like like snapshots that can be used like system restore points etc for free.
Ubuntu should work on put the UI and easy of use bits around that sort of thing rather than trying to solve problems that nobody really has, like SNAP.
I agree I think the next 2 years or so will prove the likes of SNAP and docker to be about the worst thing to happen to computer security since Windows came on the seen.
I have every confidence that hacking Linux systems is going to become shooting fish in a barrel. Exploit some obsolete lib -> get shell -> run precanned generic container escape code and get root.
Having attended a lot of schooling and even earned a degree does not imply you know the first thing about civics, if that isn't what you studied. If that was not true, there would not be so many ridiculous videos on the internet asking college students how say "the electoral collage works" and getting blank stairs or completely confused answers.
Conservatives on the other hand tend to be 'preoccupied' with the system and learn the rules.
Only a fool gets up and leaves money on the table. The rules are the rules, living in society means you follow them, being successful means understanding them maximizing the benefit or minimizing the harm you suffer as a result of the rules.
Our tax code is an atrocity, its been used and abused as a social policy tool for so long and has had some much unneeded complexity written into it that its become like and RPG with so many rules any sane person would throw their hands up and say "I refuse to play this mess". So yes we talk about it and agonize over the rules and their application because what "basis cost" means in this sentence or that can impact many of us to the tune of several thousand dollars. So you bet we pay attention.
The [tax] benefits we give to poor people are so limited compared to what we give to the top 1% [of taxpayers]
I think someone should read up on the "Earned Income Tax Credit". There was no point in reading anything after the first sentence, this person is obviously a totally clueless idiot.
The poor benefit handsomely from our, I would say overly progressive, tax system. Its the middle class that gets the squeeze. The very wealth have access to tax avoidance strategies and investment vehicles that get favorable tax treatment. The poor get outright handouts at tax time and mostly end up paying no federal taxes at all. Meanwhile the middle class foots almost the entire bill, and gets basically only the mortgage interest deduction and child credits as a consolation prize.
I'll agree the UI performance is abysmal even on the newest kit. My parents just got new boxes and I was visiting them a couple weeks ago and its still slow. It would be a pretty nice UI otherwise. Their 'apps' are nice my dad showed them to me on his Android phone and mom's Iphone. They both performed very well and were pretty usable.
I can't get cable where I am. I dropped DirectTV last year because I don't really watch enough, I can't get thru other distribution channels to justify the expense. Their UI was an atrocity. It was like 2003 called and wants their cable box back. They kept adding features but it was all willynilly no sense of organization and the list of choices just got longer and longer. Scrolling thru the line up the most basic feature was painful slow.
Quite honestly I think the problem is they don't really have much to compete on. I mean its not like they don't all buy the same content and roll it into very similar packages. Assuming you are in one of the few places where you have a choice what makes ComCraps vs. IndirectTV vs. GIOS vs. MyVerse offerings much different.
In terms of media very very little. Pretty much comes down to Internet service offerings being better on Cable or Fiber than the DSL that gets packaged with Satellite providers.
Independent of if you think Internet service has reached the 'good enough point' for most people or you think the industry has colluded to make it universally crappy they have basically decided as an industry they don't want to compete on Internet service, if they did data-caps (at least on wire-line products) would not be a thing. I get that too the risk of municipal ISPs and other disruptors like Google Fiber showing up and blowing their Internet business out the door are pretty high.
So these guys literally want to keep user experience as a potential ground to compete on. I think this is a bit silly as the usability and features of these things is likely to converge quickly anyway, but I can still see their motivation to try. if it works it a low cost potentially high impact way to compete. XFinity X1 really is way nicer than most of the alternatives. All things being equal otherwise it would be a reason to choose Comcast over the others.
The more data you warehouse, and the more valuable that data is, the more interested in breaching your security the hackers of the world are.
Yes to some degree. I do thing data obeys the lows of entropy in that it flows from high concentration to lower concentration, the more data you have the greater the effort required to store, and control access to it.
Better idea: Don't mass warehouse data, or, if you decide to do so, keep that data isolated from your internet facing network, and pay for proper security featuring penetration testing and security auditing.
The latter part but not the first part. The data is only useful if the right people can access it. Availability is part of the security triad. If your analysts have to take a bus to a special building on your campus and provide a blood sample to look at the database: they won't. You won't get the value out of it. There is a compromise here, the answer is use proper protection and make the correct investment in security. Have two factor (real two factor) access controls on your network, use technology like 802.1x, IDS all the things, have a good SEIM solution in place and people who know how to tune and are actively monitoring it 24x7 on staff! Do a pentest, do red-team pentests where there are no rules, the pentest team can make phone calls, social engineer, phish etc. Have a solid awareness program with real consequences for employees who don't participate and fail when audited.
do you calculate in the time of your own IT staff that you would be paying anyway
and they answer should be 'yes'.
Presumably your IT staff would be doing something else to facilitate the operation of the business that justifies the on going expense of having them on board, otherwise you would not be paying them anyway. So if they are taken away from those activities to respond to the breach either you are incurring losses at least equal to the cost of those employees elsewhere where they can no longer add value; or you have to incur probably greater costs hiring contractors to replace their other effort short term.
Either way its correct to count the staff time spent responding to the breach as a cost of the breach. They only way it would not be correct to do so is if you knew or believed that staff was otherwise dead weight already.
No if you know what something looks like and how to spot it you have basic right under the first amendment to tell others howto as well. If you see something in a public location you have a similar right to talk about where and what it is. Just like its perfectly legal to report speed traps.
That should be the end of the story. If our expectation of privacy cannot include not being photographed in public or to bar others from reporting sightings of us in any particular place the FBI cannot expect to keep cameras in public view a secret. EVEN IF IT "THREATENS AN INVESTIGATION" stuff in public is in public!
Well no not really there are lots of statistics out there because of various laws its hard to track and pin down the number but something like 97% of murders where a gun is used are conducted with a stolen or not otherwise legally purchased weapon.
So its not really gun OWNERS that kill people so much as it is people who are otherwise CRIMINALS kill people.
You joke but the bedroom community I used to live in does in fact hire "traffic calmers" to essentially drive around during the rush hours 7a-10a, 11:30a-1:30a, 4:30p-6p along the main roots at exactly the speed limit (or slightly less).
You could always spot them because they were older obviously retirees who could have and would have reasonably avoided going out at those times otherwise.
I can't say I am in favor of it, but I can say a few things for it.
1) It did not cost the city much. They paid basically minimum wage + the federal mileage rate. Much cheaper than paying police officers overtime to do more traffic enforcement or hiring more officers.
2) It probably did improve safety and reduce noise somewhat
3) As irritating as sitting behind someone doing exactly 25MPH might be, its less irritating than a traffic citation.
She arrived early, stayed late, and worked through the weekends. Her tech may have failed, but it wasn't because of a lack of hard work.
You know that is actually characteristic behavior of financial fraudsters. They avoid delegating large numbers of essential tasks because they don't want others seeing the books and asking questions. They like to be the first there and last to leave to make sure nobody is nosing around too. Finally they like taking care of certain transactions with third parties over weekends and after hours were things get done 'out of process' and it may be possible to evade some other normal checks and controls.
Its actually considered a good anti-fraud practice to have anyone who handles accounting or inventory to take a least one mandatory five consecutive business day vacation each year! That way someone else has to perform at least some of their job functions for a time and there is a second pair of eyes on things. It also may cause some schemes where things have to be kept in constant motion like 'lapping' to fall apart.
A fraud investigator would consider her 'work ethic' here a reason to be more suspicious not less.
I the happy owner of a Panasonic plasma. Its been a great TV, great picture, great black levels, no issues in all the years I have owned it.
I would not buy one today though. The fact is improvements in back lighting technology and LCDs in general have let them more or less catch up to what plasma can deliver. You can get a LCD today that is image spec for image spec as good or better than our plasma panels that consumes a lot less power, weighs less, and does not need fans (which are sometimes audible) to cool it.
Some branches on the consumer technology tree are just dead ends, plasma turns out to be one of them. Its not really a loss this time, as we still have very nice alternatives.
Sure there is a need. Lots of work flows require multiple applications. You don't want someone creating a file with application A they wound be able to read with application B. That is the kind of thing users generally can't understand and tends to result in lots a helpdesk calls.
I can see why enterprises might want the option to turn this off.
The might stack overflow, depending on how they are written they also might do other things. I bet there is a fair amount of strncpy(foo, bar, MAX_PATH); out there as well. Which could lead to strings that are not null terminated but also don't overwrite, the result probably being some kind of crash when foo is read, the other possibility is truncation. A Only the first 260 bytes of path get copied the result is some later action is taken on the partial path. Maybe that fails, maybe that results in a new file, maybe something like a temp file is create but not deleted by a later clean up routine filling the disk who knows.
Somehow I doubt Oracle's legal team is that short sighted. They may for one thing be perfectly content to stop selling Solaris at this point if the trade off was a massive new revenue stream of licensing in the mobile market. Sometimes is chess you sacrifice a man for better position.
However Sun licensed UNIX. Solaris isn't a clone its a branch and without getting deep into the weeds of the particulars of those very old licensing agreements I would image they are worded such that a present day court could be convinced that a license to use the implementation reasonably confers a license to use the API.
Interestingly now that you bring up under oracle logic the IEEE license to use the API in the POSIX standard it self might be on shakier ground than Solaris' use of it.
I enjoy the web a lot more than I do when browsing from somewhere I don't have this setup in place like on my mobile and stuff. I probably should replace my ssh VPN with openVPN so I can get a client and tunnel my mobile back home thru it all.
A lot of ads and crap still slip through the filters and its bad enough but man I am always stunned to see what most people are putting up with.
Slashdot Mirror
I mean why is this topic in 'Digital' with DEC's logo? Seriously
So the moral of the story here ought to be that while the USA may be a tech leader, it isn't as if there are not tech centers in the rest of the world more than capable of building technology on the leading edge.
So when people the like the FBI director make asinine statements like how people will switch to non US crypto technologies and message platforms only 'theoretically' they should respond with laughter.
CONgress and the Administration need to pull their heads out of their assess (which will be hard given how far up there they are) and realize that if they insist on stupid export controls and technology that legally has to be broken by design; they will accomplish none of their security goals and only harm our economy in the process.
He might have foolishly tried to slow or stop the car, or maybe he was walking to the mailbox to get mail after exiting the car, its possible it did not start rolling immediately and picked up speed before he heard it coming.
So here is your PSA. When parking a car with a manual transmission always set the parking break AND leave the vehicle in first gear or reverse. This protects you in case the parking break should fail and if you make it habit to do both its very like you will always remember to do at least one even if you are distracted or your mind is elsewhere.
I realize you can't leave the vehicle running and in gear, but in general you should not leave a vehicle running without a driver present anyway except in unusually situations where you can be mindful enough to double check you have set the break and verify the car will not roll upon exit by giving it a slight push.
A second technical reason that prevents even me from running games included in the distro or distributed as .deb : I can't install a 600MB game or smaller at all, that's more than there's free space on the / partition
So to clarify, you don't want to use sane package management and would prefer to basically spray software all over the place like the Windows drive letter model because you can't mange your storage effectively? Look first off it 2016, you don't have a good excuse for not have 600MB free on a volume especially root.
Second you should be using some kind of pooled storage. In fact just about everyone should. You should also be using a file system that handles that well. Severs with specific performance needs might be an exception but no desktop linux should be using extX on partitions. The right thing to do for the average end user is Btrfs or ZFS with the different top directories in their own subvolumes. That way they can grow and share space with each other efficiently. You don't need to decide ahead of time how big partition X ought to be. You still get an easy way to handle different backup requirements, and nice like like snapshots that can be used like system restore points etc for free.
Ubuntu should work on put the UI and easy of use bits around that sort of thing rather than trying to solve problems that nobody really has, like SNAP.
I agree I think the next 2 years or so will prove the likes of SNAP and docker to be about the worst thing to happen to computer security since Windows came on the seen.
I have every confidence that hacking Linux systems is going to become shooting fish in a barrel. Exploit some obsolete lib -> get shell -> run precanned generic container escape code and get root.
Having attended a lot of schooling and even earned a degree does not imply you know the first thing about civics, if that isn't what you studied. If that was not true, there would not be so many ridiculous videos on the internet asking college students how say "the electoral collage works" and getting blank stairs or completely confused answers.
Conservatives on the other hand tend to be 'preoccupied' with the system and learn the rules.
And how long does it theoretically take for some non US entity to grab some existing OSS code out there today, fork it an package it un-crippled?
Good plan lets have civics exam before anyone is allowed to vote. No democrat will win an election ever again.
Only a fool gets up and leaves money on the table. The rules are the rules, living in society means you follow them, being successful means understanding them maximizing the benefit or minimizing the harm you suffer as a result of the rules.
Our tax code is an atrocity, its been used and abused as a social policy tool for so long and has had some much unneeded complexity written into it that its become like and RPG with so many rules any sane person would throw their hands up and say "I refuse to play this mess". So yes we talk about it and agonize over the rules and their application because what "basis cost" means in this sentence or that can impact many of us to the tune of several thousand dollars. So you bet we pay attention.
The [tax] benefits we give to poor people are so limited compared to what we give to the top 1% [of taxpayers]
I think someone should read up on the "Earned Income Tax Credit". There was no point in reading anything after the first sentence, this person is obviously a totally clueless idiot.
The poor benefit handsomely from our, I would say overly progressive, tax system. Its the middle class that gets the squeeze. The very wealth have access to tax avoidance strategies and investment vehicles that get favorable tax treatment. The poor get outright handouts at tax time and mostly end up paying no federal taxes at all. Meanwhile the middle class foots almost the entire bill, and gets basically only the mortgage interest deduction and child credits as a consolation prize.
I'll agree the UI performance is abysmal even on the newest kit. My parents just got new boxes and I was visiting them a couple weeks ago and its still slow. It would be a pretty nice UI otherwise. Their 'apps' are nice my dad showed them to me on his Android phone and mom's Iphone. They both performed very well and were pretty usable.
I can't get cable where I am. I dropped DirectTV last year because I don't really watch enough, I can't get thru other distribution channels to justify the expense. Their UI was an atrocity. It was like 2003 called and wants their cable box back. They kept adding features but it was all willynilly no sense of organization and the list of choices just got longer and longer. Scrolling thru the line up the most basic feature was painful slow.
Quite honestly I think the problem is they don't really have much to compete on. I mean its not like they don't all buy the same content and roll it into very similar packages. Assuming you are in one of the few places where you have a choice what makes ComCraps vs. IndirectTV vs. GIOS vs. MyVerse offerings much different.
In terms of media very very little. Pretty much comes down to Internet service offerings being better on Cable or Fiber than the DSL that gets packaged with Satellite providers.
Independent of if you think Internet service has reached the 'good enough point' for most people or you think the industry has colluded to make it universally crappy they have basically decided as an industry they don't want to compete on Internet service, if they did data-caps (at least on wire-line products) would not be a thing. I get that too the risk of municipal ISPs and other disruptors like Google Fiber showing up and blowing their Internet business out the door are pretty high.
So these guys literally want to keep user experience as a potential ground to compete on. I think this is a bit silly as the usability and features of these things is likely to converge quickly anyway, but I can still see their motivation to try. if it works it a low cost potentially high impact way to compete. XFinity X1 really is way nicer than most of the alternatives. All things being equal otherwise it would be a reason to choose Comcast over the others.
The more data you warehouse, and the more valuable that data is, the more interested in breaching your security the hackers of the world are.
Yes to some degree. I do thing data obeys the lows of entropy in that it flows from high concentration to lower concentration, the more data you have the greater the effort required to store, and control access to it.
Better idea: Don't mass warehouse data, or, if you decide to do so, keep that data isolated from your internet facing network, and pay for proper security featuring penetration testing and security auditing.
The latter part but not the first part. The data is only useful if the right people can access it. Availability is part of the security triad. If your analysts have to take a bus to a special building on your campus and provide a blood sample to look at the database: they won't. You won't get the value out of it. There is a compromise here, the answer is use proper protection and make the correct investment in security. Have two factor (real two factor) access controls on your network, use technology like 802.1x, IDS all the things, have a good SEIM solution in place and people who know how to tune and are actively monitoring it 24x7 on staff! Do a pentest, do red-team pentests where there are no rules, the pentest team can make phone calls, social engineer, phish etc. Have a solid awareness program with real consequences for employees who don't participate and fail when audited.
do you calculate in the time of your own IT staff that you would be paying anyway
and they answer should be 'yes'.
Presumably your IT staff would be doing something else to facilitate the operation of the business that justifies the on going expense of having them on board, otherwise you would not be paying them anyway. So if they are taken away from those activities to respond to the breach either you are incurring losses at least equal to the cost of those employees elsewhere where they can no longer add value; or you have to incur probably greater costs hiring contractors to replace their other effort short term.
Either way its correct to count the staff time spent responding to the breach as a cost of the breach. They only way it would not be correct to do so is if you knew or believed that staff was otherwise dead weight already.
Microsoft did provide a tcp driver for wfw3.11 as an add on.
I
No if you know what something looks like and how to spot it you have basic right under the first amendment to tell others howto as well. If you see something in a public location you have a similar right to talk about where and what it is. Just like its perfectly legal to report speed traps.
That should be the end of the story. If our expectation of privacy cannot include not being photographed in public or to bar others from reporting sightings of us in any particular place the FBI cannot expect to keep cameras in public view a secret. EVEN IF IT "THREATENS AN INVESTIGATION" stuff in public is in public!
Well no not really there are lots of statistics out there because of various laws its hard to track and pin down the number but something like 97% of murders where a gun is used are conducted with a stolen or not otherwise legally purchased weapon.
So its not really gun OWNERS that kill people so much as it is people who are otherwise CRIMINALS kill people.
You joke but the bedroom community I used to live in does in fact hire "traffic calmers" to essentially drive around during the rush hours 7a-10a, 11:30a-1:30a, 4:30p-6p along the main roots at exactly the speed limit (or slightly less).
You could always spot them because they were older obviously retirees who could have and would have reasonably avoided going out at those times otherwise.
I can't say I am in favor of it, but I can say a few things for it.
1) It did not cost the city much. They paid basically minimum wage + the federal mileage rate. Much cheaper than paying police officers overtime to do more traffic enforcement or hiring more officers.
2) It probably did improve safety and reduce noise somewhat
3) As irritating as sitting behind someone doing exactly 25MPH might be, its less irritating than a traffic citation.
She arrived early, stayed late, and worked through the weekends. Her tech may have failed, but it wasn't because of a lack of hard work.
You know that is actually characteristic behavior of financial fraudsters. They avoid delegating large numbers of essential tasks because they don't want others seeing the books and asking questions. They like to be the first there and last to leave to make sure nobody is nosing around too. Finally they like taking care of certain transactions with third parties over weekends and after hours were things get done 'out of process' and it may be possible to evade some other normal checks and controls.
Its actually considered a good anti-fraud practice to have anyone who handles accounting or inventory to take a least one mandatory five consecutive business day vacation each year! That way someone else has to perform at least some of their job functions for a time and there is a second pair of eyes on things. It also may cause some schemes where things have to be kept in constant motion like 'lapping' to fall apart.
A fraud investigator would consider her 'work ethic' here a reason to be more suspicious not less.
I the happy owner of a Panasonic plasma. Its been a great TV, great picture, great black levels, no issues in all the years I have owned it.
I would not buy one today though. The fact is improvements in back lighting technology and LCDs in general have let them more or less catch up to what plasma can deliver. You can get a LCD today that is image spec for image spec as good or better than our plasma panels that consumes a lot less power, weighs less, and does not need fans (which are sometimes audible) to cool it.
Some branches on the consumer technology tree are just dead ends, plasma turns out to be one of them. Its not really a loss this time, as we still have very nice alternatives.
Which could still leave you without a terminating null unless you were first careful to memset(my_path, NULL, MAX_PATH +1); right?
Its also not like truncating a path could not lead to any sort of undesirable side effects.
Sure there is a need. Lots of work flows require multiple applications. You don't want someone creating a file with application A they wound be able to read with application B. That is the kind of thing users generally can't understand and tends to result in lots a helpdesk calls.
I can see why enterprises might want the option to turn this off.
The might stack overflow, depending on how they are written they also might do other things. I bet there is a fair amount of strncpy(foo, bar, MAX_PATH); out there as well. Which could lead to strings that are not null terminated but also don't overwrite, the result probably being some kind of crash when foo is read, the other possibility is truncation. A Only the first 260 bytes of path get copied the result is some later action is taken on the partial path. Maybe that fails, maybe that results in a new file, maybe something like a temp file is create but not deleted by a later clean up routine filling the disk who knows.
This could cause any all types of chaos.
Somehow I doubt Oracle's legal team is that short sighted. They may for one thing be perfectly content to stop selling Solaris at this point if the trade off was a massive new revenue stream of licensing in the mobile market. Sometimes is chess you sacrifice a man for better position.
However Sun licensed UNIX. Solaris isn't a clone its a branch and without getting deep into the weeds of the particulars of those very old licensing agreements I would image they are worded such that a present day court could be convinced that a license to use the implementation reasonably confers a license to use the API.
Interestingly now that you bring up under oracle logic the IEEE license to use the API in the POSIX standard it self might be on shakier ground than Solaris' use of it.
I enjoy the web a lot more than I do when browsing from somewhere I don't have this setup in place like on my mobile and stuff. I probably should replace my ssh VPN with openVPN so I can get a client and tunnel my mobile back home thru it all.
A lot of ads and crap still slip through the filters and its bad enough but man I am always stunned to see what most people are putting up with.