That sounds like a place where they need to hire more people because there's no excuse for single coverage of anything.
Think of it like this: do you have a spare car in case one of your two cars breaks down? The answer of course being no. So why would you have a spare employee?
Redundancy is nice on paper. But in the long run I reckon it's rarely worth the $100K/year cost.
IMO, it's not the boss you need to fear. It's your co-workers, myself included.
You being gone for the day may only be 25% more work for me, but that 25% gives me 75% more stress, as I now have to work a 10 hour day to take care of it. So if you take a vacation during a busy period, yeah, there's a good chance someone like me is going to take it out on you.
The unspoken rule of business is that I don't take vacations so that my work doesn't get dumped on you, and I in turn expect the same from you. Otherwise it's like a traffic jam: only a few people have to start misbehaving to inflict great suffering on everyone.
I want to zig-zag here a bit. We all agree that MS is doing it wrong with telemetry on Windows 10. So then, fellow Slashdotters, what is the right (or at least, righter) way to do it?
Do we make it opt out or opt in? If it's opt out then most people unknowingly participate, which increases the chance of telemetry seeing something it shouldn't. If it's opt in then most people unknowingly don't participate, and the pool of telemetry-enabled systems will be very small and biased towards power users.
What's okay to collect? What should be forbidden? Very roughly speaking, the more you understand how your users use your software, the better you can optimize it for their needs. But the opposite side of that is again privacy issues. So where's the line?
How do you communicate with users what you're doing with the data? No one seems like MS's built-in descriptors or the website. People want details, but then many more of them will gloss over anything that's more than a paragraph long...
I don't see telemetry ever going away entirely, and I'm not sure that would be a good thing even if it could. If there's one lesson to take from the first couple of decades of computing, it's that the general public and their computers-as-appliances attitude have no idea what they want, and even when they do, they can't explain it very well. Whereas telemetry, for better or worse, tells you precisely what the user is actually doing.
I figured after the scary story about Windows machines being infected by WannaCry in MINUTES, I could have some fun with it. But no. This machine is still sitting there perfectly fine. None of the random documents I put on it have been encrypted. No signs of infection by anything.
Windows 10 is not vulnerable to the worm propagation mechanism of WannaCry. The exploit is mitigated (though not truly resolved) as part of the overall security hardening done throughout the OS.
Only Windows Vista, 7, and 8 are vulnerable. (Windows XP is apparently not vulnerable to the worm either, though it would seem for different reasons)
I know this isn't a popular opinion around here, but hear me out.
The NSA is the US's SIGINT operation. Their job is to be both the offense and the defense when it comes to dealing with electronic systems. So developing attacks against other systems is part of their purview, and we want them to continue doing so such that we can spy on, and if necessary attack other nations. The need for an offensive SIGINT group will always exist, even if it's not the NSA.
Back in the days of yore, it used to be that exporting valuable software was restricted. If the Soviets wanted software for controlling gas pipelines, for example, they either had to develop their own or steal it. And exporting useful encryption was right-out banned. The end result was that for SIGINT purposes, there was a very clear line between "us" and "them" in what each side's systems could do, how they worked, and what they ran.
The Internet has put an end to national borders for software. Now everyone runs the same Oracle database, the same Cisco/Juniper routers, the same Microsoft OS, etc. It's allowed commerce to explode on our end by exporting valuable software to new market. However the flip side of that is that the line between "us" and "them" has almost entirely been erased. Now the nations we spy on run much the same software we do; now the nations that we need to be able to attack don't run antiquated little systems that are easy for us to break into. How do you balance offense and defense in that situation, when any weapon you make can be used against you, and any defense to develop can be used by your enemies to shield themselves from you?
Had our relevant TLAs bothered to tell the relevant companies about the holes they found we would all be a hundredfold safer. But no, they kept them secret, figuring they could hack Some Bad Guy's computer and Stop Some Low Level Bad Thing.
If our relevant TLAs informed software vendors about every exploit they found, it would improve the quality of software to be sure. And that definitely has some benefits. But then we'd be committing to an entirely defensive operation, due to the fact that everyone else is running this better-hardened software.
Meanwhile when it comes to offense, we'd have no exploits let which to use to spy on or attack other nations with. But the same is not true for other nations. Their own SIGINT groups would be searching for exploits as well, and since they wouldn't be bound by what we're doing, they'd continue stockpiling them and using them against us as they deem necessary. Our software-hardening efforts would make this task a lot harder, but not even the NSA is going to find every bug in Windows. So at the end of the day, other nations would still be able to attack us, even if we did report all exploits we found.
The problem with a purely defensive operation then, especially in the software sense, is that your defense only has to fail once for you to lose. Once they're in your systems you have no ability to retaliate (since you have no exploits to use as weapons), so hostile forces have very little incentive not to attack you. And while you can clean up afterwards, the damage is done: the blueprints have been stolen, the cyclotron has been busted, and Amazon is shipping everyone 50 gallon drums of lube.
Ultimately Cyber security when both sides have the same systems is little more than a new variant on the Prisoner's Dilemma. We can stop ratting on the other prisoner, but they're not going to stop ratting on us. No matter what we do, it's in the best interests of foreign powers to be able to attack our systems. And that means we need to keep exploits of our own in order to be able to mount a credible (if not overwhelming) offense.
The one problem here - and not to discount it, because it is a real problem - is that the NSA obviously didn't secure
Does anyone know if the fake Handbrake was signed with a macOS developer certificate? That's generally not been the case for malware. Which means that this should have been rejected by most systems.
That "quaint" method is still the only method to actually receive high-quality copies of movies and TV shows. Video streaming bitrates are a joke, comparatively speaking. Everyone tries to stuff into 10-20Mbps what takes 50+. The result is banding, blocky artifacts (especially in dark scenes), and blocking with rapid action. A properly mastered Blu-Ray or UHD disc on the other hand will have none of those problems, as the overall bitrate and the peak bitrate are high enough to properly capture a scene no matter how detailed it is.
The DRM is a pain in the rear, but for the quality I'm quite happy with my "quaint" optical media.
Put those together and this is a very limited way to "must do something" that so many people have been calling for. It also sent a message to North Korea and China. Hopefully nothing more comes of it.
Agreed. I want the US to have nothing else to do with Syria. But using chemical weapons is simply too awful and too horrific to ignore. We can't stop parties from making or using the things, but we can damned well make sure there are painful consequences to doing so.
Personally, I find it implausible that Assad ordered a chemical attack now.
If not Assad, then who? The Russians aren't this stupid.
So potentially a stupid question here, but given that we have a severe shortage of IP addresses due to exhaustion of the IPv4 space, how are all of these devices getting publicly addressable IP addresses to allow an incoming connection in the first place? If they're behind a NAT they should be naturally firewalled, otherwise who has the spare IPs to hand out to crappy little IoT devices?
In all fairness to the, uh, interesting people doing this, they're not completely off their rockers. Licking consoles was a thing before social media even existed.
A then-unknown Jessica Chobot (who these days hosts shows for Nerdist) basically started the whole thing by licking a PSP as a gag photo in 2005. Since then, someone, somewhere (usually Chobot, it feels like) licks a launch console.
The only novel change here is people licking the cartridge instead of the console, and that's due to the aforementioned use of a bittering agent. Maybe Nintendo got it wrong here and needs to go into licking controls instead of motion controls...
But people are also paying attention to Uber right now. If you're Google now is a good time to take a shot at Uber, when they're too distracted to fight back. And if you're a reporter your Uber story is going to get a lot more traction, so it's time to start digging.
You're not wrong; there's definitely a bit of blood in the water.
However Uber is unique in that they're managing to find new and exciting ways to fuck up, from the way they treat their drivers to how they interact with governments.
To use the GP's example, at least Oracle is consistently evil: you know what they're going to do from the start. But with Uber it's a new surprise each week!
If it truly was an accident and everyone was acting in good faith
It wasn't in good faith, hence the reason he was found guilty of reckless endangerment. Negligence is the charge for "good faith". Reckless means that the accused knew it was dangerous to others and did it anyhow, thereby disregarding the safety of others.
Looks like FAN company/corporate discounts will no longer be applied to these new plans. This was the only thing keeping them competitive w/ T-Mobile pricing.
Bear in mind that AT&T isn't trying to be competitive with T-Mobile. They're trying to be competitive with Verizon. T-Mo stings in the cities, but it's Verizon that can threaten AT&T's national footprint.
The parent is correct. Micro Center typically sells CPUs at a discount. It's one of the great things about living near one. But their prices are not representative of Intel's normal MSRPs, and importantly, what you'll pay for their products everywhere else.
But perhaps creating two accounts, one in wheel and the other not, and doing work other than software installation as the user not in wheel would make it harder to social-engineer users into elevating.
I've read TFA twice now and I still can't figure out if that's what the authors are trying to suggest, or something else entirely.
The entire point of UAC/sudo is to allow users to run in a standard context for day-to-day activities, and to quickly elevate certain applications/actions when it's required. Unless something has gone terribly wrong here, applications running un-elevated under an admin-capable UAC account have no more rights than an application running on a non-admin-capable account in the first place. Until elevation takes place, it's for all practical purposes a non-admin account.
So what is TFA trying to suggest, and what is their metric? Are they saying UAC is broken and applications are trivially executing privilege escalation attacks? (And if so, how are standard accounts not affected?) Or are they just saying that since users can escalate applications, the OS automatically counts as vulnerable to the attack? In other words, is the argument that we should be doing away with UAC/sudo?
It's nice to have competition in the marketplace; I don't think things would be nearly as good with just HTC or Oculus.
However the Rift and Vive are not perfect substitutes. The Vive Lighthouse system is fantastic for room-scale, but (relatively speaking) a pain in the ass to install if all you want to do is sit in a chair. And the lenses HTC uses induce a lot of chromatic aberration, which really does a number on text. So having either the Rift or the Vive pulled off the market would be a notable loss.
My grand total of app expenditures for all of 2016 was ZERO. I haven't even spent a dime on Pokemon Go and I play it daily.
Is that really something to be proud of, though? You spent $500+ on an iPhone, and then rejoice in not paying anything for the software you use daily?
This current environment of ad-supported nonsense is why smartphone games are such poor games (and such good Skinner boxes). And I fear studies like this just further adds to the stereotype that smartphone owners are cheap bastards.
So please tell me what is the point of Firefox even existing at that point?
Because we need someone who isn't an OS vendor or an advertiser making an open source browser and to champion open standards. But that does us no good if it results in an inferior browser.
Apple is indifferent, Microsoft would rather we go back to IE6, and Google would just as well take over the whole web and track your every move (and then they'd pull an IE6 on us just to be extra evil). Firefox is the outsider, the rebel.
There exists a suitable balance between customization and performance somewhere. But right now Firefox is increasingly intolerable because if you use add-ons, one tab slows the whole thing down. NoScript, Ghostery, uBlock, Anti-Adblock Killer, etc are all great. But all that work they do comes at a cost of further bogging down the single process. e10k means multiple processes, and that means we can layer on these things and have them going on in multiple tabs without grinding away on a single core in the age of 8-core workstations.
Btw, are you involved with Firefox in some way? You seem to know a lot.
Nah, just a frustrated user. But also one who has also already gone through this song & dance once before with MacOS Classic, and is keen to avoid the same waffling on this transition.
Slashdot Mirror
Think of it like this: do you have a spare car in case one of your two cars breaks down? The answer of course being no. So why would you have a spare employee?
Redundancy is nice on paper. But in the long run I reckon it's rarely worth the $100K/year cost.
IMO, it's not the boss you need to fear. It's your co-workers, myself included.
You being gone for the day may only be 25% more work for me, but that 25% gives me 75% more stress, as I now have to work a 10 hour day to take care of it. So if you take a vacation during a busy period, yeah, there's a good chance someone like me is going to take it out on you.
The unspoken rule of business is that I don't take vacations so that my work doesn't get dumped on you, and I in turn expect the same from you. Otherwise it's like a traffic jam: only a few people have to start misbehaving to inflict great suffering on everyone.
I want to zig-zag here a bit. We all agree that MS is doing it wrong with telemetry on Windows 10. So then, fellow Slashdotters, what is the right (or at least, righter) way to do it?
I don't see telemetry ever going away entirely, and I'm not sure that would be a good thing even if it could. If there's one lesson to take from the first couple of decades of computing, it's that the general public and their computers-as-appliances attitude have no idea what they want, and even when they do, they can't explain it very well. Whereas telemetry, for better or worse, tells you precisely what the user is actually doing.
Windows 10 is not vulnerable to the worm propagation mechanism of WannaCry. The exploit is mitigated (though not truly resolved) as part of the overall security hardening done throughout the OS.
Only Windows Vista, 7, and 8 are vulnerable. (Windows XP is apparently not vulnerable to the worm either, though it would seem for different reasons)
I know this isn't a popular opinion around here, but hear me out.
The NSA is the US's SIGINT operation. Their job is to be both the offense and the defense when it comes to dealing with electronic systems. So developing attacks against other systems is part of their purview, and we want them to continue doing so such that we can spy on, and if necessary attack other nations. The need for an offensive SIGINT group will always exist, even if it's not the NSA.
Back in the days of yore, it used to be that exporting valuable software was restricted. If the Soviets wanted software for controlling gas pipelines, for example, they either had to develop their own or steal it. And exporting useful encryption was right-out banned. The end result was that for SIGINT purposes, there was a very clear line between "us" and "them" in what each side's systems could do, how they worked, and what they ran.
The Internet has put an end to national borders for software. Now everyone runs the same Oracle database, the same Cisco/Juniper routers, the same Microsoft OS, etc. It's allowed commerce to explode on our end by exporting valuable software to new market. However the flip side of that is that the line between "us" and "them" has almost entirely been erased. Now the nations we spy on run much the same software we do; now the nations that we need to be able to attack don't run antiquated little systems that are easy for us to break into. How do you balance offense and defense in that situation, when any weapon you make can be used against you, and any defense to develop can be used by your enemies to shield themselves from you?
If our relevant TLAs informed software vendors about every exploit they found, it would improve the quality of software to be sure. And that definitely has some benefits. But then we'd be committing to an entirely defensive operation, due to the fact that everyone else is running this better-hardened software.
Meanwhile when it comes to offense, we'd have no exploits let which to use to spy on or attack other nations with. But the same is not true for other nations. Their own SIGINT groups would be searching for exploits as well, and since they wouldn't be bound by what we're doing, they'd continue stockpiling them and using them against us as they deem necessary. Our software-hardening efforts would make this task a lot harder, but not even the NSA is going to find every bug in Windows. So at the end of the day, other nations would still be able to attack us, even if we did report all exploits we found.
The problem with a purely defensive operation then, especially in the software sense, is that your defense only has to fail once for you to lose. Once they're in your systems you have no ability to retaliate (since you have no exploits to use as weapons), so hostile forces have very little incentive not to attack you. And while you can clean up afterwards, the damage is done: the blueprints have been stolen, the cyclotron has been busted, and Amazon is shipping everyone 50 gallon drums of lube.
Ultimately Cyber security when both sides have the same systems is little more than a new variant on the Prisoner's Dilemma. We can stop ratting on the other prisoner, but they're not going to stop ratting on us. No matter what we do, it's in the best interests of foreign powers to be able to attack our systems. And that means we need to keep exploits of our own in order to be able to mount a credible (if not overwhelming) offense.
The one problem here - and not to discount it, because it is a real problem - is that the NSA obviously didn't secure
Uh, no.
Space.com is owned by the Purch Group, which is an American media company based in New York.
Does anyone know if the fake Handbrake was signed with a macOS developer certificate? That's generally not been the case for malware. Which means that this should have been rejected by most systems.
Today's bad movie is tomorrow's MST3K riff. But encoding artifacts are forever.=P
Also, artifacts can be legitimately distracting no matter the movie, especially the bad ones.
That "quaint" method is still the only method to actually receive high-quality copies of movies and TV shows. Video streaming bitrates are a joke, comparatively speaking. Everyone tries to stuff into 10-20Mbps what takes 50+. The result is banding, blocky artifacts (especially in dark scenes), and blocking with rapid action. A properly mastered Blu-Ray or UHD disc on the other hand will have none of those problems, as the overall bitrate and the peak bitrate are high enough to properly capture a scene no matter how detailed it is.
The DRM is a pain in the rear, but for the quality I'm quite happy with my "quaint" optical media.
Why does a cable modem need a NAT accelerator? It shouldn't be doing NAT to begin with, right? That's the router's job...
Flooz.
Unfortunately it breaks Twitch entirely. You can't start a video without autoplay enabled.
Agreed. I want the US to have nothing else to do with Syria. But using chemical weapons is simply too awful and too horrific to ignore. We can't stop parties from making or using the things, but we can damned well make sure there are painful consequences to doing so.
If not Assad, then who? The Russians aren't this stupid.
So potentially a stupid question here, but given that we have a severe shortage of IP addresses due to exhaustion of the IPv4 space, how are all of these devices getting publicly addressable IP addresses to allow an incoming connection in the first place? If they're behind a NAT they should be naturally firewalled, otherwise who has the spare IPs to hand out to crappy little IoT devices?
In all fairness to the, uh, interesting people doing this, they're not completely off their rockers. Licking consoles was a thing before social media even existed.
A then-unknown Jessica Chobot (who these days hosts shows for Nerdist) basically started the whole thing by licking a PSP as a gag photo in 2005. Since then, someone, somewhere (usually Chobot, it feels like) licks a launch console.
The only novel change here is people licking the cartridge instead of the console, and that's due to the aforementioned use of a bittering agent. Maybe Nintendo got it wrong here and needs to go into licking controls instead of motion controls...
You're not wrong; there's definitely a bit of blood in the water.
However Uber is unique in that they're managing to find new and exciting ways to fuck up, from the way they treat their drivers to how they interact with governments.
To use the GP's example, at least Oracle is consistently evil: you know what they're going to do from the start. But with Uber it's a new surprise each week!
It wasn't in good faith, hence the reason he was found guilty of reckless endangerment. Negligence is the charge for "good faith". Reckless means that the accused knew it was dangerous to others and did it anyhow, thereby disregarding the safety of others.
Bear in mind that AT&T isn't trying to be competitive with T-Mobile. They're trying to be competitive with Verizon. T-Mo stings in the cities, but it's Verizon that can threaten AT&T's national footprint.
The parent is correct. Micro Center typically sells CPUs at a discount. It's one of the great things about living near one. But their prices are not representative of Intel's normal MSRPs, and importantly, what you'll pay for their products everywhere else.
I've read TFA twice now and I still can't figure out if that's what the authors are trying to suggest, or something else entirely.
The entire point of UAC/sudo is to allow users to run in a standard context for day-to-day activities, and to quickly elevate certain applications/actions when it's required. Unless something has gone terribly wrong here, applications running un-elevated under an admin-capable UAC account have no more rights than an application running on a non-admin-capable account in the first place. Until elevation takes place, it's for all practical purposes a non-admin account.
So what is TFA trying to suggest, and what is their metric? Are they saying UAC is broken and applications are trivially executing privilege escalation attacks? (And if so, how are standard accounts not affected?) Or are they just saying that since users can escalate applications, the OS automatically counts as vulnerable to the attack? In other words, is the argument that we should be doing away with UAC/sudo?
It's nice to have competition in the marketplace; I don't think things would be nearly as good with just HTC or Oculus.
However the Rift and Vive are not perfect substitutes. The Vive Lighthouse system is fantastic for room-scale, but (relatively speaking) a pain in the ass to install if all you want to do is sit in a chair. And the lenses HTC uses induce a lot of chromatic aberration, which really does a number on text. So having either the Rift or the Vive pulled off the market would be a notable loss.
Is that really something to be proud of, though? You spent $500+ on an iPhone, and then rejoice in not paying anything for the software you use daily?
This current environment of ad-supported nonsense is why smartphone games are such poor games (and such good Skinner boxes). And I fear studies like this just further adds to the stereotype that smartphone owners are cheap bastards.
It's a holiday in the US today. There's not a heck of a lot going on otherwise...
Because we need someone who isn't an OS vendor or an advertiser making an open source browser and to champion open standards. But that does us no good if it results in an inferior browser.
Apple is indifferent, Microsoft would rather we go back to IE6, and Google would just as well take over the whole web and track your every move (and then they'd pull an IE6 on us just to be extra evil). Firefox is the outsider, the rebel.
There exists a suitable balance between customization and performance somewhere. But right now Firefox is increasingly intolerable because if you use add-ons, one tab slows the whole thing down. NoScript, Ghostery, uBlock, Anti-Adblock Killer, etc are all great. But all that work they do comes at a cost of further bogging down the single process. e10k means multiple processes, and that means we can layer on these things and have them going on in multiple tabs without grinding away on a single core in the age of 8-core workstations.
Nah, just a frustrated user. But also one who has also already gone through this song & dance once before with MacOS Classic, and is keen to avoid the same waffling on this transition.