I didn't RTFA (this is Slashdot, after all) but from TFS it sounds like exactly the reason I moved to FreeBSD in the first place: the Linux attitude of 'our implementation is broken, let's completely change the interface'. ALSA replacing OSS was the instance of this that pushed me away. On Linux, back around 2002, I had some KDE and some GNOME apps that talked to their respective sound daemon, and some things like XMMS and BZFlag that used/dev/dsp directly. Unfortunately, Linux decided to only support sound mixing via the new and exciting ALSA APIs, so I had to choose between my mail client (GNOME) or Jabber client (KDE) giving me new message notification beeps and couldn't listen to music (because XMMS didn't have an ALSA back end yet). On FreeBSD, they just added kernel sound mixing to their fork of the OSS codebase (after 4Front decided to make new versions for both platforms proprietary) and added support for all of the newer OSS 4 APIs.
The FreeBSD ifconfig utility doesn't work as described in TFS, so this isn't a problem intrinsic to the ifconfig interface. Oh, and the FreeBSD version is currently undergoing libxo conversion by Emmanuel Vadot, so the next version will be able to produce JSON or XML output for easier integration with scripting environments (libxo + jq is a lot nicer than awk / sed).
The bugs that has hit Intel are generally far worse with more severe implications and bigger impact.
Compare apples and oranges. AMD's SEV is intended as a competitor to SGX. There are some Spectre-related SGX attacks, but these can be fairly easily mitigated in software. In contrast, SEV is completely broken and the breakage is fundamental to the design, not a defect of implementation. Microsoft, Red Hat, and the group of researchers in TFA (and probably others) told AMD this well over a year ago before AMD shipped any SEV-enabled cores. AMD still shipped the feature and advertised it as secure.
As I said above, because the entire point of SEV is that a malicious hypervisor can't tamper with a VM running in an SEV partition. Memory is encrypted, register contents are encrypted on context switch, and the VM can encrypt the contents of the disk and all network traffic itself. There are a number of flaws in the design that were pointed out to AMD (by this group of researchers, among others) before they shipped a product. AMD went ahead and shipped it anyway and, shockingly, it turns out that the attacks work.
These researchers, Red Hat, and Microsoft all gave AMD feedback that SEV was broken and needed serious redesign before AMD shipped any products with SEV. This paper is just showing everyone that (some of) the attacks that were pointed out to AMD before they shipped the product actually work in practice.
The entire point of SEV (and Intel's SGX) is to protect the code against a malicious hypervisor. AMD tries to make a dubious distinction between a 'malicious' hypervisor and a 'compromised' hypervisor. Apparently they believe that if an attacker is able to run arbitrary code in the hypervisor, they are less of a threat than if they installed the same malicious code early on.
That said, this is not news. There was a paper published at VEE a year ago (by the same researchers) showing how broken SEV is. Paolo Bonzini (KVM maintainer at Red Hat, among other things) was on the PC and pointed out that they had sent feedback to AMD prior to their shipping it pointing out that the design was fundamentally flawed. Apparently Microsoft sent similar feedback. AMD shipped it anyway, because they needed something to compete with SGX (which is less broken, but also a lot less general).
[ From memory of a visit to a dinosaur museum as a small child, so probably wrong: ]
Dinosaurs also had a different arrangement of scales to modern lizards (overlapping vs tessellated) and had legs pointing straight downwards, whereas surviving lizards have their legs attached at the sides (I don't know how true this is of other reptiles - I am not a biologist).
Given their skeletal structure and the theory that they were warm blooded, I wouldn't be surprised if cows were closer relatives of dinosaurs than most reptiles.
Because it's showing a stunning level of ignorance where it can't even express the problem before. Consider someone trying to learn physics in the same way. They don't really indicate the things that they want to understand and are then shocked that brane theory and string theory seem contradictory and each have strong proponents. They went straight to quantum mechanics because they kept asking people 'how do I learn physics' without saying 'I want to understand the path that a ball will travel when I throw it' (or whatever the real problem that they're trying to solve is). Shockingly, the author discovers that a discipline that people devote an entire professional career to learning a fairly small subset of is difficult to pick up in a few hours.
Andrew Smith, the author of the article Slashdot is reviewing, seems to have no deep knowledge of technology, and no serious interest in learning.
And he's getting silly answers because he's asking the wrong question. Asking 'what is the best way to learn to program?' is like asking 'what is the best way of learning to write well?'. Do you want to learn to write news articles, opinion, marketing copy, novels, technical manuals? The answer will be different in each case, with the possible exception that (as with learning to program) you will be told to practice a lot. If you start with the problem that you want to solve, you will get very different answers, but they might actually be useful.
This is just negotiation and Trump holds all the cards.
I assumed that the entire point of this exercise was for Kim to look like the sane one to other countries. Offer concessions, talk up peace, and then wait for Trump to do something crazy, then walk away sighing and say that you'd have been very happy to deal with a rational country. Then wait for other politicians to step up and offer better terms to be the ones to claim that they were responsible for removing the threat of nuclear NK and claim their Nobel Peace Prize. Having Trump walk away is exactly the thing that they're aiming for.
I almost agree. The problem with your argument is that you're ignoring the fact that their decision meant that people didn't notice during the warranty period that their battery was degraded. I suspect that their engineers made the correct decision for the correct reasons and then someone in accounting figured out how much they'd save on warranty replacements of batteries if people didn't notice the dead batteries for a few more months. Contrast this with the Mac, where they show the full charge capacity of your battery and the discharge cycle count, so it's trivial to figure out if you're eligible for a warranty replacement (they publish the number of recharge cycles for each model that it is expected to retain 80% of its capacity for).
$15bn (the amount that they've just started repaying over the Irish tax issue) is less than $50bn, but I'd think it is a bit more than a slap on the wrist - it's about 15 weeks of Apple's total worldwide profit. It's large enough that you can't just factor it into the cost of doing business and expect to remain profitable.
Wonderful defence! I didn't delete the files I have a legal obligation to retain, my computer forgot them! I didn't record you illegally, my computer just remembered the video. I'm sure that will go over really well in a court.
There's an old saying about democracy being "two wolves and a sheep voting on what to have for lunch".
The old saying is from someone who doesn't understand game theory. The outcome of such a vote would be that the stronger wolf would be eaten. The weaker wolf knows that it would be dinner tomorrow if it eats the sheep, the sheep knows that it has a better chance of running away from just the weaker wolf than from either both wolves today or the stronger wolf tomorrow.
Any increase in housing supply will drive down costs all down the line
Only if the increase in supply doesn't cause an increase in demand. Increasing the supply of high-end housing can do this, by making an area more attractive for affluent people to move to. I suppose you're technically correct, in that it will reduce the value of other areas, but it doesn't really address the problem if building high-end housing in Seattle causes a small drop in the value of housing in Salt Lake City (for example).
In addition to the other reply, sales of alcohol are age restricted. I have far less of a problem with adverts that encourage adults to make poor life choices than ones that encourage children to do the same. When modern adverts are using psychological manipulation techniques developed for propaganda, allowing advertising of any kind to target children is morally dubious.
I think you mean American style. Many English styles, including Cambridge style, for example, use the same capitalisation rules for titles as for normal sentences.
Office has always been Microsoft's golden cash cow. Windows was never a big money maker for Microsoft, but it was the gateway drug to Office
Look at the Microsoft financials from the late '90s. They were around 45% Windows, 45% Office, and 10% everything else. The ones from the last few years are very different.
Can NetBSD run Google Chrome? Not last time I checked, because the Linux system call ABI is huge. There's a lot of stuff that's common to all *NIX platforms that is trivial, or requires a tiny bit of plumbing (e.g. the values of mmap flags). There's a bit of stuff like epoll, which can be implemented with a little bit of work on the same underlying kernel interfaces that are used to implement kqueue. Then there's weird stuff like seccomp-bpf or, worse, anything used by libkvm, which expose kernel implementation details to userspace. These are very hard to emulate.
F/OSS can't be decoupled from the business model. Whatever your licensing model, someone needs to do requirements analysis and needs to pay the developers. For very small projects, the developers can be paid by the product itself: i.e. it saves them more time in the long run than they spend developing it. I've released open source projects for that reason: it costs me nothing to release the code and if I get even one useful bug report with a reduced test case then it's a net win for me. For something like an office suite, you typically have a few hundred million potential users with very similar sets of requirements. It's easy as a proprietary software company with a lot of money in the bank to do the development up-front and then get them all to pay a relatively small amount to cover the costs. It's much harder to get them to agree up front to fund development, and if you do they tend to expect that the features / bugs that are most important to them are prioritised. There's also a business case for picking whatever is the most popular one, because you're sharing the risk with more other companies. Even if the total risk is higher with a proprietary product, because the vendor can move it in a direction you don't like or discontinue it entirely, your company's share of the risk may be lower.
Open source works very well when you have either a relatively small number of customers, who have a sufficient need that they will fund development directly, or when you have a large number of customers with sufficiently different needs that they all want to pay someone to add the specific features that they need. There are also some half-way steps that are convenient for a lot of companies. A number of big companies don't really use MS Office in important places, they use a custom stack that happens to be implemented on top of the MS Office platform. They get some of the benefits of open source (it can be customised for their use) and those are the ones that they care the most about.
How about working on enabling 64-bit Windows apps to run on ARM?
64-bit ARM programs do run. 64-bit x86 programs do not
Is it difficult?
Yes, getting an x86-64 emulator working well enough that you can enable it for end users and expect stuff to work out of the box turns out to be a nontrivial problem.
They could hire the top 1000 programmers in the world
I very much doubt that there are 1,000 programmers with experience working on high performance binary translation (I'd actually be quite surprised if there are 100). If they don't have this expertise, then you need to train them. That takes time to do and it takes developer time away from the people who do already have the expertise. It improves bandwidth but not latency (i.e. you won't get the product out of the door quicker).
I use rspamd, which simply rejects very spammy looking emails, greylists ones that are quite spammy, and sticks borderline ones in my spam folder. I get an average of about 5 emails in my spam filter each day. It's well under the threshold where I can easily check it every day (though I typically check it every few days).
I don't think that the filters are making things worse: looking in my logs, I'm rejecting quite a lot of spam that appears to be from botnets. One of my colleagues studies spam and has a few relevant observations.
The first is that spam is intentionally stupid looking. Scammers are not looking for intelligent people to scam, they're looking for people who will see an email from Banc ov Amerika and think that it's a legitimate mail. Those people are a lot easier to scam.
The second is that most spammer actually aren't making money from it. The barriers to entry for spamming are so low that a lot of people buy databases of emails and access to botnets and try sending spam. The people selling the databases and botnets make money, but the spammers don't. That means that treating it as a simple economic problem, as the OP suggested, simply doesn't work.
Meltdown lets you get information across a ring boundary. Spectre lets you get access to memory that's within the program's address space but which shouldn't be readable to a part of the program (e.g. to your web browser's password store from within JavaScript, if you're running a web browser that stores passwords in process).
Slashdot Mirror
I didn't RTFA (this is Slashdot, after all) but from TFS it sounds like exactly the reason I moved to FreeBSD in the first place: the Linux attitude of 'our implementation is broken, let's completely change the interface'. ALSA replacing OSS was the instance of this that pushed me away. On Linux, back around 2002, I had some KDE and some GNOME apps that talked to their respective sound daemon, and some things like XMMS and BZFlag that used /dev/dsp directly. Unfortunately, Linux decided to only support sound mixing via the new and exciting ALSA APIs, so I had to choose between my mail client (GNOME) or Jabber client (KDE) giving me new message notification beeps and couldn't listen to music (because XMMS didn't have an ALSA back end yet). On FreeBSD, they just added kernel sound mixing to their fork of the OSS codebase (after 4Front decided to make new versions for both platforms proprietary) and added support for all of the newer OSS 4 APIs.
The FreeBSD ifconfig utility doesn't work as described in TFS, so this isn't a problem intrinsic to the ifconfig interface. Oh, and the FreeBSD version is currently undergoing libxo conversion by Emmanuel Vadot, so the next version will be able to produce JSON or XML output for easier integration with scripting environments (libxo + jq is a lot nicer than awk / sed).
The bugs that has hit Intel are generally far worse with more severe implications and bigger impact.
Compare apples and oranges. AMD's SEV is intended as a competitor to SGX. There are some Spectre-related SGX attacks, but these can be fairly easily mitigated in software. In contrast, SEV is completely broken and the breakage is fundamental to the design, not a defect of implementation. Microsoft, Red Hat, and the group of researchers in TFA (and probably others) told AMD this well over a year ago before AMD shipped any SEV-enabled cores. AMD still shipped the feature and advertised it as secure.
As I said above, because the entire point of SEV is that a malicious hypervisor can't tamper with a VM running in an SEV partition. Memory is encrypted, register contents are encrypted on context switch, and the VM can encrypt the contents of the disk and all network traffic itself. There are a number of flaws in the design that were pointed out to AMD (by this group of researchers, among others) before they shipped a product. AMD went ahead and shipped it anyway and, shockingly, it turns out that the attacks work.
These researchers, Red Hat, and Microsoft all gave AMD feedback that SEV was broken and needed serious redesign before AMD shipped any products with SEV. This paper is just showing everyone that (some of) the attacks that were pointed out to AMD before they shipped the product actually work in practice.
The entire point of SEV (and Intel's SGX) is to protect the code against a malicious hypervisor. AMD tries to make a dubious distinction between a 'malicious' hypervisor and a 'compromised' hypervisor. Apparently they believe that if an attacker is able to run arbitrary code in the hypervisor, they are less of a threat than if they installed the same malicious code early on.
That said, this is not news. There was a paper published at VEE a year ago (by the same researchers) showing how broken SEV is. Paolo Bonzini (KVM maintainer at Red Hat, among other things) was on the PC and pointed out that they had sent feedback to AMD prior to their shipping it pointing out that the design was fundamentally flawed. Apparently Microsoft sent similar feedback. AMD shipped it anyway, because they needed something to compete with SGX (which is less broken, but also a lot less general).
Dinosaurs also had a different arrangement of scales to modern lizards (overlapping vs tessellated) and had legs pointing straight downwards, whereas surviving lizards have their legs attached at the sides (I don't know how true this is of other reptiles - I am not a biologist).
Given their skeletal structure and the theory that they were warm blooded, I wouldn't be surprised if cows were closer relatives of dinosaurs than most reptiles.
Because it's showing a stunning level of ignorance where it can't even express the problem before. Consider someone trying to learn physics in the same way. They don't really indicate the things that they want to understand and are then shocked that brane theory and string theory seem contradictory and each have strong proponents. They went straight to quantum mechanics because they kept asking people 'how do I learn physics' without saying 'I want to understand the path that a ball will travel when I throw it' (or whatever the real problem that they're trying to solve is). Shockingly, the author discovers that a discipline that people devote an entire professional career to learning a fairly small subset of is difficult to pick up in a few hours.
Andrew Smith, the author of the article Slashdot is reviewing, seems to have no deep knowledge of technology, and no serious interest in learning.
And he's getting silly answers because he's asking the wrong question. Asking 'what is the best way to learn to program?' is like asking 'what is the best way of learning to write well?'. Do you want to learn to write news articles, opinion, marketing copy, novels, technical manuals? The answer will be different in each case, with the possible exception that (as with learning to program) you will be told to practice a lot. If you start with the problem that you want to solve, you will get very different answers, but they might actually be useful.
This is just negotiation and Trump holds all the cards.
I assumed that the entire point of this exercise was for Kim to look like the sane one to other countries. Offer concessions, talk up peace, and then wait for Trump to do something crazy, then walk away sighing and say that you'd have been very happy to deal with a rational country. Then wait for other politicians to step up and offer better terms to be the ones to claim that they were responsible for removing the threat of nuclear NK and claim their Nobel Peace Prize. Having Trump walk away is exactly the thing that they're aiming for.
I almost agree. The problem with your argument is that you're ignoring the fact that their decision meant that people didn't notice during the warranty period that their battery was degraded. I suspect that their engineers made the correct decision for the correct reasons and then someone in accounting figured out how much they'd save on warranty replacements of batteries if people didn't notice the dead batteries for a few more months. Contrast this with the Mac, where they show the full charge capacity of your battery and the discharge cycle count, so it's trivial to figure out if you're eligible for a warranty replacement (they publish the number of recharge cycles for each model that it is expected to retain 80% of its capacity for).
$15bn (the amount that they've just started repaying over the Irish tax issue) is less than $50bn, but I'd think it is a bit more than a slap on the wrist - it's about 15 weeks of Apple's total worldwide profit. It's large enough that you can't just factor it into the cost of doing business and expect to remain profitable.
It was remembered by an AI
Wonderful defence! I didn't delete the files I have a legal obligation to retain, my computer forgot them! I didn't record you illegally, my computer just remembered the video. I'm sure that will go over really well in a court.
There's an old saying about democracy being "two wolves and a sheep voting on what to have for lunch".
The old saying is from someone who doesn't understand game theory. The outcome of such a vote would be that the stronger wolf would be eaten. The weaker wolf knows that it would be dinner tomorrow if it eats the sheep, the sheep knows that it has a better chance of running away from just the weaker wolf than from either both wolves today or the stronger wolf tomorrow.
Any increase in housing supply will drive down costs all down the line
Only if the increase in supply doesn't cause an increase in demand. Increasing the supply of high-end housing can do this, by making an area more attractive for affluent people to move to. I suppose you're technically correct, in that it will reduce the value of other areas, but it doesn't really address the problem if building high-end housing in Seattle causes a small drop in the value of housing in Salt Lake City (for example).
Sorry. But these people are adults.
Everyone that rides the London Underground is an adult? I have no idea why you'd even think that was a plausible premise.
One word: Netflix.
In addition to the other reply, sales of alcohol are age restricted. I have far less of a problem with adverts that encourage adults to make poor life choices than ones that encourage children to do the same. When modern adverts are using psychological manipulation techniques developed for propaganda, allowing advertising of any kind to target children is morally dubious.
I think you mean American style. Many English styles, including Cambridge style, for example, use the same capitalisation rules for titles as for normal sentences.
Office has always been Microsoft's golden cash cow. Windows was never a big money maker for Microsoft, but it was the gateway drug to Office
Look at the Microsoft financials from the late '90s. They were around 45% Windows, 45% Office, and 10% everything else. The ones from the last few years are very different.
Can NetBSD run Google Chrome? Not last time I checked, because the Linux system call ABI is huge. There's a lot of stuff that's common to all *NIX platforms that is trivial, or requires a tiny bit of plumbing (e.g. the values of mmap flags). There's a bit of stuff like epoll, which can be implemented with a little bit of work on the same underlying kernel interfaces that are used to implement kqueue. Then there's weird stuff like seccomp-bpf or, worse, anything used by libkvm, which expose kernel implementation details to userspace. These are very hard to emulate.
Open source works very well when you have either a relatively small number of customers, who have a sufficient need that they will fund development directly, or when you have a large number of customers with sufficiently different needs that they all want to pay someone to add the specific features that they need. There are also some half-way steps that are convenient for a lot of companies. A number of big companies don't really use MS Office in important places, they use a custom stack that happens to be implemented on top of the MS Office platform. They get some of the benefits of open source (it can be customised for their use) and those are the ones that they care the most about.
How about working on enabling 64-bit Windows apps to run on ARM?
64-bit ARM programs do run. 64-bit x86 programs do not
Is it difficult?
Yes, getting an x86-64 emulator working well enough that you can enable it for end users and expect stuff to work out of the box turns out to be a nontrivial problem.
They could hire the top 1000 programmers in the world
I very much doubt that there are 1,000 programmers with experience working on high performance binary translation (I'd actually be quite surprised if there are 100). If they don't have this expertise, then you need to train them. That takes time to do and it takes developer time away from the people who do already have the expertise. It improves bandwidth but not latency (i.e. you won't get the product out of the door quicker).
Microsoft Teams which is lacking in some essential IM functions like letting us know if someone is online, away, or offline.
Really? I've not used Teams much, but it does appear to show me who is online and how long everyone else has been offline.
I use rspamd, which simply rejects very spammy looking emails, greylists ones that are quite spammy, and sticks borderline ones in my spam folder. I get an average of about 5 emails in my spam filter each day. It's well under the threshold where I can easily check it every day (though I typically check it every few days).
I don't think that the filters are making things worse: looking in my logs, I'm rejecting quite a lot of spam that appears to be from botnets. One of my colleagues studies spam and has a few relevant observations.
The first is that spam is intentionally stupid looking. Scammers are not looking for intelligent people to scam, they're looking for people who will see an email from Banc ov Amerika and think that it's a legitimate mail. Those people are a lot easier to scam.
The second is that most spammer actually aren't making money from it. The barriers to entry for spamming are so low that a lot of people buy databases of emails and access to botnets and try sending spam. The people selling the databases and botnets make money, but the spammers don't. That means that treating it as a simple economic problem, as the OP suggested, simply doesn't work.
Meltdown lets you get information across a ring boundary. Spectre lets you get access to memory that's within the program's address space but which shouldn't be readable to a part of the program (e.g. to your web browser's password store from within JavaScript, if you're running a web browser that stores passwords in process).