Sure HTTPS prevents MITM attacks from compromising your browser, but for most sites it does nothing to hide what you are browsing. Crawl a site and fingerprint the packet size and timing of requests, and you can easily compare that a captured trace of your target.
Engineering software typically involves confirming that everything that is supposed to happen, happens. Making software secure involves testing that everything that shouldn't happen, doesn't.
Testing for *every* possible failure case is hard.
Intel's ME being based on MINIX is quite old news. Or at least, based on the summary. Is there anything new in the talk that should have been in the summary / writeup?
And don't plugin that usb key you found in the parking lot... Though usually I would trust a linux machine for examining an unknown usb device. Certainly more than I would trust a Windows box. So this is a little troubling.
Then there is the moving of those stones across land, up ramps and positioning them in place.
Actually, there may be sufficient evidence to suggest that all of this was done via the power of water too. The pyramid's subterranean chamber may have functioned as a hydraulic ram pump, filling some form of temporary lock structure to lift each stone block up and into place.
Replay packet 3 in the 4 way handshake, and the client will encrypt two different payloads with the same key and nonce. A big mistake with most encryption methods.
Worse, linux wpa_supplicant nulls out the key memory but still processes the replayed packet, causing the client to use a known (zero) key.
"But it's not the thing that's speaking to the person next to you."
Well, maybe.
I read a small number of books to my kids, with funny voices and everything, so many times that I could stop thinking about the process at all. My eye's scanned the words on the page, my voice made the noises, but I was off thinking about something else. The rest of my brain had pretty much automated the process.
Sometimes my internal thought process would direct my eyes across the room to look at something, and I'd wonder why my voice stopped.
I don't have a phone or laptop that I carry with me everywhere, so that rules out *all* software solutions. I'm also unlikely to carry around a piece of paper, or buy a key fob. My gripe is that there's no permanent opt-out of the question. While I already know that there are other 2-factor options, the question is phrased primarily around adding a phone number. Which I don't have.
I don't have a phone either, and I have noticed a number of online services are starting to assume that you have one.
I couldn't sign up for online access to my bank's services without a phone, because they want to send me an SMS verification code from time to time.
Use popular services from google or facebook, and they will periodically nag you to enable what they call 2-factor, which again involves an SMS code. Both services fail to provide a "quit annoying me" button.
A version of this patch has been merged into the master branch of me_cleaner. So I'd suggest following their guides to attempt disabling Intel ME. Of course there's a risk you'll brick your motherboard...
Google are a bit of a special case here though. They *have* to filter applicants, they simply get too many good people applying. Perhaps another question worth asking;
Are google's hiring practices making the diversity picture worse for other companies, by hiring such a large percentage of these under-represented groups?
One of my options was that you can verify the entire blockchain, but you don't have to keep spent transactions. So long as you trust your own memory of that verification, you'll be fine.
To mine you only need to hash the latest block, so long as you can trust other people to verify the transactions you are hashing.
To verify new transactions, you only need to keep the set of unspent transactions around, and you could partition that easily enough.
And you could depend on other people to hold all that data for you. There's no real advantage to everyone storing the whole block chain forever, so long as enough people have a backup copy somewhere.
Slashdot Mirror
Sure HTTPS prevents MITM attacks from compromising your browser, but for most sites it does nothing to hide what you are browsing. Crawl a site and fingerprint the packet size and timing of requests, and you can easily compare that a captured trace of your target.
The two most difficult problems in computer Science are cache coherency, naming things and off by one errors.
Garbage In, Garbage Out; used to express the idea that in computing and other fields, incorrect or poor-quality input will produce faulty output.
And what do you do when your engineers leave HQ and go to consult onsite?
Don't forget the space walks. How many times have astronauts put on a suit while inside the station, then touched the outside of the ISS.
Engineering software typically involves confirming that everything that is supposed to happen, happens. Making software secure involves testing that everything that shouldn't happen, doesn't.
Testing for *every* possible failure case is hard.
There's a hobby-ish project attempting to recreate one; Mega 65
Intel's ME being based on MINIX is quite old news. Or at least, based on the summary. Is there anything new in the talk that should have been in the summary / writeup?
What about JTAG?
And don't plugin that usb key you found in the parking lot... Though usually I would trust a linux machine for examining an unknown usb device. Certainly more than I would trust a Windows box. So this is a little troubling.
Then there is the moving of those stones across land, up ramps and positioning them in place.
Actually, there may be sufficient evidence to suggest that all of this was done via the power of water too. The pyramid's subterranean chamber may have functioned as a hydraulic ram pump, filling some form of temporary lock structure to lift each stone block up and into place.
For C code, you can use clang's built in fuzzer. With clang's other sanitizers checking that you aren't triggering any other undesirable behaviour.
Replay packet 3 in the 4 way handshake, and the client will encrypt two different payloads with the same key and nonce. A big mistake with most encryption methods.
Worse, linux wpa_supplicant nulls out the key memory but still processes the replayed packet, causing the client to use a known (zero) key.
"But it's not the thing that's speaking to the person next to you."
Well, maybe.
I read a small number of books to my kids, with funny voices and everything, so many times that I could stop thinking about the process at all. My eye's scanned the words on the page, my voice made the noises, but I was off thinking about something else. The rest of my brain had pretty much automated the process.
Sometimes my internal thought process would direct my eyes across the room to look at something, and I'd wonder why my voice stopped.
... doesn't mean it hasn't been altered. Like that time Bert appeared on an osama bin laden poster.
I don't have a phone or laptop that I carry with me everywhere, so that rules out *all* software solutions. I'm also unlikely to carry around a piece of paper, or buy a key fob. My gripe is that there's no permanent opt-out of the question. While I already know that there are other 2-factor options, the question is phrased primarily around adding a phone number. Which I don't have.
I don't have a phone either, and I have noticed a number of online services are starting to assume that you have one.
I couldn't sign up for online access to my bank's services without a phone, because they want to send me an SMS verification code from time to time.
Use popular services from google or facebook, and they will periodically nag you to enable what they call 2-factor, which again involves an SMS code. Both services fail to provide a "quit annoying me" button.
If something is broken, but nobody has complained, then obviously nobody is using it and the code can be deleted.
Or at least this is a line of reasoning that is commonly used to remove features from open source software.
A version of this patch has been merged into the master branch of me_cleaner. So I'd suggest following their guides to attempt disabling Intel ME. Of course there's a risk you'll brick your motherboard...
Wait for this patch to me_cleaner to be better tested?
And the flow of credit to pay those workers is also drying up.
And lower memory utilisation. As the carefully designed memory model of chrome's multiple processes, share everything they can.
Google are a bit of a special case here though. They *have* to filter applicants, they simply get too many good people applying. Perhaps another question worth asking;
Are google's hiring practices making the diversity picture worse for other companies, by hiring such a large percentage of these under-represented groups?
One of my options was that you can verify the entire blockchain, but you don't have to keep spent transactions. So long as you trust your own memory of that verification, you'll be fine.
To mine you only need to hash the latest block, so long as you can trust other people to verify the transactions you are hashing.
To verify new transactions, you only need to keep the set of unspent transactions around, and you could partition that easily enough.
And you could depend on other people to hold all that data for you. There's no real advantage to everyone storing the whole block chain forever, so long as enough people have a backup copy somewhere.