Well, I learned something today, the top 1% starts at 380K or so according to quite a few different sites via Google. Way different (lower) than what Intuit stated when filing my return, IIRC. Maybe he meant high 5 figure income? High 6 figure, his house should be paid off in a few years or he should be ready for retirement already, or we might all just have to be envious of his lifestyle....
Everyone has jobs that can be done elsewhere. Just don't allow them to sell their output here for subsidized prices. That means tax imports, all imports, with a flat tax. (That side steps all trade agreement issues, as it's across the board).
Amazingly enough, for OSX, the major kernel change occurred with 10.7 with the inclusion of GrandCentral. It's been 4 releases, and there's still bugs in that change, but they're getting ironed out slowly. The GUI changes on the last go round were... jarring. For the most part, I ignore them.
This is provably false. There are certain people, we'll call them rock stars, that you can stick in a room and they'll get a better solution out faster that addresses everything you need versus 100 lines of doesn't work for 20% of the cases code. Sometimes the rock stars do this to existing code with a 1 line mod. It's because they actually take the time to understand the problem and can visualize the system, instead of writing some boilerplate garbage cut and pasted from stackoverflow.
Removing party affiliation from the ballot would be an excellent first step. Why is it on there anyways? And removing straight party voting as an option. Each person voted for must be selected individually. Let's see how long parties survive locally when that happens.
How much money does the Bill & Melinda Gates foundation have again? What breakthroughs have occurred from that source and how long have they been at it?
So you go no cable, you're then paying 1 of the 2 telecoms.... That's "better"? They're all equally corrupt, and not even in meaningfully different ways.
As for music, you're fine, as long as you don't publicly perform nor distribute it. If you do wind up doing either, and there's a question of copying, pay the $0.01 cent per performance fee and you're good.
Illegal raids and rumored internal emails, you don't say? So, what you're telling me is that so far the gov is 0, megaupload 2. And they can't even get him to court legally, sounds like a witchhunt to me, much like the piratebay gang that were convicted as accessories to a crime that was never proven.
Sadly you cannot see that this isn't stealing - it's seizing evidence during a crime. Grabbing 8K from granny however is stealing. They are done under different laws.
Unless he uploaded content himself, he's really only running a system that allows for that, much like AT&T, Comcast, and Verizon allow for it by allowing connections to MegaUpload. Just think if they'd blocked MegaUpload's servers, they certainly have the ability. Much like guns, cars, or the internet, MegaUpload could be used both legally and illegally. If the gov has proof that he actually committed copyright infringement, claimed in the civil action, why don't they charge him with that? Perhaps because they have no proof?
Since the police make the decisions, and benefit from the forfeiture directly, yes, we start by blaming the police and publicizing all incidents and thus apply pressure to the politicians to stop this nonsense. No one is going to say the police are wrong seizing 100 tons of coke and coke covered $100M in a single bust. Grabbing $8K from granny or some business person, yes, and they deserve all the heat they get from that outright theft (you can call it whatever you want, it's still theft)
if you can even start with out a college degree, you would be at 45k/yr (they would take advantage of your ignorance), and the same person with a degree would start at 80k/yr. 5 years later, the 45k/yr may be up to 60k/yr where they bachelors guy is at 120k/yr (at least)..
Where do you live? I haven't seen those numbers anywhere, not commonly anyways. A few exceptional people hit that 120K, and I doubt most are 5 years into their career, other than a few "stupid" places that are pre IPO and haven't had reality set in yet. For the rest of the workforce, 120K is something the majority will never see, or they work in one of the few places where 120K barely gets you by, and even then see the previous statement. (e.g., SF, NYC, Boston)
Technically, all cities should have worked out that way. The way most US cities were built out in the last 100 years is generally unsustainable. The current growth rates for many of the bigger cities cannot be accommodated with the current road systems, nor simple expansion.
If you can drive there faster and cheaper than taking a train, why take a train?
Sure, if you can drive there faster.
During rush hour traffic, that's a big if.
Generally, here, the answer will almost always be "yes". Why? Because the train system only hits a few main routes and my work, as an example, has never been closer than 2 miles from a train station. If work buildings and living quarters were close to where you need to be, then mass transit is awesome.
You missed the point, although I agree just about everything you said. I'd love for cities to have mass transit. It'd be awesome and save me the aggravation of dealing with the hassles of a car. At this time, taking public transit generally greatly increases the time to get from A to B, and often will cost you more, especially if there's more than 1 traveling.
It would be really useful to have a list of makers/cars and when they were infected with all this crap. I have 2 clean cars, guess I'll be keeping them running as long as possible.
Except that these aren't shortcomings of the spec and, in fact, are never presented as such by Nohl and Lell...They referred to these as features, not flaws, and very clearly placed the blame on the devices, stating that the fix is to make the devices themselves not reprogrammable.
I agree that they are features, and that the devices being reprogrammable is a problem. That still doesn't alleviate the fact that a bus designed to carry adhoc device traffic has 0 security features associated with it. There's no cryptographic signing, no validation. No notification that a new device hooked up. Etc. Those are the deficiencies in the spec. It's like saying that DOS has no design flaws related to user security. You can argue that there was no intent to provide system security, but that proves my point that the USB spec design has short-comings (in security).
There is a DMA component, a quick search reveals they haven't fixed that either yet. Bah.
That was still in reference to FireWire. Further reading shows that the DMA aspect can be mitigated, if desired, as some performance cost.
And, in any case, the OS providing virtualized DMA for Firewire (and it is an OS feature,
It's an OS feature only AFAIK.
Firewire device from injecting a rootkit into RAM during the boot process....the only thing I can't confirm without testing devices directly is whether or not I'd be able to find a Firewire device I could reprogram to do exactly what Nohl and Lell did with USB. If one can be found that can be reprogrammed, one can be found to host something akin to BadUSB; let's call it BadWire.
I get the impression that FireWire DMA access is OS driver based, not inherent in the interface, which makes sense to me. I'd bet that most FireWire devices have updatable firmware, much like every other device.
And, that says nothing of Thunderbolt, which many people use for permanently-connected displays and drives. That also uses DMA (in fact, it exposes one or more PCI-Express lanes, depending on which revision of the spec is implemented)....
Of course, that assumes, as Nohl and Lell said, "that [the] devices can be reprogrammed", which, really, is the crux of the attack.
I think for the sake of argument that all classes of devices in question are most likely reprogrammable. USB is just the most susceptible because it's the most likely to have adhoc foreign devices being plugged into your system temporarily. The reason I state so strongly that it is a spec design flaw is because USB's purpose was to allow this type of connectivity.
Since I managed to find that last quote on my own, but I still cannot find any reference to DMA in relation to BadUSB, I'll ask, instead, for a quote or reference for that. Again, greatly appreciated.
I think we've addressed everything else, so I'll clarify this one: the reference to DMA was to FireWire et al security issues, and the fact that DMA access won't allow you to reprogram your BIOS/EFI, at least not as far as I'm aware of. I meant nothing more by this statement, nor did I mean to imply that USB allowed DMA access.
To sum up, BadUSB is a demonstration program of a collection of USB attacks allowed by a combination of poor spec security and bad controller implementation. If the USB bus is live, it is possible for a device to set itself up as a keyboard. On OS operation, a device can set itself up as any device the OS recognizes, including keyboards and network controllers. If the controllers were not reprogrammable, only the propagation of the attack set would be impacted, as USB devices could still be created, although now Tom the cracker down the hall would have a much harder time implementing any of the attacks.
I don't dispute the technical hurdles you list regarding BIOS/EFI reprogramming nor the on the fly USB controller reprogramming. Both obviously are very special narrow cases restricted by the target hardware/firmware. The point wasn't to say this was a wide open attack that could be exploited by downloading a snippet of code, running it locally and pointing it at something and typing "attack". The point is that this shows the depth of what can be done given the current implementation and spec design short-comings, and some of this is suspected to have been used as long ago as 2010 with Stuxnet.
In all, I learned a few things and it appears you did as well.
He killed it when he appointed Wheeler to head the FCC. He was unanimously approved, meaning very deep non-partisan pockets were behind him becoming the FCC chairman. That should scare everyone considering how grid-locked and partisan congress has been over the past couple of terms.
A lot of those are CSS popups now. Alt-F4 closes the containing page.
What is this "Alt" key you speak of?
Well, I learned something today, the top 1% starts at 380K or so according to quite a few different sites via Google. Way different (lower) than what Intuit stated when filing my return, IIRC. Maybe he meant high 5 figure income? High 6 figure, his house should be paid off in a few years or he should be ready for retirement already, or we might all just have to be envious of his lifestyle....
Everyone has jobs that can be done elsewhere. Just don't allow them to sell their output here for subsidized prices. That means tax imports, all imports, with a flat tax. (That side steps all trade agreement issues, as it's across the board).
Hand rolled encryption scheme you have to install drivers for on all your users' computers, of course.
It'll be perfectly secure, because no one will use it.
That doesn't make it secure, only a potentially less desirable target.
...some boilerplate garbage cut and pasted from stackoverflow.
Is the text still available on Stackoverflow following the paste operation?
Then you meant "copied and pasted". Not quite the same thing. You should use the one that actually means what you apparently want to say.
A "cut" on a non-editable item equals a copy, so I suppose to be pedantically correct, I should have said "copied".
Amazingly enough, for OSX, the major kernel change occurred with 10.7 with the inclusion of GrandCentral. It's been 4 releases, and there's still bugs in that change, but they're getting ironed out slowly. The GUI changes on the last go round were... jarring. For the most part, I ignore them.
I would rather Microsoft adopt GNU/Linux or FreeBSD / OpenBSD and deploy their applications on this platform.
Perhaps they could then just call their OS {Windows} X?
This is provably false. There are certain people, we'll call them rock stars, that you can stick in a room and they'll get a better solution out faster that addresses everything you need versus 100 lines of doesn't work for 20% of the cases code. Sometimes the rock stars do this to existing code with a 1 line mod. It's because they actually take the time to understand the problem and can visualize the system, instead of writing some boilerplate garbage cut and pasted from stackoverflow.
Removing party affiliation from the ballot would be an excellent first step. Why is it on there anyways? And removing straight party voting as an option. Each person voted for must be selected individually. Let's see how long parties survive locally when that happens.
How much money does the Bill & Melinda Gates foundation have again? What breakthroughs have occurred from that source and how long have they been at it?
So you go no cable, you're then paying 1 of the 2 telecoms.... That's "better"? They're all equally corrupt, and not even in meaningfully different ways.
As for music, you're fine, as long as you don't publicly perform nor distribute it. If you do wind up doing either, and there's a question of copying, pay the $0.01 cent per performance fee and you're good.
Illegal raids and rumored internal emails, you don't say? So, what you're telling me is that so far the gov is 0, megaupload 2. And they can't even get him to court legally, sounds like a witchhunt to me, much like the piratebay gang that were convicted as accessories to a crime that was never proven.
Sadly you cannot see that this isn't stealing - it's seizing evidence during a crime. Grabbing 8K from granny however is stealing. They are done under different laws.
It's 6, they're having a super 20% off sale.
Unless he uploaded content himself, he's really only running a system that allows for that, much like AT&T, Comcast, and Verizon allow for it by allowing connections to MegaUpload. Just think if they'd blocked MegaUpload's servers, they certainly have the ability. Much like guns, cars, or the internet, MegaUpload could be used both legally and illegally. If the gov has proof that he actually committed copyright infringement, claimed in the civil action, why don't they charge him with that? Perhaps because they have no proof?
Since the police make the decisions, and benefit from the forfeiture directly, yes, we start by blaming the police and publicizing all incidents and thus apply pressure to the politicians to stop this nonsense. No one is going to say the police are wrong seizing 100 tons of coke and coke covered $100M in a single bust. Grabbing $8K from granny or some business person, yes, and they deserve all the heat they get from that outright theft (you can call it whatever you want, it's still theft)
if you can even start with out a college degree, you would be at 45k/yr (they would take advantage of your ignorance), and the same person with a degree would start at 80k/yr. 5 years later, the 45k/yr may be up to 60k/yr where they bachelors guy is at 120k/yr (at least)..
Where do you live? I haven't seen those numbers anywhere, not commonly anyways. A few exceptional people hit that 120K, and I doubt most are 5 years into their career, other than a few "stupid" places that are pre IPO and haven't had reality set in yet. For the rest of the workforce, 120K is something the majority will never see, or they work in one of the few places where 120K barely gets you by, and even then see the previous statement. (e.g., SF, NYC, Boston)
Technically, all cities should have worked out that way. The way most US cities were built out in the last 100 years is generally unsustainable. The current growth rates for many of the bigger cities cannot be accommodated with the current road systems, nor simple expansion.
Sure, if you can drive there faster.
During rush hour traffic, that's a big if.
Generally, here, the answer will almost always be "yes". Why? Because the train system only hits a few main routes and my work, as an example, has never been closer than 2 miles from a train station. If work buildings and living quarters were close to where you need to be, then mass transit is awesome.
You missed the point, although I agree just about everything you said. I'd love for cities to have mass transit. It'd be awesome and save me the aggravation of dealing with the hassles of a car. At this time, taking public transit generally greatly increases the time to get from A to B, and often will cost you more, especially if there's more than 1 traveling.
But, I ask, what is the point of a slow passenger train for commuting?
In the US? Just about none in most of the country. If you can drive there faster and cheaper than taking a train, why take a train?
It would be really useful to have a list of makers/cars and when they were infected with all this crap. I have 2 clean cars, guess I'll be keeping them running as long as possible.
Except that these aren't shortcomings of the spec and, in fact, are never presented as such by Nohl and Lell...They referred to these as features, not flaws, and very clearly placed the blame on the devices, stating that the fix is to make the devices themselves not reprogrammable.
I agree that they are features, and that the devices being reprogrammable is a problem. That still doesn't alleviate the fact that a bus designed to carry adhoc device traffic has 0 security features associated with it. There's no cryptographic signing, no validation. No notification that a new device hooked up. Etc. Those are the deficiencies in the spec. It's like saying that DOS has no design flaws related to user security. You can argue that there was no intent to provide system security, but that proves my point that the USB spec design has short-comings (in security).
There is a DMA component, a quick search reveals they haven't fixed that either yet. Bah.
That was still in reference to FireWire. Further reading shows that the DMA aspect can be mitigated, if desired, as some performance cost.
And, in any case, the OS providing virtualized DMA for Firewire (and it is an OS feature,
It's an OS feature only AFAIK.
Firewire device from injecting a rootkit into RAM during the boot process. ...the only thing I can't confirm without testing devices directly is whether or not I'd be able to find a Firewire device I could reprogram to do exactly what Nohl and Lell did with USB. If one can be found that can be reprogrammed, one can be found to host something akin to BadUSB; let's call it BadWire.
I get the impression that FireWire DMA access is OS driver based, not inherent in the interface, which makes sense to me. I'd bet that most FireWire devices have updatable firmware, much like every other device.
And, that says nothing of Thunderbolt, which many people use for permanently-connected displays and drives. That also uses DMA (in fact, it exposes one or more PCI-Express lanes, depending on which revision of the spec is implemented).... Of course, that assumes, as Nohl and Lell said, "that [the] devices can be reprogrammed", which, really, is the crux of the attack.
I think for the sake of argument that all classes of devices in question are most likely reprogrammable. USB is just the most susceptible because it's the most likely to have adhoc foreign devices being plugged into your system temporarily. The reason I state so strongly that it is a spec design flaw is because USB's purpose was to allow this type of connectivity.
Since I managed to find that last quote on my own, but I still cannot find any reference to DMA in relation to BadUSB, I'll ask, instead, for a quote or reference for that. Again, greatly appreciated.
I think we've addressed everything else, so I'll clarify this one: the reference to DMA was to FireWire et al security issues, and the fact that DMA access won't allow you to reprogram your BIOS/EFI, at least not as far as I'm aware of. I meant nothing more by this statement, nor did I mean to imply that USB allowed DMA access.
To sum up, BadUSB is a demonstration program of a collection of USB attacks allowed by a combination of poor spec security and bad controller implementation. If the USB bus is live, it is possible for a device to set itself up as a keyboard. On OS operation, a device can set itself up as any device the OS recognizes, including keyboards and network controllers. If the controllers were not reprogrammable, only the propagation of the attack set would be impacted, as USB devices could still be created, although now Tom the cracker down the hall would have a much harder time implementing any of the attacks.
I don't dispute the technical hurdles you list regarding BIOS/EFI reprogramming nor the on the fly USB controller reprogramming. Both obviously are very special narrow cases restricted by the target hardware/firmware. The point wasn't to say this was a wide open attack that could be exploited by downloading a snippet of code, running it locally and pointing it at something and typing "attack". The point is that this shows the depth of what can be done given the current implementation and spec design short-comings, and some of this is suspected to have been used as long ago as 2010 with Stuxnet.
In all, I learned a few things and it appears you did as well.
He killed it when he appointed Wheeler to head the FCC. He was unanimously approved, meaning very deep non-partisan pockets were behind him becoming the FCC chairman. That should scare everyone considering how grid-locked and partisan congress has been over the past couple of terms.