As a thought, I'd bring attention to the actual, solvable problems.
Great!
Healthcare - posted rates for all providers, insurance may have no direct links to providers, and potentially universal single payer "base" system.
Air pollution - raise CAFE standards for CO2 emitting vehicles
CO2 emitting energy plants - continue adding wind, solar, hydro, tidal power generation and continue to reduce coal/natural gas
That's just a few major ones, all with direct impact to your health and wallet. What's not said is that while coal and natural gas workers will suffer, all those technicians and construction folks involved with the cleaner energy build up will benefit. It's just that those that live in undiversified economic areas based on coal, oil, and/or natural gas will suffer or move. It's not any different than any other job market - when the need for work dries up, you migrate to where there is an unmet need. It won't always be better or what you want, but it's what you need to do. Demanding that people support you and your desire to make money a certain way seems... unamerican.
My impression of Trump is not that he wants to eliminate all regulation, just unnecessary and over-burdensome regulation. I'd recommend the environmental lobby switch from screaming about doomsday shit we can't fix but makes them rich trying (like global warming) and focus instead on practical things we can fix (like unsafe fracking practices).
There certainly is some overburdensome regulation and that should be addressed. The other thing that should be addressed is product tax generation recovery (also known more simply as sales tax, or a universal import tariff) After all, all those imports are not generating any tax dollars for the fed which shifts the burden to those that are still working instead of those choosing to put people out of work so they can save 2 cents on their soon to be trashed plastic trinket.
We can fix unsafe fracking practices - hold everyone accountable associated with them, including their backers and investors. Jail time mandatory for intentionally polluting ground water seems reasonable. Note: injecting chemical mixtures into the ground would be considered intentionally polluting ground water, unless you've created a nice leak-proof reservoir to hold said chemical mixture. And that only covers 1 problem with fracking.
Failed RAID controllers, sata controllers, MFM controllers, various disks (clicking to just... not working) You name it, I think I've experienced it including a Seagate disk long long ago that failed a bearing or something and actually came to a literal screeching halt. Stuff happens, disks fail. Bits rot. I rotate in a new set of cheap disks about every 3 years for a new cloned set. Usually I'll double the size of the disks on each purchase, so I get a 2 for 1 reduction in backups. I put the old disks in a closet. I actually still have a few scsi disks from back in 2001 that I recently grabbed some files from, just to be sure I had a full copy, namely because I was getting rid of those. Interesting what you find on disks from early 2000s. I still have a couple of RLL drives that I'm going to wipe and toss, but I'd like to see what's on them first.
A few sharp speed bumps will only cost a couple of thousand, and will definitely slow down traffic. Or, enlist a few citizens as ticket writers, with a 20 mph speed limit, you should be able to lower your taxes on top of providing more jobs.
So you want to compare a multi-year out CPU socket with an initial release motherboard option for a CPU you can just recently purchase and complain about untweaked feature sets? OK, go ahead, I guess this will be the only chipset for this obsolete CPU that will ever be out there. Oh, and the much greater mesh bandwidth capable AMD CPUs will certainly never be taken advantage of, either.
We don't have to, since some of us wrote it. Some of us were around for a long time without accounts, like in the 3 and 4 digit days. Giving any info to anyone was pretty much questioned as a "why would I" at that time.
Based on a quick review, the AMD X370 appears to have 2 X16 and 8 X2 which can be multiplexed together to support up to 4 M.2 SSDs, if you wanted to go that route.
An example is the MMO Star Wars: The Old Republic....inter In an area where there's a ton of players, your frame rate drops below 60 fps, and sometimes even below 30 fps, and the graphics card fan is silent.
That case is exactly where an asynchronous model would excel, keeping the framerate steady and offloading all object rendering to external pieces. It should be easy enough to do so, but the re-assembly is where it gets hard. However, that still doesn't get around the base issue that 100K+ things are being rendered for a frame when only a few hundred, at most, will ever be seen. Those particular game devs only know 1 way to solve a problem, which is the core problem.
Single threaded performance is benchmark for how fast a single unit of work can be done. Multi-threaded is how many units you can do simultaneously. Games have notoriously been single threaded for ever, because it's a lot easier to program a linear algorithm and keep memory use clean. when you go parallel, there's all sorts of fun involved, especially if you're simultaneously doing multiple tasks on the same in memory data. Most developers have trouble with the linear algorithm already.
Who honestly uses a RAID card on a desktop system these days? Software RAID does everything you need, and just works with no noticeable performance hit for the most common desktop RAID0/1/10 configurations, with no expensive hardware needed. Servers with HA requirements I wouldn't run without them.
And therein lies the problem. Linux is a technical OS, for technical people who can solve technical problems.
And therein lies the problem, people that think Linux is a technical OS only for technical people, and those that perpetuate that vision.
The real elephant in the room problem are those people that use the latest version of Office whose documents have interoperability issues with pretty much everything else. That takes some minor finagling to fix most of the common errors that put people off (unsupported fonts) and for 99% of regular people that will address everything they need.
Given where we were, should a rational electorate focused administration replace the current one, the groundwork laid in the last 8 years points to a very clear path for FCC regulation that could be enacted quickly and lawsuits would be relatively quick in their resolution. They do not have to start from scratch.
Yes, but the fact that he did was what counted, and it wasn't a half-hearted attempt either. As for optimism, I concur, at this point, there is none. We will have to wait 4 years.
Actually, surprisingly, under Wheeler they were doing their job. They effectively moved the internet to common carrier status. Pai is undoing all that. I hope to see it all reversed within 4 years.
The reason the FCC came about was because there was no FCC to institute rules, and the bandit monopolies gouged everyone for everything. Remember when you had to pay $1 / minute to call across town? Without the FCC and its rulings, that'd be more like $5/min today.
It doesn't take leadership to do what Pai is doing. There's a reason those rules were put into place. As a former telecom employee he fought them tooth and nail as they hampered the profitability of the company he was paid to protect and likely had some stake in the outcome of. So now he gets to remove those things he fought so valiantly against and gee, is anyone surprised that he does just that? I wonder how much telecom stock he owns and under what terms, blind trust or not, as well as family and friends?
And this is what I'm waiting for - realistic multi-core performance improvements. Single core finally plateaued about 4 years ago. Competition is good.
No, your process starts with a *masked* token. The security subsystem creates *two* tokens when you log in: One with all of your privileges and one where "admin" privileges has been masked out. Switching from the masked token to the unmasked token is called *elevation*.
What you describe is true for a user with admin privs. This is not privilege elevation of the type I'm discussing, where you can actually temporarily elevate a process's permissions to, for example, do 1 task as an admin and then drop back into normal priv level for the remainder. This used to be possible in windows prior to the 2008R2 release, albeit somewhat clunky and difficult. It is still possible if you drop into serious hacking, but you'll be working around system processes to do so. The recommended workaround is to use a separate process launching process to create a new process with the appropriate permissions, execute your task, and then said process ends.
Note that my processes that I'm discussing have significantly less than regular user permissions. I don't run wide open like a regular windows user.
Exactly how does Windows starting with maximum permissions actually manifest as a real world example?
It's the root of all buffer overflow, DLL injection, and any other type of attack. IOW, this is not hypothetical, but a real world issue. You should also note that Windows last I looked suffers from the largest number of severe or higher level security issues. That would be the type of security issues where the machine can be compromised. Most of those don't care about what user account you're running from, precisely because of this problem.
If you start with a basic account, you don't have to whittle away its rights; it is low by default. If you want it to be a higher access account then you add it to the Administrators group. Then it inherits the additional permissions. This is the opposite of what you described.
Where you might be getting confused is that the permissions system allows for both Allow and Deny settings, but it is extremely rare to see Deny being used. For an example of how Deny works, if you wanted to create an account that could install software, but not edit the firewall settings, you would add the Administrators group to the account and then Deny edit rights to the firewall. Deny is only useful AFTER you have raised the account's permissions from the default low settings.
And this is where you're confused. How do you think you get that higher permission process? It's because you have access to calling a process with system privs as a regular user. But you don't even need that access to break security. Your regular "low-priv" user process still has the ability to inject DLLs. A simple DLL injection with a method overriding an existing DLL method that is called with a system priv process, which you can also accomplish simply with your "low-priv" user process, is all it takes to break out of the security sandbox. (This was actually a recommended process for having a true no privs process effectively elevate a security token within its process. This is a terrible hack, btw, and just shows how bad security in Windows really is) The approach we used was to create a separate service process that had privs setup to solely spawn a new process with the permissions we needed to effectively do what we needed to do without completely opening up the system to all sorts of potential escalation attacks. While somewhat clunky and spawning multiple processes and having to deal with IPC, this was still a better approach security wise than all other options under windows. AFAIK, those servers still haven't been hacked through our processes.
So no, the "non-privileged" user in Windows really isn't a non-privileged user in the sense of what they can do security wise, unless and until you completely lock down the machine to the point that it is effectively a kiosk with only a single directory available for read-write with limited applications available none of which have code execution capabilities nor network access capabilities. It really is that bad.
They can't make it work. Windows core architecture is fundamentally broken and insecure. See MS's documentation about security tokens and permissions. You can only unmask permissions since 2008R2. This means that your process starts with max permissions and is masked to reduce it. Totally unlike the authentication/authorization and security elevation process in pretty much every other system out there.
Slashdot Mirror
As a thought, I'd bring attention to the actual, solvable problems.
Great!
That's just a few major ones, all with direct impact to your health and wallet. What's not said is that while coal and natural gas workers will suffer, all those technicians and construction folks involved with the cleaner energy build up will benefit. It's just that those that live in undiversified economic areas based on coal, oil, and/or natural gas will suffer or move. It's not any different than any other job market - when the need for work dries up, you migrate to where there is an unmet need. It won't always be better or what you want, but it's what you need to do. Demanding that people support you and your desire to make money a certain way seems... unamerican.
My impression of Trump is not that he wants to eliminate all regulation, just unnecessary and over-burdensome regulation. I'd recommend the environmental lobby switch from screaming about doomsday shit we can't fix but makes them rich trying (like global warming) and focus instead on practical things we can fix (like unsafe fracking practices).
There certainly is some overburdensome regulation and that should be addressed. The other thing that should be addressed is product tax generation recovery (also known more simply as sales tax, or a universal import tariff) After all, all those imports are not generating any tax dollars for the fed which shifts the burden to those that are still working instead of those choosing to put people out of work so they can save 2 cents on their soon to be trashed plastic trinket.
We can fix unsafe fracking practices - hold everyone accountable associated with them, including their backers and investors. Jail time mandatory for intentionally polluting ground water seems reasonable. Note: injecting chemical mixtures into the ground would be considered intentionally polluting ground water, unless you've created a nice leak-proof reservoir to hold said chemical mixture. And that only covers 1 problem with fracking.
ZFS ... need 1GB of RAM for every TB of data.
I finally have an excuse to double my RAM.
Failed RAID controllers, sata controllers, MFM controllers, various disks (clicking to just... not working) You name it, I think I've experienced it including a Seagate disk long long ago that failed a bearing or something and actually came to a literal screeching halt. Stuff happens, disks fail. Bits rot. I rotate in a new set of cheap disks about every 3 years for a new cloned set. Usually I'll double the size of the disks on each purchase, so I get a 2 for 1 reduction in backups. I put the old disks in a closet. I actually still have a few scsi disks from back in 2001 that I recently grabbed some files from, just to be sure I had a full copy, namely because I was getting rid of those. Interesting what you find on disks from early 2000s. I still have a couple of RLL drives that I'm going to wipe and toss, but I'd like to see what's on them first.
A few sharp speed bumps will only cost a couple of thousand, and will definitely slow down traffic. Or, enlist a few citizens as ticket writers, with a 20 mph speed limit, you should be able to lower your taxes on top of providing more jobs.
So you want to compare a multi-year out CPU socket with an initial release motherboard option for a CPU you can just recently purchase and complain about untweaked feature sets? OK, go ahead, I guess this will be the only chipset for this obsolete CPU that will ever be out there. Oh, and the much greater mesh bandwidth capable AMD CPUs will certainly never be taken advantage of, either.
none of it treats me like a complete idiot as efficiently as Java does. Java is very good at that...
I'd say that's a failing of Java, it usually protects you from such things.
Is that because Goodenough is the enemy of perfection?
The enemy of Perfection are graboids.
We don't have to, since some of us wrote it. Some of us were around for a long time without accounts, like in the 3 and 4 digit days. Giving any info to anyone was pretty much questioned as a "why would I" at that time.
Based on a quick review, the AMD X370 appears to have 2 X16 and 8 X2 which can be multiplexed together to support up to 4 M.2 SSDs, if you wanted to go that route.
An example is the MMO Star Wars: The Old Republic. ...inter In an area where there's a ton of players, your frame rate drops below 60 fps, and sometimes even below 30 fps, and the graphics card fan is silent.
That case is exactly where an asynchronous model would excel, keeping the framerate steady and offloading all object rendering to external pieces. It should be easy enough to do so, but the re-assembly is where it gets hard. However, that still doesn't get around the base issue that 100K+ things are being rendered for a frame when only a few hundred, at most, will ever be seen. Those particular game devs only know 1 way to solve a problem, which is the core problem.
Single threaded performance is benchmark for how fast a single unit of work can be done. Multi-threaded is how many units you can do simultaneously. Games have notoriously been single threaded for ever, because it's a lot easier to program a linear algorithm and keep memory use clean. when you go parallel, there's all sorts of fun involved, especially if you're simultaneously doing multiple tasks on the same in memory data. Most developers have trouble with the linear algorithm already.
Who honestly uses a RAID card on a desktop system these days? Software RAID does everything you need, and just works with no noticeable performance hit for the most common desktop RAID0/1/10 configurations, with no expensive hardware needed. Servers with HA requirements I wouldn't run without them.
And therein lies the problem. Linux is a technical OS, for technical people who can solve technical problems.
And therein lies the problem, people that think Linux is a technical OS only for technical people, and those that perpetuate that vision.
The real elephant in the room problem are those people that use the latest version of Office whose documents have interoperability issues with pretty much everything else. That takes some minor finagling to fix most of the common errors that put people off (unsupported fonts) and for 99% of regular people that will address everything they need.
Given where we were, should a rational electorate focused administration replace the current one, the groundwork laid in the last 8 years points to a very clear path for FCC regulation that could be enacted quickly and lawsuits would be relatively quick in their resolution. They do not have to start from scratch.
Yes, but the fact that he did was what counted, and it wasn't a half-hearted attempt either. As for optimism, I concur, at this point, there is none. We will have to wait 4 years.
Actually, surprisingly, under Wheeler they were doing their job. They effectively moved the internet to common carrier status. Pai is undoing all that. I hope to see it all reversed within 4 years.
The reason the FCC came about was because there was no FCC to institute rules, and the bandit monopolies gouged everyone for everything. Remember when you had to pay $1 / minute to call across town? Without the FCC and its rulings, that'd be more like $5/min today.
It doesn't take leadership to do what Pai is doing. There's a reason those rules were put into place. As a former telecom employee he fought them tooth and nail as they hampered the profitability of the company he was paid to protect and likely had some stake in the outcome of. So now he gets to remove those things he fought so valiantly against and gee, is anyone surprised that he does just that? I wonder how much telecom stock he owns and under what terms, blind trust or not, as well as family and friends?
Still, 3k a month is $36000 a year.
That's only a little more than ACA family health plans. So what's he whining about again?
And this is what I'm waiting for - realistic multi-core performance improvements. Single core finally plateaued about 4 years ago. Competition is good.
As long as regulations allow and even encourage mergers and monopolies you will continue to have no (free) market.
No, your process starts with a *masked* token. The security subsystem creates *two* tokens when you log in: One with all of your privileges and one where "admin" privileges has been masked out. Switching from the masked token to the unmasked token is called *elevation*.
What you describe is true for a user with admin privs. This is not privilege elevation of the type I'm discussing, where you can actually temporarily elevate a process's permissions to, for example, do 1 task as an admin and then drop back into normal priv level for the remainder. This used to be possible in windows prior to the 2008R2 release, albeit somewhat clunky and difficult. It is still possible if you drop into serious hacking, but you'll be working around system processes to do so. The recommended workaround is to use a separate process launching process to create a new process with the appropriate permissions, execute your task, and then said process ends.
Note that my processes that I'm discussing have significantly less than regular user permissions. I don't run wide open like a regular windows user.
If you have the ability to run arbitrary code, see other post for details on how and why you're still not secure.
I'm sorry, but I think that is completely wrong.
And you'd be wrong.
Exactly how does Windows starting with maximum permissions actually manifest as a real world example?
It's the root of all buffer overflow, DLL injection, and any other type of attack. IOW, this is not hypothetical, but a real world issue. You should also note that Windows last I looked suffers from the largest number of severe or higher level security issues. That would be the type of security issues where the machine can be compromised. Most of those don't care about what user account you're running from, precisely because of this problem.
If you start with a basic account, you don't have to whittle away its rights; it is low by default. If you want it to be a higher access account then you add it to the Administrators group. Then it inherits the additional permissions. This is the opposite of what you described.
Where you might be getting confused is that the permissions system allows for both Allow and Deny settings, but it is extremely rare to see Deny being used. For an example of how Deny works, if you wanted to create an account that could install software, but not edit the firewall settings, you would add the Administrators group to the account and then Deny edit rights to the firewall. Deny is only useful AFTER you have raised the account's permissions from the default low settings.
And this is where you're confused. How do you think you get that higher permission process? It's because you have access to calling a process with system privs as a regular user. But you don't even need that access to break security. Your regular "low-priv" user process still has the ability to inject DLLs. A simple DLL injection with a method overriding an existing DLL method that is called with a system priv process, which you can also accomplish simply with your "low-priv" user process, is all it takes to break out of the security sandbox. (This was actually a recommended process for having a true no privs process effectively elevate a security token within its process. This is a terrible hack, btw, and just shows how bad security in Windows really is) The approach we used was to create a separate service process that had privs setup to solely spawn a new process with the permissions we needed to effectively do what we needed to do without completely opening up the system to all sorts of potential escalation attacks. While somewhat clunky and spawning multiple processes and having to deal with IPC, this was still a better approach security wise than all other options under windows. AFAIK, those servers still haven't been hacked through our processes.
So no, the "non-privileged" user in Windows really isn't a non-privileged user in the sense of what they can do security wise, unless and until you completely lock down the machine to the point that it is effectively a kiosk with only a single directory available for read-write with limited applications available none of which have code execution capabilities nor network access capabilities. It really is that bad.
They can't make it work. Windows core architecture is fundamentally broken and insecure. See MS's documentation about security tokens and permissions. You can only unmask permissions since 2008R2. This means that your process starts with max permissions and is masked to reduce it. Totally unlike the authentication/authorization and security elevation process in pretty much every other system out there.