So says the guy who marked someone a "foe" to the person who did not do the same to to person calling him a liar. Pretty fucking passively aggressively weak isn't it? you poor little boy - someone challenges your ignorance and you pretend your response is all my fault. The world must be a very hard place for you to live in.
If security was as bad as you make it out to be, then why can't you demonstrate a hole?
It has been demonstrated as by others - it is such a well known problem that Wikipedia has an article on it: https://en.wikipedia.org/wiki/Virtual_machine_escape Symantec have written about it: https://www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf and there have been items in the news: http://www.darkreading.com/risk/hacking-tool-lets-a-vm-break-out-and-attack-its-host/d/d-id/1131254?
Jails, zones and some other tools are things with security as a design consideration. The virtual machines we get to work with were designed for other reasons and do not really add anything other than an illusion of security.
I'm not lying. I'm drawing an inference from your statements
Then look up the word "IF". You know it already? Then you are NOT drawing an inference from my statements.
The virtual machine software we have directly interfaces with real hardware on a lot of levels - for example Virtualbox putting ethernet cards into promiscious mode. An exploit of the VM could very obviously exploit what the VM has full control over. I really don't get why you are so angry when such things are discussed.
I did not guarantee anything as you know - pretty fucking obvious lie. The paper goes into what you, I and many others wish for but we have been delivered the opposite - an application with enough security to stop the honest tacked on as an afterthought.
So you can guarantee being able to break out of the VM
Now where did I say that? What's with the lies over something so trivial? I wrote what I wrote and not what the strawman in your head is up to.
This is a very old and well understood problem ( http://www.csl.sri.com/users/r... ) and I suggest you learn about the implications instead of frothing at the mouth in denial. When the VM has been designed without security in mind and with hooks deep into the host at the kernel driver level without separation then an exploit of the VM software can escalate to the host. You don't have to trust me on this - learn about the topic and you'll be able to see that much yourself.
Here's a fun thing from 16 years back you can still play with today: http://www.x-plane.com/adventures/mars.html It can be used to roughly look at aerobraking and other things in Mars air. Even turning is a challenge.
I was thinking about that when I was wondering what possible reason there would be to expend insane amounts of fuel to get to Mars in 30 days. Buzz Aldrin worked out the easiest way to get to Mars in a reasonable timeframe but that's quite a few months of getting zapped.
Despite all the silly bits the Japanese Anime from a few years ago "Planetes" explored the issue well. With a thriving moon colony, a lot of activity in orbit and all the technology to enable that there was still the situation where older astronauts were almost certain to die of cancer before retirement.
Indeed - success was from a lot more than "the workers consistently follow the specified procedure". The cultural differences that you are crediting are neither so simple or even something that originally came from Asia.
The differences today really come down to a changed idea of who can be a manager and how to do it - the irony of the "born to rule" attitude infesting US management would be funny if it wasn't so tragic. Henry Ford and Thomas Edison were not born to rule.
You live in a silly small country that hopefully soon will drift into insignificance
I live in a very large country that is already insignificant but has not dropped the ball on education as badly as the United States of America has. A few decades ago I believe it educated it's engineers well, so that even if I was the least of them I can at least deal with simple stuff as this.
I suggest watching some videos of buildings in real disasters to cure yourself of this very sick little conspiracy theory.
The tiny bit of difference in earth rotation speed from top of a sky scraper to its base is _hughe_
WTF - do the mathematics yourself instead of taking the word of whatever nut fooled you- it's ignorable. You may be a coder and not an engineer but you can work this out and shake the bullshit out of your head.
The point is these things have been designed without security in mind, they have been designed for a completely different purpose, so they can't be described as "hardened", not even the catchup game years after design with your example.
So yes, a virtual machine providers security benefits
Not really, and effectively zero if it exploits a bug in the VM. The point is these things have been designed without security in mind, they have been designed for a completely different purpose, so they can't ve described as "hardened" - not even the pathetic security catchup game being played with Hyper-V.
Which in English means decryption. WTF is wrong with you people? Being able to accept your own minor failings, especially incredibly trivial little ones, is part of being an adult.
I suggest you look up the "the Toyota way" (https://en.wikipedia.org/wiki/The_Toyota_Way) to get a few misconceptions cleared up and find out where that consistency comes from. You have to write the book first to be able to go "by the book", and it needs correction from time to time. An attitude of stasis has you selling buggy whips in the automobile age.
Although it's now something associated with Asia that cultural thing was a continuation of the ideas of Henry Ford and others. What we see far too much of now as "the American way" is instead to ideas of trust fund babies like Edsel Ford who were happy to coast along and relied on people below them to make ad-hoc changes. Our manufacturing culture used to look like the Toyota way, now instead it looks like a bunch of drunken roaming bandits looking for someone who has actually got something to work to steal from.
All that said, recent Asian graduates don't really know about that either - I'm just clearing up the idea that "just going by the book" is where the success of those Asian companies came from. They get things to work well, write the book, then go by it until it's time to change it - just like some successful places in the west have done.
No they CAN'T and AREN'T, you can brute force a hash or use rainbow tables to lookup possibilities but you CANNOT decrypt them as they are one way.
Solving with brute force IS a way to decrypt. A dictionary is not just for attacks, it's also a book for looking up the accepted meanings of words such as decrypt instead of your own pet definition that I'm somehow supposed to know before you attack me for not reading your poorly educated mind.
I don't think the author of the article understands what a password hash is if they think that passwords can be decrypted from them.
They can and are. "Salting" the passwords with extra complexity makes it a lot harder (to the point of impractical to crack if done right) and is the usual practice now to avoid situations like this when it was not done right: https://techcrunch.com/2016/05...
There used to a disclaimer every time an older VM program ran, I think it was "bochs", which told the user that a VM is not security. It only gives you the illusion of it. In reality the VM software has to get it's hooks so deep into the hosts networking and other sensitive bits that you can never be sure that software running on the client can't get up to nasty tricks on the host.
If you want security design for security instead of taking the lazy way out of using something completely different done by someone else and pretend that partial separation for totally different reasons is equivalent to security.
It's just like expecting to enter a Ford Bronco is a horse race. The name makes it sound like it belongs but it's not the same thing and was never intended to be.
You have strayed way beyond the bounds of truth and reality so no ad homonym attack there - you are indeed an embarrassment.
I think the lot of climatologists
It obviously does not matter what you think since you know far less than the general public on the matter and even thought it was a new field! As the kids say today - epic fail.
Yes, how about you get back to reality instead of your stupid revisionist history where the likes of Uri Geller and Von Daniken are up there with Newton and Einstein.
The El Nino, La Nina cycle was observed by a guy who gave it a name over a century ago
A guy who happened to be one of several scientists studying climate. A few years later, not much more than a century ago now, other climate scientists joined explorers to the arctic and antarctic to fill in some of the major gaps in climate science at the time. A child in school could have told you these things.
You really know very little about this topic don't you?
Why would they deny FOIA requests and conspire to find a way around them?
Look up "distributed denial of service attack" for why. A bunch of unscrupulous pricks set up a letter campaign to make requests to keep those "evil" scientists too busy to actually work. It was pretty obvious since it was coming in alphabetical order.
Why hasn't Al Gore
People in politics LIE. Ignore the showman on stage and talk to the real people behind the curtain.
So says the guy who marked someone a "foe" to the person who did not do the same to to person calling him a liar.
Pretty fucking passively aggressively weak isn't it? you poor little boy - someone challenges your ignorance and you pretend your response is all my fault. The world must be a very hard place for you to live in.
It has been demonstrated as by others - it is such a well known problem that Wikipedia has an article on it:
https://en.wikipedia.org/wiki/Virtual_machine_escape
Symantec have written about it:
https://www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf
and there have been items in the news:
http://www.darkreading.com/risk/hacking-tool-lets-a-vm-break-out-and-attack-its-host/d/d-id/1131254?
Jails, zones and some other tools are things with security as a design consideration. The virtual machines we get to work with were designed for other reasons and do not really add anything other than an illusion of security.
Then look up the word "IF". You know it already? Then you are NOT drawing an inference from my statements.
The virtual machine software we have directly interfaces with real hardware on a lot of levels - for example Virtualbox putting ethernet cards into promiscious mode. An exploit of the VM could very obviously exploit what the VM has full control over.
I really don't get why you are so angry when such things are discussed.
I did not guarantee anything as you know - pretty fucking obvious lie.
The paper goes into what you, I and many others wish for but we have been delivered the opposite - an application with enough security to stop the honest tacked on as an afterthought.
Now work on that temper.
Read the paper to see how it should be and despair that the Virtual Machines we are talking about are nothing like how it should be.
Now where did I say that? What's with the lies over something so trivial?
I wrote what I wrote and not what the strawman in your head is up to.
This is a very old and well understood problem ( http://www.csl.sri.com/users/r... ) and I suggest you learn about the implications instead of frothing at the mouth in denial.
When the VM has been designed without security in mind and with hooks deep into the host at the kernel driver level without separation then an exploit of the VM software can escalate to the host. You don't have to trust me on this - learn about the topic and you'll be able to see that much yourself.
Here's a fun thing from 16 years back you can still play with today:
http://www.x-plane.com/adventures/mars.html
It can be used to roughly look at aerobraking and other things in Mars air. Even turning is a challenge.
I was thinking about that when I was wondering what possible reason there would be to expend insane amounts of fuel to get to Mars in 30 days.
Buzz Aldrin worked out the easiest way to get to Mars in a reasonable timeframe but that's quite a few months of getting zapped.
Despite all the silly bits the Japanese Anime from a few years ago "Planetes" explored the issue well. With a thriving moon colony, a lot of activity in orbit and all the technology to enable that there was still the situation where older astronauts were almost certain to die of cancer before retirement.
Indeed - success was from a lot more than "the workers consistently follow the specified procedure".
The cultural differences that you are crediting are neither so simple or even something that originally came from Asia.
The differences today really come down to a changed idea of who can be a manager and how to do it - the irony of the "born to rule" attitude infesting US management would be funny if it wasn't so tragic. Henry Ford and Thomas Edison were not born to rule.
I live in a very large country that is already insignificant but has not dropped the ball on education as badly as the United States of America has. A few decades ago I believe it educated it's engineers well, so that even if I was the least of them I can at least deal with simple stuff as this.
I suggest watching some videos of buildings in real disasters to cure yourself of this very sick little conspiracy theory.
WTF - do the mathematics yourself instead of taking the word of whatever nut fooled you- it's ignorable. You may be a coder and not an engineer but you can work this out and shake the bullshit out of your head.
The point is these things have been designed without security in mind, they have been designed for a completely different purpose, so they can't be described as "hardened", not even the catchup game years after design with your example.
Not really, and effectively zero if it exploits a bug in the VM. The point is these things have been designed without security in mind, they have been designed for a completely different purpose, so they can't ve described as "hardened" - not even the pathetic security catchup game being played with Hyper-V.
Which in English means decryption. WTF is wrong with you people? Being able to accept your own minor failings, especially incredibly trivial little ones, is part of being an adult.
Probably.
That's kind of my point.
It's not an "Asian cultural thing" but instead a good idea.
I suggest you look up the "the Toyota way" (https://en.wikipedia.org/wiki/The_Toyota_Way) to get a few misconceptions cleared up and find out where that consistency comes from.
You have to write the book first to be able to go "by the book", and it needs correction from time to time.
An attitude of stasis has you selling buggy whips in the automobile age.
Although it's now something associated with Asia that cultural thing was a continuation of the ideas of Henry Ford and others.
What we see far too much of now as "the American way" is instead to ideas of trust fund babies like Edsel Ford who were happy to coast along and relied on people below them to make ad-hoc changes.
Our manufacturing culture used to look like the Toyota way, now instead it looks like a bunch of drunken roaming bandits looking for someone who has actually got something to work to steal from.
All that said, recent Asian graduates don't really know about that either - I'm just clearing up the idea that "just going by the book" is where the success of those Asian companies came from. They get things to work well, write the book, then go by it until it's time to change it - just like some successful places in the west have done.
No they CAN'T and AREN'T, you can brute force a hash or use rainbow tables to lookup possibilities but you CANNOT decrypt them as they are one way.
Solving with brute force IS a way to decrypt.
A dictionary is not just for attacks, it's also a book for looking up the accepted meanings of words such as decrypt instead of your own pet definition that I'm somehow supposed to know before you attack me for not reading your poorly educated mind.
I don't think the author of the article understands what a password hash is if they think that passwords can be decrypted from them.
They can and are. "Salting" the passwords with extra complexity makes it a lot harder (to the point of impractical to crack if done right) and is the usual practice now to avoid situations like this when it was not done right:
https://techcrunch.com/2016/05...
There used to a disclaimer every time an older VM program ran, I think it was "bochs", which told the user that a VM is not security.
It only gives you the illusion of it.
In reality the VM software has to get it's hooks so deep into the hosts networking and other sensitive bits that you can never be sure that software running on the client can't get up to nasty tricks on the host.
If you want security design for security instead of taking the lazy way out of using something completely different done by someone else and pretend that partial separation for totally different reasons is equivalent to security.
It's just like expecting to enter a Ford Bronco is a horse race. The name makes it sound like it belongs but it's not the same thing and was never intended to be.
It obviously does not matter what you think since you know far less than the general public on the matter and even thought it was a new field!
As the kids say today - epic fail.
Yes, how about you get back to reality instead of your stupid revisionist history where the likes of Uri Geller and Von Daniken are up there with Newton and Einstein.
You are an embarrassment.
A guy who happened to be one of several scientists studying climate.
A few years later, not much more than a century ago now, other climate scientists joined explorers to the arctic and antarctic to fill in some of the major gaps in climate science at the time. A child in school could have told you these things.
You really know very little about this topic don't you?
The El Nino La Nina cycle was identified by a climate scientist a bit over a century ago.
A single idiot journalist in TIME magazine who wanted to stir things up and boost circulation?
You've been conned by someone and are letting the side down. As engineers we are supposed to apply science and not bullshit.
Look up "distributed denial of service attack" for why.
A bunch of unscrupulous pricks set up a letter campaign to make requests to keep those "evil" scientists too busy to actually work. It was pretty obvious since it was coming in alphabetical order.
People in politics LIE. Ignore the showman on stage and talk to the real people behind the curtain.