They're doing the 90s Security Secret Sauce thing, where using encryption somehow means security. They don't have a threat model for this; they just said, "Oh, we get hacked sometimes! Turn on HTTPS!"
This opens the discussion for a plan to fight crime. This plan is in definite, actionable terms: block copyright-infringing sites. The more you hear things like that, the more normalized they sound.
Blocking Web sites alleged of a crime is about evading due process. Rather than convict someone of a crime, find them guilty in a court of law, and then take action, you just claim they have committed a crime and pass sentence. In this case, sentence is effectively removing their Web site through state action.
EA fucked up SimCity, really? But what about that Madden thing? Didn't they do the most amazing job re-releasing the same game year after year, charging $50 for it?
That's not the point. The point is to understand the limits and impacts of the system so you can develop a better one. It does no good to just flail around and pretend you understand things because X is not obviously working, and so randomly try Y; we have science now, and can quantify why X is not obviously working, and hypothesize how adjusting X would change things, and then develop plan Y based on this knowledge.
If the goal is to encourage safe driving then the fine must have some effect on the person being fined. If it is too low they won't care.
I have said before that fines are effective on the poor, and jail time on the rich. I've said a lot about punishment, but nobody listens. The punishment has to be both more likely than alternative outcomes--especially bad outcomes--and severe enough to matter. A fine of $20 to a millionaire is nothing, but it's hell to a poor man; three days in jail to a poor dude is life-destroying for a poor man, but so is a $90 fine, and a rich man... cannot money his way out of prison. The death penalty only works in low-crime neighborhoods where people fear the law and capital punishment; in ghettos, gang members are 100 times more likely to be killed by other gang members than even arrested by the state, and so capital punishment has no deterrent effect. All of these things involve complex conscious and subconscious impressions of risk.
I've taken parking fines, and I've loaned less than the fine to neighbors so they could continue to drive to work and not starve. The fines are much worse for them than they are for me; so much so that I testified in front of the state to explain why the fine shouldn't exist (it was for parking on the left side of a one-lane, two-way, residential side street--there is no safety hazard in that particular configuration, and yet there is a fine that is wholly inappropriate in a neighborhood riddled with crushing poverty).
I am sure that this is what they teach in MBA programs. It has little to do with how real people make decisions in real organizations.
What are you talking about? I don't have an MBA, dropped out of college for CompSci because I was working as a computer security engineer, and I make decisions like that in real organizations. People don't listen to me, million-dollar problems happen, I continuously grind on them for not listening to me when I warned them, and they eventually get it through their heads that they shouldn't just do whatever the hell seems cool at the time.
but somehow as organizations get bigger and bigger they magically figure out how to be competent.
No, this is why we have project management, and project managers who are supposed to decide how much red tape to use. Big organizations often transition from not enough red tape to too much red tape; it takes a heroic amount of discipline to do it right, and most of the big organizations are applying the thinking I've outlined to excess.
In Europe, the sort of risk management I've described is present at every level in an organization; while in the United States, it's a management problem. Most US businesses have a Chief Risk Officer and a Project Management Office, making up the Executive-level risk management (business strategy: we must spend money on things that provide no return other than minimizing our threats and maximizing our market opportunities, even if they seem pointless) and project-level risk management (execution of business strategy: things to do and not do, and how to do it, to accomplish what the business has decided to do). European businesses also push risk management down through all levels of management, and solicit the advice of engineer-level employees for input data into the risk management process.
For an example of businesses who didn't properly execute risk management, see Barrings Bank, who were told to not allow traders to oversee themselves (they had a trade manager acting as a trader with responsibility to himself), and ignored this as a risk, and then were sold for a dollar (billions of dollars of hidden losses were discovered in an audit, and the bank became worthless); or Exxon, who designed a tanker spill response plan, but never put any of that shit in place, and then fumbled with the Exxon-Valdez spill for weeks. These are not just risk, but organizational mishandling (bad business process policies, bad project management, both of which heavily rely on risk management).
You assume big organizations just wander out, punt a football at a wall, and go with whatever project was written on the paper they knocked off. It doesn't work that way.
When planning a project or choosing a strategy, risk must be assessed. Risks come as both threats and opportunities.
You can handle a threat in many ways: Avoid, by taking actions which do not allow for that particular risk; Mitigate, by taking actions which minimize the probability or severity of the risk; Transfer, by purchasing insurance to cover the risk; or Accept, by budgeting for the risk. You can similarly handle an opportunity: Exploit, by taking actions to 100% guarantee that particular risk will occur; Enhance, by taking actions to increase the probability that the risk will occur; Share, by taking actions with a third-party that increase probability of the risk occurring, but share the benefit with another party (lottery pool); or Accept, by doing nothing and hoping it happens.
With many plans on the table, you often have to select which risks to accept in exchange for opportunities to enhance. Adding extra, unused hardware for a possible future strategy can save you from missing out on that strategy, or from higher expenses to add the hardware later.
They could have considered a future business opportunity at a cost of some dollars per car, versus the cost of missing the opportunity, versus the cost of a future retrofit, and decided to exploit the opportunity. Opportunities are risks, and are handled accordingly.
Wouldn't it be better design to put ECC into the memory controller, and arrange the chips to support ECC? That is: physically wire the memory chips and the memory bus to write far from each other (64 chips = interleave every 1 bit across all chips; 32 chips = interleave 2 bits per chip, starting on high bits in addressing so you put them half a chip's distance away from each other), physically protecting against chip-local anomalies. Have the MMU perform a single rotation, logically reserving an amount of RAM on each slot to carry ECC for the previous slot. Write ECC bits to those areas.
Doing it in this way provides zero-cost physical isolation of single-chip memory errors (it's just the wiring layout), while also isolating the ECC from its corresponding module (avoiding RAS/CAS thrashing, allowing simultaneous access to the ECC bits and the corresponding RAM). It lets you pop in an ECC chip and use ECC, or pop in a non-ECC chip and sacrifice 12.5% of your RAM to error correction. That's a lot of RAM: on an 8GB system, it's almost 1GB.
An init system which breaks perfectly working behaviour and has not yet introduced a single feature which makes my experience better in any way is not progress, it's churn and there's a huge difference.
Instead of messing around rewriting init scripts to put out debug output or let me launch the service manually, I just ask for the journal and it tells me why it failed. 15 minutes of debugging became 1 second of debug on systemd. I also removed the "check for failure and restart" crontab in favor of setting systemd to keep a service running.
The Austin Powers films stand on a lot of firm ground: they're a completely self-sustaining franchise (new work); they're a lampoon of James Bond films (parody); and a lot of their jokes are satirical references and shout-outs. You *are* allowed to say "McDonalds" instead of "McDougals"; Family Guy does the direct parody thing a lot, and Space Balls took it up to 11 with the Planet of the Apes reference.
Notice that Austin Powers wasn't "James Bond in: I am a Frozen Retard Popsicle." Likewise, the Godzilla joke you showed dispels all trademark confusion issues (the legal crux of media IP) by lampooning international copyright law. These aren't just James Bond rip-offs and Godzilla showing up in a movie; unlike the Metal Gear, Megaman, and Star Wars fan movies that claim to be MG and Star Wars, and could easily be mistaken for an official production because... well... they happen in-universe with the same characters.
The fact that it's a piece of visual entertainment or related, and called "Power Rangers". Also, substantial similarity can hit trademark on characters, or even hit copyright by being a derivative work. Parody quickly distances you from these--hence the Axem Rangers, a humorous reference to the Power Rangers without using any of the scenario, names, or other assets, used as a large joke in an unrelated work--and derivation into unrelated works and unrelated scenarios is usually considered influence--such as between Nausicaa of the Valley of the Wind and the completely unrelated NES game Crystalis.
Using the same characters, same setting, same scenario, but a different title won't get you away from derivative work copyright issues or plagiarism. Using the same title but different everything will hit trademark law. Using a similar scenario as a whole work or a *very* similar scenario as part of a different work often passes. Using something very similar as a joke falls under parody.
Too many buttons on the DS. They need that positive change of moving to a platform with only one button.
Everybody wants a Dual Screen with half as many screens and only one button!
Mobile and PC games are just as shitty as all those Steam games you get on XBox One. Welcome to Unity.
Currently, I'm on http://it.slashdot.org/
They're doing the 90s Security Secret Sauce thing, where using encryption somehow means security. They don't have a threat model for this; they just said, "Oh, we get hacked sometimes! Turn on HTTPS!"
It's not just talk; it's conditioning.
This opens the discussion for a plan to fight crime. This plan is in definite, actionable terms: block copyright-infringing sites. The more you hear things like that, the more normalized they sound.
Blocking Web sites alleged of a crime is about evading due process. Rather than convict someone of a crime, find them guilty in a court of law, and then take action, you just claim they have committed a crime and pass sentence. In this case, sentence is effectively removing their Web site through state action.
You get better over time. Study.
gokgs.com
EA fucked up SimCity, really? But what about that Madden thing? Didn't they do the most amazing job re-releasing the same game year after year, charging $50 for it?
That's not the point. The point is to understand the limits and impacts of the system so you can develop a better one. It does no good to just flail around and pretend you understand things because X is not obviously working, and so randomly try Y; we have science now, and can quantify why X is not obviously working, and hypothesize how adjusting X would change things, and then develop plan Y based on this knowledge.
If the goal is to encourage safe driving then the fine must have some effect on the person being fined. If it is too low they won't care.
I have said before that fines are effective on the poor, and jail time on the rich. I've said a lot about punishment, but nobody listens. The punishment has to be both more likely than alternative outcomes--especially bad outcomes--and severe enough to matter. A fine of $20 to a millionaire is nothing, but it's hell to a poor man; three days in jail to a poor dude is life-destroying for a poor man, but so is a $90 fine, and a rich man... cannot money his way out of prison. The death penalty only works in low-crime neighborhoods where people fear the law and capital punishment; in ghettos, gang members are 100 times more likely to be killed by other gang members than even arrested by the state, and so capital punishment has no deterrent effect. All of these things involve complex conscious and subconscious impressions of risk.
I've taken parking fines, and I've loaned less than the fine to neighbors so they could continue to drive to work and not starve. The fines are much worse for them than they are for me; so much so that I testified in front of the state to explain why the fine shouldn't exist (it was for parking on the left side of a one-lane, two-way, residential side street--there is no safety hazard in that particular configuration, and yet there is a fine that is wholly inappropriate in a neighborhood riddled with crushing poverty).
I am sure that this is what they teach in MBA programs. It has little to do with how real people make decisions in real organizations.
What are you talking about? I don't have an MBA, dropped out of college for CompSci because I was working as a computer security engineer, and I make decisions like that in real organizations. People don't listen to me, million-dollar problems happen, I continuously grind on them for not listening to me when I warned them, and they eventually get it through their heads that they shouldn't just do whatever the hell seems cool at the time.
but somehow as organizations get bigger and bigger they magically figure out how to be competent.
No, this is why we have project management, and project managers who are supposed to decide how much red tape to use. Big organizations often transition from not enough red tape to too much red tape; it takes a heroic amount of discipline to do it right, and most of the big organizations are applying the thinking I've outlined to excess.
In Europe, the sort of risk management I've described is present at every level in an organization; while in the United States, it's a management problem. Most US businesses have a Chief Risk Officer and a Project Management Office, making up the Executive-level risk management (business strategy: we must spend money on things that provide no return other than minimizing our threats and maximizing our market opportunities, even if they seem pointless) and project-level risk management (execution of business strategy: things to do and not do, and how to do it, to accomplish what the business has decided to do). European businesses also push risk management down through all levels of management, and solicit the advice of engineer-level employees for input data into the risk management process.
For an example of businesses who didn't properly execute risk management, see Barrings Bank, who were told to not allow traders to oversee themselves (they had a trade manager acting as a trader with responsibility to himself), and ignored this as a risk, and then were sold for a dollar (billions of dollars of hidden losses were discovered in an audit, and the bank became worthless); or Exxon, who designed a tanker spill response plan, but never put any of that shit in place, and then fumbled with the Exxon-Valdez spill for weeks. These are not just risk, but organizational mishandling (bad business process policies, bad project management, both of which heavily rely on risk management).
You assume big organizations just wander out, punt a football at a wall, and go with whatever project was written on the paper they knocked off. It doesn't work that way.
When planning a project or choosing a strategy, risk must be assessed. Risks come as both threats and opportunities.
You can handle a threat in many ways: Avoid, by taking actions which do not allow for that particular risk; Mitigate, by taking actions which minimize the probability or severity of the risk; Transfer, by purchasing insurance to cover the risk; or Accept, by budgeting for the risk. You can similarly handle an opportunity: Exploit, by taking actions to 100% guarantee that particular risk will occur; Enhance, by taking actions to increase the probability that the risk will occur; Share, by taking actions with a third-party that increase probability of the risk occurring, but share the benefit with another party (lottery pool); or Accept, by doing nothing and hoping it happens.
With many plans on the table, you often have to select which risks to accept in exchange for opportunities to enhance. Adding extra, unused hardware for a possible future strategy can save you from missing out on that strategy, or from higher expenses to add the hardware later.
They could have considered a future business opportunity at a cost of some dollars per car, versus the cost of missing the opportunity, versus the cost of a future retrofit, and decided to exploit the opportunity. Opportunities are risks, and are handled accordingly.
We just barely avoided a hamburger shortage after the last time the giant cow smashing machine got all beefed up.
+1 on the OSCP
Googling for "TSYNC" or "Linux TSYNC" or "what is TSYNC" brings up shittons of news about Chrome, but nothing about tsync.
That is not fraud.
Wouldn't it be better design to put ECC into the memory controller, and arrange the chips to support ECC? That is: physically wire the memory chips and the memory bus to write far from each other (64 chips = interleave every 1 bit across all chips; 32 chips = interleave 2 bits per chip, starting on high bits in addressing so you put them half a chip's distance away from each other), physically protecting against chip-local anomalies. Have the MMU perform a single rotation, logically reserving an amount of RAM on each slot to carry ECC for the previous slot. Write ECC bits to those areas.
Doing it in this way provides zero-cost physical isolation of single-chip memory errors (it's just the wiring layout), while also isolating the ECC from its corresponding module (avoiding RAS/CAS thrashing, allowing simultaneous access to the ECC bits and the corresponding RAM). It lets you pop in an ECC chip and use ECC, or pop in a non-ECC chip and sacrifice 12.5% of your RAM to error correction. That's a lot of RAM: on an 8GB system, it's almost 1GB.
The desire to believe in the infallibility of your chosen tools leaves you open to attack. What is that word again?
American.
Two bits would trigger double-error detection.
An init system which breaks perfectly working behaviour and has not yet introduced a single feature which makes my experience better in any way is not progress, it's churn and there's a huge difference.
Instead of messing around rewriting init scripts to put out debug output or let me launch the service manually, I just ask for the journal and it tells me why it failed. 15 minutes of debugging became 1 second of debug on systemd. I also removed the "check for failure and restart" crontab in favor of setting systemd to keep a service running.
2500 years ago, schools taught people how to learn. 100 years ago, schools taught people things. Today, schools are daycare with incidental learning.
The Austin Powers films stand on a lot of firm ground: they're a completely self-sustaining franchise (new work); they're a lampoon of James Bond films (parody); and a lot of their jokes are satirical references and shout-outs. You *are* allowed to say "McDonalds" instead of "McDougals"; Family Guy does the direct parody thing a lot, and Space Balls took it up to 11 with the Planet of the Apes reference.
Notice that Austin Powers wasn't "James Bond in: I am a Frozen Retard Popsicle." Likewise, the Godzilla joke you showed dispels all trademark confusion issues (the legal crux of media IP) by lampooning international copyright law. These aren't just James Bond rip-offs and Godzilla showing up in a movie; unlike the Metal Gear, Megaman, and Star Wars fan movies that claim to be MG and Star Wars, and could easily be mistaken for an official production because... well... they happen in-universe with the same characters.
"Satire" doesn't mean "Different".
The fact that it's a piece of visual entertainment or related, and called "Power Rangers". Also, substantial similarity can hit trademark on characters, or even hit copyright by being a derivative work. Parody quickly distances you from these--hence the Axem Rangers, a humorous reference to the Power Rangers without using any of the scenario, names, or other assets, used as a large joke in an unrelated work--and derivation into unrelated works and unrelated scenarios is usually considered influence--such as between Nausicaa of the Valley of the Wind and the completely unrelated NES game Crystalis.
Using the same characters, same setting, same scenario, but a different title won't get you away from derivative work copyright issues or plagiarism. Using the same title but different everything will hit trademark law. Using a similar scenario as a whole work or a *very* similar scenario as part of a different work often passes. Using something very similar as a joke falls under parody.