but let's try to charge them off wind/solar please?
Which is already happening in several countries (e.g.: hydro is popular in the Alpine regions of Europe). You know, not every nations produces it's electricity by burning coal.
Otherwise you're shifting the efficiency problem from your engine bay to the grid. I hate smug EV drivers boasting about "clean" driving. They get all flustered when I point out that grid-charging has all sorts of issues from coal-fired electricity.
According to research (damn, I have to keep the link under hand), except in a few countries that have a horrible mix of sources of electricity and burn too much fossils (out of my head, I think it's : China, Inda, Australia. Not 100% sure, should google) where there's basically no difference between an EV charging from the grid and a ICE, in every other country including those that still burn fossil in electrical power plant (that's including the US), there's some improvement of efficiency simply by shifting the burning from a small compact ICE that has to do compromises on lots of other parameters (weight, size, quick reaction, etc.) to a huge power plant that is more or less exclusively optimized for efficiency.
And then you have European nations where you can find a mix of power source that relies a lot on renewable sources (solar, wind, alpine hydro) or sources with a much smaller mass of pollution output (nuclear).
Also the way power is produced isn't the only advantage :
EV use regenerative breaking, being able to use significant fraction of the kinetic energy to charge back their battery pack. (Slight tangeant, Swiss example : two high speed train going down from the Lötschberg tunnel can power one train going up "for free").
That is extremely usefull in stop-and-go situations (in city driving, commuting on busy highway with traffic jams, etc.) whereas these situations are killer for ICE efficiency.
Also, going out for a spin on the weekend? I prefer my motorbike, thanks. Perhaps I'll have to have it modified to run on bio-fuels.
Depends on how the biofuels are produced.
- As a way to make something useful out of argigulture's waste ? (We're doing so in several European countries) Yup, that's definitely an improvement.
- But some countries (US among other, I've read) do cultivate plants for the sole purpose of producing ethanol. That's cultures which are requiring additional soil exploitation, and a competing with food production. It's a bit more problematic in the long term regarding bio-diversity, etc.
We almost need some kind of education program to identify legitimate sources of news. Using Google to search for "Fact Check title" often works, though care is required there as with anything else.
Which exactly what is happening in some other countries : France is having a few pilot program of teach media to kids (random example of a youtuber who's a teacher in real life and has published records of a classroom. Sorry it's in French. And sorry for the unfortunate implication if you translate the title in English, that wasn't intended in French).
The Herman Goering applies, and I fear it probably always will.
His assert about people getting used to (and eventually somewhat believing) a lie repeated enough might apply as well.
Dozens and dozens of cloned apps that "clean" your device. {...} They prey on the layman users' false "common sense" of how computers/devices should work. Each contains the same false information about optimizing Android performance, creating a completely inaccurate "common knowledge" amongst many Android users. For example, there's no positive benefit in "cleaning apps" to save memory (RAM).
Optimizing RAM ? Yeah, that's bonkers, you get the same quick effect by simply rebooting the device (it does too stop most of the apps running in the background), and lots of modern OS implementation have methods to kill running background apps when ressources get low.
But optimizing free space ? That's actually useful : at least the Android versions I've seen don't have a nice convenient way to purge all the cache, and delete all the temporary files or non critical files (thumbnails preview, etc.) in a single touch. You would in theory need to open the preferences of every single app and manually clean the cache : tedious.
But yeah the problem is that these apps use the marginally useful function, to have install an app that will :
- try to overstep its necessary permissions.
- get used as a marketing ploy trying to scare you into buying the "pro" version that will protect you even better against malware threats.
So be prepared to need to agree to as many sensors access to their phone app as you already need to agree to Uber, Lyft, etc.
(and tiny-micro print that boils down to "allow them to resell the data to 3rd parties for marketing purpose", but written in a way that sounds completely differentü).
The last iPhone to be glued shut was the iPhone 3GS. Circa 2009. The iPhone 4 (from 2010) and onwards are not glued shut and can be opened by removing 2 screws. Yes, 2 screws.
Did replace the battery on my SO's iPhone 5.
- Those two screws are shitty Apple pentalobular proprietary stuff, requiring you to buy special tools, because "fuck standards".
- The glass still requires you to use custom tools to pull it out (luckily, any object with enough suction that you have laying around would do : car dashboard GPS holder, kitchen towel holder, etc. combined with a guitar pick/plectrum for lever. But in theory that would have been even more tools to buy).
- The battery is still glued inside the case.
At least the good news is that you can easily source good quality replacement for really cheap prices from reputable 3rd party source, so you don't need to rely on some shady sellers from Shenzen on ebay or alibaba.
My phone at the exact same timeframe (Jolla 1 - JP1301) :
- unclip plastic cover
- remove old battery
- put new battery
- close plastic cover
(Again, battery from 3rd party source, because Jolla doesn't have any more in tock).
Any other gadget without a clip-on back cover (wireless mouse, etc.) :
- unscrew the back cover (often standard screws like philips, sometime weird but common stuff like torx)
- unplug the old battery's connector
- plug the the new battery's connector
- screw back everything into place.
But yeah, the iPhone is 1mm thinner than the other gadgets thanks to all the stupid stuff.
MPEG standards are open. That's the point of a standard. You can download the final drafts for free.
You can download the drafts for free (the technical documentation that explains the standard). You cannot write a software freely - in jurisdiction that do recognize software patent (e.g.: the USA) the technology inside several codecs from MPEG (Mostly AVC / H264, HEVC / H265 , and AAC) are covered by patent. If you attempt anything beyond simply reading the drafts, like actually writing code, you'd be violating IP rights in countries with software patent (in USA). If you attempt to build a physical device around the standard (e.g.: hardware accelerating codec chip), you'd be again going against patent, in nearly all jurisdiction (in EU too).
MPEG doesn't sue. That is MPEG-LA, a completely separate organization.
To be correct: The patent holder sue. And the problems starting from H265 / MPEG-HEVC upward is that MPEG-LA isn't any more the only single organisation holding patents.
The world is not a simple place and the devil is in the details.
Yeah, I agree that the devil is in the details. That's why I called my over-simplification the "Easy Reader" version.
Is this you, or is it just random junk spit out by some deep neural net ? Can't really make any distinction.
Also, this post is completely irrelevant to the current topic of distinction (MPEG's codecs like HEVC vs. AOMedia/IETF's codecs like AV-1/NetVC).
Also, you still have answer my question back then : by which miracle a host file can protect you from : - Scripts hosted on the same server as something that you actually want :
-- you want the same hostname to be both blocked and non blocked depending on which object you're downloading (JS vs. something useful) - Script that aren't know yet.
-- A black-list system cannot protect from something which isn't known yet (as opposed to a white list system which only let known trusted things through). - Object that are delivered through Content Delivery Networks (as most JS is nowadays).
-- The host name has nothing to do with the content and is pretty much random.
Well... there's been many failed attempts at trying to replace closed source codecs with open source ones
And the big web switch from GIF to PNG is a good exemple of a successful one. Usually it requires 2 things: - a big industry push - as good or better as the replacement
like Theora, the VPx codecs, Direc,
Dirac is a very small scale stuff. Mainly pushed by the BBC and hence only used in their echo-system.
Regarding the VPx family:
- VP6 / Theora : happened late at a point when it wasn't that competitive against MPEG standard of the day and was only pushed by a handful of companies (mainly Xiph Mozilla, and considered by Google for Youtube) while the rest of the industry pushed for MPEG which *did* had patent costs, but not crazy ones yet. - VP9 : pushed by Google, a company a tiny bit more relevant, but still not industry-wide, because people were betting on the upcoming MPEG-HEVC/H265 because nobody knew yet the massive patent minefield it was going to be. - VP10 : see below.
Daala and so on.
Daala *is* AV-1.
AV-1 is done by combining the efforts of Xiph's Daala, Cisco's Thor, and Google's VP10.
Some parts didn't make it (Daala's Perceptual Vector Quantization - PVQ - currently isn't enabled by default in AV-1 and is considered too different/weird), other parts of Daala are actually in AV-1 (the entropy coders experiments of Daala are now part of the AV-1 standard).
Now: AV-1 is showing interesting results. And nearly anyone who is relevant in the internet-video business is on it. (you find content streamer like Netflix and Google (Youtube), browser makers like Google (Chrome) and Mozilla (Firefox), etc. - the whole ecosystem is in there).
By the GIF/PNG exemple and unlike the less popular video formats mentioned above, all the chance are on AV-1's side.
Vorbis never caught on to replace MP3
It still had some limited success: - nearly any no-name asian media-player supports it. (Despite a campaign by Microsoft's WMA certification to explicitly ban it) - accepted as part of the IETF standards - supported by all major browsers - thus a few on-line web service have built around it (Spotify is one notorious example, and it's far from a tiny player). - Youtube can optionally use it. - Thanks to widely available free code, it has also found it's way in numerous software applications (lots of game engines used it)
So it's not as widely known by the public as MP3 or AAC, but it still beat WMA, and it still managed to get used quite a bit.
or AAC either.
Vorbis/MP3/WMA all predate AAC.
AAC appeared much later. It also ended up feature many of the same problem as the MPEG Video codecs mentioned in the article : mainly heavy patenting.
So although it managed to gain a foothold in the TV/Radio (DAB+ and HD DVB-x) and Music selling (iTunes) business, it got completely blown out on internet. OPUS has basically come and destroyed it. It has much better audio quality, and is completely free of patent licensing. As such OPUS is what is used by nearly any modern app : Skype, WhatsApp, FB Messenger,... chances are if it's on your smartphone and allows you to talk with audio, it probably runs on OPUS. There are even experiments in using it on radio (OPUS is an unofficial codec used in the "DRM" long range AM-like radio).
It's one straw in particular that broke the camel's back and it's that those licensing HEVC saw the rise of video streaming services and got a bit too greedy.
Yup, totally agree, it's the patent-trolling that killed HEVC (and AAC for that matters).
Basically, if you have Android and iPhone (= Google and Apple) recording AV1 video, YouTube and iTunes (= Google and Apple) delivering AV1 video to hardware decoding in smartphones (= Google and Apple) you hav
The MPEG model until now: - create a standard (e.g.: MPEG 1 Video, MPEG Audio Layer I). - concentrate on making the best compression, irrespective of patent situation - because good compression and official standard, MPEG gets extremely popular and implemented everywhere. - all the MPEG creators who hold patents band together, form a patent pool. - the use the popularity of the standard and their patent pool to extract as much money as possible from as many people as possible. - re-invest the money left over after the CEO's pay into producing the next standard. (e.g.: MPEG 2 Video, MPEG Audio Layer II, etc.) - rinse and repeat
The problem (not directly clearly stated in the summary): - companies realize that they can make even more money - patent holder stay hidden for a while, they push a new standard knowing that it's patent covered - once the standard becomes pervasive to the point it's not possible to function without it (e.g.: MPEG Audio Layer III, a.k.a MP3), suddenly the patent holder wakes up (in this case: Frauenhoffer Institute). - the holder tries to sue the shit out of everyone to make even more money. - rent seeking and giant money grab rots the industry.
(Historically, it's not the first time this has happened. See the holders of the LZW (Lempel-Ziv-Welsh) patent and the Graphics Interchage Format - GIF)
The current situations with MPEG HEVC / H.265 is a giant patent minefield, with several patent pools and/or patent holder each going for their maximal money grab. To the point that HEVC/H265 isn't getting as widespread support in hardware as one would have expected when looking at its predecessors.
Meanwhile, the industry is fed up with this shit: They've decided to do their own video standard with blackjack and hookers. Actually forget about... blackjack.
They've decided to create a video standard with the explicit target for making it patent-free so it can be implemented for free by anyone who wants to use it online.
It's not the first time such a switch of standards on the grounds of being fed up has happened. (The older being the switch from GIF to PNG by replacing the patented LZW compression with the free deflate).
And that is what frightens the MPEG guys.
----
As a note, a new standard won't necessarily devolve into the xkcd joke.
Each time, such switch have managed to actually succeed if: - there is an actual push for the standard by the industry (e.g.: browser have started supporting PNG) - the new standard is at least as good or even better that the old one (e.g.: PNG supports much more color schemes than the up to 256-palette of GIF. It also supports alpha channels, and the deflate compression is better).
The AV-1 is frightening the MPEG guys even more on these grounds. - it's a coordinated effort by most of the industry big players including browser vendor, hardware vendor, server solution makers, etc. (i.e.: most of the company who make money by *using* video, as opposed to *selling the patents on the video* are in and pouring resources into it) - it's a new gen codec, so of course it compresses somewhat better than the older standards.
And among the names of the companies involved, you see names who have been successful in deploying standards in the past: - Google who have pushed their VPx series of codec. - Xiph who have had relative success in the past: - already with Vorbis against MP3 and WMA. It didn't get widely known by the general users, but it got a niche success : nearly all no-name asian media players supports it, it's used by several older audio streaming web companies - like Spotify and the completely free implementation have seen success in being used in various applications and engines - like game music) - they did it again being among the company that contributed to OPUS, the free codec that currently beat everything else (including AAC) and is currently used by nearly any app/software on the
According to a friend with prosopoagnosia, it's more like not even noticing when the same caracters are played by different actors (thing the different actors playing Hulk in Marvel movies).
That friend is a fan of a Song of Fire and Ice, and has absolutely no problem tracking the loads of characters in the books (she has near perfect memory for names). She also enjoys watching Game of Thrones, but didn't notice when different actors are playing the same characters : She learned that the people playing "The Mountain" changed from her friends. For her, she recognize the Mountain based on the context, she's completely unable to register the face.
She has no trouble recognizing me, because she knows me since a long time and is used to that. But she can't easily recognize (the face of people) she's been recently introduced to.
So it might be undetected because the affected people are used to it and have found other way to recognize people than face. But the method is suboptimal. Imagine how severe it would be if the person changes jobs and cannot recognize their new boss.
This can lead to ackward situation to that can severly impact the social life. That friend could ignore people (like recent colleagues) when meeting them in the street. But not because she's impolite (like most of them would imagine) but simply because they are wearing different clothes, in a context where there are no other clue to recognize them, so she couldn't even realise that it's someone she knew.
I didn't start the Jewelry store analogy, the parent poster did.
And now let's try a car analogy ! (But let's not repeat what xkcd).
It's all about you car trying to be more clever than you. So it's fitting to take self driving car as a metaphore.
Speculative execution:
When you arrive at an intersection, the car doesn't wait for you to take a decision where you want to go. It makes its best guess and start driving in that direction.
When it was invented, it wasn't even considered problematic, because if you actually make a different decision and the car's best guess turned out to be wrong, the car will go back at the intersection (= CPU thows away all the work and doesn't commit into the memory/register) and start driving the other way around.
But it's deemed useful, because if the car guessed right, by the time you make your decision, the car has already progressed in the correct decision. (= if the CPU guess right, it will have advanced a bit of work instead of the whole pipeline stalling and waiting for the outcome of the dependence).
Spectre variant 1 - "bound check bypass":
It turns out that even if the car leaves in case of wrong guess, there might some effect remaining even after the car left, like trace of tires on the ground, the ground still being warm from the car's presence, pigeons frightened by the car would have taken off,... (= they are still side effect that can be measured of CPU execution, like pages of memory being fetched in the cache).
And actually, modern cars are so fast, that by the time you made up your mind, the car is already 3-4 intersections further down the road. (= there quite a lot of instruction that are kept in-flight in the CPU pipeline)
By carefully watching when pigeons took off, and where you see tire traces, you can correctly infere that the car steered to avoid a pedestrian, even if the car nor the pedestrian aren't there any more (= it's possible to organise the speculated instructions in such way, the the side effect will depends on something that was access past the a check, like a boundary check)
But still the car is only travelling in the same city as usual. (= This Spectre only access data that the application has already full access to, to begin with. So very few exploit where you actually manage to get something new. Mostly situations involving JIT)
By now nearly all car have this auto-driving "feature" built in them.
Meltdown
All cars of the brand "Intel" have something really weird : they show up on the other side of walls. It's as if the wall didn't matter any more. The cars shows up in restricted area of the city where it shouldn't be. (= speculative execution on Intel CPU happens to go past security limits like memory protection, because the actual security check is done way to late) Walls won't protect the reserved parts of the city. (= the kernel isn't protected anymore).
You have to move the prison complex into another city. (=KPTI)
Spectre variant 2 - "Branch Target Injection"
It gets even weirder: The car shows up in the New York Underground network. And inside the vaults of Fort Knox. You're definitely toast on this one. (= Influence the execution of completely unrelated program. Execution happens were it couldn't possible happens. Your Hypervisor is toast).
But the thing is that this extremely dependent on the exact type of bolts and nuts which are used in the car. It's proven to work with a few specific bolts and nuts used in Intel cars. AMD cars are now proven to also use bolts and nuts, but nobody knows if you can actually manage to make a magically teleporting car out of them.
Meltdown and Spectre v2 are actually as weird as their car metaphor sound. That's why lots of specialist are specifically mad at I
Spectre.... it's just snooping on random processes hoping to find something interesting at the same user-level access.
I know things are getting confused, but there are 2 variants of Spectre.
The first one, the one you're describing, the "Bounds Checks Bypass", is the one where Speculative Execution is working exactly as defined, affects all speculative executing processor (so basically a couple of in-order cores like Intel Atom and nearly all RISC except a few latest AArch64 are exempt).
CPU speculatively execute past a check, and might end up speculatively reading from another part of the memory to which the application has access already anyway. There are only a few real-world exploit (the few corner case where an application has access to its own data, but should not actually read it for security purpose), mostly involving JITing and executing foreign-supplied executable arbitrary code. (e.g.: eBPF bytecode used by modern packet filters running in the same context as the Linux kernel ; e.g.: JITed Javascript code supplied by some shady webserver running in the same context as the rest of your browser, including that plug-in that handles password management).
But then there's Spectre variant 2, the "Branch Target Injection". This one is per-CPU architecture specific (Intel are known to be affected, and there's Demo code by google) (AMD thinks after a lot of analysis that some of their CPU are affected, but have no idea if it is technically possible to make an actual real-world exploit out of it - for sure the Xeon-specific code won't work, obviously). The base idea is to confuse how the indrect branch predictor work (i.e.: for jumps whose destination isn't even known yet at the time of speculation). Most CPUs try to keep track about where did this jump usually lead in the past. Depending on how this "track keeping" is handled (that's why it's very CPU-specific), an attacker might confuse the predictor and have it execute speculatively at an attacker's arbitrary chosen position, which would never ever be attained during normal execution. (in the case of the Google demo code for Xeon, these Xeons in particuliar is use something like a hash to store their table, google has managed to find "hash-collision"-like problem, where the Xeon will take the "wrong table" for the prediction : not the table of were the attacked programm usually jumps at, but a different table where the attacker's exploit usually jumps at).
To take the jewerly store comparison:
- The attacker meets the store manager in a completely unrelated setting, like at a street festival, and shows some funny dance moves. The store manager even learns the dance steps. (= filling a table of prediction for indirect branch for a code chosen by the attacker)
- Later that day, while the manager is back at the store, he absent-mindly repeats the dance-steps of that dance he saw and liked... (= "hash collision" in Xeon's tables : the "wrong table" is used by a completely different and normally unrelated program) and ends up accidentally bumping into the button that turns the alarm off, letting the thief steal everything he wants from the shop. A button that he would normally have never pressed.
(= normally, the jump taken during the speculative execution would never ever be taken : it's not even in the list of possible indirect branching for that program)
The horrible scary part is that what happens in the jewerly shop is affected by some completely unrelated event in the street. (The attacked/exploited program were the branch prediction is abused, might be a completely different program that the one where the attacker was doing the jumps to fill the predictor table. The attacker's code could be a small program that the attacker is allowed to run as part of the normal operations, like a user-land software on a VM on a cloud cluster. And the attacked/exploited program could be something deeply critical like the hyper visor running all the VM instances
Somewhere, someone is training some "Deep-Trump"-like deep neural net on APK's corpus of bullshit, and is ready to generate entire discussion trees of APK-"deep"-impostors all shouting at each-other...
I thought everyone in the super-fun-secret club knew about Spectre and Meltdown like 6 months ago, because it took them time to code up fixes? I'm guessing Linux kernel devs weren't part of the super-fun-secret club?
In general, Linux devs happens to have been working for a general class of technology (KAISER, now KPTI) that happens to also be useful against Meltdown (in addition to tons of other problems). So from the perspective of Linux devs, not much changed (and it is the general mantra in team Linus Torvalds, that *any* bugs is a serious bug, no matter if it is a security one or not - so it's a general tendency that when there are security reports, it's business as usual).
The problem comes from the answer of the manufacturers :
- intel botched patches they were submitting (see Linus' ire about them), intel provided buggy firmware (CPU microcode) that causes problems and that Dell and HP ended-up delaying. Intel has tried to enable Meltdown circumvention for everyone even if they're almost the only constructor that's concerned, etc.
- AMD still can't really decide if version 2 of Spectre (abusing the indiredct branch prediction) can actually lead to an actual usable exploit in the wild or not. Though they at least now have determined that a few of their CPUs (since Zen, I think) are affected. So at least for now it's "enable retpoline for them, too". etc.
And: TCP/IP has no 'security' build in either, that would be on much higher levels.
Actually, IPsec (initially developed as part of the requirements for IPv6, but back ported as an option of IPv4) *is* at the "Internet Layer". (It sits at the "IP" part of "TCP/IP", right under the "TCP" / "UDP" transport layer).
But yeah, most other the other encryption is usually happening in the application layer (HTTPS, SSH, etc.)
OK, but you can install the 32 bit version of Windows 10, and still load the GWBASIC.EXE compiled in 1986 on a current operating system.
Yup. Indeed, Microsoft (and FreeDOS. And DosBox. And dosemu) do maintain the set of API needed to get it running. (Basically, IBM-PC BIOS Interrupt call APIs, and DOS int 21h API. And an extra ton of emulated audio/video hardware in the case of DosBox). (It helps that 3 out of the 4 mentioned software are opensource, and thus can share a bit of the workload: Indeed, dosemu uses bits from FreeDOS to provide the Int 21h MS-DOS API).
Though note again that most of the things that you will run *inside* GWBASIC.EXE are basically (pun intended) scripts with source code available. And even in the case of GWBASIC.EXE not running anymore (because in the future, tablets take over and we decide to switch away from x86/x86_64 to AArch64), you could still port them to, say, FreeBasic.
In general, it looks that the DOS legacy is so strong (and so low-cost to keep around nowadays) that we'll probably still have it around for as long as there's some hardware still able to execute real-mode x86 machine code.
You know, for that weird data acquisition machine in the corner of the lab that can't work with anything else but some weird specific executable that has DOS bits.
Microsoft did away with 16 bit compatibility layer in the 64 bit OS, but as others have pointed out, VMs and things like DosBox make it not a big loss.
Small nit-picking : for once, Microsoft is entirely innocent in this case. The culprits are AMD (who designed AMD64) and Intel (who imported it as x86_64 once they saw that IA64 is going "(t) itanic"). There is no Virtual8086 mode available when the CPU is in 64 mode. It can only execute protected mode code. All the methods that Microsoft relied on to execute legacy real-mode code (i.e.: using virtual86 mode to handle most of the hardwork) suddenly doesn't work anymore if the CPU is in 64bits mode.
So basically they were left with two choices:
- enable 16bits APIs only when the CPU is running in 32bits mode. And disable them when in 64bits mode (what they did)
- rewrite extensively their 16 bits support to basically handle most of the emulation themselves without any assistance from the virtual86 mode. (What basically Dosbox, VirtualBox, QEMU, etc. are all doing).
The later is quite a lot of work, just to get old deprecated stuff to still run. It hits the law of "diminishing return" hard. So Microsoft skiped it. On the other hand all the other software are emulator (with additional dynarec, JIT, etc. but still) so emulation is *their* business and thus they went that path.
Nit-picking to my nit-picking: technically a CPU in 64 bit mode is still able to run 16bit *protected mode* code. So from a purely theoretical point of view, it should be possible to get those programs that are 16 protected-mode clean (some Win16 code in the 286 era is designed to work as-is in either real mode or protected mode) to run, *IF* you take time to re-implement the whole 16bits subsystem to run as a protected 16bit software on your CPU in 64 bits mode, *AND* you make sure that these program won't rely on any real-mode code (drivers, external dependencies to weird software, etc). That's way too much work in the scope of Microsoft - it's basically re-developing an entire Windows 286 again, just for the sake of those 3 program which will run cleanly inside it.
Mega nit-picking: There are complicated ways to get virtual 86 mode working from within a 64 bit OS. It's DOS' "Voodoo mode / Unreal" kind of hackish - relying on virtualisation extensions to help having virtualized CPUs running in a different mode than the main os.
So basically, it could be possible to take the architecture that normally happens if, on Windows 64 bits, you use a VT-x enabled Virtual Box to ru
Macs haven't run my 68K {NOTE: binary} apps for years. 8088 MS-DOS 3.1 batch {text, source} files still (mostly) work in Windoze, though.
NOTE: {notes} are mine.
Which makes a great argument in favor of accessible source. Because your batch file are human readable text-file, you can even edit what's needed to remove the "(mostly)" part of the sentence. Much more difficult with binary 68k machine code.
If you had access to the original C / Pascal code that the 68k apps were compiled from, it would be much more easy for devs to adapts them to modern architectures/APIs.
{...} in favor of making fun of an artist who they'd like to belittle by insinuating that nobody ever heard of them or in particular you're too good to have ever heard of them is being childish.
Or you know, maybe some of us have genuinely no idea who this artist is.
There are literally tons of different types of music out there (I mean litterally. If you pile up ever different disc, CD, tape, wax cylinider, scroll, and other forms of music produced by all the artists, it's going to be a really heavy total mass).
By chance, I might happen not to be into this specific music, and I might have actually never heard anything about the artist. Not that I pretend that the artist is bad or that I'm above this kind of art. He might simply be not one of the thousand other that's I've heard.
So we do what every sensible/.er would do (like the parent poster) : We will bitch and moan at the editors, because giving a few key information about an artist mentioned in a summary would be a good idea~
In the present case, I actually did not register the name for real, and needed to fall back onto wikipedia to discover that he's actually the guy who founded The White Stripes (known for such titles as "Fell in Love with a Girl", "Seven Nation Army", etc.). I did my duty to get informed, but I think that when the subject of a summary strays outside the typical tech field, I would be good to give some key informations (again, not every one might be into the same kind of music and some could genuinely completely ignore who the guy is).
And by the way, the stuff that these scientists created from human dukey is not food. It may have a similar ratio of fats & protein as food, but it's not food. Astronauts will eat each other before they eat some cultured turd yogurt.
And what do you think real food is made from ? Which substances do you think the plants process to transform into more plants (i.e.: more food) thanks to the solar power ? Do you really think that plants make themselves using solidified light ?
HINT: Look up the word "manure".
This project is basically doing the same thing, only scaled down and accelerated by using a different set of bacteria and yeast only, compared to the usual set of bacteria + plants that do the exact same stuff every day in agriculture. (But it's going to be difficult to pack a whole field in a space ship, so hence the interest)
You see it as a "toilet-to-mouth" system, but you should more realistically think of it as a pocket-sized field to grow food out of your (human produced) manure.
There's already more than enough food for everyone.
It's more complicated than that. Depends on what people eat.
Globally, yes, planet earth can produce more food than need to keep everyone fed (for a certain definition of "fed").
But if every body decide they want to have the same exact food diet as people in the developed world (think about USAmerican's love of steak. It's an entirely different approach to the word "fed" compared to above) : then you'll need at least 3 Earths worth of food production to keep everyone happy.
It's why Paul Ehrlich's 1960s neo-Malthusian predictions of mass starvation in the 1970s never happened.
No. That's more to do that those predictions (which also serves as inspirations for movies such as Soylent Green) are based on what would happen if the then tendencies were kept as is : if everybody kept reproducing like rabbits, today's world might look a bit like the over-populated slum that the science fiction back then predicted.
Except that the tendencies didn't keep. Demographic transition happened. People actually stopped reproducing as rabbits. Even the poorest developing country are nowadays showing progressive reducing of population growth.
So because the tendencies on which these prediction were made didn't keep, the prediction didn't come to happen. (Well, you still have over populated slums here and there, but not planet-wide).
Living things on this planet breathe. They exhale. Sometimes we humans kill and eat them. If all those animals were left alive, breathing out CO2, farting methane, eating up all the good grass and taking the jobs of other animals whose consumption have fallen out of popularity, their carbon footprint would be even worse.
The actual animals that normally live around on the planet are actually an insignificant small speck, compared to the impact......of all the specially human-created species that we raise on purpose to feed ourselves. These are not animal that normal roam this planet. This are animal specially raised by the human agriculture for the the specific purpose of answering the demand.
There is currently that much CO2, that much methane farting, and that much depletion of normal flora for the sole purpose of providing grazing, because we need to answer the meet eating habits (mostly of the developed world). We want (as a specie) to eat meat, that's why we raise an insane amount of cattle.
Save the environment - stop eating plants that absorb CO2 and eat more meat.
If we actually massively stopped eating meat (e.g.: if the developed world slowed down on meat and started eating food containing a higher mix of vegetable like the rest of the world), we would actually be needing to raise *a lot less* animals, and thus a lot less impact on the environment.
Your whole argument sounds like : "Stop using trains, there are cars out there anyway". Huh no. We build cars to fulfill the needs of those who want cars and refuse to take public transportation. And the same we raise animal on insane scale just to fulfill the needs of those who insist on eating animal.
Except these will leak out and it will become difficult to explain "it's not really me". We think exploitation via sexting pics or sex tapes is bad, it's got to be worse when it's not just a nude selfie but a realistic depiction of your wife/daughter/friend getting double-penetrated by two giants.
Society will eventually adapt. What's your first reaction if someone showed a hardcore photo of a colleague of yours doing thing that you would never suspected them doing ? "Photoshoped" is probably the first things that will go through your mind. 5 years down from now the word "FakeApped" will probably be accepted in the the dictionnary.
or worse, using the aforementioned skinny young porn actresses and putting real kids' faces on them.
Why is it "worse" ? No actual kid got hurt in the making of it. Only some "stock photo" website's collection got download and fed into an deep neural net.
Or another way to put it : what would you prefer ? - Some adult pervert fapping to images drawn by another bunch of adult perverts. - Some adult pervert fapping to the recording of horrible things done to abducted/sold kids ?
Spectre Variant 2 is also heavily CPU specific. The exploit needs to know how the predictor used for indirect branches works (i.e. jumps where the destination isn't know yet, like jump tables (ways to do a C/C++ switch) or calling overloaded virtual C++ members in an array of object) in order too fool it and force it to guess wrong and jump to a completely wrong destination.
It's been demonstrated on Intel CPU.
ARM reports that the few Cortex cores that do speculative execution are affected. (But, no ARM-specific exploit code is mentioned).
AMD knows that the Intel-specific code won't work (duh... obviously), but they cannot exclude that there won't be any way to exploit their indirect branch speculation ("near zero", not "zero" chance). Currently they recommend to apply patche, while they try to work out if there are possible viable exploitable to be made against their indirect branch prediction.
PowerPC G3 and G4 are not exploitable, I've read. They *do* speculative execution. But they either don't speculate around indirect jumps, or don't speculate far enough to be actually exploitable in practice.
Slashdot Mirror
but let's try to charge them off wind/solar please?
Which is already happening in several countries (e.g.: hydro is popular in the Alpine regions of Europe).
You know, not every nations produces it's electricity by burning coal.
Otherwise you're shifting the efficiency problem from your engine bay to the grid. I hate smug EV drivers boasting about "clean" driving. They get all flustered when I point out that grid-charging has all sorts of issues from coal-fired electricity.
According to research (damn, I have to keep the link under hand), except in a few countries that have a horrible mix of sources of electricity and burn too much fossils (out of my head, I think it's : China, Inda, Australia. Not 100% sure, should google) where there's basically no difference between an EV charging from the grid and a ICE, in every other country including those that still burn fossil in electrical power plant (that's including the US), there's some improvement of efficiency simply by shifting the burning from a small compact ICE that has to do compromises on lots of other parameters (weight, size, quick reaction, etc.) to a huge power plant that is more or less exclusively optimized for efficiency.
And then you have European nations where you can find a mix of power source that relies a lot on renewable sources (solar, wind, alpine hydro) or sources with a much smaller mass of pollution output (nuclear).
Also the way power is produced isn't the only advantage :
EV use regenerative breaking, being able to use significant fraction of the kinetic energy to charge back their battery pack.
(Slight tangeant, Swiss example : two high speed train going down from the Lötschberg tunnel can power one train going up "for free").
That is extremely usefull in stop-and-go situations (in city driving, commuting on busy highway with traffic jams, etc.) whereas these situations are killer for ICE efficiency.
Also, going out for a spin on the weekend? I prefer my motorbike, thanks. Perhaps I'll have to have it modified to run on bio-fuels.
Depends on how the biofuels are produced.
- As a way to make something useful out of argigulture's waste ? (We're doing so in several European countries) Yup, that's definitely an improvement.
- But some countries (US among other, I've read) do cultivate plants for the sole purpose of producing ethanol. That's cultures which are requiring additional soil exploitation, and a competing with food production.
It's a bit more problematic in the long term regarding bio-diversity, etc.
We almost need some kind of education program to identify legitimate sources of news. Using Google to search for "Fact Check title" often works, though care is required there as with anything else.
Which exactly what is happening in some other countries : France is having a few pilot program of teach media to kids (random example of a youtuber who's a teacher in real life and has published records of a classroom. Sorry it's in French. And sorry for the unfortunate implication if you translate the title in English, that wasn't intended in French).
The Herman Goering applies, and I fear it probably always will.
His assert about people getting used to (and eventually somewhat believing) a lie repeated enough might apply as well.
Here you go:
https://play.google.com/store/...
Dozens and dozens of cloned apps that "clean" your device.
{...}
They prey on the layman users' false "common sense" of how computers/devices should work. Each contains the same false information about optimizing Android performance, creating a completely inaccurate "common knowledge" amongst many Android users.
For example, there's no positive benefit in "cleaning apps" to save memory (RAM).
Optimizing RAM ? Yeah, that's bonkers, you get the same quick effect by simply rebooting the device (it does too stop most of the apps running in the background), and lots of modern OS implementation have methods to kill running background apps when ressources get low.
But optimizing free space ?
That's actually useful : at least the Android versions I've seen don't have a nice convenient way to purge all the cache, and delete all the temporary files or non critical files (thumbnails preview, etc.) in a single touch.
You would in theory need to open the preferences of every single app and manually clean the cache : tedious.
But yeah the problem is that these apps use the marginally useful function, to have install an app that will :
- try to overstep its necessary permissions.
- get used as a marketing ploy trying to scare you into buying the "pro" version that will protect you even better against malware threats.
So be prepared to need to agree to as many sensors access to their phone app as you already need to agree to Uber, Lyft, etc.
(and tiny-micro print that boils down to "allow them to resell the data to 3rd parties for marketing purpose", but written in a way that sounds completely differentü).
The last iPhone to be glued shut was the iPhone 3GS. Circa 2009. The iPhone 4 (from 2010) and onwards are not glued shut and can be opened by removing 2 screws. Yes, 2 screws.
Did replace the battery on my SO's iPhone 5.
- Those two screws are shitty Apple pentalobular proprietary stuff, requiring you to buy special tools, because "fuck standards".
- The glass still requires you to use custom tools to pull it out (luckily, any object with enough suction that you have laying around would do : car dashboard GPS holder, kitchen towel holder, etc. combined with a guitar pick/plectrum for lever. But in theory that would have been even more tools to buy).
- The battery is still glued inside the case.
At least the good news is that you can easily source good quality replacement for really cheap prices from reputable 3rd party source, so you don't need to rely on some shady sellers from Shenzen on ebay or alibaba.
My phone at the exact same timeframe (Jolla 1 - JP1301) :
- unclip plastic cover
- remove old battery
- put new battery
- close plastic cover
(Again, battery from 3rd party source, because Jolla doesn't have any more in tock).
Any other gadget without a clip-on back cover (wireless mouse, etc.) :
- unscrew the back cover (often standard screws like philips, sometime weird but common stuff like torx)
- unplug the old battery's connector
- plug the the new battery's connector
- screw back everything into place.
But yeah, the iPhone is 1mm thinner than the other gadgets thanks to all the stupid stuff.
Nanopore is more accurate when matching sequences at the signal/electrical level, but almost no one is doing that yet.
Reminds me matching peptide sequences at the mass-spectrometry level in proteomics (Disclaimer: used to work at GeneBio).
MPEG standards are open. That's the point of a standard. You can download the final drafts for free.
You can download the drafts for free (the technical documentation that explains the standard).
You cannot write a software freely - in jurisdiction that do recognize software patent (e.g.: the USA) the technology inside several codecs from MPEG (Mostly AVC / H264, HEVC / H265 , and AAC) are covered by patent.
If you attempt anything beyond simply reading the drafts, like actually writing code, you'd be violating IP rights in countries with software patent (in USA).
If you attempt to build a physical device around the standard (e.g.: hardware accelerating codec chip), you'd be again going against patent, in nearly all jurisdiction (in EU too).
MPEG doesn't sue. That is MPEG-LA, a completely separate organization.
To be correct:
The patent holder sue.
And the problems starting from H265 / MPEG-HEVC upward is that MPEG-LA isn't any more the only single organisation holding patents.
The world is not a simple place and the devil is in the details.
Yeah, I agree that the devil is in the details. That's why I called my over-simplification the "Easy Reader" version.
Is this you, or is it just random junk spit out by some deep neural net ?
Can't really make any distinction.
Also, this post is completely irrelevant to the current topic of distinction (MPEG's codecs like HEVC vs. AOMedia/IETF's codecs like AV-1/NetVC).
Also, you still have answer my question back then : by which miracle a host file can protect you from :
- Scripts hosted on the same server as something that you actually want :
-- you want the same hostname to be both blocked and non blocked depending on which object you're downloading (JS vs. something useful)
- Script that aren't know yet.
-- A black-list system cannot protect from something which isn't known yet (as opposed to a white list system which only let known trusted things through).
- Object that are delivered through Content Delivery Networks (as most JS is nowadays).
-- The host name has nothing to do with the content and is pretty much random.
Well... there's been many failed attempts at trying to replace closed source codecs with open source ones
And the big web switch from GIF to PNG is a good exemple of a successful one. :
Usually it requires 2 things
- a big industry push
- as good or better as the replacement
like Theora, the VPx codecs, Direc,
Dirac is a very small scale stuff. Mainly pushed by the BBC and hence only used in their echo-system.
Regarding the VPx family :
- VP6 / Theora : happened late at a point when it wasn't that competitive against MPEG standard of the day and was only pushed by a handful of companies (mainly Xiph Mozilla, and considered by Google for Youtube) while the rest of the industry pushed for MPEG which *did* had patent costs, but not crazy ones yet.
- VP9 : pushed by Google, a company a tiny bit more relevant, but still not industry-wide, because people were betting on the upcoming MPEG-HEVC/H265 because nobody knew yet the massive patent minefield it was going to be.
- VP10 : see below.
Daala and so on.
Daala *is* AV-1.
AV-1 is done by combining the efforts of Xiph's Daala, Cisco's Thor, and Google's VP10.
Some parts didn't make it (Daala's Perceptual Vector Quantization - PVQ - currently isn't enabled by default in AV-1 and is considered too different/weird), other parts of Daala are actually in AV-1 (the entropy coders experiments of Daala are now part of the AV-1 standard).
Now: AV-1 is showing interesting results.
And nearly anyone who is relevant in the internet-video business is on it. (you find content streamer like Netflix and Google (Youtube), browser makers like Google (Chrome) and Mozilla (Firefox), etc. - the whole ecosystem is in there).
By the GIF/PNG exemple and unlike the less popular video formats mentioned above, all the chance are on AV-1's side.
Vorbis never caught on to replace MP3
It still had some limited success :
- nearly any no-name asian media-player supports it. (Despite a campaign by Microsoft's WMA certification to explicitly ban it)
- accepted as part of the IETF standards
- supported by all major browsers
- thus a few on-line web service have built around it (Spotify is one notorious example, and it's far from a tiny player).
- Youtube can optionally use it.
- Thanks to widely available free code, it has also found it's way in numerous software applications (lots of game engines used it)
So it's not as widely known by the public as MP3 or AAC, but it still beat WMA, and it still managed to get used quite a bit.
or AAC either.
Vorbis/MP3/WMA all predate AAC.
AAC appeared much later.
It also ended up feature many of the same problem as the MPEG Video codecs mentioned in the article : mainly heavy patenting.
So although it managed to gain a foothold in the TV/Radio (DAB+ and HD DVB-x) and Music selling (iTunes) business, it got completely blown out on internet.
OPUS has basically come and destroyed it. It has much better audio quality, and is completely free of patent licensing.
As such OPUS is what is used by nearly any modern app : Skype, WhatsApp, FB Messenger,... chances are if it's on your smartphone and allows you to talk with audio, it probably runs on OPUS.
There are even experiments in using it on radio (OPUS is an unofficial codec used in the "DRM" long range AM-like radio).
It's one straw in particular that broke the camel's back and it's that those licensing HEVC saw the rise of video streaming services and got a bit too greedy.
Yup, totally agree, it's the patent-trolling that killed HEVC (and AAC for that matters).
Basically, if you have Android and iPhone (= Google and Apple) recording AV1 video, YouTube and iTunes (= Google and Apple) delivering AV1 video to hardware decoding in smartphones (= Google and Apple) you hav
The MPEG model until now :
- create a standard (e.g.: MPEG 1 Video, MPEG Audio Layer I).
- concentrate on making the best compression, irrespective of patent situation
- because good compression and official standard, MPEG gets extremely popular and implemented everywhere.
- all the MPEG creators who hold patents band together, form a patent pool.
- the use the popularity of the standard and their patent pool to extract as much money as possible from as many people as possible.
- re-invest the money left over after the CEO's pay into producing the next standard. (e.g.: MPEG 2 Video, MPEG Audio Layer II, etc.)
- rinse and repeat
The problem (not directly clearly stated in the summary) :
- companies realize that they can make even more money
- patent holder stay hidden for a while, they push a new standard knowing that it's patent covered
- once the standard becomes pervasive to the point it's not possible to function without it (e.g.: MPEG Audio Layer III, a.k.a MP3), suddenly the patent holder wakes up (in this case: Frauenhoffer Institute).
- the holder tries to sue the shit out of everyone to make even more money.
- rent seeking and giant money grab rots the industry.
(Historically, it's not the first time this has happened. See the holders of the LZW (Lempel-Ziv-Welsh) patent and the Graphics Interchage Format - GIF)
The current situations with MPEG HEVC / H.265 is a giant patent minefield, with several patent pools and/or patent holder each going for their maximal money grab.
To the point that HEVC/H265 isn't getting as widespread support in hardware as one would have expected when looking at its predecessors.
Meanwhile, the industry is fed up with this shit :
They've decided to do their own video standard with blackjack and hookers.
Actually forget about... blackjack.
They've decided to create a video standard with the explicit target for making it patent-free so it can be implemented for free by anyone who wants to use it online.
It's not the first time such a switch of standards on the grounds of being fed up has happened.
(The older being the switch from GIF to PNG by replacing the patented LZW compression with the free deflate).
And that is what frightens the MPEG guys.
----
As a note, a new standard won't necessarily devolve into the xkcd joke.
Each time, such switch have managed to actually succeed if :
- there is an actual push for the standard by the industry (e.g.: browser have started supporting PNG)
- the new standard is at least as good or even better that the old one (e.g.: PNG supports much more color schemes than the up to 256-palette of GIF. It also supports alpha channels, and the deflate compression is better).
The AV-1 is frightening the MPEG guys even more on these grounds.
- it's a coordinated effort by most of the industry big players including browser vendor, hardware vendor, server solution makers, etc. (i.e.: most of the company who make money by *using* video, as opposed to *selling the patents on the video* are in and pouring resources into it)
- it's a new gen codec, so of course it compresses somewhat better than the older standards.
And among the names of the companies involved, you see names who have been successful in deploying standards in the past :
- Google who have pushed their VPx series of codec.
- Xiph who have had relative success in the past:
- already with Vorbis against MP3 and WMA. It didn't get widely known by the general users, but it got a niche success : nearly all no-name asian media players supports it, it's used by several older audio streaming web companies - like Spotify and the completely free implementation have seen success in being used in various applications and engines - like game music)
- they did it again being among the company that contributed to OPUS, the free codec that currently beat everything else (including AAC) and is currently used by nearly any app/software on the
According to a friend with prosopoagnosia, it's more like not even noticing when the same caracters are played by different actors (thing the different actors playing Hulk in Marvel movies).
That friend is a fan of a Song of Fire and Ice, and has absolutely no problem tracking the loads of characters in the books (she has near perfect memory for names).
She also enjoys watching Game of Thrones, but didn't notice when different actors are playing the same characters : She learned that the people playing "The Mountain" changed from her friends. For her, she recognize the Mountain based on the context, she's completely unable to register the face.
I have a friend who has prosopoagnosia.
She has no trouble recognizing me, because she knows me since a long time and is used to that.
But she can't easily recognize (the face of people) she's been recently introduced to.
So it might be undetected because the affected people are used to it and have found other way to recognize people than face.
But the method is suboptimal.
Imagine how severe it would be if the person changes jobs and cannot recognize their new boss.
This can lead to ackward situation to that can severly impact the social life.
That friend could ignore people (like recent colleagues) when meeting them in the street.
But not because she's impolite (like most of them would imagine) but simply because they are wearing different clothes, in a context where there are no other clue to recognize them, so she couldn't even realise that it's someone she knew.
Best non-car analogy ever.
I didn't start the Jewelry store analogy, the parent poster did.
And now let's try a car analogy ! (But let's not repeat what xkcd).
It's all about you car trying to be more clever than you. So it's fitting to take self driving car as a metaphore.
Speculative execution :
When you arrive at an intersection, the car doesn't wait for you to take a decision where you want to go.
It makes its best guess and start driving in that direction.
When it was invented, it wasn't even considered problematic, because if you actually make a different decision and the car's best guess turned out to be wrong, the car will go back at the intersection (= CPU thows away all the work and doesn't commit into the memory/register) and start driving the other way around.
But it's deemed useful, because if the car guessed right, by the time you make your decision, the car has already progressed in the correct decision.
(= if the CPU guess right, it will have advanced a bit of work instead of the whole pipeline stalling and waiting for the outcome of the dependence).
Spectre variant 1 - "bound check bypass" :
It turns out that even if the car leaves in case of wrong guess, there might some effect remaining even after the car left, like trace of tires on the ground, the ground still being warm from the car's presence, pigeons frightened by the car would have taken off, ...
(= they are still side effect that can be measured of CPU execution, like pages of memory being fetched in the cache).
And actually, modern cars are so fast, that by the time you made up your mind, the car is already 3-4 intersections further down the road.
(= there quite a lot of instruction that are kept in-flight in the CPU pipeline)
By carefully watching when pigeons took off, and where you see tire traces, you can correctly infere that the car steered to avoid a pedestrian, even if the car nor the pedestrian aren't there any more
(= it's possible to organise the speculated instructions in such way, the the side effect will depends on something that was access past the a check, like a boundary check)
But still the car is only travelling in the same city as usual.
(= This Spectre only access data that the application has already full access to, to begin with. So very few exploit where you actually manage to get something new. Mostly situations involving JIT)
By now nearly all car have this auto-driving "feature" built in them.
Meltdown
All cars of the brand "Intel" have something really weird : they show up on the other side of walls.
It's as if the wall didn't matter any more.
The cars shows up in restricted area of the city where it shouldn't be.
(= speculative execution on Intel CPU happens to go past security limits like memory protection, because the actual security check is done way to late)
Walls won't protect the reserved parts of the city.
(= the kernel isn't protected anymore).
You have to move the prison complex into another city.
(=KPTI)
Spectre variant 2 - "Branch Target Injection"
It gets even weirder :
The car shows up in the New York Underground network.
And inside the vaults of Fort Knox.
You're definitely toast on this one.
(= Influence the execution of completely unrelated program. Execution happens were it couldn't possible happens. Your Hypervisor is toast).
But the thing is that this extremely dependent on the exact type of bolts and nuts which are used in the car.
It's proven to work with a few specific bolts and nuts used in Intel cars.
AMD cars are now proven to also use bolts and nuts, but nobody knows if you can actually manage to make a magically teleporting car out of them.
Meltdown and Spectre v2 are actually as weird as their car metaphor sound.
That's why lots of specialist are specifically mad at I
Spectre.... it's just snooping on random processes hoping to find something interesting at the same user-level access.
I know things are getting confused, but there are 2 variants of Spectre.
The first one, the one you're describing, the "Bounds Checks Bypass", is the one where Speculative Execution is working exactly as defined, affects all speculative executing processor (so basically a couple of in-order cores like Intel Atom and nearly all RISC except a few latest AArch64 are exempt).
CPU speculatively execute past a check, and might end up speculatively reading from another part of the memory to which the application has access already anyway.
There are only a few real-world exploit (the few corner case where an application has access to its own data, but should not actually read it for security purpose), mostly involving JITing and executing foreign-supplied executable arbitrary code. (e.g.: eBPF bytecode used by modern packet filters running in the same context as the Linux kernel ; e.g.: JITed Javascript code supplied by some shady webserver running in the same context as the rest of your browser, including that plug-in that handles password management).
But then there's Spectre variant 2, the "Branch Target Injection". This one is per-CPU architecture specific (Intel are known to be affected, and there's Demo code by google) (AMD thinks after a lot of analysis that some of their CPU are affected, but have no idea if it is technically possible to make an actual real-world exploit out of it - for sure the Xeon-specific code won't work, obviously).
The base idea is to confuse how the indrect branch predictor work (i.e.: for jumps whose destination isn't even known yet at the time of speculation). Most CPUs try to keep track about where did this jump usually lead in the past. Depending on how this "track keeping" is handled (that's why it's very CPU-specific), an attacker might confuse the predictor and have it execute speculatively at an attacker's arbitrary chosen position, which would never ever be attained during normal execution.
(in the case of the Google demo code for Xeon, these Xeons in particuliar is use something like a hash to store their table, google has managed to find "hash-collision"-like problem, where the Xeon will take the "wrong table" for the prediction : not the table of were the attacked programm usually jumps at, but a different table where the attacker's exploit usually jumps at).
To take the jewerly store comparison :
- The attacker meets the store manager in a completely unrelated setting, like at a street festival, and shows some funny dance moves. The store manager even learns the dance steps.
(= filling a table of prediction for indirect branch for a code chosen by the attacker)
- Later that day, while the manager is back at the store, he absent-mindly repeats the dance-steps of that dance he saw and liked...
(= "hash collision" in Xeon's tables : the "wrong table" is used by a completely different and normally unrelated program)
and ends up accidentally bumping into the button that turns the alarm off, letting the thief steal everything he wants from the shop.
A button that he would normally have never pressed.
(= normally, the jump taken during the speculative execution would never ever be taken : it's not even in the list of possible indirect branching for that program)
The horrible scary part is that what happens in the jewerly shop is affected by some completely unrelated event in the street.
(The attacked/exploited program were the branch prediction is abused, might be a completely different program that the one where the attacker was doing the jumps to fill the predictor table.
The attacker's code could be a small program that the attacker is allowed to run as part of the normal operations, like a user-land software on a VM on a cloud cluster. And the attacked/exploited program could be something deeply critical like the hyper visor running all the VM instances
Somewhere, someone is training some "Deep-Trump"-like deep neural net on APK's corpus of bullshit, and is ready to generate entire discussion trees of APK-"deep"-impostors all shouting at each-other...
I thought everyone in the super-fun-secret club knew about Spectre and Meltdown like 6 months ago, because it took them time to code up fixes? I'm guessing Linux kernel devs weren't part of the super-fun-secret club?
In general, Linux devs happens to have been working for a general class of technology (KAISER, now KPTI) that happens to also be useful against Meltdown (in addition to tons of other problems).
So from the perspective of Linux devs, not much changed (and it is the general mantra in team Linus Torvalds, that *any* bugs is a serious bug, no matter if it is a security one or not - so it's a general tendency that when there are security reports, it's business as usual).
The problem comes from the answer of the manufacturers :
- intel botched patches they were submitting (see Linus' ire about them), intel provided buggy firmware (CPU microcode) that causes problems and that Dell and HP ended-up delaying. Intel has tried to enable Meltdown circumvention for everyone even if they're almost the only constructor that's concerned, etc.
- AMD still can't really decide if version 2 of Spectre (abusing the indiredct branch prediction) can actually lead to an actual usable exploit in the wild or not. Though they at least now have determined that a few of their CPUs (since Zen, I think) are affected. So at least for now it's "enable retpoline for them, too".
etc.
And: TCP/IP has no 'security' build in either, that would be on much higher levels.
Actually, IPsec (initially developed as part of the requirements for IPv6, but back ported as an option of IPv4) *is* at the "Internet Layer".
(It sits at the "IP" part of "TCP/IP", right under the "TCP" / "UDP" transport layer).
But yeah, most other the other encryption is usually happening in the application layer (HTTPS, SSH, etc.)
OK, but you can install the 32 bit version of Windows 10, and still load the GWBASIC.EXE compiled in 1986 on a current operating system.
Yup. Indeed, Microsoft (and FreeDOS. And DosBox. And dosemu) do maintain the set of API needed to get it running. (Basically, IBM-PC BIOS Interrupt call APIs, and DOS int 21h API. And an extra ton of emulated audio/video hardware in the case of DosBox).
(It helps that 3 out of the 4 mentioned software are opensource, and thus can share a bit of the workload: Indeed, dosemu uses bits from FreeDOS to provide the Int 21h MS-DOS API).
Though note again that most of the things that you will run *inside* GWBASIC.EXE are basically (pun intended) scripts with source code available. And even in the case of GWBASIC.EXE not running anymore (because in the future, tablets take over and we decide to switch away from x86/x86_64 to AArch64), you could still port them to, say, FreeBasic.
In general, it looks that the DOS legacy is so strong (and so low-cost to keep around nowadays) that we'll probably still have it around for as long as there's some hardware still able to execute real-mode x86 machine code.
You know, for that weird data acquisition machine in the corner of the lab that can't work with anything else but some weird specific executable that has DOS bits.
Microsoft did away with 16 bit compatibility layer in the 64 bit OS, but as others have pointed out, VMs and things like DosBox make it not a big loss.
Small nit-picking : for once, Microsoft is entirely innocent in this case. The culprits are AMD (who designed AMD64) and Intel (who imported it as x86_64 once they saw that IA64 is going "(t) itanic").
There is no Virtual8086 mode available when the CPU is in 64 mode. It can only execute protected mode code.
All the methods that Microsoft relied on to execute legacy real-mode code (i.e.: using virtual86 mode to handle most of the hardwork) suddenly doesn't work anymore if the CPU is in 64bits mode.
So basically they were left with two choices :
- enable 16bits APIs only when the CPU is running in 32bits mode. And disable them when in 64bits mode (what they did)
- rewrite extensively their 16 bits support to basically handle most of the emulation themselves without any assistance from the virtual86 mode. (What basically Dosbox, VirtualBox, QEMU, etc. are all doing).
The later is quite a lot of work, just to get old deprecated stuff to still run. It hits the law of "diminishing return" hard. So Microsoft skiped it. On the other hand all the other software are emulator (with additional dynarec, JIT, etc. but still) so emulation is *their* business and thus they went that path.
Nit-picking to my nit-picking :
technically a CPU in 64 bit mode is still able to run 16bit *protected mode* code. So from a purely theoretical point of view, it should be possible to get those programs that are 16 protected-mode clean (some Win16 code in the 286 era is designed to work as-is in either real mode or protected mode) to run, *IF* you take time to re-implement the whole 16bits subsystem to run as a protected 16bit software on your CPU in 64 bits mode, *AND* you make sure that these program won't rely on any real-mode code (drivers, external dependencies to weird software, etc).
That's way too much work in the scope of Microsoft - it's basically re-developing an entire Windows 286 again, just for the sake of those 3 program which will run cleanly inside it.
Mega nit-picking:
There are complicated ways to get virtual 86 mode working from within a 64 bit OS. It's DOS' "Voodoo mode / Unreal" kind of hackish - relying on virtualisation extensions to help having virtualized CPUs running in a different mode than the main os.
So basically, it could be possible to take the architecture that normally happens if, on Windows 64 bits, you use a VT-x enabled Virtual Box to ru
Macs haven't run my 68K {NOTE: binary} apps for years. 8088 MS-DOS 3.1 batch {text, source} files still (mostly) work in Windoze, though.
NOTE: {notes} are mine.
Which makes a great argument in favor of accessible source.
Because your batch file are human readable text-file, you can even edit what's needed to remove the "(mostly)" part of the sentence.
Much more difficult with binary 68k machine code.
If you had access to the original C / Pascal code that the 68k apps were compiled from, it would be much more easy for devs to adapts them to modern architectures/APIs.
{...} in favor of making fun of an artist who they'd like to belittle by insinuating that nobody ever heard of them or in particular you're too good to have ever heard of them is being childish.
Or you know, maybe some of us have genuinely no idea who this artist is.
There are literally tons of different types of music out there (I mean litterally. If you pile up ever different disc, CD, tape, wax cylinider, scroll, and other forms of music produced by all the artists, it's going to be a really heavy total mass).
By chance, I might happen not to be into this specific music, and I might have actually never heard anything about the artist. Not that I pretend that the artist is bad or that I'm above this kind of art. He might simply be not one of the thousand other that's I've heard.
So we do what every sensible /.er would do (like the parent poster) :
We will bitch and moan at the editors, because giving a few key information about an artist mentioned in a summary would be a good idea~
In the present case, I actually did not register the name for real, and needed to fall back onto wikipedia to discover that he's actually the guy who founded The White Stripes (known for such titles as "Fell in Love with a Girl", "Seven Nation Army", etc.).
I did my duty to get informed, but I think that when the subject of a summary strays outside the typical tech field, I would be good to give some key informations (again, not every one might be into the same kind of music and some could genuinely completely ignore who the guy is).
And by the way, the stuff that these scientists created from human dukey is not food. It may have a similar ratio of fats & protein as food, but it's not food. Astronauts will eat each other before they eat some cultured turd yogurt.
And what do you think real food is made from ?
Which substances do you think the plants process to transform into more plants (i.e.: more food) thanks to the solar power ?
Do you really think that plants make themselves using solidified light ?
HINT: Look up the word "manure".
This project is basically doing the same thing, only scaled down and accelerated by using a different set of bacteria and yeast only, compared to the usual set of bacteria + plants that do the exact same stuff every day in agriculture.
(But it's going to be difficult to pack a whole field in a space ship, so hence the interest)
You see it as a "toilet-to-mouth" system, but you should more realistically think of it as a pocket-sized field to grow food out of your (human produced) manure.
There's already more than enough food for everyone.
It's more complicated than that. Depends on what people eat.
Globally, yes, planet earth can produce more food than need to keep everyone fed ( for a certain definition of "fed" ).
But if every body decide they want to have the same exact food diet as people in the developed world (think about USAmerican's love of steak. It's an entirely different approach to the word "fed" compared to above) : then you'll need at least 3 Earths worth of food production to keep everyone happy.
It's why Paul Ehrlich's 1960s neo-Malthusian predictions of mass starvation in the 1970s never happened.
No. That's more to do that those predictions (which also serves as inspirations for movies such as Soylent Green) are based on what would happen if the then tendencies were kept as is : if everybody kept reproducing like rabbits, today's world might look a bit like the over-populated slum that the science fiction back then predicted.
Except that the tendencies didn't keep. Demographic transition happened. People actually stopped reproducing as rabbits. Even the poorest developing country are nowadays showing progressive reducing of population growth.
So because the tendencies on which these prediction were made didn't keep, the prediction didn't come to happen. (Well, you still have over populated slums here and there, but not planet-wide).
Living things on this planet breathe. They exhale. Sometimes we humans kill and eat them.
If all those animals were left alive, breathing out CO2, farting methane, eating up all the good grass and taking the jobs of other animals whose consumption have fallen out of popularity, their carbon footprint would be even worse.
This xkcd is relevant.
The actual animals that normally live around on the planet are actually an insignificant small speck, compared to the impact... ...of all the specially human-created species that we raise on purpose to feed ourselves.
These are not animal that normal roam this planet.
This are animal specially raised by the human agriculture for the the specific purpose of answering the demand.
There is currently that much CO2, that much methane farting, and that much depletion of normal flora for the sole purpose of providing grazing, because we need to answer the meet eating habits (mostly of the developed world).
We want (as a specie) to eat meat, that's why we raise an insane amount of cattle.
Save the environment - stop eating plants that absorb CO2 and eat more meat.
If we actually massively stopped eating meat (e.g.: if the developed world slowed down on meat and started eating food containing a higher mix of vegetable like the rest of the world), we would actually be needing to raise *a lot less* animals, and thus a lot less impact on the environment.
Your whole argument sounds like : "Stop using trains, there are cars out there anyway". Huh no. We build cars to fulfill the needs of those who want cars and refuse to take public transportation. And the same we raise animal on insane scale just to fulfill the needs of those who insist on eating animal.
Except these will leak out and it will become difficult to explain "it's not really me". We think exploitation via sexting pics or sex tapes is bad, it's got to be worse when it's not just a nude selfie but a realistic depiction of your wife/daughter/friend getting double-penetrated by two giants.
Society will eventually adapt.
What's your first reaction if someone showed a hardcore photo of a colleague of yours doing thing that you would never suspected them doing ? "Photoshoped" is probably the first things that will go through your mind.
5 years down from now the word "FakeApped" will probably be accepted in the the dictionnary.
or worse, using the aforementioned skinny young porn actresses and putting real kids' faces on them.
Why is it "worse" ?
No actual kid got hurt in the making of it.
Only some "stock photo" website's collection got download and fed into an deep neural net.
Or another way to put it :
what would you prefer ?
- Some adult pervert fapping to images drawn by another bunch of adult perverts.
- Some adult pervert fapping to the recording of horrible things done to abducted/sold kids ?
Spectre Variant 2 is also heavily CPU specific.
The exploit needs to know how the predictor used for indirect branches works (i.e. jumps where the destination isn't know yet, like jump tables (ways to do a C/C++ switch) or calling overloaded virtual C++ members in an array of object) in order too fool it and force it to guess wrong and jump to a completely wrong destination.
It's been demonstrated on Intel CPU.
ARM reports that the few Cortex cores that do speculative execution are affected.
(But, no ARM-specific exploit code is mentioned).
AMD knows that the Intel-specific code won't work (duh... obviously), but they cannot exclude that there won't be any way to exploit their indirect branch speculation ("near zero", not "zero" chance). Currently they recommend to apply patche, while they try to work out if there are possible viable exploitable to be made against their indirect branch prediction.
PowerPC G3 and G4 are not exploitable, I've read. They *do* speculative execution. But they either don't speculate around indirect jumps, or don't speculate far enough to be actually exploitable in practice.