Another alternative is to use TOTP (Time-derived One-time password): an ever changing code that is based on a hash, computed out of the current time (hence the ever changing) and a shared secret that only you and google know.
Only someone possessing the shared secret can compute the correct code for that time. The secret itself is never sent on the wire, only the current-time code derived of the secret is.
You can find apps running on tons of other hardware if you don't own an Android nor an iPhone (or simply don't want to give that phone number to google).
You could even built your own, using an Arduino, an LCD display and some mean to get accurate(-ish enough*) time (e.g.: GPS chip or a DCF77 receiver if you're in Europe, or a RDS FM radio receiver, or extract it from TV broadcast, etc.)
TOTP is supported as a two-factor standard at lots of other companies (Facebook has it as a possibility, nearly every bitcoin-related website I've seen has it, Microsoft too, etc.)
(*) - a new code gets generated every 30 seconds, and some server-side implementation also compare against the past couple of code. So your clock doesn't necessarily need to be that much precise.
You could get the time from your wrist watch if you don't have any time source.
Or you could run the TOTP *on* the wrist watch if yours happen to be programmable (e.g.: Pebble)
My cars (early 2000 models) don't have any sort of aux/headphone jack/input port.
Your car's radio doesn't have an aux jack.
The car ifself has probably something that looks a bit like the ATX power connector of your desktop PC and is the standard connection interface between a car and a car-radio.
From that point:
- check if the car's radio doesn't have an external input *on* the back. either stereo audio + button commands (in some industrial connector too) to control a multi-CD music jukebox. or a stereo audio + audio mute (might be industrial, might be simple screw-on) to connect to an external in-car phone dock (but in practice, actually used for bluetooth receiver)
- if the radio has no such connectors on its back, but only power and speakers: then most car electronics shop sell some spliter cable with a relay that you can use to interconnect the bluetooth receiver between the radio and the speakers and mute the audio.
But in Switzerland (geographically in the middle of Europe, but not quite exactly part of EU) :
- if it goes under 25 km/h, and has a maximal power of 500W, it's considered as a bicycle (with power-assistance. Meaning that you need to turn the pedal for the electric motor to help you). There's no peculiar registration required, nor special insurance. Any one above 16 can freely drive them (special moped driving license required for kids between 14 and 16). Helmet are just strongly recommended for bicycles.
- if it goes up to 45 km/h, and has a maximal power 1000W, it's considered as a moped (which happens to be electrically powered instead of gaz powered) It need to be registered as a moped, has moped-type number plate, needs to be insured like a moped. (and I think it must also feature a couple of obligatory accessories to be considered a street-legal moped, like a side mirror. I might be wrong). Only age above 16 can drive it, and need a special moped driving license to drive it. Helmet is compulsory on mopeds.
- anything faster or more powerful is an electric motorcycle. And follows the same registration and driving license as motorcycle (with different categories depending on motor power output, just like a regular motorcycle)
Jolla's (company founded by ex-Nokia employees to continue their work on Maemo, and based in Finland - though it's up for debate if people really consider it part of scandinavia) Sailfish OS could fit the descriptions.
Also, its base is open-source (except for a few GUI elements), the free community edition has already been extensively ported to nearly everything that already runs Cyanogen Mod (i.e.: as long as there's a Linux kernel and drivers on it, you could run Sailfish OS (i.e.: a full blown GNU/Linux with Wayland and QtQuick/QML-based desktop) instead of Android (Linux kernel, but a weird special userland) ) and that includes several Huawei smartphones.
It might also simply be Huawei's Swedish branch. (But if they are ex-Nokian, chances are high they'll try to use the Mer core to build this. The same opensource core on which Sailfish OS is built too).
Notice also that Samsung's Tizen is also a very close cousin to Mer/Sailfish OS. It also stems from the same collaboration effort back between Meamo/Meago/Mobilin (but Intel eventually decided to follow their own path).
Note that there are solution to run Android application on all of the above. (e.g.: the Commercial version of Jolla's Seilfish OS comes with AlienDalvik. SFDroid is a solution for the community Edition. Etc.)
If they play their game correctly, the smartphone manufacturer looking for an alternative to Google would be able to come each with their own completely different UI, but having enough common core component (Mer, Tizen, etc.) to have inter-operable apps, and still be able to also run the de-facto standard Android apps.
Who is authorized to certify the Certification Authorities,
The software provider that provided the list of root certificate that your browser uses. Depending on your setup, it's either your OS provider... (e.g.: - Windows has a list of root certificates that are considered legit. - Most Linux distribution also pack such a list some where in/etc/ssl/certs or/var/lib/ca-certificates/pem)...or your browser's provider. (e.g.: - Firefox comes with its own list of root certificates)
and what would it take to finally have Comodo's cert revoked?
If the software provider decides that Comodo is not trustworthy, all of the above players can push an update and not include its certificate in the new updated list. (e.g.: Microsoft periodically pushes a security update called "Root Certificates". And sometimes, on some new versions, Firefox ships with a new modified list) This has happened already with some of China's certificate which were used in MITM attack to spy on their citizens.
Firefox has also a faster way to directly issue warnings and potential revocation without even waiting for an update. (OneCRL) I have no idea about edge. I suspect that chrome has some similar approach, which probably require you to pipe every single visited URL to some cloud processing server to attest if safe or not.
Now, I wonder what happens when I type in the symptoms of an actual CNS tumor.
I predict that once this google subsystem will be in production (well, it's google, so probably just a later "beta" stage, only better debugged and tuned).
- it will correctly list tumors among the probable cause (along with other plausible CNS diseases - e.g.: vascular - depending on symptoms list)
- people will still pick-up the weird case-report where it was due to some environmental poisoning that's mentioned once after 10 pages of search-results. And sue the City for trying to brain-control them with said poisoning.
- there's also the problem of herd immunity. the more people got a vaccine against some disease, the more difficulty this disease has to find the next "free" host to infect. Beyond a certain percentage of vaccinated people, the disease can't spread across the population because it almost never find a nearby infectable host. Conversely under a certain percentage of vaccinated people, the disease can roam freely among the population.
Refusing to get a vaccine not only change *one*'s own risk of catching the disease, but contributes to lowering the herd immunity and in creases the overall population's risk to catch the disease. And conversely, deciding to get a vaccine will increase herd immunity and also help protecting the few people who cannot get the vaccine (because of allergies, diminished immune system, etc.)
- speaking about autism and vacines: Since then, the study has proven to be bunk and has been retracted. Autism has been proven to have genetic basis, and to start developing already in utero (before exposed to the first ever vaccine). Autism has no known mecanisms linked to the immune-system.
There's just some time-correlation due to external factor.
For details: it's due to age. - It happens that most autism are diagnosed in childhood, because that's where it's easiest for parent to observe the abnormal behaviour patterns (e.g.: attention deficit), unlike in newborn or while still in the womb (where some of the autism already starts to develop). - It also happens that children gets the most vaccine (unlike adults who only need some special shots for exotic diseases or/and only get boosters). - So autism also happen to get discovered in kids who also got a vaccine.
You put way too much faith in doctors. Just because someone is "professionally trained" or has "years of experience" doesn't mean anything at all. {...} I am always amazed at how people think doctors know something special about vaccines just because they went to medical school. {...} They just prescribe the stuff.
We don't only prescribe, we are also trained how to react in case of of strong reaction (e.g.: allergies). Though in some jurisdiction, the same could also be handled by paramedics.
(Also, we do get basic training in pharmacology. If some of my peers are too stupid to actually study it correctly, that's an entire different matter, though...)
I know I'm repeating myself from the thread about Oasis-class ocean liner, but... How come this kind of mega-ship is powered by burning fuel ?!
Explorer-class container ships (e.g.: the mentioned CMA CGM Benjamin Franklin) are bigger and heavier than Nimitz class Aircraft carriers (e.g.: USS Georges H.W. Bush), and the later are powered by nuclear reactors. I can understand that, in the case of tourism vessels, nuclear propulsion might sound as potential target for pirate/terrorists (though that hasn't prevent Russia to operate a few exploring/tourism nuclear vessels around the north pole). But in the case of megaships? All the ware stored in the containers is *already* a potential target for piracy (as mentioned in the summary). Compared to potential billions worth of stolen merchandise, the nuclear propulsion is probably pocket change. It won't add much to the security challenge that these megaships are already facing.
Well, fsck is also going to be handled by systemd! Systemd is cancer!!!
No, wait, you're running the whole on top of BTRFS which doesn't have a real-fsck because it doesn't make any sens on copy-on-write systems! BTRFS is the cheap knock-off of ZFS!!!!
Argh! All these meme start to get confusing, I don't know which I currently need to blame!
Yes, if AC's code does something stupid like "every even thread branch lest, every odd thread branch right", the execution group will need to run the code twice, with altening masks to run each branch, exactly as you describe.
But if it's entirely different part of the thread block that diverge (e.g.: first half vs. second half), the "executions groups" will each diverge independently. The first 18 taking one branch and the second taking the other branch. With no time lost due to alterning execution masks. (Which is the preferable way to handle branching code in parallel environment. If you can't do away with the branches altogether, at least try to organise it so nearby threads on the same SIMD branch/loop together. e.g.: bin-sort your loops by similar lengths together)
Yes, all the *SIMD units attached to 1 execution core* will necessarily process the exact same instruction at the same time on the same cycle... (which from a design point of view makes entirely sens: graphical processing is about repeating some processing on thousands or million pixels. Better group them in batches instead of processing every last damn pixels individually)...but there more than 1 execution core on most higher range GPUs, and nearly all modern GPUs are able to keep several hyperthreads running concurrently to hide latencies.
So a modern GPU can execute several different instruction at the same time. Even if usually it's the same exact OpenCL code uploaded to all units, the various SIMD units could be executing different points of code.
But yeah, you're right, within a SIMD, all the threads run the same instruction.
Its depends. In the case of Xeon-Phi (i.e.: ex-Larrabee GPUs repurposed as parallel processing units), in addition to the very wide SIMD AVX512 units, there are also scalar cores able to run pentium-compatible binaries. So the Linux core managing all the hardware actually run *on* the GPU itself (and you can SSH into your Xeon-Phi if you want).
On the other hand, the Tilera works exactly as you describe. A weird many-core structure running the processing kernels, and a nearby classical risc core managing the whole.
Systemd? Probably because serious computer engineers don't have any trouble dealing with the irritation that systemd causes.
Confirming: our latest nodes on our cluster are running CentOS7 which is systemd powered.
(And hopefully the final practical product out this buzzword-compliant pressrelease would still be somewhat useful. We could have some special workloads to apply it to).
(methane caused by stagnate water and anaerobic metabolizing of dead plant materials under water), but there's plenty of other toxins coal emits.
Long story short: A hydro dam (specially in alpine regions) has more in common with mountain lakes than with swamps.
- The water isn't stagnating that much (the whole point of a dam is not to keep the water forever sequestered, but to use its flow to produce electricity. The artificial lake forming is only a *temporary* storage of energy - like a big battery).
- Water in colder/high altitude region is less likely to encourage proliferation of anaerobic bacteria deep in the water.
- Both (water flow and seasonnal cold temperature causing currents inside the lake) increase level of oxygen in (artificial-) lake water, favorising more aerobic metabolizing compared to what is typically found in swamps.
- Colder climate among other means less water loss in normal operation. The level won't go that much down simply because it's dry and hot (as opposed to more power output needed). Depth contributes to the above effect.
- Mountain lake (and dam) configuration is different, they tend to be deeper (they happen/they get constructed in valleys which were dug by glaciers), which again contribute to above effect.
- Banks around alpine damns are steeper, meaning less vegetation forming between low and high water level, less biomass is injected to rot (and anyway it tends to rot less in this water as said above)
- Why let good wood rot at the bottom of a flooded valley ? Lots of the biomass get lumbered away as precious resource.
All the above (and much more factors) brought the realisation that the greenhouse warming caused by hydro-electric dams has been grossly over estimated. They actually end-up being more environmentally friendly than previously taught and more than fossil-fuel burning power plants. Specially the deeper (as found in alpine regions) artificial lakes in colder/higher altitude region.
On the other hand, shallow dams in tropical area are a very bad idea (even from a mosquitoe point of view if you want to ignore the carbon impact).
...Swiss mountains with abundant hydro-electric dams and a couple of wind turbine sprinkled, I smuggly look down on your fuel-burning CO2-vomitting electric plants~~~
However, statistics aren't made by finding only the unluckiest people and aggregating those measurements.
On the other hand, you DO NOT need the event to frequent to be problematic.
Most girls I know are more or less well adjusted. But all it takes as a few bad apples to abuse the system and try to wreck the lives of innocent guys. These women not only cause problem to guys involved, but also to all the other normal women because the people will get more suspicious about any allegation. Actually raped girl might fail to report due to being afraid of being accused of lying, or won't be believed after reporting.
(It's not that much different than the situation of girls considering all men to be *assholes* just because they got burned by a psychopath. It's not that all men are actually that fucked up. But a lot of damage is done by a small but very noisy group of psychopath tend to consider "The Game" is a bible. And because of them the girls tend to look with suspicion to *all* men)
At least some "stupid-mitigiation" could have helped.
Things like two factor auth (user still uses stupid password, but also needs token given by smart-phone app, or recieved by 2nd channel)
Or things like public-key authentication (stupid password is used to unlock locally stored file with cryptographic key. Key is only used to sign stuff over wire)
In both case, even in the case of a massive leak (e.g.: like recent LinkedIn's) the stolen passwords can't be used alone to impersonate user identity. (either an extra token would be needed in addition. Or a file containing the cryptographic key. Both of which stay in the possession of the end-user and never travel the wire).
But no, companies still continue to recommend "secure" passwords. (Which can still be mitigiated using a decent password manager).
I wouldn't say the security problem is impossible... just when the monitor is unplugged, have all RAM get flipped to all 1s, then back to 0. Very quick,
Indeed. It's a graphic card, after all. Using GDDRn. Buffer initialization *should* be something hardware accelerated on the RAM chips.
Still the blanking need to be triggered. (the proper commands sent to the GDDR chips) And such monitors are very special corner cases (not much people are using hotplugable GPU), which requires special new code to be added to the firmware running inside the GPU (that hasn't been much needed in mainstream GPUs yet).
On one hand, even DIMM slots aren't properly blanked at shut down time, enabling hotswap attacks on *main* memory. So neglect to properly wipe past display buffers is definitely a possible risk.
On the other hand, we live in a post-Snowden world, were general awareness about recurrent hacking has been raised a tiny bit. And WhatsApp (among others) activating end-to-end encryption seems a big deal.
I do wonder if this functionality should be in a docking station as well, think the PowerBook Duo, or the IBM docking station of yore that didn't just add ports, but added a PCI bus, an additional ISA (yes, this is antediluvian tech here) bus, two IDE bays, a video card, and so on.
You can already find modern-day docks with a full blown GPU inside. MSI is having one.
And indeed this kind of technology looks nice for the "travel light but have big screen when not moving)
On the other hand, it's a 5k display. 5120x2880 pixels. That a little bit short of 60MB for a full screen at 32bits per pixel.
Modern desktop (like anything more recent than Compiz and including Wayland on Linux, like Aero on Windows or like Quartz Extreme on Mac OS X) use compositing: each application windows is a seprate buffer that gets composite on the flight on the screen at display time (usually simply using the OpenGL hardware, but some time as with Raspberry Pi using a dedicated compositing hardware acceleration).
If you have more than a couple of applications with full screen windows, that means that you're going to need several hundreds of MB just to hold the render buffers for all applications. Thus I don't think they'll try to get that cheap with memory. You won't find a 16-24GB monster inside such a GPU+Monitor combo (you still need to sell them for a reasonable price. Though "reasonnable" and "Apple fanboy" can hardly be used in the same sentence). But I think 2-4GB (or even 6-8GB) won't sound that alien, specially given that prices for memory are falling, that won't be such an expensive amount of memory, and Apple my try to spare money by opting for a slightly older generation of RAM (you won't necessarily find GDDR5X, Apple may opt for older GDDR5 memory)
Specially, as you mention, excessive bus transfer aren't the best idea when the data must transit over a ThunderBold PCIe link (not as wide the latest gen PCie x16. And over a longer cable connection). Keeping unmodified video buffers in-VideoRAM is definitely important.
In short: - due to recent trend of high resolution monitors with more pixels to be pushed - multiplied by the number of different nearly-full screen windows open - combined with modern compositing desktops Normal desktop use is starting to become a noticeable VRAM consumer.
The simplest way is to get an image that you just copy over the main partition of the drive.
"dd" works for that on the command line of Linux "rawwrite" is a nice Windows GUI
Then there are USB boot-disk maker. e.g.: there's Unetbootin which downloads an installation ISO and handles the gory details to create a bootable USB stick out of it. (And for the curious there's a tool for the opposite direction: making a bootable Windows out of an Microsoft's installation ISO).
The gory details: There are basically 2 different ways to boot a media.
old-school classic BIOS: - requires a special master-boot record at the beginning of the disk, which in turn will load a boot loader (e.g.: syslinux or grub or lilo) from a specific place (usually hidden between partitions), which then will handle the necessary boot menu and boot linux. By writing a whole boot-USB image ("dd" method) these extra parts are written too. And tools like Unetbootin take care of running the necessary soft for it.
new style UEFI: - the UEFI is able to handle a lot of its own (access to partitions on disks). - it requires an executable file (.efi) placed in a specific partition (the first FAT32 partition, usually called the "System partition") in a specific path. The UEFI takes care of loading and executing this file (usually, it's going to be grub2.efi) which then will handle the necesary boot menu and boot linux. That's usually the intended methode behind all the ultra-simple "just copy the files as-is on the USB stick, lol" HOWTOs. Images copied with the DD mathod will already be formated in the correct formats and partitions. Unetbootin will re-format and repartition the USB stick if necessary.
Things can get problematic, if: -...the target PC boots in BIOS mode and the proper sectors (Masterboot and bootloader) weren't written. -...the target PC boots in UEFI mode and the partition isn't liked (e.g.: it's an exFAT or NTFS instead of FAT32)
So, use DD, or use Unetbootin (or use WInUSB if you want to boot a Windows installer). They all handle the gory details.
Yup, most people replace their whole laptop after a few year. And most people will be okay with the GPU power built into their 5k display anyway. It will be far enough for most people's use (watching video - so unless the entire world switches to a completely new codec (the Daala/Thor/VP10 mash-up that is supposed to come out of AOMedia) *AND* drops forever any MPEG AVC/HEVC and Google VPx codec, it should be still working 2 years down the line casual gaming - the OpenGL/Vulkan capability of the GPU should still be okay)
The problem would be for people needing big GPUs for their work. Thus mostly Unix software developer (mostly scientific work). Mac Apple are extremely popular among some developers (specially those designing scientific software) mainly because their laptops are light, but Mac OS X is still a (BSD) variant of Unix, while at the same time being better looking than Linux and it supports better the hardware (well obviously, as apple makes both the OS and the hardware). But these devs are exactly the kind of devs who would like to have access to the latest biggest GPU (think the same kind of requirement as a game devs, only their run more often Unix-like OSes, instead of Windows).
But this peculiar market is quite fringe and is only a small percentage of the user targetted by a GPU+Monitor combo from Apple.
(cue-in Nvidia and AMD releasing external Thunderbold PCIe expander boxes for this exact purpose).
There has been some external GPU chasis for this exact purpose already in the PC world.
Mainly, a small plug to the extrernal express-Card connector of the laptop going to a expander box with the big GPU inside.
Maybe, some of these companies would manage to build a similar Thunderbolt-PCIe expander box ? And then you plug a vanilla 5k display into it using a regular DP or HDMI cable. So 2 years down the line you can upgrade the GPU independently of the monitor.
The main draw backs are: - hot-plug: not all GPU are designed to be plugged in and out on the flight. You probably won't be able to buy absolutely any random GPU of your choice and expect it to work flawlessly. (That was the main problem that plagued the PC "express-card" version of the technology). - drivers: Apple will probably design their OS around their specific GPU+Monitor combo. It probably won't work with your prefered brand of GPU. (e.g.: They might decide to stick AMD Polaris inside their monitor. So if you want to use an Nvidia Pascal as your external GPU, you'll be left hoping that Nvidia decides to write the necessary support into their drivers) - small detail around compatibility (to keep with the above exemple, Nvidia might decide to write a new driver supporting GPU hotplug over thunderbolt's PCIe connection... but then it might only work with their own Nvidia brand of expander boxes).
Slashdot Mirror
Another alternative is to use TOTP (Time-derived One-time password):
an ever changing code that is based on a hash, computed out of the current time (hence the ever changing) and a shared secret that only you and google know.
Only someone possessing the shared secret can compute the correct code for that time.
The secret itself is never sent on the wire, only the current-time code derived of the secret is.
You can find apps running on tons of other hardware if you don't own an Android nor an iPhone (or simply don't want to give that phone number to google).
You could even built your own, using an Arduino, an LCD display and some mean to get accurate(-ish enough*) time (e.g.: GPS chip or a DCF77 receiver if you're in Europe, or a RDS FM radio receiver, or extract it from TV broadcast, etc.)
TOTP is supported as a two-factor standard at lots of other companies (Facebook has it as a possibility, nearly every bitcoin-related website I've seen has it, Microsoft too, etc.)
(*) - a new code gets generated every 30 seconds, and some server-side implementation also compare against the past couple of code.
So your clock doesn't necessarily need to be that much precise.
You could get the time from your wrist watch if you don't have any time source.
Or you could run the TOTP *on* the wrist watch if yours happen to be programmable (e.g.: Pebble)
My cars (early 2000 models) don't have any sort of aux/headphone jack/input port.
Your car's radio doesn't have an aux jack.
The car ifself has probably something that looks a bit like the ATX power connector of your desktop PC and is the standard connection interface between a car and a car-radio.
From that point:
- check if the car's radio doesn't have an external input *on* the back.
either stereo audio + button commands (in some industrial connector too) to control a multi-CD music jukebox.
or a stereo audio + audio mute (might be industrial, might be simple screw-on) to connect to an external in-car phone dock (but in practice, actually used for bluetooth receiver)
- if the radio has no such connectors on its back, but only power and speakers:
then most car electronics shop sell some spliter cable with a relay that you can use to interconnect the bluetooth receiver between the radio and the speakers and mute the audio.
But in Switzerland (geographically in the middle of Europe, but not quite exactly part of EU) :
- if it goes under 25 km/h, and has a maximal power of 500W, it's considered as a bicycle (with power-assistance. Meaning that you need to turn the pedal for the electric motor to help you).
There's no peculiar registration required, nor special insurance.
Any one above 16 can freely drive them (special moped driving license required for kids between 14 and 16).
Helmet are just strongly recommended for bicycles.
- if it goes up to 45 km/h, and has a maximal power 1000W, it's considered as a moped (which happens to be electrically powered instead of gaz powered)
It need to be registered as a moped, has moped-type number plate, needs to be insured like a moped.
(and I think it must also feature a couple of obligatory accessories to be considered a street-legal moped, like a side mirror. I might be wrong).
Only age above 16 can drive it, and need a special moped driving license to drive it.
Helmet is compulsory on mopeds.
- anything faster or more powerful is an electric motorcycle.
And follows the same registration and driving license as motorcycle
(with different categories depending on motor power output, just like a regular motorcycle)
Jolla's (company founded by ex-Nokia employees to continue their work on Maemo, and based in Finland - though it's up for debate if people really consider it part of scandinavia) Sailfish OS could fit the descriptions.
Also, its base is open-source (except for a few GUI elements), the free community edition has already been extensively ported to nearly everything that already runs Cyanogen Mod (i.e.: as long as there's a Linux kernel and drivers on it, you could run Sailfish OS (i.e.: a full blown GNU/Linux with Wayland and QtQuick/QML-based desktop) instead of Android (Linux kernel, but a weird special userland) )
and that includes several Huawei smartphones.
It might also simply be Huawei's Swedish branch. (But if they are ex-Nokian, chances are high they'll try to use the Mer core to build this. The same opensource core on which Sailfish OS is built too).
Notice also that Samsung's Tizen is also a very close cousin to Mer/Sailfish OS. It also stems from the same collaboration effort back between Meamo/Meago/Mobilin (but Intel eventually decided to follow their own path).
Note that there are solution to run Android application on all of the above. (e.g.: the Commercial version of Jolla's Seilfish OS comes with AlienDalvik. SFDroid is a solution for the community Edition. Etc.)
If they play their game correctly, the smartphone manufacturer looking for an alternative to Google would be able to come each with their own completely different UI, but having enough common core component (Mer, Tizen, etc.) to have inter-operable apps, and still be able to also run the de-facto standard Android apps.
Someone needs to show paying Comodo customers how to use Let's Encrypt to renew their certs for free.
I think that's the reason why Comodo is trying to own the Let's Encrypt name....
Who is authorized to certify the Certification Authorities,
The software provider that provided the list of root certificate that your browser uses. /etc/ssl/certs or /var/lib/ca-certificates/pem) ...or your browser's provider.
Depending on your setup, it's either your OS provider...
(e.g.:
- Windows has a list of root certificates that are considered legit.
- Most Linux distribution also pack such a list some where in
(e.g.:
- Firefox comes with its own list of root certificates)
and what would it take to finally have Comodo's cert revoked?
If the software provider decides that Comodo is not trustworthy, all of the above players can push an update and not include its certificate in the new updated list.
(e.g.: Microsoft periodically pushes a security update called "Root Certificates".
And sometimes, on some new versions, Firefox ships with a new modified list)
This has happened already with some of China's certificate which were used in MITM attack to spy on their citizens.
Firefox has also a faster way to directly issue warnings and potential revocation without even waiting for an update. (OneCRL)
I have no idea about edge.
I suspect that chrome has some similar approach, which probably require you to pipe every single visited URL to some cloud processing server to attest if safe or not.
Now, I wonder what happens when I type in the symptoms of an actual CNS tumor.
I predict that once this google subsystem will be in production (well, it's google, so probably just a later "beta" stage, only better debugged and tuned).
- it will correctly list tumors among the probable cause (along with other plausible CNS diseases - e.g.: vascular - depending on symptoms list)
- people will still pick-up the weird case-report where it was due to some environmental poisoning that's mentioned once after 10 pages of search-results. And sue the City for trying to brain-control them with said poisoning.
In additions to all the arguments you've given:
- there's also the problem of herd immunity.
the more people got a vaccine against some disease, the more difficulty this disease has to find the next "free" host to infect. Beyond a certain percentage of vaccinated people, the disease can't spread across the population because it almost never find a nearby infectable host.
Conversely under a certain percentage of vaccinated people, the disease can roam freely among the population.
Refusing to get a vaccine not only change *one*'s own risk of catching the disease, but contributes to lowering the herd immunity and in creases the overall population's risk to catch the disease.
And conversely, deciding to get a vaccine will increase herd immunity and also help protecting the few people who cannot get the vaccine (because of allergies, diminished immune system, etc.)
- speaking about autism and vacines:
Since then, the study has proven to be bunk and has been retracted.
Autism has been proven to have genetic basis, and to start developing already in utero (before exposed to the first ever vaccine).
Autism has no known mecanisms linked to the immune-system.
There's just some time-correlation due to external factor.
For details: it's due to age.
- It happens that most autism are diagnosed in childhood, because that's where it's easiest for parent to observe the abnormal behaviour patterns (e.g.: attention deficit), unlike in newborn or while still in the womb (where some of the autism already starts to develop).
- It also happens that children gets the most vaccine (unlike adults who only need some special shots for exotic diseases or/and only get boosters).
- So autism also happen to get discovered in kids who also got a vaccine.
I am an *MD* (though I mostly work in research).
You put way too much faith in doctors. Just because someone is "professionally trained" or has "years of experience" doesn't mean anything at all. {...} I am always amazed at how people think doctors know something special about vaccines just because they went to medical school. {...} They just prescribe the stuff.
We don't only prescribe, we are also trained how to react in case of of strong reaction (e.g.: allergies).
Though in some jurisdiction, the same could also be handled by paramedics.
(Also, we do get basic training in pharmacology. If some of my peers are too stupid to actually study it correctly, that's an entire different matter, though...)
especially on fue
I know I'm repeating myself from the thread about Oasis-class ocean liner, but... How come this kind of mega-ship is powered by burning fuel ?!
Explorer-class container ships (e.g.: the mentioned CMA CGM Benjamin Franklin) are bigger and heavier than Nimitz class Aircraft carriers (e.g.: USS Georges H.W. Bush), and the later are powered by nuclear reactors.
I can understand that, in the case of tourism vessels, nuclear propulsion might sound as potential target for pirate/terrorists (though that hasn't prevent Russia to operate a few exploring/tourism nuclear vessels around the north pole).
But in the case of megaships? All the ware stored in the containers is *already* a potential target for piracy (as mentioned in the summary). Compared to potential billions worth of stolen merchandise, the nuclear propulsion is probably pocket change. It won't add much to the security challenge that these megaships are already facing.
Sorry, can't "+1 Funny" you, cause I've already posted in this thread...
well, fsck me!.
Well, fsck is also going to be handled by systemd! Systemd is cancer!!!
No, wait, you're running the whole on top of BTRFS which doesn't have a real-fsck because it doesn't make any sens on copy-on-write systems! BTRFS is the cheap knock-off of ZFS!!!!
Argh! All these meme start to get confusing, I don't know which I currently need to blame!
Nit-picking to hell...
You've forgotten a special use case:
Yes, if AC's code does something stupid like "every even thread branch lest, every odd thread branch right", the execution group will need to run the code twice, with altening masks to run each branch, exactly as you describe.
But if it's entirely different part of the thread block that diverge (e.g.: first half vs. second half), the "executions groups" will each diverge independently. The first 18 taking one branch and the second taking the other branch. With no time lost due to alterning execution masks.
(Which is the preferable way to handle branching code in parallel environment. If you can't do away with the branches altogether, at least try to organise it so nearby threads on the same SIMD branch/loop together.
e.g.: bin-sort your loops by similar lengths together)
I'm nitpicking to hell with this but...
Yes, all the *SIMD units attached to 1 execution core* will necessarily process the exact same instruction at the same time on the same cycle... ...but there more than 1 execution core on most higher range GPUs, and nearly all modern GPUs are able to keep several hyperthreads running concurrently to hide latencies.
(which from a design point of view makes entirely sens: graphical processing is about repeating some processing on thousands or million pixels. Better group them in batches instead of processing every last damn pixels individually)
So a modern GPU can execute several different instruction at the same time.
Even if usually it's the same exact OpenCL code uploaded to all units, the various SIMD units could be executing different points of code.
But yeah, you're right, within a SIMD, all the threads run the same instruction.
Its depends.
In the case of Xeon-Phi (i.e.: ex-Larrabee GPUs repurposed as parallel processing units), in addition to the very wide SIMD AVX512 units, there are also scalar cores able to run pentium-compatible binaries.
So the Linux core managing all the hardware actually run *on* the GPU itself (and you can SSH into your Xeon-Phi if you want).
On the other hand, the Tilera works exactly as you describe.
A weird many-core structure running the processing kernels,
and a nearby classical risc core managing the whole.
Systemd? Probably because serious computer engineers don't have any trouble dealing with the irritation that systemd causes.
Confirming: our latest nodes on our cluster are running CentOS7 which is systemd powered.
(And hopefully the final practical product out this buzzword-compliant pressrelease would still be somewhat useful.
We could have some special workloads to apply it to).
Hydro-electric dams cause more greenhouse warming than coal
Yes, but No actually.
(methane caused by stagnate water and anaerobic metabolizing of dead plant materials under water), but there's plenty of other toxins coal emits.
Long story short: A hydro dam (specially in alpine regions) has more in common with mountain lakes than with swamps.
- The water isn't stagnating that much (the whole point of a dam is not to keep the water forever sequestered, but to use its flow to produce electricity. The artificial lake forming is only a *temporary* storage of energy - like a big battery).
- Water in colder/high altitude region is less likely to encourage proliferation of anaerobic bacteria deep in the water.
- Both (water flow and seasonnal cold temperature causing currents inside the lake) increase level of oxygen in (artificial-) lake water, favorising more aerobic metabolizing compared to what is typically found in swamps.
- Colder climate among other means less water loss in normal operation. The level won't go that much down simply because it's dry and hot (as opposed to more power output needed). Depth contributes to the above effect.
- Mountain lake (and dam) configuration is different, they tend to be deeper (they happen/they get constructed in valleys which were dug by glaciers), which again contribute to above effect.
- Banks around alpine damns are steeper, meaning less vegetation forming between low and high water level, less biomass is injected to rot (and anyway it tends to rot less in this water as said above)
- Why let good wood rot at the bottom of a flooded valley ? Lots of the biomass get lumbered away as precious resource.
All the above (and much more factors) brought the realisation that the greenhouse warming caused by hydro-electric dams has been grossly over estimated. They actually end-up being more environmentally friendly than previously taught and more than fossil-fuel burning power plants.
Specially the deeper (as found in alpine regions) artificial lakes in colder/higher altitude region.
On the other hand, shallow dams in tropical area are a very bad idea (even from a mosquitoe point of view if you want to ignore the carbon impact).
...Swiss mountains with abundant hydro-electric dams and a couple of wind turbine sprinkled,
I smuggly look down on your fuel-burning CO2-vomitting electric plants~~~
However, statistics aren't made by finding only the unluckiest people and aggregating those measurements.
On the other hand, you DO NOT need the event to frequent to be problematic.
Most girls I know are more or less well adjusted.
But all it takes as a few bad apples to abuse the system and try to wreck the lives of innocent guys.
These women not only cause problem to guys involved, but also to all the other normal women because the people will get more suspicious about any allegation.
Actually raped girl might fail to report due to being afraid of being accused of lying, or won't be believed after reporting.
(It's not that much different than the situation of girls considering all men to be *assholes* just because they got burned by a psychopath.
It's not that all men are actually that fucked up.
But a lot of damage is done by a small but very noisy group of psychopath tend to consider "The Game" is a bible.
And because of them the girls tend to look with suspicion to *all* men)
At least some "stupid-mitigiation" could have helped.
Things like two factor auth (user still uses stupid password, but also needs token given by smart-phone app, or recieved by 2nd channel)
Or things like public-key authentication (stupid password is used to unlock locally stored file with cryptographic key. Key is only used to sign stuff over wire)
In both case, even in the case of a massive leak (e.g.: like recent LinkedIn's) the stolen passwords can't be used alone to impersonate user identity.
(either an extra token would be needed in addition. Or a file containing the cryptographic key. Both of which stay in the possession of the end-user and never travel the wire).
But no, companies still continue to recommend "secure" passwords.
(Which can still be mitigiated using a decent password manager).
I wouldn't say the security problem is impossible... just when the monitor is unplugged, have all RAM get flipped to all 1s, then back to 0. Very quick,
Indeed. It's a graphic card, after all. Using G DDRn. Buffer initialization *should* be something hardware accelerated on the RAM chips.
Still the blanking need to be triggered. (the proper commands sent to the GDDR chips)
And such monitors are very special corner cases (not much people are using hotplugable GPU), which requires special new code to be added to the firmware running inside the GPU (that hasn't been much needed in mainstream GPUs yet).
On one hand, even DIMM slots aren't properly blanked at shut down time, enabling hotswap attacks on *main* memory. So neglect to properly wipe past display buffers is definitely a possible risk.
On the other hand, we live in a post-Snowden world, were general awareness about recurrent hacking has been raised a tiny bit. And WhatsApp (among others) activating end-to-end encryption seems a big deal.
I do wonder if this functionality should be in a docking station as well, think the PowerBook Duo, or the IBM docking station of yore that didn't just add ports, but added a PCI bus, an additional ISA (yes, this is antediluvian tech here) bus, two IDE bays, a video card, and so on.
You can already find modern-day docks with a full blown GPU inside. MSI is having one.
And indeed this kind of technology looks nice for the "travel light but have big screen when not moving)
But I'm betting that they will skimp on RAM
On the other hand, it's a 5k display. 5120x2880 pixels.
That a little bit short of 60MB for a full screen at 32bits per pixel.
Modern desktop (like anything more recent than Compiz and including Wayland on Linux, like Aero on Windows or like Quartz Extreme on Mac OS X) use compositing: each application windows is a seprate buffer that gets composite on the flight on the screen at display time (usually simply using the OpenGL hardware, but some time as with Raspberry Pi using a dedicated compositing hardware acceleration).
If you have more than a couple of applications with full screen windows, that means that you're going to need several hundreds of MB just to hold the render buffers for all applications.
Thus I don't think they'll try to get that cheap with memory.
You won't find a 16-24GB monster inside such a GPU+Monitor combo (you still need to sell them for a reasonable price. Though "reasonnable" and "Apple fanboy" can hardly be used in the same sentence).
But I think 2-4GB (or even 6-8GB) won't sound that alien, specially given that prices for memory are falling, that won't be such an expensive amount of memory, and Apple my try to spare money by opting for a slightly older generation of RAM (you won't necessarily find GDDR5X, Apple may opt for older GDDR5 memory)
Specially, as you mention, excessive bus transfer aren't the best idea when the data must transit over a ThunderBold PCIe link (not as wide the latest gen PCie x16. And over a longer cable connection).
Keeping unmodified video buffers in-VideoRAM is definitely important.
In short:
- due to recent trend of high resolution monitors with more pixels to be pushed
- multiplied by the number of different nearly-full screen windows open
- combined with modern compositing desktops
Normal desktop use is starting to become a noticeable VRAM consumer.
The simplest way is to get an image that you just copy over the main partition of the drive.
"dd" works for that on the command line of Linux
"rawwrite" is a nice Windows GUI
Then there are USB boot-disk maker.
e.g.: there's Unetbootin which downloads an installation ISO and handles the gory details to create a bootable USB stick out of it.
(And for the curious there's a tool for the opposite direction: making a bootable Windows out of an Microsoft's installation ISO).
The gory details:
There are basically 2 different ways to boot a media.
old-school classic BIOS:
- requires a special master-boot record at the beginning of the disk, which in turn will load a boot loader (e.g.: syslinux or grub or lilo) from a specific place (usually hidden between partitions), which then will handle the necessary boot menu and boot linux.
By writing a whole boot-USB image ("dd" method) these extra parts are written too.
And tools like Unetbootin take care of running the necessary soft for it.
new style UEFI:
- the UEFI is able to handle a lot of its own (access to partitions on disks).
- it requires an executable file (.efi) placed in a specific partition (the first FAT32 partition, usually called the "System partition") in a specific path. The UEFI takes care of loading and executing this file (usually, it's going to be grub2.efi) which then will handle the necesary boot menu and boot linux.
That's usually the intended methode behind all the ultra-simple "just copy the files as-is on the USB stick, lol" HOWTOs.
Images copied with the DD mathod will already be formated in the correct formats and partitions.
Unetbootin will re-format and repartition the USB stick if necessary.
Things can get problematic, if: ...the target PC boots in BIOS mode and the proper sectors (Masterboot and bootloader) weren't written. ...the target PC boots in UEFI mode and the partition isn't liked (e.g.: it's an exFAT or NTFS instead of FAT32)
-
-
So, use DD, or use Unetbootin (or use WInUSB if you want to boot a Windows installer). They all handle the gory details.
Yup, most people replace their whole laptop after a few year.
And most people will be okay with the GPU power built into their 5k display anyway.
It will be far enough for most people's use
(watching video - so unless the entire world switches to a completely new codec (the Daala/Thor/VP10 mash-up that is supposed to come out of AOMedia) *AND* drops forever any MPEG AVC/HEVC and Google VPx codec, it should be still working 2 years down the line
casual gaming - the OpenGL/Vulkan capability of the GPU should still be okay)
The problem would be for people needing big GPUs for their work.
Thus mostly Unix software developer (mostly scientific work).
Mac Apple are extremely popular among some developers (specially those designing scientific software) mainly because their laptops are light, but Mac OS X is still a (BSD) variant of Unix, while at the same time being better looking than Linux and it supports better the hardware (well obviously, as apple makes both the OS and the hardware).
But these devs are exactly the kind of devs who would like to have access to the latest biggest GPU (think the same kind of requirement as a game devs, only their run more often Unix-like OSes, instead of Windows).
But this peculiar market is quite fringe and is only a small percentage of the user targetted by a GPU+Monitor combo from Apple.
(cue-in Nvidia and AMD releasing external Thunderbold PCIe expander boxes for this exact purpose).
There has been some external GPU chasis for this exact purpose already in the PC world.
Mainly, a small plug to the extrernal express-Card connector of the laptop going to a expander box with the big GPU inside.
Maybe, some of these companies would manage to build a similar Thunderbolt-PCIe expander box ?
And then you plug a vanilla 5k display into it using a regular DP or HDMI cable.
So 2 years down the line you can upgrade the GPU independently of the monitor.
The main draw backs are:
- hot-plug: not all GPU are designed to be plugged in and out on the flight. You probably won't be able to buy absolutely any random GPU of your choice and expect it to work flawlessly. (That was the main problem that plagued the PC "express-card" version of the technology).
- drivers: Apple will probably design their OS around their specific GPU+Monitor combo. It probably won't work with your prefered brand of GPU.
(e.g.: They might decide to stick AMD Polaris inside their monitor. So if you want to use an Nvidia Pascal as your external GPU, you'll be left hoping that Nvidia decides to write the necessary support into their drivers)
- small detail around compatibility (to keep with the above exemple, Nvidia might decide to write a new driver supporting GPU hotplug over thunderbolt's PCIe connection... but then it might only work with their own Nvidia brand of expander boxes).