So with Netflix part of this alliance maybe the content creators will actually listen?
I pay for Netflix and Amazon Prime instead of cable. If what I want is there great, no need to bother with the hassle and risk of downloading it elsewhere. If it *was* there and is now gone I find that highly irksome and might actually be bothered to look elsewhere.
I hear you. I love my Pixel, but I only (will have) paid $50 + tax on retail for it after my service credits expire. I had a Nexus5 with the like for like replacement warranty from TMobile. When my 5 died and was not replaceable they tried offering me some crappy assed samsung that had half the capacity of the 5! I complained and they said if I sourced the Pixel and brought it in they'd give me $600 service credit towards the cost. So that's what I did.
Depends on the target. Internal software? A printf that says a default at __LINE__ was hit that should be inaccessible please have a look at the code in file foo.c and then the same as for external SW:
External SW? Determine if this is a serious failure, or if there is some safe default output/setting/return that can be used. Use it. Throw an appropriate error if required.
Anything is better than your end user seeing "Unhandled exception" and a stack trace.
I liked it, even if rapscallion wasn't the ideal word. It's a kind of poetry even, so we allow for the malappropriation of words that fit the feel better.
On another level I get the feeling that the "Perspective" page as presented isn't really trained yet, it only has a bit of starter data. Making the assumption that this is a reasonably decent AI implementation from Google and that the human moderator input will be used as a continuous feedback of training data I could see this getting to be pretty adept at catching all but the most novel trolls, at which point you've made them elevate to the level of discussion required...
I disagree with this part of the statement. Sure it caused issues, but at a time when memory was measured in bytes and priced accordingly, having two extra bytes for YYYY (in more than one place most likely) was a real issue. It was also a reasonable assessment that the code had a high probability of being rewritten outright before Y2K or at least refactored. The shortsightedness happened in the early to mid 90's when that code may have been touched with time to spare and memory now more plentiful. Refactoring should have been done then anytime an application was being added to.
When it does, those of us who leaned more toward the "tested and stable" side will just kick back in our comfy chairs and laugh as we watch the young'ns scramble to put out the fires, just as we did when we were too dumb to prefer stability.
In fact I just described a former co-worker as "young and stupid" and not in the pejorative sense, but rather as to mean young and inexperienced. It's a place that nearly all of us have been before.
One of my *best* working relationships was with a "fast and loose" coder, while I'm generally the "this branch of code can't happen, I better make sure it's handled just in case it does" type of coder. He'd output a pile of code and I'd end up adding another 100% LoC to it in stability. His overall architecture was very good it's just that in a case where $var *should* only ever have 'foo', 'bar' and 'baz' he'd have an if, else if, and else, or a three statement switch. I'd go in and add that last default case to the switch just in case someone added an element to the enum and didn't look where it could cause problems.
Between the two of us we covered at least three times more ground than either of us would alone.
ME will be present on all systems, as it is now what runs what used to be separate sub systems. *most* of said systems have no I/O to the rest of the world and the MinSKU parts are the ones that have only what's needed of those systems to keep your platform stable. Pretty sure you don't want to run a system without a PMC or with no support for SPD timings.
The higher level junk is where the proven vuls are (and yes you are absolutely correct there, as well as that you *shouldn't* have to worry about the LAN being an issue).
As someone who's worked on CSME for 6 years and has seen the codebase for the kernel (not AMT, my specialty was power management) I would still be confident in having it on my system in a MinSKU config. I no longer work for Intel, and likely never will again given my reasons and conditions for leaving, but even at that I can't condemn the kernel on this thing. ME 10 and older, I won't trust the later kernels. FYI the team responsible for the AMT vulns killed off the team that developed the rest of the platform over the last couple years and now owns the entire ME, so the team with the proven vulns is now the team in charge.:'(
only tens of thousands? I'm pretty confident that there is 7 and even 8 digit cost equipment that is still in production use but won't run on anything higher than 16 bit Windows/Dos host.
*not* MRI, but I have direct experience supporting hugely EOL'd equipment.
There are vendors out there who don't advertise in the normal channels, but their specialty is finding and sourcing that "Component A" you need, generally for an eye watering markup over MSRP, even when accounting for inflation.
I needed some PECs (Pin Electronic Drivers) that simply didn't exist anymore and the Altera FPGAs that drove them in the system too. I didn't have the source for the FPGAs anymore, all I had was a known good dump from one of the units, but that's good enough.
Said company sourced the PECs (in the needed 16 pin PDIP or CERDIP package) at a price of $15 each, the FPGAs about $375 each. I think the FPGAs were only 200% above retail, but those PECs used to sell for about $0.65 each.
Still, they had the remainder of the world's known supply (about 50K units) and could source them. They *also* were able to continue sourcing ATI All in wonder pros that only worked on Windows 98/98SE... and yes we paid through the nose for those too, since they were the only video card that was supported with the "live video overlay" on the machines.
Those systems lived in an isolated lab, where their network connection was to a dedicated bastion host that ran a current OS and provided server software passthrough etc.
Damn that was a fun lab to be the steward of (not).
Why is the ME present on every machine, no matter how small? Why is it in every laptop, desktop, tower, workstation, and server? Why all that ubiquity, if the only people who could ever make use of it are enterprise guys who pay for support and have a conformant BIOS and MOBO and turn it on? WHY IS IT EVERYWHERE????
You really want to know why? Efficiency of development. AMT and it's components are where all the vulns have been found (so far).
ME is a kernel that these other applications run on. Among other applications that run on the ME kernel (and that were formerly separate firmware processes on separate chips [thus higher hardware and maintenance costs]): PMC (power management controller, the ability to suspend and hibernate) PECI (CPU thermal management, keep you from smoking your i7 when the FAN dies) PMX (reset controller) PowerGate (lower power consumption on NOPs) QST (Fan controller, so your fans aren't always at max RPM) SmBus (DIMM timings and battery monitoring, along with other system health info)
I'm sure there's more, but I simply no longer remember everything stuffed in the CSME.
Long and short of it is: ME is the SystemD of chipsets. It's a lot easier to use common code and a common hardware to do all these things than it is to maintain each one separately. I wouldn't expect it to change anytime soon either, but an easy mitigation would be removing any world facing interface from the ME connected systems (E.g. AMT).
If you're really worried about it get a "Min SKU" part. these only have what's needed for the machine to actually boor and run safely, none of the "value added" stuff, and if you're extra paranoid never use the on-board LAN (port 16992 BTW if you want to talk to AMT).
Well, assuming you have buffered data into the SPI you can now spool that out steganographically using SoL.
Of note, to disable ME (at least on a basic level, and assuming BIOS supports it) you can configure BIOS do turn it off. While this won't totally disable it, it will turn off the higher level functions like AMT/SoL/IDER etc.
And this is also yet more servings of crow for me to eat after having publically defended ME more than once.:(
That's exactly my point. How do you think they get the contents of those SMS?
Lots of the information critical to investigate small fry drug dealer can easily be eavesdropped without even needed access to the culprit's phone.
That's far more complex. Much easier to just catch him with drugs, unlock his phone, read his texts.
In fact to intercept those cleartext SMS's still requires a wiretap auth IIRC, while once part of a search pursuant to arrest for cause the phone search is relatively simple to justify.
Tangent: If someone posts something so offensive in a reply to @POTUS and Twitter bans the user, is Twitter now in violation of the law because it was a reply to @POTUS? And if not, how is that different from the administrators of @POTUS banning someone?
Ostensibly you were banned from Twitter by Twitter for a violation of their TOU, not because they didn't like what you said. When @POTUS/@RealDonaldTrump blocks you it is based on your speech, and since this is an official government channel that would be where the violation comes in.
this about sums it up. I don't see an issue here, though WSJ could game the system by allowing the search bot full access but paywalling normal visitors.
My ex got flagged for plagiarizing from *herself*. Basically a sophomore class and later graduate class on the same topic assigned the same writing prompt about the same historical site.
While my ex *did* write a new essay, the source material didn't magically change in two years, nor did her writing style or propencity for fscking up affect/effect, then/than, their/there/they're in the same ways, so...
Link to a website with your TOS. Then add that by redeeming this check you agree to the TOS.
I did something similar to Chase bank a while ago. Sent a check with the memo line referencing an attached letter that verbosely said: Cash the check and you agree for me to repay my debt at 0.000% interest and over 54 months.
Sent it to their home office Attn Account Manager. They cashed the check and when they continued to bill me at the old rates I called them on it.
They threatened to sue me over it, and I replied that I'm in California, and I dared them to find a jury that would take their side. (there's a loooong story behind this where they jacked up min payments on lots of their accounts to force them in to overdue status to allow jacking up the interest rates).
Ultimately I actually prevailed. Not sure if their legal team got involved or if they decided one account wasn't worth the trouble, but I was able to repay my principal debt with zero interest.:)
I believe a secondary goal is to reduce the amount of time people take. If you don't have a set number of days you can take, the decision that you are taking too much time depends more on the perception of your manager rather that a quantifiable number, which makes people more leery of taking a lot of time off. Before, I knew how many days I could take without causing myself any problems, but now it's all very nebulous and I have no way of knowing if there is a problem with the number of days I take until I take too many.
The way to deal with this is to have a written guideline of the *minimum* number of days an employee is expected to take per year, and that there is no maximum as long as tasks are completed.
Of course getting that into the employee handbook is no trivial task...
That goes with the "owner" territory. My company's current owners are only ever out of touch a little at most. My direct manager is such a "team player" that we turned off her email access when she was last on a vacation, just so she'd actually go enjoy herself (with a promise to text her if something actually was on fire).
Slashdot Mirror
Or the first theatrical releases of Star wars before they were changed?
So with Netflix part of this alliance maybe the content creators will actually listen?
I pay for Netflix and Amazon Prime instead of cable. If what I want is there great, no need to bother with the hassle and risk of downloading it elsewhere. If it *was* there and is now gone I find that highly irksome and might actually be bothered to look elsewhere.
I hear you. I love my Pixel, but I only (will have) paid $50 + tax on retail for it after my service credits expire.
I had a Nexus5 with the like for like replacement warranty from TMobile. When my 5 died and was not replaceable they tried offering me some crappy assed samsung that had half the capacity of the 5! I complained and they said if I sourced the Pixel and brought it in they'd give me $600 service credit towards the cost. So that's what I did.
Depends on the target.
Internal software?
A printf that says a default at __LINE__ was hit that should be inaccessible please have a look at the code in file foo.c and then the same as for external SW:
External SW?
Determine if this is a serious failure, or if there is some safe default output/setting/return that can be used. Use it.
Throw an appropriate error if required.
Anything is better than your end user seeing "Unhandled exception" and a stack trace.
Touche...
That's #9...
I am still waiting for my "+1 Troll" moderation option.
I liked it, even if rapscallion wasn't the ideal word. It's a kind of poetry even, so we allow for the malappropriation of words that fit the feel better.
On another level I get the feeling that the "Perspective" page as presented isn't really trained yet, it only has a bit of starter data. Making the assumption that this is a reasonably decent AI implementation from Google and that the human moderator input will be used as a continuous feedback of training data I could see this getting to be pretty adept at catching all but the most novel trolls, at which point you've made them elevate to the level of discussion required...
Still a salient example of shortsightedness
I disagree with this part of the statement.
Sure it caused issues, but at a time when memory was measured in bytes and priced accordingly, having two extra bytes for YYYY (in more than one place most likely) was a real issue. It was also a reasonable assessment that the code had a high probability of being rewritten outright before Y2K or at least refactored.
The shortsightedness happened in the early to mid 90's when that code may have been touched with time to spare and memory now more plentiful. Refactoring should have been done then anytime an application was being added to.
When it does, those of us who leaned more toward the "tested and stable" side will just kick back in our comfy chairs and laugh as we watch the young'ns scramble to put out the fires, just as we did when we were too dumb to prefer stability.
In fact I just described a former co-worker as "young and stupid" and not in the pejorative sense, but rather as to mean young and inexperienced. It's a place that nearly all of us have been before.
One of my *best* working relationships was with a "fast and loose" coder, while I'm generally the "this branch of code can't happen, I better make sure it's handled just in case it does" type of coder. He'd output a pile of code and I'd end up adding another 100% LoC to it in stability. His overall architecture was very good it's just that in a case where $var *should* only ever have 'foo', 'bar' and 'baz' he'd have an if, else if, and else, or a three statement switch. I'd go in and add that last default case to the switch just in case someone added an element to the enum and didn't look where it could cause problems.
Between the two of us we covered at least three times more ground than either of us would alone.
ME will be present on all systems, as it is now what runs what used to be separate sub systems.
*most* of said systems have no I/O to the rest of the world and the MinSKU parts are the ones that have only what's needed of those systems to keep your platform stable. Pretty sure you don't want to run a system without a PMC or with no support for SPD timings.
The higher level junk is where the proven vuls are (and yes you are absolutely correct there, as well as that you *shouldn't* have to worry about the LAN being an issue).
As someone who's worked on CSME for 6 years and has seen the codebase for the kernel (not AMT, my specialty was power management) I would still be confident in having it on my system in a MinSKU config. :'(
I no longer work for Intel, and likely never will again given my reasons and conditions for leaving, but even at that I can't condemn the kernel on this thing. ME 10 and older, I won't trust the later kernels. FYI the team responsible for the AMT vulns killed off the team that developed the rest of the platform over the last couple years and now owns the entire ME, so the team with the proven vulns is now the team in charge.
Yes on the first part, not so much on the second.
They had a 15 day window to notify if not to spec...
if you didn't test it that's on you.
only tens of thousands?
I'm pretty confident that there is 7 and even 8 digit cost equipment that is still in production use but won't run on anything higher than 16 bit Windows/Dos host.
Also likely on RS485 for network...
*not* MRI, but I have direct experience supporting hugely EOL'd equipment.
There are vendors out there who don't advertise in the normal channels, but their specialty is finding and sourcing that "Component A" you need, generally for an eye watering markup over MSRP, even when accounting for inflation.
I needed some PECs (Pin Electronic Drivers) that simply didn't exist anymore and the Altera FPGAs that drove them in the system too. I didn't have the source for the FPGAs anymore, all I had was a known good dump from one of the units, but that's good enough.
Said company sourced the PECs (in the needed 16 pin PDIP or CERDIP package) at a price of $15 each, the FPGAs about $375 each.
I think the FPGAs were only 200% above retail, but those PECs used to sell for about $0.65 each.
Still, they had the remainder of the world's known supply (about 50K units) and could source them. They *also* were able to continue sourcing ATI All in wonder pros that only worked on Windows 98/98SE... and yes we paid through the nose for those too, since they were the only video card that was supported with the "live video overlay" on the machines.
Those systems lived in an isolated lab, where their network connection was to a dedicated bastion host that ran a current OS and provided server software passthrough etc.
Damn that was a fun lab to be the steward of (not).
Why is the ME present on every machine, no matter how small? Why is it in every laptop, desktop, tower, workstation, and server? Why all that ubiquity, if the only people who could ever make use of it are enterprise guys who pay for support and have a conformant BIOS and MOBO and turn it on? WHY IS IT EVERYWHERE????
You really want to know why?
Efficiency of development.
AMT and it's components are where all the vulns have been found (so far).
ME is a kernel that these other applications run on.
Among other applications that run on the ME kernel (and that were formerly separate firmware processes on separate chips [thus higher hardware and maintenance costs]):
PMC (power management controller, the ability to suspend and hibernate)
PECI (CPU thermal management, keep you from smoking your i7 when the FAN dies)
PMX (reset controller)
PowerGate (lower power consumption on NOPs)
QST (Fan controller, so your fans aren't always at max RPM)
SmBus (DIMM timings and battery monitoring, along with other system health info)
I'm sure there's more, but I simply no longer remember everything stuffed in the CSME.
Long and short of it is:
ME is the SystemD of chipsets. It's a lot easier to use common code and a common hardware to do all these things than it is to maintain each one separately. I wouldn't expect it to change anytime soon either, but an easy mitigation would be removing any world facing interface from the ME connected systems (E.g. AMT).
If you're really worried about it get a "Min SKU" part. these only have what's needed for the machine to actually boor and run safely, none of the "value added" stuff, and if you're extra paranoid never use the on-board LAN (port 16992 BTW if you want to talk to AMT).
Well, assuming you have buffered data into the SPI you can now spool that out steganographically using SoL.
Of note, to disable ME (at least on a basic level, and assuming BIOS supports it) you can configure BIOS do turn it off. While this won't totally disable it, it will turn off the higher level functions like AMT/SoL/IDER etc.
And this is also yet more servings of crow for me to eat after having publically defended ME more than once. :(
That's exactly my point. How do you think they get the contents of those SMS?
Lots of the information critical to investigate small fry drug dealer can easily be eavesdropped without even needed access to the culprit's phone.
That's far more complex. Much easier to just catch him with drugs, unlock his phone, read his texts.
In fact to intercept those cleartext SMS's still requires a wiretap auth IIRC, while once part of a search pursuant to arrest for cause the phone search is relatively simple to justify.
I'll take a stab at this:
Tangent: If someone posts something so offensive in a reply to @POTUS and Twitter bans the user, is Twitter now in violation of the law because it was a reply to @POTUS? And if not, how is that different from the administrators of @POTUS banning someone?
Ostensibly you were banned from Twitter by Twitter for a violation of their TOU, not because they didn't like what you said. When @POTUS/@RealDonaldTrump blocks you it is based on your speech, and since this is an official government channel that would be where the violation comes in.
this about sums it up.
I don't see an issue here, though WSJ could game the system by allowing the search bot full access but paywalling normal visitors.
What are these busses you speak of?
My kids' district killed 90% of the bus routes, decimated non core class staff, and alienated parents.
Secure? yes*, maintainable? not so much.
*WRT polymorphic viruses.
My ex got flagged for plagiarizing from *herself*.
Basically a sophomore class and later graduate class on the same topic assigned the same writing prompt about the same historical site.
While my ex *did* write a new essay, the source material didn't magically change in two years, nor did her writing style or propencity for fscking up affect/effect, then/than, their/there/they're in the same ways, so...
FLAGGED!
Link to a website with your TOS. Then add that by redeeming this check you agree to the TOS.
I did something similar to Chase bank a while ago.
Sent a check with the memo line referencing an attached letter that verbosely said:
Cash the check and you agree for me to repay my debt at 0.000% interest and over 54 months.
Sent it to their home office Attn Account Manager. They cashed the check and when they continued to bill me at the old rates I called them on it.
They threatened to sue me over it, and I replied that I'm in California, and I dared them to find a jury that would take their side. (there's a loooong story behind this where they jacked up min payments on lots of their accounts to force them in to overdue status to allow jacking up the interest rates).
Ultimately I actually prevailed. Not sure if their legal team got involved or if they decided one account wasn't worth the trouble, but I was able to repay my principal debt with zero interest. :)
I believe a secondary goal is to reduce the amount of time people take. If you don't have a set number of days you can take, the decision that you are taking too much time depends more on the perception of your manager rather that a quantifiable number, which makes people more leery of taking a lot of time off. Before, I knew how many days I could take without causing myself any problems, but now it's all very nebulous and I have no way of knowing if there is a problem with the number of days I take until I take too many.
The way to deal with this is to have a written guideline of the *minimum* number of days an employee is expected to take per year, and that there is no maximum as long as tasks are completed.
Of course getting that into the employee handbook is no trivial task...
That goes with the "owner" territory.
My company's current owners are only ever out of touch a little at most.
My direct manager is such a "team player" that we turned off her email access when she was last on a vacation, just so she'd actually go enjoy herself (with a promise to text her if something actually was on fire).