You have a fundamental misunderstanding there: "sudo" gives you the power of command, you know, like in the *nix world. Saying "please" is a thing you need to do in Windows only, where you are a lowly user to be interfaced but not empowered.
There are a lot of people that are unable to make a distinction between "new" and "good idea". At least that is the only explanation for this stupidity I have.
And then you look at what most Fortune-500 companies actually run internally, and you find it is not Win10. I know, for example, one that finished the migration to Win7 only 2 years ago or so and will not move to Win10 at all. Instead they will move to web-terminals and Servers on RHEL. Win10 is a very bad deal for everybody (including, funnily, MS), and a lot of people are seeing that pretty clearly.
Indeed. It is not that MS has gotten even more incompetent. It is that they just do not have what it takes to run a release model like the one of Win10.
If so, he will probably sell on the vulnerability market for >> 100k next time. People want to be honest, but the conditions need to reasonably support that decision.
I do not dispute that where it can be done, a generic approach may be entirely appropriate. But there are IT landscapes were that is not possible and you need to go full custom at least in part. My estimate was for them and it does include costs on the customer side, not just what they pay to an external party.
As to salted MD5 to SHA-256, that is actually pretty simple in practice: If you need the protection now, you put both on top of each other, i.e. SHA-256(salt_new, MD5(salt, pwd)). The first time a customer logs in and you actually (temporarily) have the password, you strip out the MD5 layer. This is just a quick&dirty approach, better ones may exist and there may be specific constraints from the customer that require a modified or different approach.
Plain old serial is also not "big ego, small skill"-engineering compatible. Some really bad engineers just cannot leave a finished, mature thing alone but have to "improve" everything.
Actually, the USB-C connector is a pretty good piece of engineering. That part was certainly done right. The base USB functionality and a base part of the power spec is also done well. But then they went and put in a lot of things that really, really should have been left out.
Fully agree to that. "I don't know" is a very scientific stance and it is the official state-of-the-art for quite a few scientific questions that really matter. Many people do not have a mind suitable for Science, and one of the most telling behaviors is that they cannot stand uncertainty. They rather believe in a complete (and often ridiculous) fantasy then recognize and accept the uncertainty. Then there are other people that exploit this deficiency and hence you get religion, political ideology, and other beliefs that serve mainly to funnel more power to a few.
As this time, a "god in the gaps" would have to be an absentee misanthrope that may actually be incapable of getting things right and hence ran away. That does sound much more like many humans than a "god". As such, the idea gets some credibility ("the Creator as a fuckup"....), but it is still very far-fetched and there is certainly no reason to admire a fuckup or pray to it.
Any real currency can be used for crime. It is one of the defining characteristics. Like in any free society, crime is possible. Also one of the defining characteristics.
Having some experience with large-corporation implementation of security mechanisms, I would guess this fine is at the very least 10x cheaper than what implementation of actual security would have cost. May as well be 100x or even 1000x. As long as this is the utterly pathetic and laughable reaction to a massive data breach caused by extremely bad security, nothing will change.
I hope this means that GFX will get mature and the endless cycle of "faster" will come to an end. There is a lot of evidence of massive slowdown at this time already, only a few years after CPUs. Finally having mature tech here would be endlessly beneficial.
You are talking about a small subset of the specified functionality. There is nothing wrong with that as long as it is carefully chosen. Does not make the standard any less of a mess, though.
Nice fantasy, very unlikely to be coming true in reality. If they are smart, they make a small, strictly limited subset of the features of this monster, and _that_ we may eventually see working well.
Crossover is (mostly) fixed by automatic MDI/MDI-X detection in GbE. Has been a while since I ran into that problem. I do fully agree though. The problem is that the USB-C spec tries to do _everything_, and that cannot work. It is also a stellar example of a really bad design done by smart, but inexperienced engineers. Or by engineers that ignored their experience because they were part of a committee. Kiss rules all engineering that needs to survive in practice. There is no KISS at all in USB-C.
This is almost a textbook example for the "Second System Effect" (Brooks). They put in everything and the kitchen sink. That is about the worst fail in engineering that you can have and still (seemingly) have a specification that looks like it may be possible to implement. Whoever designed this completely forgot that KISS is the prime directive for any form of engineering that needs to work.
Indeed. Sell it as the next greatest thing that everybody must use and then, when everybody not too smart is on it, change is so that there is no way out, support on other platforms gets very difficult and independent implementation become non-viable. Pretty classical attack.
Either that, or it turns out that there are some slight inaccuracies or noise effects that cannot be removed and lead to the whole thing never scaling beyond a few ten qbits, i.e. useless as computing device compared to what exists. So far, when established Physics was tested at its extremes (and a QC of useful size would most definitely do that), Physics got improved with hence unknown effects.
But we may not even get that here. When I first heard about QC (around 25 years ago), they could entangle almost as many bits as they can today. Well, not quite, but there definitely seems to be something sub-linear going on with respect to scaling. Just for reference, what made digital computers powerful is that they had exponential scaling for a few decades.
You have a fundamental misunderstanding there: "sudo" gives you the power of command, you know, like in the *nix world. Saying "please" is a thing you need to do in Windows only, where you are a lowly user to be interfaced but not empowered.
There are a lot of people that are unable to make a distinction between "new" and "good idea". At least that is the only explanation for this stupidity I have.
And then you look at what most Fortune-500 companies actually run internally, and you find it is not Win10. I know, for example, one that finished the migration to Win7 only 2 years ago or so and will not move to Win10 at all. Instead they will move to web-terminals and Servers on RHEL. Win10 is a very bad deal for everybody (including, funnily, MS), and a lot of people are seeing that pretty clearly.
Indeed. It is not that MS has gotten even more incompetent. It is that they just do not have what it takes to run a release model like the one of Win10.
If so, he will probably sell on the vulnerability market for >> 100k next time. People want to be honest, but the conditions need to reasonably support that decision.
This is an excellent research opportunity into how unregulated markets will be manipulated. I am glad to see somebody took it.
I do not dispute that where it can be done, a generic approach may be entirely appropriate. But there are IT landscapes were that is not possible and you need to go full custom at least in part. My estimate was for them and it does include costs on the customer side, not just what they pay to an external party.
As to salted MD5 to SHA-256, that is actually pretty simple in practice: If you need the protection now, you put both on top of each other, i.e. SHA-256(salt_new, MD5(salt, pwd)). The first time a customer logs in and you actually (temporarily) have the password, you strip out the MD5 layer. This is just a quick&dirty approach, better ones may exist and there may be specific constraints from the customer that require a modified or different approach.
Plain old serial is also not "big ego, small skill"-engineering compatible. Some really bad engineers just cannot leave a finished, mature thing alone but have to "improve" everything.
Actually, the USB-C connector is a pretty good piece of engineering. That part was certainly done right. The base USB functionality and a base part of the power spec is also done well. But then they went and put in a lot of things that really, really should have been left out.
Fully agree to that. "I don't know" is a very scientific stance and it is the official state-of-the-art for quite a few scientific questions that really matter. Many people do not have a mind suitable for Science, and one of the most telling behaviors is that they cannot stand uncertainty. They rather believe in a complete (and often ridiculous) fantasy then recognize and accept the uncertainty. Then there are other people that exploit this deficiency and hence you get religion, political ideology, and other beliefs that serve mainly to funnel more power to a few.
As this time, a "god in the gaps" would have to be an absentee misanthrope that may actually be incapable of getting things right and hence ran away. That does sound much more like many humans than a "god". As such, the idea gets some credibility ("the Creator as a fuckup"....), but it is still very far-fetched and there is certainly no reason to admire a fuckup or pray to it.
You seem to be stupid. How do you think they get to be older on average? By dying more often?
The higher end is for full custom, because nothing that fits is on the market. Also, remember Yahoo's size.
Any real currency can be used for crime. It is one of the defining characteristics. Like in any free society, crime is possible. Also one of the defining characteristics.
Having some experience with large-corporation implementation of security mechanisms, I would guess this fine is at the very least 10x cheaper than what implementation of actual security would have cost. May as well be 100x or even 1000x. As long as this is the utterly pathetic and laughable reaction to a massive data breach caused by extremely bad security, nothing will change.
I wonder how that island got its name...
It is an overly formal term (as for example an MD would use) for "shit". It means exactly the same substance though.
I hope this means that GFX will get mature and the endless cycle of "faster" will come to an end. There is a lot of evidence of massive slowdown at this time already, only a few years after CPUs. Finally having mature tech here would be endlessly beneficial.
You are talking about a small subset of the specified functionality. There is nothing wrong with that as long as it is carefully chosen. Does not make the standard any less of a mess, though.
Nice fantasy, very unlikely to be coming true in reality. If they are smart, they make a small, strictly limited subset of the features of this monster, and _that_ we may eventually see working well.
Crossover is (mostly) fixed by automatic MDI/MDI-X detection in GbE. Has been a while since I ran into that problem. I do fully agree though. The problem is that the USB-C spec tries to do _everything_, and that cannot work. It is also a stellar example of a really bad design done by smart, but inexperienced engineers. Or by engineers that ignored their experience because they were part of a committee. Kiss rules all engineering that needs to survive in practice. There is no KISS at all in USB-C.
Nice one!
This is almost a textbook example for the "Second System Effect" (Brooks). They put in everything and the kitchen sink. That is about the worst fail in engineering that you can have and still (seemingly) have a specification that looks like it may be possible to implement. Whoever designed this completely forgot that KISS is the prime directive for any form of engineering that needs to work.
You have no argument, so you rely on a list of irrelevant things? This is not an exercise in confusion...
Indeed. Sell it as the next greatest thing that everybody must use and then, when everybody not too smart is on it, change is so that there is no way out, support on other platforms gets very difficult and independent implementation become non-viable. Pretty classical attack.
Either that, or it turns out that there are some slight inaccuracies or noise effects that cannot be removed and lead to the whole thing never scaling beyond a few ten qbits, i.e. useless as computing device compared to what exists. So far, when established Physics was tested at its extremes (and a QC of useful size would most definitely do that), Physics got improved with hence unknown effects.
But we may not even get that here. When I first heard about QC (around 25 years ago), they could entangle almost as many bits as they can today. Well, not quite, but there definitely seems to be something sub-linear going on with respect to scaling. Just for reference, what made digital computers powerful is that they had exponential scaling for a few decades.