That's potentially a crime too, such as a local Colorado government obtaining or creating one without first getting permission to do so from their constituents.
You may question the wisdom or purpose of these legal conditions on ownership of an ISP but that's the law in Colorado.
Why do you need to ponder it? The intent was stated,namely to deter straw purchases, prevent thefts, and insure proper taxes were paid.
The stated intent was met by the alternative proposed by the SAF. With the alternative being rejected outright, without discussion or debate, means that there was an unstated intent for the background check law. What was that unstated intent? SAF knows what that unstated intent was and so they were not surprised when their proposal was rejected. SAF offered a solution that met all their stated goals, meaning the SAF was in agreement with the need to keep firearms from the hands of the criminals, mentally handicapped, children, and drug addicts.
The gun control advocates keep asking for compromise, SAF offered one that met every stated goal, and the compromise was rejected. This means that they don't want compromise. What is it that they want then? I know what it is, as does the SAF and NRA. If these people were so concerned about keeping guns from the people that should not have them then the SAF offer would have been snapped up immediately.
So why don't you explain why the NRA won't let us do that? Are they just interested in perpetuating tax fraud or do they want to smuggle guns to criminals?
No other port has nearly the range of possible attacks or the ubiquity of use as USB.
That's just like saying every house has a front door therefore they are vulnerable. There's nothing inherently insecure about USB that previously common ports did not have.
USB combining keyboard/mouse with storage and network adds nothing or very little. The ubiquity of floppy and optical drives meant any storage based attack is no different than a flash drive attack, except maybe the speed and size but then computers have always getting smaller and faster. A keyboard emulator attack requires someone to be in on the attack or have a mental incapacity (being a child, being drunk, etc.) that they will not think their mouse pointer moving about and words getting typed without them is odd. The network attacks are interesting but that requires a more complex device, greater skill, and still someone in on the attack at the computer or a person running the computer not being aware of some odd behavior.
You can buy a programmable USB dev board in stick form factor with a 180mhz ARM CPU and multi-gigabyte microSD storage for $30, it is 2017 after all:)
That's fine but all you are saying is that computers have got smaller and faster. Many of these same attacks can be done with a cell phone, laptop, or just a cheap flash card loaded with the right files. Many of these things can be had for $30 or less, and are just as inconspicuous.
I think people are making a mountain out of a mole hill. There is nothing new here. What these attacks largely rely on is "plug-n-play", where a device plugged in has it's drivers loaded automatically and is allowed to send and receive data. This is not new and if someone is concerned about this then the drivers posing the threat can be disabled.
You're ignoring all the additional scenarios this opens up that wouldn't be possible otherwise -
USB adds nothing that an an otherwise equivalently capable device could not do with another appropriate port.
Any company that deals with large digital documents where it's normal to receive files on usb sticks / drives.
The places I've been it's rare to send data on a flash drive as it does not prevent modification in transit. We use optical discs, CD-R, DVD-R, or BD-R, depending on the size. If the stack of polycarbon discs starts to look a bit think then its sent on a SAS drive in a pelican case. Each end will have the appropriate drive array for the caddy the drive is in. Many files are simply sent over the network through a number of data storage services, if the file cannot simply be e-mailed.
Plugging a miniature USB stick into an unattended computer quickly and walking off.
That's frowned upon. Depending on the time and place this is a breach of protocol, merely inconsiderate, and may involve a verbal reprimand. Such drives are to be handed to the person, placed in their mail box, or left with a neighboring coworker.
Giving branded USB sticks away.
There's enough distrust that I'm not sure this would go over well. They'd be examined or must come from a trusted party
Leaving USB sticks lying around.
People typically aren't in the mood to plug them into work computers. There's enough lost drives that they are just given to IT to deal with.
Your examples mostly revolve around already having social engineered a position of trust (if you're already doing maintenance on a user's machine what do you need a special device for?). Devices disguised as regular USB sticks/devices lowers the amount of social engineering required considerably. A user might notice a screen flicker up, but it's unlikely they'll see enough to know what was happening before it disappeared, at which point an exploit could already be installed on the machine.
You are correct, I don't need a special device. I'd want it there so that I'm not leaving so many tracks as group policies or spending so much time at each computer. If I wanted a special device then having something much larger and capable would make installing quicker. Also to point out the lack of a need to be discreet. If I call something a drive then in the minds of everyone that I talk with this thing is a drive. It may in fact be a fully functioning computer capable of running scripts against the PCs. among other things.
I disagree; Giving someone files on a USB stick is such a common and natural thing to do that the vast majority of people wouldn't think twice about it. Just leaving one lying around might be enough, and it may be possible to install a hack on a user's own USB stick if you can get brief access to it.
My comment was that people would have to plug this in, watch the device take over their screen and do nothing about it. That's going to take some crazy planning to distract the person or something, or as I pointed out the person would have to be in on the attack.
Giving someone a dongle to plug into a port that they may have never used on their computer (and increasingly isn't even present) would already be more suspicious, and only give you keyboard access with nothing else.
I point out the use of PS/2 and such just to show how old these attacks are. People have been doing this for a long time. The ports people use to plug in their keyboards have changed is all. You want someone to plug in a keylogger on their PC a decade or two ago? It goes like this, "I heard your computer was acting funny. I got you this keyboard noise filter. Just plug it in between the keyboard and the PC on the back and this filter in the middle should stop the crazy keystrokes you've been complaining about." The same applies now with USB.
With a USB device you can emulate a keyboard, mouse, multiple storage devices and a network device all on a single stick. It's both a lot more powerful and a lot more discreet.
Fuck being discreet. I got a big old USB drive case around here. I can take out the old drive and fill it with an array of new SSD drives. I hang a couple cords out the back, SATA and USB (for power;^) ) , and take it to the user. I explain I need to run a "diagnostic and backup" and then plug it in. While the little microcontroller in the case is doing it's thing with the keyboard emulation there is the drive is doing a legitimate backup. I chat while the computer is working and leave with the drive when done. I return later with the data on DVDs, a smaller drive, or in it's proper place on the network and check that the customer is happy.
Barring such a friendly relationship then put the device in a shipping carton, print out a legit looking label from DHL, UPS, Planet Express, or whatever, and drop it off after I get a signature. Along with my oversized "backup drive" (or whatever) is a sheet of instructions to plug into their PC and how to power it up. Depending on what I want it to do I can have them send it back, tell them they "won a prize", or whatever to make it look good. It doesn't have to be an old hard drive case, tell them its their new modem from their ISP and it's a modified off the shelf modem with a surprise inside to grab traffic. Have it plug in with Ethernet, USB, whatever they have.
Yes these USB "vulnerabilities" don't offer anything you technically couldn't do by sitting down in front of the machine with your own keyboard, mouse, network and storage devices, but the unique thing is they can do it much quicker, much more discreetly, and it's much easier to trick someone else into running the exploit for you.
USB adds nothing. This has all been done before. Depending on what you are looking for these same things can be had with a DVD, a modified network device, a printer that you had "sent out for repair".
People love those BlueTooth wireless speakers that use USB to charge up. Crack one open and you are likely to find more room to play with than a flash drive. Just about anything that would reasonably be charged with USB could make a better device than a flash drive. A novelty hub might be a nice hiding place for stuff. If you are stuck on USB then there's more than just flash drive.
If we are going back in time then I can give all kinds of examples of this done before. Some much more complex than others, none using USB.
It's also a mouse/keyboard emulator in the background, but the user doesn't easily notice that.
That's just crazy talk. People will notice their mouse pointer moving and things getting typed.
Meanwhile plugging in a foreign PS/2 device has never been a thing, so it would be a rather weird and suspicious thing to do.
People have been plugging in crazy and "suspicious" things all the time. A PS/2 keylogger would be only a short cable with a "ferrite choke" in the middle (which actually contained the electronics) and installed as a "noise filter". In reality it transmitted every keystroke to anyone with the right kind of receiver. The fancier ones had two-way action. A storage device, from floppies to CD-Rs to Zip cartridges, could be left lying around waiting to install software keyloggers, network diversion scripts, or whatever.
Nothing's changed really. Computers got smaller, cheaper, faster, that's all. This made the population of people that could afford these attack devices larger, as well as the population of victims. USB getting adopted widely on MacOS, Windows, and Linux means a single device can attack them all.
They are not hiding the device as a flash drive, the device *is* a flash drive. It works exactly as expected when you plug it in. It's also a mouse/keyboard emulator in the background, but the user doesn't easily notice that.
People will have something that *IS* what it claims to be, but also grab data as it goes by. This might be a large old looking modem that was hollowed out and the insides replaced with a newer modem and a device to store everything that comes and goes. An enterprise level switch or router could be compromised to divert certain kinds of traffic. Those with more money could buy a PCMCIA card with a programmable FPGA in it that could emulate a flash storage while also giving access to the computer buss to do just about anything they could think of and fit on that card. A FireWire "hard drive" could actually be a fully functional computer, plug that in and someone could have access to the main computer memory.
It all depended on the amount of effort someone was willing to put into the attack. Simple ones were pretty basic viruses people could construct using scripts. Put it on a floppy disk and drop it in a hallway. CD-Rs, when they came out made this easier as it enabled hidden tracks, boot files, drivers, and just more space for a payload, as well as being more durable so as to survive being dropped where someone might just as easily step on it as pick it up, or be left in the rain for a bit. Keyloggers and traffic sniffers cost some money. The real pricey stuff, like the FPGA in a PCMCIA card, or a computer in an external drive case, were very expensive. These were custom or semi-custom devices.
Nothing new here. Even the driver security stuff isn't new. Malware drivers were seemingly always a thing, as were security holes in the drivers included in the OS. It's been long enough now that a lot of specifics escape me.
Everything you know about the NRA you must have learned from Whoopi Goldberg.
What's the argument for legalizing marijuana or any other drug? It will be something like the benefits outweigh the harms, states' rights, personal rights, federal government over reach, or so. All the same arguments apply for the right of self defense, or most all anyway.
What kind of restrictions are people expecting for marijuana possession? I mean even the marijuana legalization people aren't expecting a free for all. Largely the argument is that marijuana should be regulated like alcohol. Only adults can possess marijuana. If allowed for children (I emphasize *IF*) then it must be under adult supervision (parent, physician, other person responsible for the health of the child). Sellers must be registered, inspected, and trained. Buyers must present an ID. People in prison or a mental institution will not be allowed access with perhaps exceptions for medical need. All of these same restrictions are called for by the NRA and would at least be tolerated by most Second Amendment advocates, any medicinal claims excepted as I am unaware of any medicinal use of a firearm.
I recall a Second Amendment Foundation official that addressed a "gun show loophole" bill by proposing this alternative, everyone that entered a gun show must have a background check done at the door, no exceptions. This background check would be done through the same FBI database as used by licensed firearms dealers. The groups wanting to close the "gun show loophole" rejected this. Why? Because it didn't require the registration of the firearm transfers. This proves beyond a doubt that this is not about background checks, this was an attempt to create a database of all firearms and who owns them. Why would any government want a database of all firearms and who owns them? Ponder that, and look at what history taught us about previous firearm registries.
Whatever you can think of that would apply to removing restrictions on marijuana would also apply to firearms. You think I don't know that the government might ban bump stocks? Of course they are going to try, they might even be successful in passing that into law. Here's the thing, this will be just as successful as previous bans on marijuana, alcohol, and "assault weapons". If I wanted marijuana then I'm pretty sure I know I could get some by this weekend. I don't because I have respect for the law. Those that lost respect for the law have their drugs, and guns, and alcohol, and bump stocks, and silencers, or whatever else the government thinks that they can make disappear with a law. Marijuana is a weed, people will get it. A bump stock is a piece of plastic, people will make them. A silencer (at least according to the ATF) is a short piece of threaded pipe. A machine gun (again, according to the ATF) is a piece of string. These laws don't keep the criminals from having them. All they do is put good people in prison, because if a piece of string is a machine gun then the government can put anyone in prison.
The claim was that USB has physical vulnerabilities that are not fixable at the driver level. Problems of people inserting storage or network devices can be fixed by disabling or removing drivers for those devices. If access to front ports are a problem then disable the front ports. Disabling front ports can be done at the driver level, or BIOS level, and not just by filling them with glue.
Perhaps there is a problem where people need ready access to USB storage, so front ports cannot be disabled, AND need to use USB keyboard/mouse since PS/2 ports (or whatever) are not available. This is more difficult to manage but not impossible, I raised this problem myself elsewhere.
The other claim was that this was not common knowledge, but I'm pretty sure it's common knowledge that USB keyboards exist and drivers for them are standard install on most any operating system.
If someone wants to claim that it's not common knowledge that keyboard emulators can fit in a device that can be disguised as a flash drive then that might be something that could stand up. But then someone would have to be engineered to plug in a flash drive and for some reason allow the device to "drive" the computer until the payload was delivered. If the person doing this was aware that the device would do this, such as being a party to the crack attempt, then this is still not something unique to USB. Such a person could easily be engineered to plug a device into a PS/2 port. If the crack needed access to files then include a CD-ROM as part of the attack, or floppy disk because now we're going back in time to old school cracks that predate USB. Again such things can be addressed with things like controlling access to storage devices at the driver level.
I don't see this as something that cannot be fixed at the driver level. Keeping out network and storage devices is trivial at the driver level, just disable the drivers. Keeping out keyboard and mice emulators might be more difficult but then the person with the device must almost certainly be in on the attack, especially if there is a need at any time to enter a password such as changing important settings or installing software. None of this is new or unique to USB. Perhaps USB adds a level of threat by the increased bandwidth but that's like saying broadband internet is a security problem because it's so much faster than a dial-up modem. If you want high speed data for "good" stuff then you get high speed data for "bad" stuff too.
Emulating a keyboard and mouse is not any more a "hardware vulnerability" than having access to PS/2 or any other input port that one might have access to. These kind of attacks have existing long before USB.
Emulating a network adapter is not much of a vulnerability either since one could also attack by Ethernet or wireless connection. This is also fairly simple to protect against by disabling the use of USB network adapters and/or setting routing priority on the computer.
I thought that there was something unique to USB that I missed. Apparently not.
That's not discreet. The point is to create a device that emulates a usb keyboard which can be automated to inject commands into the system.
This is not unique to USB, any port that allows the connection of a keyboard (PS/2, ADB, whatever) will allow someone to inject commands into a computer at a speed faster than people can type.
If there is a need to keep it discreet then hide it in something that's common to an office environment, like a hollowed out highlighter or dry erase marker. Why not just hide the device in an actual keyboard? Most keyboards I've seen have a hollowed out back, room enough for plenty of circuitry. Even better if the keyboard brought in is one of those fancy ergonomic types as it gives an excuse to bring in your own keyboard ("Oh, this? It's for my carpal tunnel problem.") and can give even more room than a typical keyboard supplied with a PC. These things can be hidden in a mouse (also makes sense for personal preference and being plugged in), a laser pointer (bonus if it's the kind that recharges from USB), a case for eyeglasses, a calculator (a bonus as it provides some input and output if all the electronics are replaced), put it in a pill bottle (bonus as medications have social norms and legal protections against being messed with), and so on.
If someone is discovered at a computer they are not supposed to be using, and the screen has windows popping open and text being blasted into them, then there is nothing "discreet" about hiding the device as a flash drive. If the device needs to be left at the computer so the payload can be delivered later then hide the thing as just about any USB device, such as a mouse, keyboard, hub, or DVD drive. A flash drive left in a computer might lead someone to take it out and try to find the owner that forgot it. A hub or mouse plugged in will likely be left alone.
Three of those "hacks" are just devices that emulate keyboards, that's not unique to USB since something that can emulate PS/2 could do the same. The ability to have storage as part of the USB device does add some capability since files can be copied over but if there is internet access then files can be downloaded. Without internet access and sufficient time at the computer a keyboard emulator (PS/2, ADB, whatever) could input executable scripts or even enter and compile code. This is nothing a person could not do with enough time at a computer manually if they simply memorize enough stuff, and no incriminating USB devices for someone to find. All of these attacks require having a password, or finding an unlocked screen.
One "hack" is also not unique to USB as it takes power from the port to charge a capacitor to zap the port with a higher voltage. USB may have more voltage and/or power to draw from making this kind of an attack more effective but even a VGA port or Ethernet port would be vulnerable. Having access to a battery of some sort can do damage too, as could just wiring any computer data port to a 120 VAC wall plug.
One "hack" is described as a "password stealer" and lacks much for a description, and the link it provides is dead. Best I can gather it's just a keylogger, which is not something that is unique to USB.
One "hack" doesn't even plug into USB to work so I'm not even sure why it's on this list. Sure, it's disguised as a USB power brick but it could have been disguised as just about anything that plugs into a wall outlet. It picks up RF from a common USB wireless keyboard, which I guess is another possible connection to being a "USB hack" but then this would apply to any wireless device that could carry sensitive data.
lobbyists are just legalized bribery in Washington DC
Oh really? Do you care to qualify this? I mean *ALL* lobbying can't be legalized bribery, can it? If I go to DC and ask my senators for clean air and water does that mean I've committed some kind of legalized bribery?
I'm sure that there are solar power lobbyists in DC right now. Wind power lobbyists too. Lobbyists for public education, blood and organ donation, drunk driving prevention, drug legalization, drug crime mandatory minimums, nuclear power, anti-nuclear power, and lobbyists for lobbyists. Regardless of what political stance you approve or disapprove there are likely lobbyists for and against. Are all of these people committing "legalized bribery"? Or, are only the lobbyists that lobby for the political stance that you disapprove are guilty?
I do believe that lobbying is necessary to the political process, how else are elected officials supposed to know what their constituents are concerned about? Or, is the voicing of these opinions not always lobbying? I'm quite certain that people have the right to speak to their elected officials. I'm also quite certain that this right is protected by the US Constitution. I may not like what some of the lobbyists have to say but I'm not going to claim they don't have the right to lobby. That might not go over well should I feel the need to go to DC any lobby myself, such as for clean air and water. That is unless you have a problem with clean air and water.
Please tell me more. I recall a rather problematic security issue with early FireWire implementations that allowed direct access to a computer system's memory. Wasn't this used to break some DVD encryption keys? ThunderBolt might have similar problems but I have not looked into it thoroughly, this is likely much harder to fix since ThunderBolt is an extension of the PCI bus. ThunderBolt 3 uses USB-C for it's standard connection port, is this what you mean by a physical hardware vulnerability? This kind of vulnerability does not apply to USB as it's not a direct memory access device like FireWire and ThunderBolt.
Standard practice by many operating systems is to treat a USB device with more trust than I believe it should. For example, if someone plugs in a USB network device the OS will often install a driver, enable DHCP, request an IP address, and start talking to it. Auto-run has long been a problem for storage devices, but that's not unique to USB and it's not a hardware problem. These are problems that can be solved in software.
What USB hardware vulnerabilities do you know about? I'm honestly curious since I've heard nothing of these things, and I like to think I follow computer security pretty closely.
Perhaps because it marks the end of a long string of successes. Not big news, thankfully, since big news in a rocket test would probably mean someone was killed or injured. Still news though.
I've worked in secure environments and as someone that has obtained security certifications I see all kinds of problems with USB beyond improperly coded drivers. One common practice not that long ago was to disable any USB ports to stop people from plugging in things they weren't supposed to. This was only possible while PS/2 ports for keyboards and mice were still commonplace. (There was also that short period where some Apple computers had both ADB and USB ports.)
I like USB-C. It's quite the improvement over what we've had before. I am a bit concerned on how this affects the security of our devices in the future. Controlling things like someone offering a "charger" for a laptop or cell phone to try to sneak into a device can be managed in many ways. Dedicated ports for video, keyboard, mouse, and even Ethernet had inherent security in that they did only so much which prevented certain security issues. Will all these ports go away and be replaced with USB-C?
Again, I really like USB-C as it adds convenience and capability that nothing else offered before. It also adds security issues that a simple list of "dos and don'ts" cannot cover for many less technically knowledgeable people to follow. Securing computers from many kinds of attacks is going to be an increasingly difficult problem unless we get off this mentality of one port to rule them all.
Maybe we'll see some means to better secure USB. Maybe we'll see computer systems that will allow one to disable anything that is not a HID or power device from being recognized on USB in the firmware. Maybe OS developers will provide better granularity on what USB ports are allowed to do.
Maybe we'll get PS/2 ports back again. Probably not. I do think something has to give. If we can't have the inherent security of feature limited ports then we will need some security through better management of the ports that replace them.
Be careful what you wish for, you just might get it.
This discussion led me to go look up the Tenth Amendment Center website. They are certainly big on letting people shoot and smoke all they want. If you think that the "war on some drugs" is just something to prop up the prison industry then what do you think of the "war on some guns"? I believe that it's going to be hard to tell people that they can smoke what they can grow but not shoot what they can build. If you think it's silly for someone to go to prison for three years for growing a common weed then would it not also be silly to put someone in prison for playing in their garage with some scrap metal?
What is this "bump stock" that so many congresscritters want to ban now? It's a piece of plastic on a threaded pipe, that's about it. What's a "silencer"? According to the ATF it can be a piece of metal that's got male threads on one end and female threads on the other, as in it can fit a common oil filter to the end of a rifle barrel. What is a "machine gun"? According to the ATF it can be something as simple as a length of string with a loop on each end, people have actually got these "machine guns" registered with the ATF.
I believe that what we've been seeing happen with federal drug laws will soon also happen with federal gun laws. It appears I'm not the only one. I went to the Tenth Amendment Center website and found a couple interesting recent articles on this debate over federal control on guns and drugs. I know lots of Slashdot readers don't like Second Amendment advocacy groups like the NRA, but if you are not a fan of federal prohibitions on marijuana possession then you need to have a different attitude on the NRA. The legal constructs that prohibit marijuana possession are the same constructs that prohibit the possession of silencers. If one goes then so does the other.
Here's just one example explaining this connection between gun laws and drug laws, the connection is the Tenth Amendment. http://tenthamendmentcenter.co...
There is one important distinction though between gun laws and drug laws, gun laws have an additional amendment in the US Constitution that makes them problematic while drug laws do not. If you believe that Colorado can "go rogue" on drug laws and expect a federal ban on bump stocks to hold up in court then I believe you will be disappointed in the long run.
Should not people be governed most by those nearest to them? Especially on matters that affect them the most? I'm also quite sure that these votes were allowed within the state law, although that might not have been clear in the article. The state law said that if a city government is to create a broadband internet provider it must get permission from the citizens first in a referendum. That makes sense to me.
It's not like Colorado doesn't have a history of telling a distant government to go to hell, they made marijuana legal in 2012. Should the federal government march in and start arresting state officials for their part in the sale of marijuana? However you answer there is a difference between state vs. county and state vs. federal. The state is what created both the federal and county governments. The state is at the top of this hierarchy of governments in the USA. State governments have a say in what powers the county and federal governments have. If there is a problem with what either the federal or local governments can or cannot do then this is something to be brought up with the state government.
It sounds like the state is enforcing a restriction on what city and county governments may provide as a utility, specifically if that includes running internet access as a utility. When it comes to a state having authority on things like marijuana possession then perhaps we need to re-examine what the "commerce clause" allows the federal government to do. When it comes to states telling what a city or county has authority to do then, likewise, one should go to the documents that created the government.
I do see little things like this having far reaching effects. You think that the federal government cannot tell Colorado they cannot allow the sale and possession of marijuana without the permission of the federal government? Then what of the sale and possession of firearms? Either the federal government can regulate such state matters or not, trying to split that baby down the center of firearms and drugs will be impossible. If a city is barred from offering internet access as a utility is it also barred from offering water? How can that be split?
I believe that a government should only do what a private entity cannot. Things like roads and a military are of little dispute in being authority granted to the government. Maybe a distinction should be made between the wires in the ground within a city and the signals that they carry, much like how phone lines and cable TV services are run in many places. The city will own the wires and the internet providers will rent or lease them from the city to provide internet access. If no private entity comes forward to provide this service, and the people want it, then it seems appropriate for a city created entity to provide this service.
We've been coming up with less "green" solutions for a couple hundred years. Maybe let's try something else.
Yes, let's try something else. Perhaps we should aim for what is possible instead of was it perfect. If we listen to moonbats like Helen Caldicott then we'd be reading books by candlelight, drinking beer from steel cans (assuming she "allows" us that luxury), and trying to power the industry on solar energy. Such a "perfect" world ignores so much of reality that nothing we do would be good enough. What also prevents us from such perfection is that so many people have their own definition of "perfect" that there will always be someone dissatisfied.
Oh, that was only one example.
I'm sure it is. With public figures having cameras being shoved in their faces and reporters asking a barrage of stupid questions I'm sure that there is just a trove of quotes to pick from to make any political party, or other similar group, look like complete morons. I just did that myself by equating the entire "green" movement with Helen Caldicott. Put her on camera for a half hour or so and let her talk and I'm amazed anyone would want to be associated with her. Yet, she's been leading her own brand of environmental protection for decades now.
I'm sorry, my friend, but the current administration is very specifically, and very literally saying "let the motherfucking world burn" every single day. If you really want me to give you many more examples, let me know, but it will have to wait until tomorrow, because I'm relaxing and listening to some music right now.
As I said before, I don't want words, I want actions. What did these people do? I believe that the Trump administration has had only a few months so far to set an agenda. The US Senate has been a circus on getting approvals for appointed top level government officials tied up. The House is quite the mess as well. I believe that the Trump administration won't really get much done, domestically at least, for another year. We'll probably see small victories from them though, like getting more natural gas to replace coal.
I also have my view of "perfection", and that includes one gigawatt of new nuclear power capacity every month. That's not adding new generation capacity, only making up for currently planned shutdowns on existing coal and nuclear. If we see that then I know that the Trump administration is serious about the USA being able to produce safe, "green", reliable, and inexpensive power. A less perfect solution is replacing that retired capacity with a mix of wind, natural gas, and nuclear power. Not using any nuclear power is not a solution, not even a less than perfect one, it's just more of the same of people talking about the problem and doing nothing about it.
The host doesn't need to be smoking, but I do think it provides an important visual clue for the viewer.
It's typical for people to equate smoking to being relaxed, having time to tell a good story, that the day is done or at least one has enough time to think of something beyond the task at hand. Maybe the host should poor a drink. It doesn't have to be alcoholic but the implication that it likely is might be important. Think of people sitting down after the evening meal for a glass of wine, or having a beer before supper.
This has been a visual or literary device for a very long time. This has been often taken advantage of in comedy, where the host changes mood from the "formal" standing routine to taking a minute to pour himself a drink, light a cigar, or just pull out a chair or stool to sit down, showing an intent to get comfortable/intimate with the crowd.
I think that starting the show with the host doing something to set the mood is important. As in demonstrating a mood as in have a smoke/drink/seat and enjoy the show. As I recall with Serling's openings the cigarette wasn't always visible or prominent but the nearly omnipresent puff of smoke over his head gave a clue. His tone of voice and mood had just as much to do with setting up the story as anything.
Maybe mix it up with each episode. The show opens with the host seated in his study lighting a cigar. The show opens with the host at a nearly empty bar having a drink. The show opens with the host on his back porch looking in a telescope. The host in front of a tent with a campfire burning. The host at an easel with a paintbrush in hand. Etc. and etc. All openings are dimly lit, soothing background noise, and a few slowly spoken words to set the scene for the story to be told.
Actions speak louder than words. I can point to all kinds of statements from previous administrations that contradict their actions. Let's see what the EPA does rather than focus on any single statement made by someone within it.
I've also seen the EPA in the past get involved into far too many details of our lives. I'd appreciate an EPA that would not (or was unable to) declare every mud puddle "navigable waters" and therefore under federal jurisdiction. I'd prefer an EPA that doesn't take a decade to approve of a clean energy source like a hydroelectric dam but will approve a new natural gas plant in a week. Maybe we shouldn't be shutting down dams that provide drinking water, irrigation, and electricity production, because a very common fish population is threatened. People need food, heat, and water. Maybe this means taking a step back and coming up with a less "green" solution in the short term so that people have a better future in the long term.
Saying the air is "too clean" is pretty stupid. If it makes energy cheaper, so we can make more windmills at a competitive price, then in the long term we could be better off.
Also, it's one thing to say "the air is a little too clean" and another to say "let the world burn". Equating the two is disingenuous and fear mongering.
Then make the reduction of CO2 benefit the movement of small green pieces of paper. By that I mean, make "going green" profitable. Energy is big business. People will spend a lot of money on anything that can replace coal, oil, and natural gas. Don't force people to reduce their carbon footprint with taxes, mandates, peer pressure, or whatever. Make reducing carbon output cheaper than the status quo and no one will be forced to switch, they'll do it on their own for those little green pieces of paper.
Think of the main uses for coal, oil, and natural gas. Natural gas for heating is facing real competition with heat pumps, at least in new construction. Even in the relatively cold US Midwest were I live I'll see lots of new houses with heat pumps. Adding it after the fact can be very expensive but that may change too. Oil is mostly used for vehicle fuels, and if the claims on electric propulsion is to be believed then we are near the tipping point of it replacing everything else. We are replacing fossil fuels with electricity
The hard part, in my estimation, is coal. Coal is still big in electricity generation. We might see natural gas replacing coal at the top but that only cuts the CO2 output in half, rather than make it a fraction of what coal produces like other choices before us. We need something "green", cheap, reliable, and safe. We have that now, but no one dares mention it's name. The fact that no one dares go where logic leads tells me that very few people are serious about solving this problem.
We have the solution to our CO2 problem, and it's not wind or solar.
The economic incentive *doesn't* already exist. Right now, in most cases it's cheaper to burn fossil fuels than to use non-emitting alternatives. That's why we continue doing it.
The fact that we are burning coal right now IS THE INCENTIVE to do better. If the likes of wind and solar want that money currently being spent on oil and coal then they know what to do, offer the same service for a better price. Imposing a tax places an immediate and real burden on people with no guarantee that wind and solar will come to meet the challenge.
Besides we have a "green" energy source already. If the powers that be were serious about solving this problem then they'd be issuing licenses for nuclear power plants and fracking natural gas. Looks like the Trump administration may actually do that. We don't need new taxes on the poor. We need a government not tied to "big wind", "big corn", and "big solar".
We've been subsidizing wind and solar for decades now. At some point we should come to realize that they need to sink or swim on their own. Or, perhaps, come to the realization that they just don't work as viable energy sources.
The solution is simple: Tax carbon emissions, and apply tariffs to goods from countries that don't.
Why do you hate the poor?
I know that's an unfair question as it can imply a motive but honestly, do we really need to add an economic incentive when one already exists? I recall that it's something like 1/3rd of American households have nothing saved for retirement and/or are living paycheck to paycheck. If you impose an arbitrary tax on them based on energy use then you are just forcing them into deeper poverty. People already crave energy that is cheap and clean, making people poorer from such taxes means they have less money to spend on energy saving or to invest in research.
Energy is a HUGE market and we already have people falling over each other trying to knock "big oil" and "big coal" off the top of their respective hills. I give the large investments in electric cars, energy saving devices, wind power, nuclear power, ethanol and other biomass fuels, and on and on.
When the disproportionate burden a carbon tax imposes on the poor is brought up a common response is to create some sort of "revenue neutral" tax credit for the poor to offset this. That just destroys a lot of the potency of the carbon tax and creates an even more complex tax system over what we have already. People spend enough money on tax preparation services, lets not make it an even bigger business with more tax laws.
The solutions list may be missing bio-fuels, harvesting ocean currents, and converting coal+NG to oil, but these are less proven.
Which is just admitting they fail on the "available today" and "domestically sourced" metrics. If we can't get these technologies here and now then they might be something worthy of research and development but they are not something worthy of deploying to solve our energy problems.
Slashdot Mirror
Owning a gun is potentially a crime.
So is owning a lot of other things.
Owning an ISP is not.
That's potentially a crime too, such as a local Colorado government obtaining or creating one without first getting permission to do so from their constituents.
You may question the wisdom or purpose of these legal conditions on ownership of an ISP but that's the law in Colorado.
Why do you need to ponder it? The intent was stated,namely to deter straw purchases, prevent thefts, and insure proper taxes were paid.
The stated intent was met by the alternative proposed by the SAF. With the alternative being rejected outright, without discussion or debate, means that there was an unstated intent for the background check law. What was that unstated intent? SAF knows what that unstated intent was and so they were not surprised when their proposal was rejected. SAF offered a solution that met all their stated goals, meaning the SAF was in agreement with the need to keep firearms from the hands of the criminals, mentally handicapped, children, and drug addicts.
The gun control advocates keep asking for compromise, SAF offered one that met every stated goal, and the compromise was rejected. This means that they don't want compromise. What is it that they want then? I know what it is, as does the SAF and NRA. If these people were so concerned about keeping guns from the people that should not have them then the SAF offer would have been snapped up immediately.
So why don't you explain why the NRA won't let us do that? Are they just interested in perpetuating tax fraud or do they want to smuggle guns to criminals?
Wait, who's smuggling guns to criminals now? It's not the NRA. Here's a hint...
https://en.wikipedia.org/wiki/...
No other port has nearly the range of possible attacks or the ubiquity of use as USB.
That's just like saying every house has a front door therefore they are vulnerable. There's nothing inherently insecure about USB that previously common ports did not have.
USB combining keyboard/mouse with storage and network adds nothing or very little. The ubiquity of floppy and optical drives meant any storage based attack is no different than a flash drive attack, except maybe the speed and size but then computers have always getting smaller and faster. A keyboard emulator attack requires someone to be in on the attack or have a mental incapacity (being a child, being drunk, etc.) that they will not think their mouse pointer moving about and words getting typed without them is odd. The network attacks are interesting but that requires a more complex device, greater skill, and still someone in on the attack at the computer or a person running the computer not being aware of some odd behavior.
You can buy a programmable USB dev board in stick form factor with a 180mhz ARM CPU and multi-gigabyte microSD storage for $30, it is 2017 after all :)
That's fine but all you are saying is that computers have got smaller and faster. Many of these same attacks can be done with a cell phone, laptop, or just a cheap flash card loaded with the right files. Many of these things can be had for $30 or less, and are just as inconspicuous.
I think people are making a mountain out of a mole hill. There is nothing new here. What these attacks largely rely on is "plug-n-play", where a device plugged in has it's drivers loaded automatically and is allowed to send and receive data. This is not new and if someone is concerned about this then the drivers posing the threat can be disabled.
You're ignoring all the additional scenarios this opens up that wouldn't be possible otherwise -
USB adds nothing that an an otherwise equivalently capable device could not do with another appropriate port.
Any company that deals with large digital documents where it's normal to receive files on usb sticks / drives.
The places I've been it's rare to send data on a flash drive as it does not prevent modification in transit. We use optical discs, CD-R, DVD-R, or BD-R, depending on the size. If the stack of polycarbon discs starts to look a bit think then its sent on a SAS drive in a pelican case. Each end will have the appropriate drive array for the caddy the drive is in. Many files are simply sent over the network through a number of data storage services, if the file cannot simply be e-mailed.
Plugging a miniature USB stick into an unattended computer quickly and walking off.
That's frowned upon. Depending on the time and place this is a breach of protocol, merely inconsiderate, and may involve a verbal reprimand. Such drives are to be handed to the person, placed in their mail box, or left with a neighboring coworker.
Giving branded USB sticks away.
There's enough distrust that I'm not sure this would go over well. They'd be examined or must come from a trusted party
Leaving USB sticks lying around.
People typically aren't in the mood to plug them into work computers. There's enough lost drives that they are just given to IT to deal with.
Your examples mostly revolve around already having social engineered a position of trust (if you're already doing maintenance on a user's machine what do you need a special device for?). Devices disguised as regular USB sticks/devices lowers the amount of social engineering required considerably. A user might notice a screen flicker up, but it's unlikely they'll see enough to know what was happening before it disappeared, at which point an exploit could already be installed on the machine.
You are correct, I don't need a special device. I'd want it there so that I'm not leaving so many tracks as group policies or spending so much time at each computer. If I wanted a special device then having something much larger and capable would make installing quicker. Also to point out the lack of a need to be discreet. If I call something a drive then in the minds of everyone that I talk with this thing is a drive. It may in fact be a fully functioning computer capable of running scripts against the PCs. among other things.
I disagree; Giving someone files on a USB stick is such a common and natural thing to do that the vast majority of people wouldn't think twice about it. Just leaving one lying around might be enough, and it may be possible to install a hack on a user's own USB stick if you can get brief access to it.
My comment was that people would have to plug this in, watch the device take over their screen and do nothing about it. That's going to take some crazy planning to distract the person or something, or as I pointed out the person would have to be in on the attack.
Giving someone a dongle to plug into a port that they may have never used on their computer (and increasingly isn't even present) would already be more suspicious, and only give you keyboard access with nothing else.
I point out the use of PS/2 and such just to show how old these attacks are. People have been doing this for a long time. The ports people use to plug in their keyboards have changed is all. You want someone to plug in a keylogger on their PC a decade or two ago? It goes like this, "I heard your computer was acting funny. I got you this keyboard noise filter. Just plug it in between the keyboard and the PC on the back and this filter in the middle should stop the crazy keystrokes you've been complaining about." The same applies now with USB.
With a USB device you can emulate a keyboard, mouse, multiple storage devices and a network device all on a single stick. It's both a lot more powerful and a lot more discreet.
Fuck being discreet. I got a big old USB drive case around here. I can take out the old drive and fill it with an array of new SSD drives. I hang a couple cords out the back, SATA and USB (for power ;^) ) , and take it to the user. I explain I need to run a "diagnostic and backup" and then plug it in. While the little microcontroller in the case is doing it's thing with the keyboard emulation there is the drive is doing a legitimate backup. I chat while the computer is working and leave with the drive when done. I return later with the data on DVDs, a smaller drive, or in it's proper place on the network and check that the customer is happy.
Barring such a friendly relationship then put the device in a shipping carton, print out a legit looking label from DHL, UPS, Planet Express, or whatever, and drop it off after I get a signature. Along with my oversized "backup drive" (or whatever) is a sheet of instructions to plug into their PC and how to power it up. Depending on what I want it to do I can have them send it back, tell them they "won a prize", or whatever to make it look good. It doesn't have to be an old hard drive case, tell them its their new modem from their ISP and it's a modified off the shelf modem with a surprise inside to grab traffic. Have it plug in with Ethernet, USB, whatever they have.
Yes these USB "vulnerabilities" don't offer anything you technically couldn't do by sitting down in front of the machine with your own keyboard, mouse, network and storage devices, but the unique thing is they can do it much quicker, much more discreetly, and it's much easier to trick someone else into running the exploit for you.
USB adds nothing. This has all been done before. Depending on what you are looking for these same things can be had with a DVD, a modified network device, a printer that you had "sent out for repair".
People love those BlueTooth wireless speakers that use USB to charge up. Crack one open and you are likely to find more room to play with than a flash drive. Just about anything that would reasonably be charged with USB could make a better device than a flash drive. A novelty hub might be a nice hiding place for stuff. If you are stuck on USB then there's more than just flash drive.
If we are going back in time then I can give all kinds of examples of this done before. Some much more complex than others, none using USB.
Good thing guns are dangerous to those around you, that's kind of the point, is it not?
It's also a mouse/keyboard emulator in the background, but the user doesn't easily notice that.
That's just crazy talk. People will notice their mouse pointer moving and things getting typed.
Meanwhile plugging in a foreign PS/2 device has never been a thing, so it would be a rather weird and suspicious thing to do.
People have been plugging in crazy and "suspicious" things all the time. A PS/2 keylogger would be only a short cable with a "ferrite choke" in the middle (which actually contained the electronics) and installed as a "noise filter". In reality it transmitted every keystroke to anyone with the right kind of receiver. The fancier ones had two-way action. A storage device, from floppies to CD-Rs to Zip cartridges, could be left lying around waiting to install software keyloggers, network diversion scripts, or whatever.
Nothing's changed really. Computers got smaller, cheaper, faster, that's all. This made the population of people that could afford these attack devices larger, as well as the population of victims. USB getting adopted widely on MacOS, Windows, and Linux means a single device can attack them all.
They are not hiding the device as a flash drive, the device *is* a flash drive. It works exactly as expected when you plug it in. It's also a mouse/keyboard emulator in the background, but the user doesn't easily notice that.
People will have something that *IS* what it claims to be, but also grab data as it goes by. This might be a large old looking modem that was hollowed out and the insides replaced with a newer modem and a device to store everything that comes and goes. An enterprise level switch or router could be compromised to divert certain kinds of traffic. Those with more money could buy a PCMCIA card with a programmable FPGA in it that could emulate a flash storage while also giving access to the computer buss to do just about anything they could think of and fit on that card. A FireWire "hard drive" could actually be a fully functional computer, plug that in and someone could have access to the main computer memory.
It all depended on the amount of effort someone was willing to put into the attack. Simple ones were pretty basic viruses people could construct using scripts. Put it on a floppy disk and drop it in a hallway. CD-Rs, when they came out made this easier as it enabled hidden tracks, boot files, drivers, and just more space for a payload, as well as being more durable so as to survive being dropped where someone might just as easily step on it as pick it up, or be left in the rain for a bit. Keyloggers and traffic sniffers cost some money. The real pricey stuff, like the FPGA in a PCMCIA card, or a computer in an external drive case, were very expensive. These were custom or semi-custom devices.
Nothing new here. Even the driver security stuff isn't new. Malware drivers were seemingly always a thing, as were security holes in the drivers included in the OS. It's been long enough now that a lot of specifics escape me.
Everything you know about the NRA you must have learned from Whoopi Goldberg.
What's the argument for legalizing marijuana or any other drug? It will be something like the benefits outweigh the harms, states' rights, personal rights, federal government over reach, or so. All the same arguments apply for the right of self defense, or most all anyway.
What kind of restrictions are people expecting for marijuana possession? I mean even the marijuana legalization people aren't expecting a free for all. Largely the argument is that marijuana should be regulated like alcohol. Only adults can possess marijuana. If allowed for children (I emphasize *IF*) then it must be under adult supervision (parent, physician, other person responsible for the health of the child). Sellers must be registered, inspected, and trained. Buyers must present an ID. People in prison or a mental institution will not be allowed access with perhaps exceptions for medical need. All of these same restrictions are called for by the NRA and would at least be tolerated by most Second Amendment advocates, any medicinal claims excepted as I am unaware of any medicinal use of a firearm.
I recall a Second Amendment Foundation official that addressed a "gun show loophole" bill by proposing this alternative, everyone that entered a gun show must have a background check done at the door, no exceptions. This background check would be done through the same FBI database as used by licensed firearms dealers. The groups wanting to close the "gun show loophole" rejected this. Why? Because it didn't require the registration of the firearm transfers. This proves beyond a doubt that this is not about background checks, this was an attempt to create a database of all firearms and who owns them. Why would any government want a database of all firearms and who owns them? Ponder that, and look at what history taught us about previous firearm registries.
Whatever you can think of that would apply to removing restrictions on marijuana would also apply to firearms. You think I don't know that the government might ban bump stocks? Of course they are going to try, they might even be successful in passing that into law. Here's the thing, this will be just as successful as previous bans on marijuana, alcohol, and "assault weapons". If I wanted marijuana then I'm pretty sure I know I could get some by this weekend. I don't because I have respect for the law. Those that lost respect for the law have their drugs, and guns, and alcohol, and bump stocks, and silencers, or whatever else the government thinks that they can make disappear with a law. Marijuana is a weed, people will get it. A bump stock is a piece of plastic, people will make them. A silencer (at least according to the ATF) is a short piece of threaded pipe. A machine gun (again, according to the ATF) is a piece of string. These laws don't keep the criminals from having them. All they do is put good people in prison, because if a piece of string is a machine gun then the government can put anyone in prison.
The claim was that USB has physical vulnerabilities that are not fixable at the driver level. Problems of people inserting storage or network devices can be fixed by disabling or removing drivers for those devices. If access to front ports are a problem then disable the front ports. Disabling front ports can be done at the driver level, or BIOS level, and not just by filling them with glue.
Perhaps there is a problem where people need ready access to USB storage, so front ports cannot be disabled, AND need to use USB keyboard/mouse since PS/2 ports (or whatever) are not available. This is more difficult to manage but not impossible, I raised this problem myself elsewhere.
The other claim was that this was not common knowledge, but I'm pretty sure it's common knowledge that USB keyboards exist and drivers for them are standard install on most any operating system.
If someone wants to claim that it's not common knowledge that keyboard emulators can fit in a device that can be disguised as a flash drive then that might be something that could stand up. But then someone would have to be engineered to plug in a flash drive and for some reason allow the device to "drive" the computer until the payload was delivered. If the person doing this was aware that the device would do this, such as being a party to the crack attempt, then this is still not something unique to USB. Such a person could easily be engineered to plug a device into a PS/2 port. If the crack needed access to files then include a CD-ROM as part of the attack, or floppy disk because now we're going back in time to old school cracks that predate USB. Again such things can be addressed with things like controlling access to storage devices at the driver level.
I don't see this as something that cannot be fixed at the driver level. Keeping out network and storage devices is trivial at the driver level, just disable the drivers. Keeping out keyboard and mice emulators might be more difficult but then the person with the device must almost certainly be in on the attack, especially if there is a need at any time to enter a password such as changing important settings or installing software. None of this is new or unique to USB. Perhaps USB adds a level of threat by the increased bandwidth but that's like saying broadband internet is a security problem because it's so much faster than a dial-up modem. If you want high speed data for "good" stuff then you get high speed data for "bad" stuff too.
Emulating a keyboard and mouse is not any more a "hardware vulnerability" than having access to PS/2 or any other input port that one might have access to. These kind of attacks have existing long before USB.
Emulating a network adapter is not much of a vulnerability either since one could also attack by Ethernet or wireless connection. This is also fairly simple to protect against by disabling the use of USB network adapters and/or setting routing priority on the computer.
I thought that there was something unique to USB that I missed. Apparently not.
That's not discreet. The point is to create a device that emulates a usb keyboard which can be automated to inject commands into the system.
This is not unique to USB, any port that allows the connection of a keyboard (PS/2, ADB, whatever) will allow someone to inject commands into a computer at a speed faster than people can type.
If there is a need to keep it discreet then hide it in something that's common to an office environment, like a hollowed out highlighter or dry erase marker. Why not just hide the device in an actual keyboard? Most keyboards I've seen have a hollowed out back, room enough for plenty of circuitry. Even better if the keyboard brought in is one of those fancy ergonomic types as it gives an excuse to bring in your own keyboard ("Oh, this? It's for my carpal tunnel problem.") and can give even more room than a typical keyboard supplied with a PC. These things can be hidden in a mouse (also makes sense for personal preference and being plugged in), a laser pointer (bonus if it's the kind that recharges from USB), a case for eyeglasses, a calculator (a bonus as it provides some input and output if all the electronics are replaced), put it in a pill bottle (bonus as medications have social norms and legal protections against being messed with), and so on.
If someone is discovered at a computer they are not supposed to be using, and the screen has windows popping open and text being blasted into them, then there is nothing "discreet" about hiding the device as a flash drive. If the device needs to be left at the computer so the payload can be delivered later then hide the thing as just about any USB device, such as a mouse, keyboard, hub, or DVD drive. A flash drive left in a computer might lead someone to take it out and try to find the owner that forgot it. A hub or mouse plugged in will likely be left alone.
Three of those "hacks" are just devices that emulate keyboards, that's not unique to USB since something that can emulate PS/2 could do the same. The ability to have storage as part of the USB device does add some capability since files can be copied over but if there is internet access then files can be downloaded. Without internet access and sufficient time at the computer a keyboard emulator (PS/2, ADB, whatever) could input executable scripts or even enter and compile code. This is nothing a person could not do with enough time at a computer manually if they simply memorize enough stuff, and no incriminating USB devices for someone to find. All of these attacks require having a password, or finding an unlocked screen.
One "hack" is also not unique to USB as it takes power from the port to charge a capacitor to zap the port with a higher voltage. USB may have more voltage and/or power to draw from making this kind of an attack more effective but even a VGA port or Ethernet port would be vulnerable. Having access to a battery of some sort can do damage too, as could just wiring any computer data port to a 120 VAC wall plug.
One "hack" is described as a "password stealer" and lacks much for a description, and the link it provides is dead. Best I can gather it's just a keylogger, which is not something that is unique to USB.
One "hack" doesn't even plug into USB to work so I'm not even sure why it's on this list. Sure, it's disguised as a USB power brick but it could have been disguised as just about anything that plugs into a wall outlet. It picks up RF from a common USB wireless keyboard, which I guess is another possible connection to being a "USB hack" but then this would apply to any wireless device that could carry sensitive data.
All in all none of this is unique to USB.
lobbyists are just legalized bribery in Washington DC
Oh really? Do you care to qualify this? I mean *ALL* lobbying can't be legalized bribery, can it? If I go to DC and ask my senators for clean air and water does that mean I've committed some kind of legalized bribery?
I'm sure that there are solar power lobbyists in DC right now. Wind power lobbyists too. Lobbyists for public education, blood and organ donation, drunk driving prevention, drug legalization, drug crime mandatory minimums, nuclear power, anti-nuclear power, and lobbyists for lobbyists. Regardless of what political stance you approve or disapprove there are likely lobbyists for and against. Are all of these people committing "legalized bribery"? Or, are only the lobbyists that lobby for the political stance that you disapprove are guilty?
I do believe that lobbying is necessary to the political process, how else are elected officials supposed to know what their constituents are concerned about? Or, is the voicing of these opinions not always lobbying? I'm quite certain that people have the right to speak to their elected officials. I'm also quite certain that this right is protected by the US Constitution. I may not like what some of the lobbyists have to say but I'm not going to claim they don't have the right to lobby. That might not go over well should I feel the need to go to DC any lobby myself, such as for clean air and water. That is unless you have a problem with clean air and water.
Please tell me more. I recall a rather problematic security issue with early FireWire implementations that allowed direct access to a computer system's memory. Wasn't this used to break some DVD encryption keys? ThunderBolt might have similar problems but I have not looked into it thoroughly, this is likely much harder to fix since ThunderBolt is an extension of the PCI bus. ThunderBolt 3 uses USB-C for it's standard connection port, is this what you mean by a physical hardware vulnerability? This kind of vulnerability does not apply to USB as it's not a direct memory access device like FireWire and ThunderBolt.
Standard practice by many operating systems is to treat a USB device with more trust than I believe it should. For example, if someone plugs in a USB network device the OS will often install a driver, enable DHCP, request an IP address, and start talking to it. Auto-run has long been a problem for storage devices, but that's not unique to USB and it's not a hardware problem. These are problems that can be solved in software.
What USB hardware vulnerabilities do you know about? I'm honestly curious since I've heard nothing of these things, and I like to think I follow computer security pretty closely.
I'm not sure why this is news.
Perhaps because it marks the end of a long string of successes. Not big news, thankfully, since big news in a rocket test would probably mean someone was killed or injured. Still news though.
I've worked in secure environments and as someone that has obtained security certifications I see all kinds of problems with USB beyond improperly coded drivers. One common practice not that long ago was to disable any USB ports to stop people from plugging in things they weren't supposed to. This was only possible while PS/2 ports for keyboards and mice were still commonplace. (There was also that short period where some Apple computers had both ADB and USB ports.)
I like USB-C. It's quite the improvement over what we've had before. I am a bit concerned on how this affects the security of our devices in the future. Controlling things like someone offering a "charger" for a laptop or cell phone to try to sneak into a device can be managed in many ways. Dedicated ports for video, keyboard, mouse, and even Ethernet had inherent security in that they did only so much which prevented certain security issues. Will all these ports go away and be replaced with USB-C?
Again, I really like USB-C as it adds convenience and capability that nothing else offered before. It also adds security issues that a simple list of "dos and don'ts" cannot cover for many less technically knowledgeable people to follow. Securing computers from many kinds of attacks is going to be an increasingly difficult problem unless we get off this mentality of one port to rule them all.
Maybe we'll see some means to better secure USB. Maybe we'll see computer systems that will allow one to disable anything that is not a HID or power device from being recognized on USB in the firmware. Maybe OS developers will provide better granularity on what USB ports are allowed to do.
Maybe we'll get PS/2 ports back again. Probably not. I do think something has to give. If we can't have the inherent security of feature limited ports then we will need some security through better management of the ports that replace them.
Be careful what you wish for, you just might get it.
This discussion led me to go look up the Tenth Amendment Center website. They are certainly big on letting people shoot and smoke all they want. If you think that the "war on some drugs" is just something to prop up the prison industry then what do you think of the "war on some guns"? I believe that it's going to be hard to tell people that they can smoke what they can grow but not shoot what they can build. If you think it's silly for someone to go to prison for three years for growing a common weed then would it not also be silly to put someone in prison for playing in their garage with some scrap metal?
What is this "bump stock" that so many congresscritters want to ban now? It's a piece of plastic on a threaded pipe, that's about it. What's a "silencer"? According to the ATF it can be a piece of metal that's got male threads on one end and female threads on the other, as in it can fit a common oil filter to the end of a rifle barrel. What is a "machine gun"? According to the ATF it can be something as simple as a length of string with a loop on each end, people have actually got these "machine guns" registered with the ATF.
I believe that what we've been seeing happen with federal drug laws will soon also happen with federal gun laws. It appears I'm not the only one. I went to the Tenth Amendment Center website and found a couple interesting recent articles on this debate over federal control on guns and drugs. I know lots of Slashdot readers don't like Second Amendment advocacy groups like the NRA, but if you are not a fan of federal prohibitions on marijuana possession then you need to have a different attitude on the NRA. The legal constructs that prohibit marijuana possession are the same constructs that prohibit the possession of silencers. If one goes then so does the other.
Here's just one example explaining this connection between gun laws and drug laws, the connection is the Tenth Amendment.
http://tenthamendmentcenter.co...
There is one important distinction though between gun laws and drug laws, gun laws have an additional amendment in the US Constitution that makes them problematic while drug laws do not. If you believe that Colorado can "go rogue" on drug laws and expect a federal ban on bump stocks to hold up in court then I believe you will be disappointed in the long run.
Should not people be governed most by those nearest to them? Especially on matters that affect them the most? I'm also quite sure that these votes were allowed within the state law, although that might not have been clear in the article. The state law said that if a city government is to create a broadband internet provider it must get permission from the citizens first in a referendum. That makes sense to me.
It's not like Colorado doesn't have a history of telling a distant government to go to hell, they made marijuana legal in 2012. Should the federal government march in and start arresting state officials for their part in the sale of marijuana? However you answer there is a difference between state vs. county and state vs. federal. The state is what created both the federal and county governments. The state is at the top of this hierarchy of governments in the USA. State governments have a say in what powers the county and federal governments have. If there is a problem with what either the federal or local governments can or cannot do then this is something to be brought up with the state government.
It sounds like the state is enforcing a restriction on what city and county governments may provide as a utility, specifically if that includes running internet access as a utility. When it comes to a state having authority on things like marijuana possession then perhaps we need to re-examine what the "commerce clause" allows the federal government to do. When it comes to states telling what a city or county has authority to do then, likewise, one should go to the documents that created the government.
I do see little things like this having far reaching effects. You think that the federal government cannot tell Colorado they cannot allow the sale and possession of marijuana without the permission of the federal government? Then what of the sale and possession of firearms? Either the federal government can regulate such state matters or not, trying to split that baby down the center of firearms and drugs will be impossible. If a city is barred from offering internet access as a utility is it also barred from offering water? How can that be split?
I believe that a government should only do what a private entity cannot. Things like roads and a military are of little dispute in being authority granted to the government. Maybe a distinction should be made between the wires in the ground within a city and the signals that they carry, much like how phone lines and cable TV services are run in many places. The city will own the wires and the internet providers will rent or lease them from the city to provide internet access. If no private entity comes forward to provide this service, and the people want it, then it seems appropriate for a city created entity to provide this service.
We've been coming up with less "green" solutions for a couple hundred years. Maybe let's try something else.
Yes, let's try something else. Perhaps we should aim for what is possible instead of was it perfect. If we listen to moonbats like Helen Caldicott then we'd be reading books by candlelight, drinking beer from steel cans (assuming she "allows" us that luxury), and trying to power the industry on solar energy. Such a "perfect" world ignores so much of reality that nothing we do would be good enough. What also prevents us from such perfection is that so many people have their own definition of "perfect" that there will always be someone dissatisfied.
Oh, that was only one example.
I'm sure it is. With public figures having cameras being shoved in their faces and reporters asking a barrage of stupid questions I'm sure that there is just a trove of quotes to pick from to make any political party, or other similar group, look like complete morons. I just did that myself by equating the entire "green" movement with Helen Caldicott. Put her on camera for a half hour or so and let her talk and I'm amazed anyone would want to be associated with her. Yet, she's been leading her own brand of environmental protection for decades now.
I'm sorry, my friend, but the current administration is very specifically, and very literally saying "let the motherfucking world burn" every single day. If you really want me to give you many more examples, let me know, but it will have to wait until tomorrow, because I'm relaxing and listening to some music right now.
As I said before, I don't want words, I want actions. What did these people do? I believe that the Trump administration has had only a few months so far to set an agenda. The US Senate has been a circus on getting approvals for appointed top level government officials tied up. The House is quite the mess as well. I believe that the Trump administration won't really get much done, domestically at least, for another year. We'll probably see small victories from them though, like getting more natural gas to replace coal.
I also have my view of "perfection", and that includes one gigawatt of new nuclear power capacity every month. That's not adding new generation capacity, only making up for currently planned shutdowns on existing coal and nuclear. If we see that then I know that the Trump administration is serious about the USA being able to produce safe, "green", reliable, and inexpensive power. A less perfect solution is replacing that retired capacity with a mix of wind, natural gas, and nuclear power. Not using any nuclear power is not a solution, not even a less than perfect one, it's just more of the same of people talking about the problem and doing nothing about it.
Why exactly does the host have to smoke?
The host doesn't need to be smoking, but I do think it provides an important visual clue for the viewer.
It's typical for people to equate smoking to being relaxed, having time to tell a good story, that the day is done or at least one has enough time to think of something beyond the task at hand. Maybe the host should poor a drink. It doesn't have to be alcoholic but the implication that it likely is might be important. Think of people sitting down after the evening meal for a glass of wine, or having a beer before supper.
This has been a visual or literary device for a very long time. This has been often taken advantage of in comedy, where the host changes mood from the "formal" standing routine to taking a minute to pour himself a drink, light a cigar, or just pull out a chair or stool to sit down, showing an intent to get comfortable/intimate with the crowd.
I think that starting the show with the host doing something to set the mood is important. As in demonstrating a mood as in have a smoke/drink/seat and enjoy the show. As I recall with Serling's openings the cigarette wasn't always visible or prominent but the nearly omnipresent puff of smoke over his head gave a clue. His tone of voice and mood had just as much to do with setting up the story as anything.
Maybe mix it up with each episode. The show opens with the host seated in his study lighting a cigar. The show opens with the host at a nearly empty bar having a drink. The show opens with the host on his back porch looking in a telescope. The host in front of a tent with a campfire burning. The host at an easel with a paintbrush in hand. Etc. and etc. All openings are dimly lit, soothing background noise, and a few slowly spoken words to set the scene for the story to be told.
Actions speak louder than words. I can point to all kinds of statements from previous administrations that contradict their actions. Let's see what the EPA does rather than focus on any single statement made by someone within it.
I've also seen the EPA in the past get involved into far too many details of our lives. I'd appreciate an EPA that would not (or was unable to) declare every mud puddle "navigable waters" and therefore under federal jurisdiction. I'd prefer an EPA that doesn't take a decade to approve of a clean energy source like a hydroelectric dam but will approve a new natural gas plant in a week. Maybe we shouldn't be shutting down dams that provide drinking water, irrigation, and electricity production, because a very common fish population is threatened. People need food, heat, and water. Maybe this means taking a step back and coming up with a less "green" solution in the short term so that people have a better future in the long term.
Saying the air is "too clean" is pretty stupid. If it makes energy cheaper, so we can make more windmills at a competitive price, then in the long term we could be better off.
Also, it's one thing to say "the air is a little too clean" and another to say "let the world burn". Equating the two is disingenuous and fear mongering.
Then make the reduction of CO2 benefit the movement of small green pieces of paper. By that I mean, make "going green" profitable. Energy is big business. People will spend a lot of money on anything that can replace coal, oil, and natural gas. Don't force people to reduce their carbon footprint with taxes, mandates, peer pressure, or whatever. Make reducing carbon output cheaper than the status quo and no one will be forced to switch, they'll do it on their own for those little green pieces of paper.
Think of the main uses for coal, oil, and natural gas. Natural gas for heating is facing real competition with heat pumps, at least in new construction. Even in the relatively cold US Midwest were I live I'll see lots of new houses with heat pumps. Adding it after the fact can be very expensive but that may change too. Oil is mostly used for vehicle fuels, and if the claims on electric propulsion is to be believed then we are near the tipping point of it replacing everything else. We are replacing fossil fuels with electricity
The hard part, in my estimation, is coal. Coal is still big in electricity generation. We might see natural gas replacing coal at the top but that only cuts the CO2 output in half, rather than make it a fraction of what coal produces like other choices before us. We need something "green", cheap, reliable, and safe. We have that now, but no one dares mention it's name. The fact that no one dares go where logic leads tells me that very few people are serious about solving this problem.
We have the solution to our CO2 problem, and it's not wind or solar.
The economic incentive *doesn't* already exist. Right now, in most cases it's cheaper to burn fossil fuels than to use non-emitting alternatives. That's why we continue doing it.
The fact that we are burning coal right now IS THE INCENTIVE to do better. If the likes of wind and solar want that money currently being spent on oil and coal then they know what to do, offer the same service for a better price. Imposing a tax places an immediate and real burden on people with no guarantee that wind and solar will come to meet the challenge.
Besides we have a "green" energy source already. If the powers that be were serious about solving this problem then they'd be issuing licenses for nuclear power plants and fracking natural gas. Looks like the Trump administration may actually do that. We don't need new taxes on the poor. We need a government not tied to "big wind", "big corn", and "big solar".
We've been subsidizing wind and solar for decades now. At some point we should come to realize that they need to sink or swim on their own. Or, perhaps, come to the realization that they just don't work as viable energy sources.
The solution is simple: Tax carbon emissions, and apply tariffs to goods from countries that don't.
Why do you hate the poor?
I know that's an unfair question as it can imply a motive but honestly, do we really need to add an economic incentive when one already exists? I recall that it's something like 1/3rd of American households have nothing saved for retirement and/or are living paycheck to paycheck. If you impose an arbitrary tax on them based on energy use then you are just forcing them into deeper poverty. People already crave energy that is cheap and clean, making people poorer from such taxes means they have less money to spend on energy saving or to invest in research.
Energy is a HUGE market and we already have people falling over each other trying to knock "big oil" and "big coal" off the top of their respective hills. I give the large investments in electric cars, energy saving devices, wind power, nuclear power, ethanol and other biomass fuels, and on and on.
When the disproportionate burden a carbon tax imposes on the poor is brought up a common response is to create some sort of "revenue neutral" tax credit for the poor to offset this. That just destroys a lot of the potency of the carbon tax and creates an even more complex tax system over what we have already. People spend enough money on tax preparation services, lets not make it an even bigger business with more tax laws.
The solutions list may be missing bio-fuels, harvesting ocean currents, and converting coal+NG to oil, but these are less proven.
Which is just admitting they fail on the "available today" and "domestically sourced" metrics. If we can't get these technologies here and now then they might be something worthy of research and development but they are not something worthy of deploying to solve our energy problems.