There is no "perception of performance" that affects benchmarks
Benchmarks are full of shit. Perception is everything.
glassy-smooth tracking and animation
See, even you fucking agree.
Wow! You Haters
I don't hate Apple. I hate cockwombles that are so fucking blinkered that they can't stand any criticism of Apple.
HOW long ago was that Jailbreak-Exploit thing?
See, you can't defend this one so you try and deflect away from it. You could have admitted that yes, earlier versions of iOS were wide fucking open.
And your excuse about "constrained this, and constrained that" sounds JUST like the Windows fanbois trying to explain-away bad Security on that platform, too!
Wait? I'm arguing with someone that uses the term 'fanbois'? I'd get more erudite responses from a used tampon.
However, since you made that comment: Even Microsoft fans can be right from time to time.
Wrong.
Really? You do realise you're your very own counter-example? I highlight some evident truths and you go onto some ranting bollocks that makes a fuckload of assumptions, including my views on Apple and their latest iPhones.
a nearly unbelievable lack of insight
Your inability to miss the insights I'm offering doesn't meant that they're not there.
But to just REFLEXIVELY disregard an entire company and all of its software and hardware products, especially one with such insanely-high customer-satisfaction ratings and insanely-high sales, year after year, shows
..that I don't like their business practices, their business model, the locked down environment they demand people accept, the ludicrous profit margin they make on their devices or the marketing they use to dupe consumers into thinking they're cool.
Then again, I don't disregard them. I just don't buy them and instead mock people like you that think they're a gift from god. Fucking expensive gift.
I don't give a fuck whether you label fascism left or right. Nobody lied to me, they ascribed it to some made up label they like to use to demonise people.
The political alignment of fascism on an arbitrary linear scale says fuck all about anybody else you align to that scale. It merely means that someone's put them on a line.
If someone espouses fascist ideals and tries to implement them, that's something you can challenge. Until then, they're not supporting fascism and you can draw all the fucking linear pictures you like but it wont make them a fascist.
Most of the hatred of Jews is actually based on their ethnicity and not their religion.
Yeah, I hate that. Makes it much much harder to mock their shitty superstitions.
Except face-to-face. I've yet to meet someone following the Jewish faith that doesn't respond to teasing and derision about their faith with good humour, and many of them don't need prompting. Makes them very easy to get on with.
You appear to have extremist and delusional views.
The average "progressive" hates Jews more than the Daily Stormer.
Hyperbole, although I'll have to trust your interpretation of the Daily Stormer.
The vast majority of those "actions" never happened
Really? Your cherry picked list of actions that maybe didn't happen may even be accurate, but please, don't go pretending that Israel is some holier than thou actor here.
Israel shells Palestinian civilian territories, they repeatedly invade those territories, they do illegally occupy them (argue with international law all you fucking like, it's illegal occupation) and do commit crimes against the Palestinian people.
The "Palestinians" are what we used to call ISIS. They are a terrorist organization that wants all Jews dead.
What the fuck are you on? You should stop and seek medical help, fast.
The Palestinians are people. They're born, they go to school, they grow up, they get bombed by Israel, they live their lives, they die.
Some of them decide that they'd rather risk dying sooner than live under oppression from Israel. If you want to class those few as terrorists then I'll understand, but the whole fucking population? No, that'd be exactly the same as blaming every Israeli citizen for the crimes against Palestine.
Talk to somebody over the age of 30.
I am over 30. I remember Yasser Arafat and didn't trust him for a moment. I remember Israel invading Lebanon leading to a war that caused thousands of civilian deaths. I remember the PLO being branded a terrorist organisation, yet recognised by the UN. Even if you discount the Sabra and Shatila massacre I've yet to see conflict between Israel and Palestine in which more Israeli civilians have died than Palestinian ones.
There are reasons that intelligent people don't take the mainstream media seriously and their ridiculous, totally fake reporting on Israel is one of the biggest.
Yet comically they still manage a more balanced and nuanced depiction of the Israeli-Palestinian conflicts than you can.
It's interesting how quickly some Jews here in America forget their more recent pasts, on the receiving end of similar abuses in Europe and elsewhere. The state of Israel is harsh towards the Palestinians
It's interesting that you don't see the second half of the first sentence as a reason against the second.
Germans didn't hate Jews, some Germans did. Jews don't mistreat Palestinians, some Israelis do.
Just as I'll happily condemn Nazi behaviour towards Jews, I'll happily condemn Israeli behaviour towards Palestinians.
As Bestweasel highlights, that's not anti-semitism.
anyone paying attention knows that Apples mobile CPU's have been 6-12 months ahead for many years now
I'm not sure I agree with that, although Apple do release a new phone with 'next generation' internals, and often buy a monopoly on the production run.
The reality though is that Apple software designers focus on user perception of performance, and that supplements the underlying hardware to make a material difference in how users think a device performs.
Anyone paying attention knows that iOS is much more secure than android.
So all those people jailbreaking their iPhones weren't using root exploits?
Not to mention the relative ease of securing a very constrained number of devices with a very constrained environment and a very constrained and controlled driver base?
the anti-Apple thing is out of control in here
Probably because people on here look beyond the shiny marketing and explore things in more depth, and despise shallow shits that tell people how innovative Apple, or refuse to accept any criticism of their great god Jobs.
Does it matter? Fuck all multiplied a couple of million times can become a chunky number. As long as it's more than the cost of the advertising (which may be near zero if it's charged by click-through) then they profit.
How long are ads displayed for? Probably not long in most cases. Many browsers, especially Chrome, throttle Javascript or even stop it running entirely to save energy when the user isn't interacting with the page. And Javascript isn't exactly known for its high performance when it comes to maths.
That'll be why they targeted pages that users interact with for tens of minutes (up to hours).
I hadn't heard of Snap-On, although I'm not really their target market.
Looks like they have minimal UK presence, but their website also suggests they have QA issues. Their tools may be great but I'm not going to buy one through that flakey piece of shit.
Tesla very much has the monitoring systems you claim it didn't.
NTSB: Tesla need to do more to monitor and alert the driver. thegarbz: Tesla did everything they needed to do
My critical reasoning tells me you're arguing with the wrong person.
Tesla: Bullshit marketing killed someone. Tesla killed someone. Tough fucking shit if you don't like it, and don't go blaming the victim because the NTSB have determined that Tesla didn't do enough.
When you publicise a product as 'autopilot' and infer that it doesn't require full attention, then fail to implement basic attention monitoring capabilities, and you sell your cars to idiots, you pretty much guarantee something is going to go wrong.
Shit, my five year old car that doesn't even have lane assistance or dynamic cruise control but still monitors me and alerts me if it thinks I'm not paying attention to the road.
I think it's reasonable to assume that Equifax spend significantly more than that on security professional employees, more than that on security consultants and service providers, substantially more than that on security infrastructure and probably around that much on audit for all of the above.
But, if you're squeamish about messing around inside of a device like a smartphone
Less squeamish, more that I lack the appropriate equipment and any device I dismantle tends not to go back together properly afterwards, and certainly doesn't look as nice even if it does.
I like my phone, I like it having smooth edges, I like it being water resistant and I like it working. All these things and more are at risk if I do something stupid like try and change a battery.
But, as you say:
Apple and several third-party vendors will be happy to do that battery replacement for you
The reason is that they all fail to implement the principle of least privilege
The application required data access rights. Its least privilege included access to data. Once it was compromised, so was the data.
Could things be more secure? Of course. Switch the fucking thing off, it's more secure. There's a risk/cost equation and right now the risks don't (in business terms) justify the extra cost of excessive security.
Data diodes can, in hardware, allow for physically secure data ingress. Equifax could use one to allow reporting into their systems, which is the bulk of the information flow. They could then use another to allow requests inbound for customer queries, and then another one for the outbound results of those queries. All of the outbound results would be in one easy to monitor flow. No other egress would be possible. Thus they could then know the type and flow rates that are normal... and cut it off if the rates get exceeded, possibly even in an automated manner.
We don't know which part of the data flow was compromised. It could be any of those three, or others, and a data diode wouldn't have prevented the compromise.
Rate and flow monitoring were hopefully in place but a sensible attacker will draw data incrementally to avoid triggering alerts - Equifax have said the hack was in place for several weeks, so that's a relatively low number of records/hour, given their likely normal traffic.
Without further detail it's hard to pinpoint the measures that would've saved them. It may have been a passive intercept, capturing data traversing a link or system interaction, then passing the captured data back via a side channel. If you've got access at the application layer then you have a large number of options available to you on how to achieve that, some of which would be almost impossible to detect through standard tooling.
Equifax obviously has never heard of data diodes, which let data in, but not back out
It's rather hard to offer data based services without ever letting data out.
They probably never heard of capability based security either, nor the principle of least privilege. They probably also use Operating Systems that rely on ambient authority to get everything done, such operating systems are wildly popular, but can't be made secure.
Are you an academic? Just that it doesn't sound like you have any experience at all in protecting complex real world business systems.
I am sure there are equally good ways to determine if I pay my bills or not.
Devise them, commercialise them, get retirement level rich.
Even if you can't be arsed running a business, just sell it to Equifax, or Experian, or Call Credit. If you can provide reliable risk indicators without needing a fuckton of data then they'll start a bidding war for you.
It is apparent that Equifax couldn't give a flying fuck about security
While I'm personally greatly enjoying seeing Equifax get a kicking, and looking forward to meeting up with a friend that works there to taunt him about it, I think it's very apparent that Equifax do a fucking excellent job on data security.
Otherwise this breach would have occurred a decade ago, and monthly since. It's almost a surprise that it's taken this long, and that is itself testament to the extent to which they do indeed give a fuck about security.
US consumers though.. no, they don't give a fuck about them.
You are an idiot.
Apple doesn't "buy a monopoly on a production-run.
Ok, track down this Quora user and tell them they're wrong then:
https://www.quora.com/What-wou...
There is no "perception of performance" that affects benchmarks
Benchmarks are full of shit. Perception is everything.
glassy-smooth tracking and animation
See, even you fucking agree.
Wow! You Haters
I don't hate Apple. I hate cockwombles that are so fucking blinkered that they can't stand any criticism of Apple.
HOW long ago was that Jailbreak-Exploit thing?
See, you can't defend this one so you try and deflect away from it. You could have admitted that yes, earlier versions of iOS were wide fucking open.
And your excuse about "constrained this, and constrained that" sounds JUST like the Windows fanbois trying to explain-away bad Security on that platform, too!
Wait? I'm arguing with someone that uses the term 'fanbois'? I'd get more erudite responses from a used tampon.
However, since you made that comment: Even Microsoft fans can be right from time to time.
Wrong.
Really? You do realise you're your very own counter-example? I highlight some evident truths and you go onto some ranting bollocks that makes a fuckload of assumptions, including my views on Apple and their latest iPhones.
a nearly unbelievable lack of insight
Your inability to miss the insights I'm offering doesn't meant that they're not there.
But to just REFLEXIVELY disregard an entire company and all of its software and hardware products, especially one with such insanely-high customer-satisfaction ratings and insanely-high sales, year after year, shows
..that I don't like their business practices, their business model, the locked down environment they demand people accept, the ludicrous profit margin they make on their devices or the marketing they use to dupe consumers into thinking they're cool.
Then again, I don't disregard them. I just don't buy them and instead mock people like you that think they're a gift from god. Fucking expensive gift.
I'm sorry, you missed my point completely.
I don't give a fuck whether you label fascism left or right. Nobody lied to me, they ascribed it to some made up label they like to use to demonise people.
The political alignment of fascism on an arbitrary linear scale says fuck all about anybody else you align to that scale. It merely means that someone's put them on a line.
If someone espouses fascist ideals and tries to implement them, that's something you can challenge. Until then, they're not supporting fascism and you can draw all the fucking linear pictures you like but it wont make them a fascist.
Three ways to target that particular group:
- exploit them
- educate them
- exclude them
All of them can be done maliciously or for good purposes.
I've seen the suggestion that facism is left-wing espoused a few times recently.
I find it kind of bewildering. Who really gives a shit whether it's left wing or right wing: it's a bad thing, and don't do it.
Doesn't really matter what you label yourself as politically, if you're advocating genocide then you're a cunt.
Most of the hatred of Jews is actually based on their ethnicity and not their religion.
Yeah, I hate that. Makes it much much harder to mock their shitty superstitions.
Except face-to-face. I've yet to meet someone following the Jewish faith that doesn't respond to teasing and derision about their faith with good humour, and many of them don't need prompting. Makes them very easy to get on with.
You appear to have extremist and delusional views.
The average "progressive" hates Jews more than the Daily Stormer.
Hyperbole, although I'll have to trust your interpretation of the Daily Stormer.
The vast majority of those "actions" never happened
Really? Your cherry picked list of actions that maybe didn't happen may even be accurate, but please, don't go pretending that Israel is some holier than thou actor here.
Israel shells Palestinian civilian territories, they repeatedly invade those territories, they do illegally occupy them (argue with international law all you fucking like, it's illegal occupation) and do commit crimes against the Palestinian people.
The "Palestinians" are what we used to call ISIS. They are a terrorist organization that wants all Jews dead.
What the fuck are you on? You should stop and seek medical help, fast.
The Palestinians are people. They're born, they go to school, they grow up, they get bombed by Israel, they live their lives, they die.
Some of them decide that they'd rather risk dying sooner than live under oppression from Israel. If you want to class those few as terrorists then I'll understand, but the whole fucking population? No, that'd be exactly the same as blaming every Israeli citizen for the crimes against Palestine.
Talk to somebody over the age of 30.
I am over 30. I remember Yasser Arafat and didn't trust him for a moment. I remember Israel invading Lebanon leading to a war that caused thousands of civilian deaths. I remember the PLO being branded a terrorist organisation, yet recognised by the UN. Even if you discount the Sabra and Shatila massacre I've yet to see conflict between Israel and Palestine in which more Israeli civilians have died than Palestinian ones.
There are reasons that intelligent people don't take the mainstream media seriously and their ridiculous, totally fake reporting on Israel is one of the biggest.
Yet comically they still manage a more balanced and nuanced depiction of the Israeli-Palestinian conflicts than you can.
It's interesting how quickly some Jews here in America forget their more recent pasts, on the receiving end of similar abuses in Europe and elsewhere. The state of Israel is harsh towards the Palestinians
It's interesting that you don't see the second half of the first sentence as a reason against the second.
Germans didn't hate Jews, some Germans did.
Jews don't mistreat Palestinians, some Israelis do.
Just as I'll happily condemn Nazi behaviour towards Jews, I'll happily condemn Israeli behaviour towards Palestinians.
As Bestweasel highlights, that's not anti-semitism.
They all pop in a new window
Those are not what he's referring to.
I wish browser vendors would just disable new windows unless I ^n it explicitely.
That's what popup blockers achieve. Your pop-under windows are blocked by those too.
anyone paying attention knows that Apples mobile CPU's have been 6-12 months ahead for many years now
I'm not sure I agree with that, although Apple do release a new phone with 'next generation' internals, and often buy a monopoly on the production run.
The reality though is that Apple software designers focus on user perception of performance, and that supplements the underlying hardware to make a material difference in how users think a device performs.
Anyone paying attention knows that iOS is much more secure than android.
So all those people jailbreaking their iPhones weren't using root exploits?
Not to mention the relative ease of securing a very constrained number of devices with a very constrained environment and a very constrained and controlled driver base?
the anti-Apple thing is out of control in here
Probably because people on here look beyond the shiny marketing and explore things in more depth, and despise shallow shits that tell people how innovative Apple, or refuse to accept any criticism of their great god Jobs.
But how much currency can it mine?
Does it matter? Fuck all multiplied a couple of million times can become a chunky number. As long as it's more than the cost of the advertising (which may be near zero if it's charged by click-through) then they profit.
How long are ads displayed for? Probably not long in most cases. Many browsers, especially Chrome, throttle Javascript or even stop it running entirely to save energy when the user isn't interacting with the page. And Javascript isn't exactly known for its high performance when it comes to maths.
That'll be why they targeted pages that users interact with for tens of minutes (up to hours).
I hadn't heard of Snap-On, although I'm not really their target market.
Looks like they have minimal UK presence, but their website also suggests they have QA issues. Their tools may be great but I'm not going to buy one through that flakey piece of shit.
Hang on. You're the one that's been disagreeing with the NTSB. Now you're telling me you're not you, you are in fact the NHTSA?
You may want to see a doctor, they can treat schizophrenia you know.
Tesla very much has the monitoring systems you claim it didn't.
NTSB: Tesla need to do more to monitor and alert the driver.
thegarbz: Tesla did everything they needed to do
My critical reasoning tells me you're arguing with the wrong person.
Tesla: Bullshit marketing killed someone. Tesla killed someone. Tough fucking shit if you don't like it, and don't go blaming the victim because the NTSB have determined that Tesla didn't do enough.
Sorry, why are you ranting at me? It's the NTSB that said Tesla's monitoring systems were inadequate.
Bitch all you like but Tesla have been found to have unsafe technology in their cars. Tesla and safety: fail.
When you publicise a product as 'autopilot' and infer that it doesn't require full attention, then fail to implement basic attention monitoring capabilities, and you sell your cars to idiots, you pretty much guarantee something is going to go wrong.
Shit, my five year old car that doesn't even have lane assistance or dynamic cruise control but still monitors me and alerts me if it thinks I'm not paying attention to the road.
I think it's reasonable to assume that Equifax spend significantly more than that on security professional employees, more than that on security consultants and service providers, substantially more than that on security infrastructure and probably around that much on audit for all of the above.
But, if you're squeamish about messing around inside of a device like a smartphone
Less squeamish, more that I lack the appropriate equipment and any device I dismantle tends not to go back together properly afterwards, and certainly doesn't look as nice even if it does.
I like my phone, I like it having smooth edges, I like it being water resistant and I like it working. All these things and more are at risk if I do something stupid like try and change a battery.
But, as you say:
Apple and several third-party vendors will be happy to do that battery replacement for you
Jesus Christ, never heard of Limeade OS?
No. Why the fuck would we?
Why not sell your PII for $25,000 to "partnered" companies?
Because people can't afford the tax on that $25k "income".
$2.8bn wouldn't in itself cause bankruptcy. Just kill the share price.
But even if it did, the pennies on the dollar that the claimants would receive will still likely be better than they'll get through a class action.
The researchers also put up smooth, vertical plates near wild bat colonies
The bastards!
The reason is that they all fail to implement the principle of least privilege
The application required data access rights. Its least privilege included access to data. Once it was compromised, so was the data.
Could things be more secure? Of course. Switch the fucking thing off, it's more secure. There's a risk/cost equation and right now the risks don't (in business terms) justify the extra cost of excessive security.
Data diodes can, in hardware, allow for physically secure data ingress. Equifax could use one to allow reporting into their systems, which is the bulk of the information flow. They could then use another to allow requests inbound for customer queries, and then another one for the outbound results of those queries. All of the outbound results would be in one easy to monitor flow. No other egress would be possible. Thus they could then know the type and flow rates that are normal... and cut it off if the rates get exceeded, possibly even in an automated manner.
We don't know which part of the data flow was compromised. It could be any of those three, or others, and a data diode wouldn't have prevented the compromise.
Rate and flow monitoring were hopefully in place but a sensible attacker will draw data incrementally to avoid triggering alerts - Equifax have said the hack was in place for several weeks, so that's a relatively low number of records/hour, given their likely normal traffic.
Without further detail it's hard to pinpoint the measures that would've saved them. It may have been a passive intercept, capturing data traversing a link or system interaction, then passing the captured data back via a side channel. If you've got access at the application layer then you have a large number of options available to you on how to achieve that, some of which would be almost impossible to detect through standard tooling.
Equifax obviously has never heard of data diodes, which let data in, but not back out
It's rather hard to offer data based services without ever letting data out.
They probably never heard of capability based security either, nor the principle of least privilege. They probably also use Operating Systems that rely on ambient authority to get everything done, such operating systems are wildly popular, but can't be made secure.
Are you an academic? Just that it doesn't sound like you have any experience at all in protecting complex real world business systems.
I am sure there are equally good ways to determine if I pay my bills or not.
Devise them, commercialise them, get retirement level rich.
Even if you can't be arsed running a business, just sell it to Equifax, or Experian, or Call Credit. If you can provide reliable risk indicators without needing a fuckton of data then they'll start a bidding war for you.
It is apparent that Equifax couldn't give a flying fuck about security
While I'm personally greatly enjoying seeing Equifax get a kicking, and looking forward to meeting up with a friend that works there to taunt him about it, I think it's very apparent that Equifax do a fucking excellent job on data security.
Otherwise this breach would have occurred a decade ago, and monthly since. It's almost a surprise that it's taken this long, and that is itself testament to the extent to which they do indeed give a fuck about security.
US consumers though.. no, they don't give a fuck about them.