2. Bandwidth costs are lower, since all you have are people hitting the site, seeing the shuttering, and going away again, rather than actually using it.
Do we have any idea what governments contracts for public/Internet access looks like? Do we even know if they are paying by bandwidth consumption?
3. Anything behind the front page, such as databases, can and probably are shut down completely, saving on power and bandwidth.
Isn't this just more hand waving? We simply don't know who all is doing what. What I do know some have been able to bypass sorry we're closed banners and access underlying datasets so not everyone is really pulling the plug.
4. Information provided on sites that aren't updated is likely to be inaccurate, which is worse than no information at all.
This is a highly domain dependent assumption. Most datasets we've ever been interested in have been compiled over many decades missing out on a few days of updates make no difference at all to us. As long as people are aware of any lag it seems least destructive to have them make up their own minds.
The cost to shutting them down can't have been all that high, since here's the process: (1) Have a developer make a static "We're not open for business" page, (2) have your admins configure front-end webservers with a mod_rewrite (or equivalent) to direct all traffic to that page, (3) shut down anything that's not a front-end webserver. Yes, it wasn't free, but my guess is whoever is coming up with the costs is factoring in paying the tech staff they already had on salary to do the work.
Now when I tell people brain-dead "REST" APIs mapped on HTTP status codes are a disaster waiting to happen they might think twice before going all hipster on me.
There's also a legitimate technical interest. If I was given the choice of leaving a complex, dynamic site up and running with no maintenance or support, or putting up a single, static page, I'd opt for the static page every time.
If you are afraid of leaving your site unattended there is something wrong with your site.
Launch a clean VM, put up the static page and tun everything else off. Otherwise there's a real risk of a government site being attacked and content modified without anyone realizing.
If your going to be paranoid at least do it in a way that is likely to get results.
If a human is required to be present to detect tampering with of substantial datasets you've already lost. This is the same "but we have the source" justification open source proponents use to claim they are safer because their code can be manually reviewed all the while level of scrutiny required to be successful is well outside their capability.
Bottom line if your data is sensitive you would have already taken measures to protect it.
speaking as a hosting engineer, the sites youre seeing are in 'static maintenance' meaning the original content is replaced with a banner. since each site has a banner page for a shutdown, for example usda.gov, its feasible to presume the shutdown sites were created ahead of time and are all hosted on one or two machines at government facilities that have not been shut down.
Most.gov sites are run from CDNs.
static maintenance pages arent saving cash in the form of hosting costs or electricity but they do mean your normal 'staff' of engineers and content creators for the sites can be sent home safely. you dont need to worry about content expiring, which if your the USDA or the FCC thats a good thing because you dont end up misleading people inadvertantly about advisories or notices because no one was around to remove expired content.
Or just put up a banner saying the site is not being maintained as the few who decided not to be total assholes have.
now, once the crisis ends and everyone goes back to work, im certain lifting the 'shutdown' banners and playing catchup with a few weeks of missed content and data is going to cost money.
More likely a few hours of actually doing work and then back to regularly scheduled nose picking.
any unforseen outages or problems caused by say, two weeks of database updates or transactions, might be problematic and require more engineering time than had we not shut down the government. also for the static maintenance team (those guys in charge of the
What a load a BS "unforeseen problems" *might* cause extra work... Your just throwing shit on the wall and hoping something sticks.
banner only) you'll need to start sending them backpay for their ongoing work and overtime for their miserable on-call rotations.
A whole team of people are needed to replace a "this site has been intentionally sabotaged" banner. I can believe it.. that's how.gov rolls.
Nothing shows up the sheer arbitrariness of a government shutdown than some sites like Healthcare.gov being up, and others being forced to shut down at extra expense when they could have just been left running (and the servers that are there just to tell you the site is shut down are still consuming power and bandwidth).
Apparently nearly every government agency under the sun has taken to sabotaging their sites to I assume make a statement about how much not getting paid sucks.
While I understand it is still childish and offensive to taxpayers. I would respect an agency if their site and servers were actually shut down or if they left a message saying sorry content may not be up to date... very few I know anything about are actually doing that.
So not only do they get lower TCO, they also get 100% less built in spyware (literally) by the NSA.
It's truely a win-win!
There are thousands of separate groups of people working codes that go into open source distributions. Most openly accept patches from anyone...
So yea "Mission accomplished" Linux must 100% less big brother...
I know I know... "but...but . we have source!"...
And a lengthy historical record of innocent vulnerabilities caused by **innocent** human mistakes only being found years after the fact to prove how much having the source is worth.
Mr Levingston: "I've been ready to do that since Agent howard spoke to me the first time"
"In light of the conference call on July 10th and after subsequently reviewing the requirements of the June 28th order I now believe it would be possible to capture the required data ourselves and provide it to the FBI."...
"because all other options for installing then pen-trap have failed. In a typical case, a provider is capable of implementing a pen-trap by using its own software or device, or by using a technical solution provided by the investigating agency; when such a solution is possible, a provider need not disclose its key"...
Lavabits said they would change their system to do it for $2k or whatever it was yet government did not accept the offer cuz $2k was too much and they wanted faster/realtime updates. Seriously? How much did it cost taxpayers to quibble over $2k and update frequency? A lot more than $2k I assume.
The FBI knows full well lavabits is done if it hands over private keys yet they are militantly unwilling to work with Lavabits in good faith to get the information Lavabits has always agreed it would help them provide. The FBI is acting like a spoiled little brat and it got what all spoiled little brats deserve (NOTHING). The unwillingness to work together in this case is unprofessional and ridiculous. I feel comfortable assuming either extreme FBI incompetence/BSD or a conspiracy to possess private keys in an effort to continue this countries systematic overreach and circumvention of limits to power.
Is it really necessary for government agencies to shut down access to public datasets and post messages about how everything is shutdown on their websites?
The systems are still up and running, Internet connectivity still up they just decided they would actively disable access to information wasting employee time to implement these changes for seemingly little to no productive reason. It is one thing to pull the plug if there is no money but they clearly have not done so.
I could see pressure to mine public attention in an effort to get shutdown lifted as soon as possible and everyone back at their jobs. Still the "sabotage" seems rather childish.
I think crypto agility is generally an awesome thing all our encryptions should have ability to swap out algorithms at a moments notice with meaningful process to mutually agree to strong acceptable algorithms.
It is also a double edged sword as practically it means if any of algorithms you trust are compromised AND both parties are still willing to use the algorithm an attacker can normally steer parties to use it.
One thing I never really understood is if your afraid of subversion why not simply chain a series of different algorithms together such that compromise of one could not result in recovery of plaintext? The only downside I can think of you might need a bigger key so jacking input bits of one algorithm does not cascade to the others or otherwise reduce effective entropy of each input.
What seems strange to me is that they do limit GPS in the first place. Seems like anything where military level GPS could be used dangerously, it's not that high of a barrier. You don't need super accurate GPS to make a car bomb, and if you're competent to make your own attack drone, you probably know how to bypass the restrictions.
It is just an export limit. We can have/use the technology here in the US as long as it stays here. Relevant ITAR restrictions are:
"Designed for encryption or decryption (e.g., Y-Code) of GPS precise positioning service (PPS) signals;"
"Designed for producing navigation results above 60,000 feet altitude and at 1,000 knots velocity or greater;"
There is not really a "soft" restriction on accuracy because none of us possess the decryption key for military carrier. Limits on accuracy is mostly caused by "ionospheric delay" from signals traveling thru charged upper atmosphere. Now that other GPS constellations are in operation it is possible to construct a receiver to concurrently examine timing/phase of multiple carrier frequencies to get an active handle on ionospheric delay and significantly improve accuracy. New civilian signals being added to GPS will also provide improved accuracy.
On a lighter note with chick-fil-a profits at an all time high what does this chairman have to fear but fear itself?
Seriously there does seem to be a general lack of respect and tolerance for the opinions of others in the faceb00c twitterverseternet. So someone thinks your god is a loser or orange people are inferior to purple people or those who eat rice with their bare hands are cave dwelling vampires. If someone says or does something you personally don't agree with or you don't like is it really always necessary to turn the megaphone up to 11 and tell the world how wrong and out of touch the other guy is? Respect is a bidirectional affair.
In my view intolerance and lack of respect for the views of others is no different than intolerance of race/religion/sex*/..etc. Intolerance is intolerance.
Why isn't sandboxing applets the responsibility of the browser?
I have not made or even hinted at the above claim. OS jailing of browser and browser jailing of extensions are important yet insufficient.
Java runtime is closer to the application space and therefore best positioned to make contextual access decisions regarding resources it controls or arbitrates in applet mode.
Consider the case where java is running in a sandbox and an application is able to escape the java applet runtime into the execution environment of java runtime. While this does not pose a threat to the underlying browser or system if properly jailed java mediated policy is still compromised nonetheless.
Is it more difficult to give up on making the sandbox mechanism secure or to review all code for all applets to make sure they are "trustworthy"
I would think money making conspiracies aside the first approach is a solvable problem while the second is a hopeless fools errand... perhaps I'm wrong given there are just 3 remaining people in the world still using java applets on their websites.
I logged on to YouTube today it said I appear to be logging in from an "unusual location" (e.g. same IP I've used for years) please give us your telephone number so we can verify you.
Unless someone can explain how providing information I never gave them in the first place (and will never provide) can possibly serve to verify my YouTube account the motive for this was never "For your protection" as stated it was to get more information about my identity..spun into a big fat LIE.
I have long since lost any trust in anything Google says. This sounds like yet another "privacy policy" which enumerates all the ways you agree your information will be sold to anyone willing to buy it.
No it makes a big difference if your private or corporate data is protected by a logical legal environment...see below..
All undersea cables are tapped. All sat signals are intercepted
While I think it is a crying shame what governments are doing en masse... I also believe the Internet is not now nor has never been trustworthy. We all really knew that perhaps with varying degrees of surprise at revelations in recent months. If not government certainly bad actors lurking at any hop outside yer admin control have always been a problem.
Beyond all the noise it is quite reasonable to establish secure communications over insecure channels. Much much harder proposition to secure physical computation from ethically challenged employees and governments. This is why a sane legal regime matters even while the Internet will (hopefully) never become a "trusted" network.
The ONLY guaranteed security for sensitive is an air gap which is never breached
That's like saying the only guaranteed secure encryption is OTP... Perhaps true but pointless and useless in the real world.
Seriously, git is instantaneous, greps and compiles are ludicrously fast, etc,, etc, etc. I mean, unless your rate is like 10USD/hr, you owe it to yourself and your clients to install a decently-sized decently-fast SSD in all of your dev boxes
Since when is compilation an I/O limited activity?
Lack of a good replacement for spinning platters in 2013 is a little depressing.
SSDs consume nearly as much power as spinning disks, writes are destructive high current cap banks faillure prone average I/O per day lifetime ratings assume just *minutes* at max write performance per day, bit density/cost sucks and lots of free space required for effective wear leveling.
Personally I'm sticking with spinning platters until memristers or something replaces SSDs. While ago rumor was it would be late this year or next year before product starts shipping. I can wait/save up.
With regards to the failure rates according to TFA most models of Western digitals provide the same ~1.5% figure.. I don't buy from other vendors or have the outlier WD model so their contributions don't effect me personally.
Also take percautions in assuring proper airflow/temperature range, not spinning down, vibration dampening mounts and never shipping ground when ordering online.
Anyone can submit an I-D for anything. With few exceptions they are uploaded automatically with no human review, zero buy-in, endorsement, weight..etc by anyone. This ID has not even been adopted by a particular WG.
Then theres question of what is it this draft proposes reads more like a hapazard list of one mans problems.
To be clear I'm not attacking the I-D I'm attacking the warped characterization of it by people who should know better.
Doesn't matter. No US hardware or software can be trusted any more... particularly when it's just a black box.
You are free to make your own value judgements however computers are a global affair with parts and expertise sourced globally... good luck finding something produced entirely under the jurisdiction of a "trustworthy" government. Remember it just isn't the product itself but the means of production and outlay of technology required to produce any modern shit. If means of production is compromised then it can be transfered to the final product as we have seen demonstrated in compromised compilers.
Even if everything were "open" none of us have the capability or time to check everything to verify no tampering or backdoors have been inserted.
Nor can we get access to production and supply chain to verify strict conformance to specification with no additional circuits added or modified during fabrication.
Do I think US technology companies should be automatically trusted? Especially all telcom/ online/cloud shit HELL NO. I just think think those making blanket assertions in either direction without specific evidence are not making useful contributions.
Myopic much? The objective evidence points to American vendors intentionally compromising their crypto features.
Intel is somehow above this?! You--and Intel-- prove it to us.
I am mearly asking for evidence to support the position RdRnd is compromised.
You are asking me to support a position I have not taken. I have no idea whether RdRnd is trustworthy nor have I ever made a claim that it should or should not be trusted.
My only assertion is that paranoia in the absence of evidence is a pointless endeavour. US citizens kill other citizens, US corporations commit crimes... this does not mean all citizens and corporations are bad actors nor does it mean they are good actors. You need the frickin evidence to support your specific claims...otherwise you deserve to be ignored.
The 'server' is embedded in the application, which means one instance per app instance. A true standalone RDBMS runs (a minimum of) one instance that multiple (instances of) apps query.
If my application accesses SQLlite database via odbc is it "embedded" in my application? How is the database not logically a standalone component in this case?
If my application accesses SQLite database via a socket API does that count?
SQLite also facilitiates concurrent access via shared memory. The only limit I'm aware of is concurrency model where you basically get one open transaction (excluding temp table) per database but lots of concurrent readers are possible. I'm not so sure I buy what is being implicated that process isolation of data tier itself is the deciding factor. "Standalone database" needs to be evaluated in my view based on logical separation rather than strictly physical process boundaries.
Aside from codename coincidence is there objective evidence RdRand is compromised?
Some degree of paranoia is healthy, certainly Eugen's stand against RdRand bypass of the entire entropy pool is sensible if for nothing else than to protect systems against any innocent defects which may exist in RdRand.
It is however difficult in the absence of supporting evidence to see how unbounded paranoia can be useful.
For all I know removing RdRand outright out of unsubstantiated fears is what the NSA is banking on.
Incorrect as SQLlite isn't a stand alone which was clearly a qualifier. A word of advice, best not to correct other's for spelling as you will often make a mistake as bad or worse.
What specifically makes SQLlite not a "standalone" database?
Slashdot Mirror
2. Bandwidth costs are lower, since all you have are people hitting the site, seeing the shuttering, and going away again, rather than actually using it.
Do we have any idea what governments contracts for public/Internet access looks like? Do we even know if they are paying by bandwidth consumption?
3. Anything behind the front page, such as databases, can and probably are shut down completely, saving on power and bandwidth.
Isn't this just more hand waving? We simply don't know who all is doing what. What I do know some have been able to bypass sorry we're closed banners and access underlying datasets so not everyone is really pulling the plug.
4. Information provided on sites that aren't updated is likely to be inaccurate, which is worse than no information at all.
This is a highly domain dependent assumption. Most datasets we've ever been interested in have been compiled over many decades missing out on a few days of updates make no difference at all to us. As long as people are aware of any lag it seems least destructive to have them make up their own minds.
The cost to shutting them down can't have been all that high, since here's the process: (1) Have a developer make a static "We're not open for business" page, (2) have your admins configure front-end webservers with a mod_rewrite (or equivalent) to direct all traffic to that page, (3) shut down anything that's not a front-end webserver. Yes, it wasn't free, but my guess is whoever is coming up with the costs is factoring in paying the tech staff they already had on salary to do the work.
Now when I tell people brain-dead "REST" APIs mapped on HTTP status codes are a disaster waiting to happen they might think twice before going all hipster on me.
There's also a legitimate technical interest. If I was given the choice of leaving a complex, dynamic site up and running with no maintenance or support, or putting up a single, static page, I'd opt for the static page every time.
If you are afraid of leaving your site unattended there is something wrong with your site.
Launch a clean VM, put up the static page and tun everything else off. Otherwise there's a real risk of a government site being attacked and content modified without anyone realizing.
If your going to be paranoid at least do it in a way that is likely to get results.
If a human is required to be present to detect tampering with of substantial datasets you've already lost. This is the same "but we have the source" justification open source proponents use to claim they are safer because their code can be manually reviewed all the while level of scrutiny required to be successful is well outside their capability.
Bottom line if your data is sensitive you would have already taken measures to protect it.
speaking as a hosting engineer, the sites youre seeing are in 'static maintenance' meaning the original content is replaced with a banner. since each site has a banner page for a shutdown, for example usda.gov, its feasible to presume the shutdown sites were created ahead of time and are all hosted on one or two machines at government facilities that have not been shut down.
Most .gov sites are run from CDNs.
static maintenance pages arent saving cash in the form of hosting costs or electricity but they do mean your normal 'staff' of engineers and content creators for the sites can be sent home safely. you dont need to worry about content expiring, which if your the USDA or the FCC thats a good thing because you dont end up misleading people inadvertantly about advisories or notices because no one was around to remove expired content.
Or just put up a banner saying the site is not being maintained as the few who decided not to be total assholes have.
now, once the crisis ends and everyone goes back to work, im certain lifting the 'shutdown' banners and playing catchup with a few weeks of missed content and data is going to cost money.
More likely a few hours of actually doing work and then back to regularly scheduled nose picking.
any unforseen outages or problems caused by say, two weeks of database updates or transactions, might be problematic and require more engineering time than had we not shut down the government. also for the static maintenance team (those guys in charge of the
What a load a BS "unforeseen problems" *might* cause extra work... Your just throwing shit on the wall and hoping something sticks.
banner only) you'll need to start sending them backpay for their ongoing work and overtime for their miserable on-call rotations.
A whole team of people are needed to replace a "this site has been intentionally sabotaged" banner. I can believe it.. that's how .gov rolls.
Nothing shows up the sheer arbitrariness of a government shutdown than some sites like Healthcare.gov being up, and others being forced to shut down at extra expense when they could have just been left running (and the servers that are there just to tell you the site is shut down are still consuming power and bandwidth).
Apparently nearly every government agency under the sun has taken to sabotaging their sites to I assume make a statement about how much not getting paid sucks.
While I understand it is still childish and offensive to taxpayers. I would respect an agency if their site and servers were actually shut down or if they left a message saying sorry content may not be up to date... very few I know anything about are actually doing that.
So not only do they get lower TCO, they also get 100% less built in spyware (literally) by the NSA.
It's truely a win-win!
There are thousands of separate groups of people working codes that go into open source distributions. Most openly accept patches from anyone...
So yea "Mission accomplished" Linux must 100% less big brother...
I know I know... "but...but . we have source!"...
And a lengthy historical record of innocent vulnerabilities caused by **innocent** human mistakes only being found years after the fact to prove how much having the source is worth.
Mr Levingston: "I've been ready to do that since Agent howard spoke to me the first time"
"In light of the conference call on July 10th and after subsequently reviewing the requirements of the June 28th order I now believe it would be possible to capture the required data ourselves and provide it to the FBI." ...
"because all other options for installing then pen-trap have failed. In a typical case, a provider is capable of implementing a pen-trap by using its own software or device, or by using a technical solution provided by the investigating agency; when such a solution is possible, a provider need not disclose its key" ...
Lavabits said they would change their system to do it for $2k or whatever it was yet government did not accept the offer cuz $2k was too much and they wanted faster/realtime updates. Seriously? How much did it cost taxpayers to quibble over $2k and update frequency? A lot more than $2k I assume.
The FBI knows full well lavabits is done if it hands over private keys yet they are militantly unwilling to work with Lavabits in good faith to get the information Lavabits has always agreed it would help them provide. The FBI is acting like a spoiled little brat and it got what all spoiled little brats deserve (NOTHING). The unwillingness to work together in this case is unprofessional and ridiculous. I feel comfortable assuming either extreme FBI incompetence/BSD or a conspiracy to possess private keys in an effort to continue this countries systematic overreach and circumvention of limits to power.
Is it really necessary for government agencies to shut down access to public datasets and post messages about how everything is shutdown on their websites?
The systems are still up and running, Internet connectivity still up they just decided they would actively disable access to information wasting employee time to implement these changes for seemingly little to no productive reason. It is one thing to pull the plug if there is no money but they clearly have not done so.
I could see pressure to mine public attention in an effort to get shutdown lifted as soon as possible and everyone back at their jobs. Still the "sabotage" seems rather childish.
I think crypto agility is generally an awesome thing all our encryptions should have ability to swap out algorithms at a moments notice with meaningful process to mutually agree to strong acceptable algorithms.
It is also a double edged sword as practically it means if any of algorithms you trust are compromised AND both parties are still willing to use the algorithm an attacker can normally steer parties to use it.
One thing I never really understood is if your afraid of subversion why not simply chain a series of different algorithms together such that compromise of one could not result in recovery of plaintext? The only downside I can think of you might need a bigger key so jacking input bits of one algorithm does not cascade to the others or otherwise reduce effective entropy of each input.
What seems strange to me is that they do limit GPS in the first place. Seems like anything where military level GPS could be used dangerously, it's not that high of a barrier. You don't need super accurate GPS to make a car bomb, and if you're competent to make your own attack drone, you probably know how to bypass the restrictions.
It is just an export limit. We can have/use the technology here in the US as long as it stays here. Relevant ITAR restrictions are:
"Designed for encryption or decryption (e.g., Y-Code) of GPS precise positioning service (PPS) signals;"
"Designed for producing navigation results above 60,000 feet altitude and at 1,000 knots velocity or greater;"
There is not really a "soft" restriction on accuracy because none of us possess the decryption key for military carrier. Limits on accuracy is mostly caused by "ionospheric delay" from signals traveling thru charged upper atmosphere. Now that other GPS constellations are in operation it is possible to construct a receiver to concurrently examine timing/phase of multiple carrier frequencies to get an active handle on ionospheric delay and significantly improve accuracy. New civilian signals being added to GPS will also provide improved accuracy.
IPhones use http://en.wikipedia.org/wiki/Pulse-width_modulation (PWM) to dim its display cycling on and off rapidly above the http://en.wikipedia.org/wiki/Flicker_fusion_threshold not only is this annoying and http://en.wikipedia.org/wiki/Asthenopia inducing to some it is wholly unnecessary.
What is happening with the animations at certain brightness levels http://en.wikipedia.org/wiki/Duty_cycleof the PWM creates a http://en.wikipedia.org/wiki/Resonance
with screen movements shadowed by the moving appendages. You can see this effect by turning down brightness on your monitor and waving your finger rapidly in front of the screen. If you see distinct fingers rather than continuous blur through the motion you too are being made http://en.wikipedia.org/wiki/Seasicknessby the effect of http://en.wiktionary.org/wiki/cut_corners. The solution is to jack up http://en.wikipedia.org/wiki/Luminance to 100% until your phones battery melts into a pool of http://en.wikipedia.org/wiki/Lithiumlithium ions...no seriously just turn off the stupid animation feature. So much whining can be avoided with so few seconds of googling. Just take my advice and stay off the crack formerly known as http://en.wikipedia.org/wiki/Wikipedia.
On a lighter note with chick-fil-a profits at an all time high what does this chairman have to fear but fear itself?
Seriously there does seem to be a general lack of respect and tolerance for the opinions of others in the faceb00c twitterverseternet. So someone thinks your god is a loser or orange people are inferior to purple people or those who eat rice with their bare hands are cave dwelling vampires. If someone says or does something you personally don't agree with or you don't like is it really always necessary to turn the megaphone up to 11 and tell the world how wrong and out of touch the other guy is? Respect is a bidirectional affair.
In my view intolerance and lack of respect for the views of others is no different than intolerance of race/religion/sex*/..etc. Intolerance is intolerance.
Why isn't sandboxing applets the responsibility of the browser?
I have not made or even hinted at the above claim. OS jailing of browser and browser jailing of extensions are important yet insufficient.
Java runtime is closer to the application space and therefore best positioned to make contextual access decisions regarding resources it controls or arbitrates in applet mode.
Consider the case where java is running in a sandbox and an application is able to escape the java applet runtime into the execution environment of java runtime. While this does not pose a threat to the underlying browser or system if properly jailed java mediated policy is still compromised nonetheless.
Is it more difficult to give up on making the sandbox mechanism secure or to review all code for all applets to make sure they are "trustworthy"
I would think money making conspiracies aside the first approach is a solvable problem while the second is a hopeless fools errand... perhaps I'm wrong given there are just 3 remaining people in the world still using java applets on their websites.
It might take 7ms for signals sent over fiber at 2/3 c via non-direct route...
However a pre-programmed bit transmitted via radio signal can propagate in 3 ms.
Given extraordinary lengths and expense HFT folk have been willing to take it seems logical that someone would do/try it.
Doubt it. Most game developers have not even figured out how to use more than 2GB of main memory or more than one core.
Game developers don't give a fuck about the CPU anymore. It is all GPU where hundreds to thousands of "cores" are in play.
I logged on to YouTube today it said I appear to be logging in from an "unusual location" (e.g. same IP I've used for years) please give us your telephone number so we can verify you.
Unless someone can explain how providing information I never gave them in the first place (and will never provide) can possibly serve to verify my YouTube account the motive for this was never "For your protection" as stated it was to get more information about my identity..spun into a big fat LIE.
I have long since lost any trust in anything Google says. This sounds like yet another "privacy policy" which enumerates all the ways you agree your information will be sold to anyone willing to buy it.
Where the cloud is based makes no difference.
No it makes a big difference if your private or corporate data is protected by a logical legal environment...see below..
All undersea cables are tapped. All sat signals are intercepted
While I think it is a crying shame what governments are doing en masse ... I also believe the Internet is not now nor has never been trustworthy. We all really knew that perhaps with varying degrees of surprise at revelations in recent months. If not government certainly bad actors lurking at any hop outside yer admin control have always been a problem.
Beyond all the noise it is quite reasonable to establish secure communications over insecure channels. Much much harder proposition to secure physical computation from ethically challenged employees and governments. This is why a sane legal regime matters even while the Internet will (hopefully) never become a "trusted" network.
The ONLY guaranteed security for sensitive is an air gap which is never breached
That's like saying the only guaranteed secure encryption is OTP... Perhaps true but pointless and useless in the real world.
Seriously, git is instantaneous, greps and compiles are ludicrously fast, etc,, etc, etc. I mean, unless your rate is like 10USD/hr, you owe it to yourself and your clients to install a decently-sized decently-fast SSD in all of your dev boxes
Since when is compilation an I/O limited activity?
Lack of a good replacement for spinning platters in 2013 is a little depressing.
SSDs consume nearly as much power as spinning disks, writes are destructive high current cap banks faillure prone average I/O per day lifetime ratings assume just *minutes* at max write performance per day, bit density/cost sucks and lots of free space required for effective wear leveling.
Personally I'm sticking with spinning platters until memristers or something replaces SSDs. While ago rumor was it would be late this year or next year before product starts shipping. I can wait/save up.
With regards to the failure rates according to TFA most models of Western digitals provide the same ~1.5% figure.. I don't buy from other vendors or have the outlier WD model so their contributions don't effect me personally.
Also take percautions in assuring proper airflow/temperature range, not spinning down, vibration dampening mounts and never shipping ground when ordering online.
Anyone can submit an I-D for anything. With few exceptions they are uploaded automatically with no human review, zero buy-in, endorsement, weight..etc by anyone. This ID has not even been adopted by a particular WG.
Then theres question of what is it this draft proposes reads more like a hapazard list of one mans problems.
To be clear I'm not attacking the I-D I'm attacking the warped characterization of it by people who should know better.
Doesn't matter. No US hardware or software can be trusted any more... particularly when it's just a black box.
You are free to make your own value judgements however computers are a global affair with parts and expertise sourced globally... good luck finding something produced entirely under the jurisdiction of a "trustworthy" government. Remember it just isn't the product itself but the means of production and outlay of technology required to produce any modern shit. If means of production is compromised then it can be transfered to the final product as we have seen demonstrated in compromised compilers.
Even if everything were "open" none of us have the capability or time to check everything to verify no tampering or backdoors have been inserted.
Nor can we get access to production and supply chain to verify strict conformance to specification with no additional circuits added or modified during fabrication.
Do I think US technology companies should be automatically trusted? Especially all telcom/ online/cloud shit HELL NO. I just think think those making blanket assertions in either direction without specific evidence are not making useful contributions.
Myopic much? The objective evidence points to American vendors intentionally compromising their crypto features.
Intel is somehow above this?! You--and Intel-- prove it to us.
I am mearly asking for evidence to support the position RdRnd is compromised.
You are asking me to support a position I have not taken. I have no idea whether RdRnd is trustworthy nor have I ever made a claim that it should or should not be trusted.
My only assertion is that paranoia in the absence of evidence is a pointless endeavour. US citizens kill other citizens, US corporations commit crimes... this does not mean all citizens and corporations are bad actors nor does it mean they are good actors. You need the frickin evidence to support your specific claims...otherwise you deserve to be ignored.
The 'server' is embedded in the application, which means one instance per app instance. A true standalone RDBMS runs (a minimum of) one instance that multiple (instances of) apps query.
If my application accesses SQLlite database via odbc is it "embedded" in my application? How is the database not logically a standalone component in this case?
If my application accesses SQLite database via a socket API does that count?
SQLite also facilitiates concurrent access via shared memory. The only limit I'm aware of is concurrency model where you basically get one open transaction (excluding temp table) per database but lots of concurrent readers are possible. I'm not so sure I buy what is being implicated that process isolation of data tier itself is the deciding factor. "Standalone database" needs to be evaluated in my view based on logical separation rather than strictly physical process boundaries.
Aside from codename coincidence is there objective evidence RdRand is compromised?
Some degree of paranoia is healthy, certainly Eugen's stand against RdRand bypass of the entire entropy pool is sensible if for nothing else than to protect systems against any innocent defects which may exist in RdRand.
It is however difficult in the absence of supporting evidence to see how unbounded paranoia can be useful.
For all I know removing RdRand outright out of unsubstantiated fears is what the NSA is banking on.
Incorrect as SQLlite isn't a stand alone which was clearly a qualifier. A word of advice, best not to correct other's for spelling as you will often make a mistake as bad or worse.
What specifically makes SQLlite not a "standalone" database?