Straw man. Nobody suggested walking on eggshells. They suggested being professional and courteous. If you can't express yourself while being those things, the problem is you and your inadequate vocabulary.
So what if it is? Then what?
Lets assume everyone agrees 'Villager A' is a mean nasty person who makes everyone "feel" bad. 'Villager A' is simply incapable of being professional or courteous without "pretending" and even then he sucks at it.
Does this mean 'Villager A' has no place and is not welcomed to participate in society? 'Villager A' is not allowed to have a job (everyone knows what he said, Internet never forgets) or contribute to an open source project just because everyone else doesn't like mean nasty 'Villager A' and is totally unwilling to tolerate him? What would you have 'Villager A' do? Fight rats for food? Rot in a dungeon? Kill himself?
The price we all pay for an open society and also very much what makes professionals professional is tolerance of others. No matter how much you insult, annoy and offend I will still tolerate your (pathetic) existence and won't try and force you to shut up and go away. (Please leave)
sure, if you don't have the slightest clue what quantum computing actually is.
All it does is search a space of all possible states at once. Each real qubit added doubles the search space (power) of your computer.
QC is great for some problems that can be expressed as search problems. It doesn't do much otherwise.
That botnet can theoretically hash out stuff yes, but you aren't pooling that processing power, you are distributing it which causes it's own bottlenecks and headaches.
A quantum computer (they DO exist) can hash out faster than any of those combined.
Even if you assume RSA smashing quantum computers exist there is still no evidence they could put much of a dent in 'hashing out'.
the technology that QC can eventually provide us will literally remove the need for encryption. Unless you are at point A or point B, there's nothing to encrypt, listen to or steal. Spooky action at a distance is a real thing and it's spooky as fuck but potentially will change our entire techno-ecosphere for the better.
"spooky action at a distance" decides outcomes rather than conducts information. It can't be used to conduct information.
Problem with quantum encryption schemes is point A and point B are not mprotect()'d by god who infallibly only allows intended parties to communicate. You still have to bind the quantum channel while leveraging it for keying to prove integrity of the quantum channel. This requires classical communication and encryption algorithms. So while quantum crypto does provide a useful service it is still only as good as the algorithms and enabling guarded secrets. It isn't infinitely secure or infallible by any means.
Always prudent to make sure security stacks are sufficiently configurable to enable rapid phase out of broken technology as it becomes necessary. It's great to work on quantum safe key exchange and new ciphers just in case.
What is foolish and wasteful is switching to something else from a position of fear of what can't be ruled out when no affirmative evidence to support such fears exists. At that point you are no better off hiring keyboard mashing monkeys to set policy.
Thorne described a plausible time machine. It relied on exotic stuff (wormholes whose entry/exit points could be moved around) but the description holds up. Briefly, it works like this:
- take a wormhole whose ends can be moved around; - move one end around with respect to the other, so that the local time of the moved end ages more slowly that the other end (per The Twin Paradox); - and voilÃ, you have a time machine: go forward or backward in time depending on which direction you choose to pass through.
Assume you could create wormholes and do all of that shit you are still taking an entirely locally subluminal path thru the wormhole. There is no twin paradox or any reference frame where you are observed to be travelling backward in time.
Misunderstanding arises from people doing math on outcomes... x appears at y after interval z in frame c. Reality doesn't work this way. It matters HOW you ended up where you are in space and time not the fact you are there.
This has long been a pet peeve of mine in the design of these systems.
People always feel the need to include messages indicating success or failure which is something I personally find to be dangerous and redundant.
If it is ever possible for any peer to be at all confused about whether authentication was successful or not you are having a bad day and no amount of status indications are going to make the hole you are standing in any shallower.
Facebook is no longer relevant. The platform is currently being rapidly abandoned while brand toxicity reaches new heights.
Even if by some miracle they were to produce something completely unmolested by corporate sociopaths devoid of creeptastic stalker malware nobody would trust them enough to care.
In Europe Google has some of the strongest privacy controls of any major service. Way better than Facebook and Microsoft, for example. From what I read it's not too dissimilar in the US. You can go here to see the available controls: https://myaccount.google.com/p...
In Europe Google Analytics is used to stalk users as they move from website to website the same as any other country. Browser signals that indicate user preference not to be stalked are summarily ignored by these services owned and operated by a company with "the strongest privacy controls".
Strongest privacy controls = requires you to create an account to manage the fate of SOME of the data they take from you regardless so for sure everything you do can most defiantly be tracked on an individual account holder basis.
So while it is possible that Google will abandon all that stuff for the Chinese market it's not certain, and perhaps we should at least see what they are proposing/doing first.
If they did launch with even half those privacy controls it would be a huge deal for the Chinese market, making privacy a thing that people think and care about.
Chinese people don't think and care about privacy unless Google provides it. Good luck getting anyone to believe what you are selling.
If there are no practical vulnerabilities and intentionally insecure negotiation bullshit has been exorcised from browsers (It has...right?!?) what is the harm in leaving it as an option so it can be selected as backup in event of unforeseen vulnerabilities in either specifications or implementations?
It's not like support for TLS 1.0 is being removed from schannel.
Arguments made about "age" in this context are inherently unfalsifiable and don't speak to technical merit.
"Two decades is a long time for a security technology to stand unmodified,"
Not only is this statement irrelevant it is provably false with numerous extensions and cipher suites making their way into production environments over the years. AES and by extension AES based cipher suites didn't even exist 20 years ago. It was added to TLS after the fact. Implementation of a relatively recent extension brought us "heartbleed".
Don't allow people to get away with unfalsifiable gibberish. Demand they make the case for change based on technical merit. There may well be a convincing reason to turn off TLS 1.0... state it, make the case for it on the merits.
So the US is a medieval theocracy that murders with volts? Does the manner of execution determine whether or not you are a medieval theocracy?
The subject of your message is "Who murders more of its own?". Yet you have completely neglected to address the issue instead choosing to focus entirely on loaded language used by the author.
Per capita US performs about 1.4% percent of the executions conducted by KSA.
The new generation, who get pissed off when a click takes longer than half a second, can't be bothered to wait for new technology that might take 10 or more years to develop to some kind of semi-maturity. So they throw a tantrum when version 1 isn't all that and a bag of chips.
I see it as a three step process.
Step 1: Hype something beyond all recognition.
Step 2: Fail to live up to hype
Step 3: Complain about an impatient "new generation" to cover for failure to have sufficient integrity to be honest with people from the beginning.
The issue is whether significant progress is being made or not. It is, so shut up and take your meds.
This isn't the authors issue. It's something you just made up.
At this point I would settle merely for basic self-consistency.
If ISPs are in fact "information services" and not telecommunications services then I would love to know what exactly fulfills "via telecommunications" role required by the definition of information services in order to be labeled an information service in the first place?
"The term âoeinformation serviceâ means the offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications, and includes electronic publishing, but does not include any use of any such capability for the management, control, or operation of a telecommunications system or the management of a telecommunications service."
One hard learned lesson I've learned over the years is never ever think about buying kiddy ram.
Kiddy ram can be identified by aggressive timings, "XMP" profiles and "crazy looking heat spreaders" often marketed to "gamers". Basically companies that produce these things scrape chips they didn't produce from the bottom of the bin and do insufficient integration testing of the final result. Some vendors have previously allowed chips with a threshold of detected bit errors to pass QA and make their way into shipping product. I guess they figure if it works for stuck pixels in displays what the heck why not ram?
I always run a 24hr memtest before booting a new system and the problem with Kiddy ram installed often won't show up. It shows up as subtle errors in job result and eventually system crashes when cores are pegged for weeks at a time.
Do yourself a favor and never buy kiddy ram. Get dimms produced by Samsung or equivalent tested by grown ups. Every time I've done that my problems disappeared.
Equally as important don't drink timing koolaid. Latency especially in DDR4 has no meaningful impact on performance given pipelines of modern hardware. Differences barely exceeds the margin of error in comparative benchmarking tests. Worrying about this crap won't win you anything but headaches.
Employers and colleges intercepting, monitoring, and censoring users secure sessions isn't what I'd call delegation.
If you don't trust a middlebox and don't want to be fooled by one then don't install root certificates necessary for it to function.
Politics surrounding middleboxes especially ones forced upon end users are a different matter from my comments on technology itself.
I personally believe there are both constructive and destructive uses of middleboxes, integrity only cipher suites and even completely insecure communications.
If you are being coerced into accepting trust relationships you don't actually find acceptable then of course there are natural consequences arising from that political reality. Technology can't generate trust it can only leverage it.
"Microsoftâ(TM)s internal testing, additional data becomes necessary. This data can include any user content that might have triggered the problem and is gathered from a small sample of devices that have both opted into the Full diagnostic data level and have exhibited the problem."
" Microsoft engineers can use the following capabilities to get the information:
âAbility to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.
âAbility to get registry keys. âAll crash dump types, including heap dumps and full dumps."
Slashdot Mirror
Straw man. Nobody suggested walking on eggshells. They suggested being professional and courteous. If you can't express yourself while being those things, the problem is you and your inadequate vocabulary.
So what if it is? Then what?
Lets assume everyone agrees 'Villager A' is a mean nasty person who makes everyone "feel" bad. 'Villager A' is simply incapable of being professional or courteous without "pretending" and even then he sucks at it.
Does this mean 'Villager A' has no place and is not welcomed to participate in society? 'Villager A' is not allowed to have a job (everyone knows what he said, Internet never forgets) or contribute to an open source project just because everyone else doesn't like mean nasty 'Villager A' and is totally unwilling to tolerate him? What would you have 'Villager A' do? Fight rats for food? Rot in a dungeon? Kill himself?
The price we all pay for an open society and also very much what makes professionals professional is tolerance of others. No matter how much you insult, annoy and offend I will still tolerate your (pathetic) existence and won't try and force you to shut up and go away. (Please leave)
DFTT = freedom
CoC = tyranny
and you struggle with reading comprehension, don't you?
First you call Torvalds a sociopath then you wonder out loud if he's an "asshole" and now you are flinging childish insults at others.
Keep up the yeoman's work.
Any chip that's old by "several years" would have at best pcie2, at roughly half the bandwidth per lane of pcie3.
Nonsense, CPUs with 16x 3.0 lanes were available more than 5 years ago.
https://ark.intel.com/products...
There is no excuse for 16 lanes in 2018.
This is standard for Intel CPUs.
16 PCIe lanes on-chip is standard for Intel and any other PCIe lanes are multiplexed off the 4x DMI Interface.
AMD no doubt fully supports this standard for "Intel" CPUs.
sure, if you don't have the slightest clue what quantum computing actually is.
All it does is search a space of all possible states at once. Each real qubit added doubles the search space (power) of your computer.
QC is great for some problems that can be expressed as search problems. It doesn't do much otherwise.
That botnet can theoretically hash out stuff yes, but you aren't pooling that processing power, you are distributing it which causes it's own bottlenecks and headaches.
A quantum computer (they DO exist) can hash out faster than any of those combined.
Even if you assume RSA smashing quantum computers exist there is still no evidence they could put much of a dent in 'hashing out'.
the technology that QC can eventually provide us will literally remove the need for encryption. Unless you are at point A or point B, there's nothing to encrypt, listen to or steal. Spooky action at a distance is a real thing and it's spooky as fuck but potentially will change our entire techno-ecosphere for the better.
"spooky action at a distance" decides outcomes rather than conducts information. It can't be used to conduct information.
Problem with quantum encryption schemes is point A and point B are not mprotect()'d by god who infallibly only allows intended parties to communicate. You still have to bind the quantum channel while leveraging it for keying to prove integrity of the quantum channel. This requires classical communication and encryption algorithms. So while quantum crypto does provide a useful service it is still only as good as the algorithms and enabling guarded secrets. It isn't infinitely secure or infallible by any means.
Always prudent to make sure security stacks are sufficiently configurable to enable rapid phase out of broken technology as it becomes necessary. It's great to work on quantum safe key exchange and new ciphers just in case.
What is foolish and wasteful is switching to something else from a position of fear of what can't be ruled out when no affirmative evidence to support such fears exists. At that point you are no better off hiring keyboard mashing monkeys to set policy.
The screams of terror as Facebook sinks to the bottom is a most delightful melody.
No, he is quite correct in his statement. We do not know if time travel is possible, there is no physical law that we know of that prevents it.
Information necessary to convert the corpse of Stephen Hawking back into a living person does not exist.
Thorne described a plausible time machine. It relied on exotic stuff (wormholes whose entry/exit points could be moved around) but the description holds up. Briefly, it works like this:
- take a wormhole whose ends can be moved around;
- move one end around with respect to the other, so that the local time of the moved end ages more slowly that the other end (per The Twin Paradox);
- and voilÃ, you have a time machine: go forward or backward in time depending on which direction you choose to pass through.
Assume you could create wormholes and do all of that shit you are still taking an entirely locally subluminal path thru the wormhole. There is no twin paradox or any reference frame where you are observed to be travelling backward in time.
Misunderstanding arises from people doing math on outcomes... x appears at y after interval z in frame c. Reality doesn't work this way. It matters HOW you ended up where you are in space and time not the fact you are there.
This has long been a pet peeve of mine in the design of these systems.
People always feel the need to include messages indicating success or failure which is something I personally find to be dangerous and redundant.
If it is ever possible for any peer to be at all confused about whether authentication was successful or not you are having a bad day and no amount of status indications are going to make the hole you are standing in any shallower.
Facebook is listing.
It's stocks liquefying.
https://finance.yahoo.com/char...
Passengers jumping ship in disgust.
http://www.pewresearch.org/fac...
Only Yiannis Avranas (Captain of the Oceanus) can save our souls now.
Facebook is no longer relevant. The platform is currently being rapidly abandoned while brand toxicity reaches new heights.
Even if by some miracle they were to produce something completely unmolested by corporate sociopaths devoid of creeptastic stalker malware nobody would trust them enough to care.
In Europe Google has some of the strongest privacy controls of any major service. Way better than Facebook and Microsoft, for example. From what I read it's not too dissimilar in the US. You can go here to see the available controls: https://myaccount.google.com/p...
In Europe Google Analytics is used to stalk users as they move from website to website the same as any other country. Browser signals that indicate user preference not to be stalked are summarily ignored by these services owned and operated by a company with "the strongest privacy controls".
Strongest privacy controls = requires you to create an account to manage the fate of SOME of the data they take from you regardless so for sure everything you do can most defiantly be tracked on an individual account holder basis.
So while it is possible that Google will abandon all that stuff for the Chinese market it's not certain, and perhaps we should at least see what they are proposing/doing first.
If they did launch with even half those privacy controls it would be a huge deal for the Chinese market, making privacy a thing that people think and care about.
Chinese people don't think and care about privacy unless Google provides it. Good luck getting anyone to believe what you are selling.
Or you can google why tls 1.0 is considered insecure. Lots of info on that.
Good, then you should have no problem naming one.
Quoting TFA "While we aren't aware of significant vulnerabilities with our up-to-date implementations of TLS 1.0"
Apparently Microsoft has also neglected to "Google why TLS 1.0 is insecure" apparently they don't even know.
Internet Explorer on Windows XP still only supports TLS 1.0
For what little its worth XP supports TLS 1.2 with an update.
If there are no practical vulnerabilities and intentionally insecure negotiation bullshit has been exorcised from browsers (It has...right?!?) what is the harm in leaving it as an option so it can be selected as backup in event of unforeseen vulnerabilities in either specifications or implementations?
It's not like support for TLS 1.0 is being removed from schannel.
Arguments made about "age" in this context are inherently unfalsifiable and don't speak to technical merit.
"Two decades is a long time for a security technology to stand unmodified,"
Not only is this statement irrelevant it is provably false with numerous extensions and cipher suites making their way into production environments over the years. AES and by extension AES based cipher suites didn't even exist 20 years ago. It was added to TLS after the fact. Implementation of a relatively recent extension brought us "heartbleed".
Don't allow people to get away with unfalsifiable gibberish. Demand they make the case for change based on technical merit. There may well be a convincing reason to turn off TLS 1.0... state it, make the case for it on the merits.
>A medieval theocracy that still beheads by sword
So the US is a medieval theocracy that murders with volts?
Does the manner of execution determine whether or not you are a medieval theocracy?
The subject of your message is "Who murders more of its own?". Yet you have completely neglected to address the issue instead choosing to focus entirely on loaded language used by the author.
Per capita US performs about 1.4% percent of the executions conducted by KSA.
The new generation, who get pissed off when a click takes longer than half a second, can't be bothered to wait for new technology that might take 10 or more years to develop to some kind of semi-maturity. So they throw a tantrum when version 1 isn't all that and a bag of chips.
I see it as a three step process.
Step 1: Hype something beyond all recognition.
Step 2: Fail to live up to hype
Step 3: Complain about an impatient "new generation" to cover for failure to have sufficient integrity to be honest with people from the beginning.
The issue is whether significant progress is being made or not. It is, so shut up and take your meds.
This isn't the authors issue. It's something you just made up.
At this point I would settle merely for basic self-consistency.
If ISPs are in fact "information services" and not telecommunications services then I would love to know what exactly fulfills "via telecommunications" role required by the definition of information services in order to be labeled an information service in the first place?
"The term âoeinformation serviceâ means the offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications, and includes electronic publishing, but does not include any use of any such capability for the management, control, or operation of a telecommunications system or the management of a telecommunications service."
Everything from Razer including basic HID devices is basically malware. Their "privacy" policy is literally worse than Facebook.
https://www.razer.com/legal/pr...
One hard learned lesson I've learned over the years is never ever think about buying kiddy ram.
Kiddy ram can be identified by aggressive timings, "XMP" profiles and "crazy looking heat spreaders" often marketed to "gamers". Basically companies that produce these things scrape chips they didn't produce from the bottom of the bin and do insufficient integration testing of the final result. Some vendors have previously allowed chips with a threshold of detected bit errors to pass QA and make their way into shipping product. I guess they figure if it works for stuck pixels in displays what the heck why not ram?
I always run a 24hr memtest before booting a new system and the problem with Kiddy ram installed often won't show up. It shows up as subtle errors in job result and eventually system crashes when cores are pegged for weeks at a time.
Do yourself a favor and never buy kiddy ram. Get dimms produced by Samsung or equivalent tested by grown ups. Every time I've done that my problems disappeared.
Equally as important don't drink timing koolaid. Latency especially in DDR4 has no meaningful impact on performance given pipelines of modern hardware. Differences barely exceeds the margin of error in comparative benchmarking tests. Worrying about this crap won't win you anything but headaches.
Employers and colleges intercepting, monitoring, and censoring users secure sessions isn't what I'd call delegation.
If you don't trust a middlebox and don't want to be fooled by one then don't install root certificates necessary for it to function.
Politics surrounding middleboxes especially ones forced upon end users are a different matter from my comments on technology itself.
I personally believe there are both constructive and destructive uses of middleboxes, integrity only cipher suites and even completely insecure communications.
If you are being coerced into accepting trust relationships you don't actually find acceptable then of course there are natural consequences arising from that political reality. Technology can't generate trust it can only leverage it.
Preventing man in the middle attacks is the fucking point of TLS.
The point of TLS is enforcing trust relationships.
Of course you can't perform a man in the middle attack without breaking TLS you morons.
Delegating termination of TLS to something you trust is not an attack. You are confusing middlebox implementation failure with design failure.
This is no different than delegating your secretary to answer a secure call on your behalf and having them relay relevant information to you.
No ECC /w only 16 lanes = No sale
What are you talking about?
https://docs.microsoft.com/en-...
"Microsoftâ(TM)s internal testing, additional data becomes necessary. This data can include any user content that might have triggered the problem and is gathered from a small sample of devices that have both opted into the Full diagnostic data level and have exhibited the problem."
" Microsoft engineers can use the following capabilities to get the information:
âAbility to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.
âAbility to get registry keys.
âAll crash dump types, including heap dumps and full dumps."