Hashing passwords isn't new. So why are people still storing plaintext passwords?
Hashing passwords doesn't work. That so many are STILL advocating demonstrably worthless course of action scares me more than the revelations of this jewelry site.
Simple truth is passwords chosen by mortals have insufficient entropy to stand on their own regardless of salts, amplifiers, hash algorithm or wishful thinking (e.g. password policy and training). I don't care if these things make it thousands or millions of times harder in practice. With 1.3 million users the outcome is still comically unacceptable.
I find it interesting how little encryption actually matters against a wide range of threats especially the persistent variety. Simply put when you use encryption something has got to know those encryption keys. Encryption is nothing more than a shell game where responsibility is continuously transformed and punted. Ultimately responsibility must be accepted. Something has to pay.
As far as I'm concerned the only thing people should be advocating is for use of isolated authenticators which do NOTHING but perform and manage authentication completely ISOLATED from application servers. It is much more tractable to defend small single purpose systems vs. insane nonsense that passes for general purpose application stacks these days.
What people are actually doing today that mostly pass for best practices are in fact missing the point and ultimately not much better off than storing passwords in the clear.
How many of you store private keys in clear text or semantic equivalent on your application servers?
.. the 20MP (per eye) is really overkill even for VR
20MP is not enough. See my previous message in this thread.
let's not forget, current highend GPU's already have trouble even pushing the current VR displays with nice visuals, even with foveated rendering a 1080 won't be enough to power even one display, let alone two (with the visuals people tend to expect using such a resolution).
With perfect eye tracking you need only render 1MP with any detail to reach practical limits of human vision. The rest can be a blurry mess.
Line in Youtube video linked in TFA about bandwidth of the optic nerve weighing in at a whopping 10mbit/s is a good way of thinking about the problem. GPU power is comparatively irrelevant.
I can just barely see the pixels in the Sony Playstation VR headset, which is 1080p, especially when moving my head slowly or holding it at a slight angle.
A 4K screen would probably be overkill for such a small problem (3840 x 2160 = 8.2 Mpixels).
A 20 Mpixel screen would just be a waste of technology - and money, no doubt.
The only metric that matters in VR displays is Pixels Per Degree of arc (PPD) with 60 being very roughly limit of what people can see.
PSVR has a crummy 100 degree FOV yielding following PPD in each resolution category.
PSVR = 14.45 4k = 44 20MP = 64
If you were to increase FOV to 180 to better match vision.
PSVR = 8 4k = 24.5 20MP = 35.55
Not only is 20MP not a waste of technology it's not nearly enough. It's less than half resolution of an iPhone display held at a distance of 1 FT.
Fusion has to compete against direct conversion technologies, where energy is directly converted from its original form into electricity.
Solar voltaic converts light energy directly into electricity. Wind turbines turn energy from moving air directly into electricity. Gas turbines burn natural gas directly in turbines that generate electricity.
Of these only natural gas is base load and cheap gas can't last forever. It would be necessary to factor in necessary investments in storage/conversion and transmission to compare the true overall cost of each option.
They should have built a stellarator or literally anything other than a tokamak.
How many tens of billions have been invested in Tokamaks thus far with very little to show for it? Other approaches consistently get shafted for serious funding due to dogma/politics and risk aversion.
Comparatively peanuts have been spent on stellarators to date and they have already demonstrated far better results than any tokamak ever has.
The hype gave way to reality and the devil you don't know with underwhelming TBW v. flash when price factored in. I've got to hand it to Intel for at least trying something other than flash but Xpoint is fundamentally a lost cause in terms of mass appeal.
I pray for silicon gods to mass-produce super high density MRAM and put flash out of its misery. While the IOPs are impressive using this capacity in any kind of sustained way is basically impossible with current SSD systems. You'd fry the damn thing in a matter of days.
Clearly I'm missing something here. How would a link in an email get the seed for their TOTP codes? That isn't something that users normally write down somewhere.
Why does it matter? It's game over after a single bogus authentication by imposter. Seeds are irrelevant at that point.
TOTP is just more traditional token card BS with very same ridiculous attack vectors. OTHER sources of trust are required to secure transport or the system is compromised.
If you had used a real ZKP based authentication protocol/w binding to smart card/client cert none of this crap would be possible.
You know what 2FA does? It annoys people. It inconveniences them. It forces them to jump through hoops to do the simplest of things.
You what 2Fa doesn't do? It doesn't make things secure. Why? Because the attack vector is no longer a brute force attack on passwords and answers, but a simple email to the person indicating their account has been compromised and they need to input all their information again. Add a link in the email and you now have complete access to the person's account(s), 2FA included.
Corporations can actually deploy 2FA properly such that the factors are both meaningful and add to security instead of subtracting from it. They can also leverage secure authentication protocols (e.g. ZKP) and SSO.
When you use a third party authenticator ZKP goes out the window.
The problem with Facebook and crew is 2FA is not intended for security it is intended to deal with people who forget their password. So long as the "I forgot my..." backdoor exists "2FA" as actually deployed by a handful of mega content/advertising outfits doesn't add to security it subtracts from it. It's a means of not having to deal with those who would forget their passwords.
In the real world people store valuable things in massive vaults and guarded with bullets.
In the fantasy world of the Internet all of the worlds valuables are stored in cardboard boxes in the backrooms of advertising agencies.
Whether it is the house of cards that is global PKI protecting authentication and integrity of trillions of dollars of commerce or rise of centralized authentication providers the disparity between the value of what is being protected and the resources expended to do the protecting reaches new heights of absurdity with each passing day.
Does that mean your device hasn't gotten software/firmware updates?
Yes it's many versions behind.
If it hasn't, then maybe it's not running the version that relies on a valid certificate to run.
It's possible I just don't know. What I do know is that my software is signed with the very same cert that expired this morning.
Everything I know about code signing is that this should continue to work based on the signature. This is because Oculus signature is also countersigned by a third party timestamp server to provide proof the code was signed at the time cert was still valid. On my system it is in fact still considered valid which is why I suspect there may be something else going on.
It's not buggy software. The software seems to be doing exactly what it was intended to do. This is a fucking specification problem - some idiot decided that proper behavior is to shut down the system when a cert expires, instead of simply warning the user and asking if it was OK to continue.
This is what I don't understand. The software.. at least version of it I have appears to actually be signed properly including third party timestamps that would allow signatures to remain valid post expiration.
If they never intended for the software to work past expiration date why bother with countersigning?
My Oculus works and it is signed with the same expired cert. I just have an older runtime than everyone else.
It works offline but apparently does need to "phone home" during every boot.
It doesn't. I preordered CV1 in the first hour and have had it firewalled for years. It does not need to call home to work even though it most certainly will establish 24x7 connections to Facebook whether it is being used or not if you let it.
You can boot your computer without any network connection and it will still work. If this were not true I would have never had purchased it.
But how about the root of the problem - the software that needn't be online should not require the user to be online. Somehow this has become a new normal for everything from single player games (or Steam, whose outages have left me unable to play more than once), to apparently hardware drivers?
This isn't true. If Oculus didn't work "offline" I would never have purchased one given who the parent company is.
More to the point, as you indicated, what the hell is an expiring certificate doing in their software anyhow? A normal code-signing certificate expires after a time, but the software that was signed with it does NOT expire. We now know that their device-critical software has a time bomb in it that only they can periodically reset, and they were already slipshod enough to miss the deadline once.
This is what I don't get. If anyone who has a Rift not working check signing date of: c:\Program Files\Oculus\Support\oculus-runtime\OculusAppFramework.dll
From explorer right click select digital signatures and the signing date should be there.
My system works even though DLL was signed with the same now expired cert however my Rift was firewalled and runtime hasn't been updated in ages.
Found this post about release notes on the 5th starting to wonder whether problem is they actually did sign this thing using a cert expired at the time they signed it.
One of the reasons firewalled my Rift other than obvious Facebook stalking is Facebook has no discipline and can't manage software releases. Their software updates are forced on everyone AND often break shit. They routinely rush out patches to fix whatever they broke this time.
In the news yesterday was the fact that US congress wants to hold web-page publishers (eg. YouTube, Facebook) responsible for the content of their subscribers: Internet censorship always existed and soon it will be mandatory in the USA.
Whether censorship exists or not is irrelevant to whether it is a good idea or a bad idea.
No, vigilance is the price of freedom: Specifically, treating fake news as fake. But in a post-truth society, anything is fake news.
It means you can't sleep on your ass and expect your ideology to win by default. You have to work to build and maintain consensus not hide behind the states monopoly on violence (e.g. censorship) to get your way.
Tolerance is the price of free speech: As always, rights are limited. Society cannot tolerate the phrases "someone should murder your children" or "someone should rape you"; contrary to what Twitter practices.
Sure they can and they should.
Fear is always what fuels pro-censorship foolishness. I'm afraid of lies winning out. I'm afraid of the other ideology taking over. I'm afraid of what I don't like. From that fear comes justifications of all manner to silence those saying disagreeable things because the fearful deem them harmful to society when in fact they are just too lazy or unable to pursuit the hard work of building consensus for their ideology.
The problem with censorship is the ideology in power always gets to decide what is or is not agreeable and even what is true. This only leads to further aggregation of power and predictable outcomes expressed in universally understood lord Acton quotes.
Much better for society to fight for what they believe, let the crackpots have their YouTube videos and tolerate belligerence than hide behind the use of violence to force people to conform to your will.
The problem with the Internet and Media is commercial interests are placed above good governance and integrity. News organizations do not need to technically lie to mislead the public in order to profit. Internet sites don't need to hand out megaphones to everyone and pay them to use them. Censorship won't fix or change anything. It will only make matters worse.
No, it is not the responsibility of children to know what is fake, which is what this article addresses.
Yes of course learning how to judge the value of information is the responsibility of everyone from little kid to old geezer.
Yes, you just found the flaw in democracy. It wasn't so troublesome in past centuries because politicians learnt to lead all of society, not just their socio-demographic clique. Or to put it another way, society has lost herd immunity
A democracy? Like the Weimar republic? That's really what the world needs politicians leading all of society...screw that I would much rather see politicians at each others throats constantly fighting over scraps of power they wield with nobody gaining much ground.
Despite the noise and nonsense peddled on the Internet all of the worlds societies are a heck of a lot better off and a heck of a lot healthier today than they have ever been at any point in human history.
and one article of fake news can infect everyone with anti-social ideals.
Spoken like a damn foolish coward who has never bothered to even try and understand nor learn from history.
Since this requires physical access, I propose an alternate method: unscrew the laptop and put whatever devices you want inside.
Physical access is irrelevant in this case. From TFA:
"allowing someone with physical access to plug a USB with a network adapter into the computer, then verbally instruct Cortana to launch the computer's browser and go to a web address that does not use httpsâ"that is, a web address that does not encrypt traffic between a user's machine and the website."
In other words it is not necessary to install a BIW device. Any bad actor could intercept traffic at any point along the path or one could operate their own malicious site with the same effect pulling off the same stunt without ever touching the system in question.
promoting the conspiracy theory that the kids caught up in the last school shooting were "crisis actors" and that the shooting was a "false flag" (e.g. it never really happened).
It's called censorship.
Personally if I were Youtube I wouldn't want to be associated with those kind of nut jobs (if they believe it) or bastards (if they don't believe it and are just passing it around to get a rise out of the nut jobs).
Good thing you're not YouTube.
Remember kiddies, it's not censorship if the government didn't do it. You have a right to speak, you do not have a right to make google pay for your megaphone.
Tolerating nut jobs and bastards is everyone's responsibility. It's not simply about what is and is not legal. Tolerance is the price of freedom.
Ever since we started counting bits and bytes, we've counted 1024 of them as a Kb or KB. Similarly, we use 1024^2 for Mb and MB. These are not SI units and never have been. The presence of the b or B means there's no ambiguity or confusion (unless you're a retard).
This war was lost many years ago.
1 MB is 1000000 bytes. 1 GB is 1000000000 bytes.
End of story. If you assert otherwise or attempt to ship product with other definitions your customers will NOT be impressed. They will think you're a retard.
What you are effectively saying is that it's irresponsile for reporters to report the existence of lawsuits until they've verified all the claims in the lawsuit themselves or the trial has finished.
Never suggested or implied any such bullshit. People can have honest disagreements on the margins of how much collaborating evidence is necessary. This isn't that, not even close.
The reality in this case there was NO EVIDENCE presented ANY claims reported were checked out or verified. NONE AT ALL.
Slashdot Mirror
Hashing passwords isn't new. So why are people still storing plaintext passwords?
Hashing passwords doesn't work. That so many are STILL advocating demonstrably worthless course of action scares me more than the revelations of this jewelry site.
Simple truth is passwords chosen by mortals have insufficient entropy to stand on their own regardless of salts, amplifiers, hash algorithm or wishful thinking (e.g. password policy and training). I don't care if these things make it thousands or millions of times harder in practice. With 1.3 million users the outcome is still comically unacceptable.
I find it interesting how little encryption actually matters against a wide range of threats especially the persistent variety. Simply put when you use encryption something has got to know those encryption keys. Encryption is nothing more than a shell game where responsibility is continuously transformed and punted. Ultimately responsibility must be accepted. Something has to pay.
As far as I'm concerned the only thing people should be advocating is for use of isolated authenticators which do NOTHING but perform and manage authentication completely ISOLATED from application servers. It is much more tractable to defend small single purpose systems vs. insane nonsense that passes for general purpose application stacks these days.
What people are actually doing today that mostly pass for best practices are in fact missing the point and ultimately not much better off than storing passwords in the clear.
How many of you store private keys in clear text or semantic equivalent on your application servers?
.. the 20MP (per eye) is really overkill even for VR
20MP is not enough. See my previous message in this thread.
let's not forget, current highend GPU's already have trouble even pushing the current VR displays with nice visuals, even with foveated rendering a 1080 won't be enough to power even one display, let alone two (with the visuals people tend to expect using such a resolution).
With perfect eye tracking you need only render 1MP with any detail to reach practical limits of human vision. The rest can be a blurry mess.
Line in Youtube video linked in TFA about bandwidth of the optic nerve weighing in at a whopping 10mbit/s is a good way of thinking about the problem. GPU power is comparatively irrelevant.
I can just barely see the pixels in the Sony Playstation VR headset, which is 1080p, especially when moving my head slowly or holding it at a slight angle.
A 4K screen would probably be overkill for such a small problem (3840 x 2160 = 8.2 Mpixels).
A 20 Mpixel screen would just be a waste of technology - and money, no doubt.
The only metric that matters in VR displays is Pixels Per Degree of arc (PPD) with 60 being very roughly limit of what people can see.
PSVR has a crummy 100 degree FOV yielding following PPD in each resolution category.
PSVR = 14.45
4k = 44
20MP = 64
If you were to increase FOV to 180 to better match vision.
PSVR = 8
4k = 24.5
20MP = 35.55
Not only is 20MP not a waste of technology it's not nearly enough. It's less than half resolution of an iPhone display held at a distance of 1 FT.
Fusion has to compete against direct conversion technologies, where energy is directly converted from its original form into electricity.
Solar voltaic converts light energy directly into electricity. Wind turbines turn energy from moving air directly into electricity. Gas turbines burn natural gas directly in turbines that generate electricity.
Of these only natural gas is base load and cheap gas can't last forever. It would be necessary to factor in necessary investments in storage/conversion and transmission to compare the true overall cost of each option.
They should have built a stellarator or literally anything other than a tokamak.
How many tens of billions have been invested in Tokamaks thus far with very little to show for it? Other approaches consistently get shafted for serious funding due to dogma/politics and risk aversion.
Comparatively peanuts have been spent on stellarators to date and they have already demonstrated far better results than any tokamak ever has.
The hype gave way to reality and the devil you don't know with underwhelming TBW v. flash when price factored in. I've got to hand it to Intel for at least trying something other than flash but Xpoint is fundamentally a lost cause in terms of mass appeal.
I pray for silicon gods to mass-produce super high density MRAM and put flash out of its misery. While the IOPs are impressive using this capacity in any kind of sustained way is basically impossible with current SSD systems. You'd fry the damn thing in a matter of days.
Clearly I'm missing something here. How would a link in an email get the seed for their TOTP codes? That isn't something that users normally write down somewhere.
Why does it matter? It's game over after a single bogus authentication by imposter. Seeds are irrelevant at that point.
TOTP is just more traditional token card BS with very same ridiculous attack vectors. OTHER sources of trust are required to secure transport or the system is compromised.
If you had used a real ZKP based authentication protocol /w binding to smart card/client cert none of this crap would be possible.
You know what 2FA does? It annoys people. It inconveniences them. It forces them to jump through hoops to do the simplest of things.
You what 2Fa doesn't do? It doesn't make things secure. Why? Because the attack vector is no longer a brute force attack on passwords and answers, but a simple email to the person indicating their account has been compromised and they need to input all their information again. Add a link in the email and you now have complete access to the person's account(s), 2FA included.
Corporations can actually deploy 2FA properly such that the factors are both meaningful and add to security instead of subtracting from it. They can also leverage secure authentication protocols (e.g. ZKP) and SSO.
When you use a third party authenticator ZKP goes out the window.
The problem with Facebook and crew is 2FA is not intended for security it is intended to deal with people who forget their password. So long as the "I forgot my..." backdoor exists "2FA" as actually deployed by a handful of mega content/advertising outfits doesn't add to security it subtracts from it. It's a means of not having to deal with those who would forget their passwords.
In the real world people store valuable things in massive vaults and guarded with bullets.
In the fantasy world of the Internet all of the worlds valuables are stored in cardboard boxes in the backrooms of advertising agencies.
Whether it is the house of cards that is global PKI protecting authentication and integrity of trillions of dollars of commerce or rise of centralized authentication providers the disparity between the value of what is being protected and the resources expended to do the protecting reaches new heights of absurdity with each passing day.
So I work hard and am not on public assistance, and Amazon wants to punish me with higher prices for that?
I call bullshit
Screw Amazon. Walmart.com has 2 day free shipping /w ZERO membership dues.
2 day shipping for $0 monthly cost for everyone.
Does that mean your device hasn't gotten software/firmware updates?
Yes it's many versions behind.
If it hasn't, then maybe it's not running the version that relies on a valid certificate to run.
It's possible I just don't know. What I do know is that my software is signed with the very same cert that expired this morning.
Everything I know about code signing is that this should continue to work based on the signature. This is because Oculus signature is also countersigned by a third party timestamp server to provide proof the code was signed at the time cert was still valid. On my system it is in fact still considered valid which is why I suspect there may be something else going on.
oh, that makes me feel great /s.
That's all I want is Facebook to be getting data from a virtual reality system 24x7... and people thought the Xbox was invasive...sheesh
Yea it's pretty gross. Facebook is creepy as shit.
It's not buggy software. The software seems to be doing exactly what it was intended to do. This is a fucking specification problem - some idiot decided that proper behavior is to shut down the system when a cert expires, instead of simply warning the user and asking if it was OK to continue.
This is what I don't understand. The software .. at least version of it I have appears to actually be signed properly including third party timestamps that would allow signatures to remain valid post expiration.
If they never intended for the software to work past expiration date why bother with countersigning?
My Oculus works and it is signed with the same expired cert. I just have an older runtime than everyone else.
It works offline but apparently does need to "phone home" during every boot.
It doesn't. I preordered CV1 in the first hour and have had it firewalled for years. It does not need to call home to work even though it most certainly will establish 24x7 connections to Facebook whether it is being used or not if you let it.
You can boot your computer without any network connection and it will still work. If this were not true I would have never had purchased it.
But how about the root of the problem - the software that needn't be online should not require the user to be online. Somehow this has become a new normal for everything from single player games (or Steam, whose outages have left me unable to play more than once), to apparently hardware drivers?
This isn't true. If Oculus didn't work "offline" I would never have purchased one given who the parent company is.
More to the point, as you indicated, what the hell is an expiring certificate doing in their software anyhow? A normal code-signing certificate expires after a time, but the software that was signed with it does NOT expire. We now know that their device-critical software has a time bomb in it that only they can periodically reset, and they were already slipshod enough to miss the deadline once.
This is what I don't get. If anyone who has a Rift not working check signing date of: c:\Program Files\Oculus\Support\oculus-runtime\OculusAppFramework.dll
From explorer right click select digital signatures and the signing date should be there.
My system works even though DLL was signed with the same now expired cert however my Rift was firewalled and runtime hasn't been updated in ages.
Found this post about release notes on the 5th starting to wonder whether problem is they actually did sign this thing using a cert expired at the time they signed it.
https://forums.oculusvr.com/co...
One of the reasons firewalled my Rift other than obvious Facebook stalking is Facebook has no discipline and can't manage software releases. Their software updates are forced on everyone AND often break shit. They routinely rush out patches to fix whatever they broke this time.
Oh right... never mind.
In the news yesterday was the fact that US congress wants to hold web-page publishers (eg. YouTube, Facebook) responsible for the content of their subscribers: Internet censorship always existed and soon it will be mandatory in the USA.
Whether censorship exists or not is irrelevant to whether it is a good idea or a bad idea.
No, vigilance is the price of freedom: Specifically, treating fake news as fake. But in a post-truth society, anything is fake news.
It means you can't sleep on your ass and expect your ideology to win by default. You have to work to build and maintain consensus not hide behind the states monopoly on violence (e.g. censorship) to get your way.
Tolerance is the price of free speech: As always, rights are limited. Society cannot tolerate the phrases "someone should murder your children" or "someone should rape you"; contrary to what Twitter practices.
Sure they can and they should.
Fear is always what fuels pro-censorship foolishness. I'm afraid of lies winning out. I'm afraid of the other ideology taking over. I'm afraid of what I don't like. From that fear comes justifications of all manner to silence those saying disagreeable things because the fearful deem them harmful to society when in fact they are just too lazy or unable to pursuit the hard work of building consensus for their ideology.
The problem with censorship is the ideology in power always gets to decide what is or is not agreeable and even what is true. This only leads to further aggregation of power and predictable outcomes expressed in universally understood lord Acton quotes.
Much better for society to fight for what they believe, let the crackpots have their YouTube videos and tolerate belligerence than hide behind the use of violence to force people to conform to your will.
The problem with the Internet and Media is commercial interests are placed above good governance and integrity. News organizations do not need to technically lie to mislead the public in order to profit. Internet sites don't need to hand out megaphones to everyone and pay them to use them. Censorship won't fix or change anything. It will only make matters worse.
No, it is not the responsibility of children to know what is fake, which is what this article addresses.
Yes of course learning how to judge the value of information is the responsibility of everyone from little kid to old geezer.
Yes, you just found the flaw in democracy. It wasn't so troublesome in past centuries because politicians learnt to lead all of society, not just their socio-demographic clique. Or to put it another way, society has lost herd immunity
A democracy? Like the Weimar republic? That's really what the world needs politicians leading all of society...screw that I would much rather see politicians at each others throats constantly fighting over scraps of power they wield with nobody gaining much ground.
Despite the noise and nonsense peddled on the Internet all of the worlds societies are a heck of a lot better off and a heck of a lot healthier today than they have ever been at any point in human history.
and one article of fake news can infect everyone with anti-social ideals.
Spoken like a damn foolish coward who has never bothered to even try and understand nor learn from history.
Since this requires physical access, I propose an alternate method: unscrew the laptop and put whatever devices you want inside.
Physical access is irrelevant in this case. From TFA:
"allowing someone with physical access to plug a USB with a network adapter into the computer, then verbally instruct Cortana to launch the computer's browser and go to a web address that does not use httpsâ"that is, a web address that does not encrypt traffic between a user's machine and the website."
In other words it is not necessary to install a BIW device. Any bad actor could intercept traffic at any point along the path or one could operate their own malicious site with the same effect pulling off the same stunt without ever touching the system in question.
Unfortunately, though Google Play Services is completely optional, that means that you're limited to apps from F-Droid.
It is trivial to download APKs from Google store and sideload them so long as they are free or license enabled and not separate purchased versions.
Never had any issues with app availability without play store however YMMV I'm not a big smartphone app user.
promoting the conspiracy theory that the kids caught up in the last school shooting were "crisis actors" and that the shooting was a "false flag" (e.g. it never really happened).
It's called censorship.
Personally if I were Youtube I wouldn't want to be associated with those kind of nut jobs (if they believe it) or bastards (if they don't believe it and are just passing it around to get a rise out of the nut jobs).
Good thing you're not YouTube.
Remember kiddies, it's not censorship if the government didn't do it. You have a right to speak, you do not have a right to make google pay for your megaphone.
Tolerating nut jobs and bastards is everyone's responsibility. It's not simply about what is and is not legal. Tolerance is the price of freedom.
But I'm actually tempted to try a windows phone. Android vendors don't patch their shit, instead they recommend you buy a new phone.
LineageOS is cheaper than buying a new phone if your device is supported and Google malware (Google Play Services) is completely optional.
I trust Microsoft more to keep their phone OS patched then I do Android vendors.
A fully patched Microsoft phone still comes bundled with Microsoft malware.
Ever since we started counting bits and bytes, we've counted 1024 of them as a Kb or KB. Similarly, we use 1024^2 for Mb and MB.
These are not SI units and never have been. The presence of the b or B means there's no ambiguity or confusion (unless you're a retard).
This war was lost many years ago.
1 MB is 1000000 bytes.
1 GB is 1000000000 bytes.
End of story. If you assert otherwise or attempt to ship product with other definitions your customers will NOT be impressed. They will think you're a retard.
What you are effectively saying is that it's irresponsile for reporters to report the existence of lawsuits until they've verified all the claims in the lawsuit themselves or the trial has finished.
Never suggested or implied any such bullshit. People can have honest disagreements on the margins of how much collaborating evidence is necessary. This isn't that, not even close.
The reality in this case there was NO EVIDENCE presented ANY claims reported were checked out or verified. NONE AT ALL.