I call bullshit on you. The EFF's HTTPS-Everywhere is not "malarkey".
I don't know if you're trying to imply that HTTPS-Everywhere forces people to use HTTPS (it doesn't) and that therefor more people are self-signing certs which is would somehow be bad (it isn't)... I can only guess, because your post reads like buzzword bingo, and seems quite intent on undermining confidence in encrypting.
bull SHIT, brother.
Honestly I fundamentally don't get any of this. It makes no logical sense to me.
Let's encrypt (LE) runs some kind of agent that does some voodoo to automatically renew certs on a quarterly basis.
Commercial cert providers that cost what $10/yr allow you to put something in a folder on your unsecured website to verify possession. LE does essentially the same thing programmatically depending on responses from *unsecured* protocols.
All of these systems depend on totally unsecured communications channels to build trust which on it's face makes about as much sense as asking a liar if they are being truthful. Nothing about the current system makes sense to me.
If certs want to be free why not just let them be free without requiring these weird agents and piecemeal expiry periods? What's the point in that?
What EFF and others should have done was work to build consensus to move CA function to the domain registrars / make DANE usable and put an end to this senseless, redundant, counterproductive and dangerous system of CA's we have today.
What they did instead was make CA's even more dangerous by forcing them to compete with free.
How are ISPs supposed to get browsing history when all of the web traffic is encrypted? The best you can do is domain via SNI/public key transferred in the clear during handshake. Practically speaking you won't really get much more granularity out of that v. netflow.
Why the fuck would any Linux developer want to do this? It's not as if Windows 10 offers any significant, or even real, architectural advantage, and it's not like Linux doesn't have plenty of its own development tools. So far as I can tell, Windows 10 has absolutely no developer advantages at all, and in fact, simply represents a pointless extra layer for any developer working on Linux.
As someone who writes and tests as much code as possible in visual studio before compiling on Linux I disagree. Microsoft's developer tools are the best period. The ability to modify C code while software is running simply doesn't exist anywhere else Linux at any price. Debugging on Linux is like pulling teeth. I actively do everything I can possibly do to avoid it.
Apparently several versions of VS are already running quite well within Wine so this may be a viable solution after ditching MS.
Not interested in being spied upon by legions of Microsoft creepers and their friends.
Neither do I have any interest in participating in crazy forced update experiments from the same company that fired most of it's QA staff a couple years ago.
Microsoft has made moves over the last couple of years with unyielding upgrade harassment campaigns persistently ignoring users wishes and resorted to dirty underhanded UX tricks to fool people into installing Windows 10. Why should I or anyone else trust a company that behaves in this manner?
There have always been UNIX ports of everything readily available to any windows user who wanted them going back literally decades. The problem isn't the tools or even the operating system. The problem is the COMPANY.
Microservices are not hype. Anything that lets you scale your code without having to rethink how you write code and while reducing cost is pretty amazing.
It's fucking magic is what it is. It isn't a real concept and only works for trivially scalable problems that could easily be addressed in any number of ways.
If anything, I'd say microservices are underutilized these days, because it is often easier to start a new holistic system and architecture it for microservices than to convert aging systems to use a new model.
Fundamentally "service" approach is ass-backwards. The only thing that actually matters is structure of underlying data. All of these "services" build on top of data are worthless and expendable from a systems perspective. Data is almost always the controlling factor not services on top.
This step is kind of just wrong. Once converted most microarchitectures are actually faster to develop for if you've done things right, because you don't have to worry as much about scaling. The first question they ask you as a developer in your first job interview as a developer is probably about Big-O and time complexity. However, this has always mattered more for server-side operations than for client-side operations. If a server does something 1000 times slightly inefficiently, that inefficiency ads up. If an iPhone does something
If you have a CPU bound "Service" you just spin up more cores or machines and your trivial scaling problem is trivially solved big whoop. In the real world many people don't have this luxury because their systems are NOT CPU BOUND. The only way to scale non-trivially scaled problems is through hard work and superior design... NOT more buzzword bingo.
When Agile fails, it is almost always due to the implementation NOT actually being agile. There is such a deep belief by many old-timers that Waterfall is the only way to get things done, that many simply cannot make the transition.
This is all proponents of Agile ever say. A noun a verb and "Your doing it wrong".
I'm reading Andrew Ginter's book on SCADA security right now and reflecting on the insanity that there are SCADA systems, of all programming, being written on Windows, at all. There's one place the OpenBSD suggestion is quite serious. But even "OpenBSD" is just a buzzword unless you run your operations with security on your mind at all times. Schnier reduces this "mindfulness" argument to "read your logs", said it in three words.
I think it is interesting the "lessons" people chose to extract from events.
We already know what works and what doesn't work in VR.
In general, vehicular games are awesome. Flying, driving, magic carpets, etc.
Running games are pretty weak as it never feels like you're running.
And worst of all are "twitch" games which involve high velocity turns and mouse-looks.
Doom 3 is a twitch game, and a running game. It's a terrible idea for a VR port.
I used to think this. Now I'm convinced it is mostly a load of bunk.
Twitching is replaced not with stick inputs but people actually moving their heads and looking around. Pointing at things where they want to shoot with their own appendages. When you decouple look/movement/firing the result is an experience that agrees enough inertially with reality to actually be fun and work naturally without making you sick if you can keep the framerate up.
What is making people sick in current VR FPS games is the genius who figured it was a good idea to artificial couple motion with head position so where you look is always the direction your character is moving. This is a vomit fest constantly inducing unnecessary changes of direction that don't correspond with the real world.
The trick for FPS in VR is decoupled movement and maintaining 90FPS at all costs.
I was a software engineer in Windows Client, back in the good old Vista days. Microsoft's telemetry relies on Event Tracing for Windows (ETW), the lowest latency logging mechanism possible in the operating system, and the ETL files produced therein are usually post-processed by a performance analyst or software engineer to review timing, call stack, and memory utilization. Older OS tools like Dr. Watson were components of the Windows Customer Experience Program, and we would get crash dumps and other data from people who opted in.
Once, I wanted to look directly at a willing customer's machine remotely so I could gather some more information and do a debugging session. Remember, this was a willing customer who volunteered for this in his crash report. To do this, I had to go to a special training class on privacy and get permission from my management chain, just to look at the crash dump info.
Ability to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.
Ability to get registry keys.
All crash dump types, including heap dumps and full dumps.
Nice try Microsoft Shill - DEFAULT "privacy" settings for Windows 10 grants MS this access. There is no OPT-IN or people explicitly granting anything there is only an IMPLICIT reliance on IGNORANCE.... You know those foolish enough to buy a computer and just use it as-is. They "deserve" what they get right?
There is no dialogue or prompt or message the user sees to control or approve of explicit data being EXFILTRATED from their systems WITHOUT THEIR KNOWLEDGE. You don't even obtain EXPLICIT CONSENT. What you rely on is legalese buried in a bunch of bullshit nobody reads or understands.
These are the same policies we had to follow then. We really had to follow them, or be fired. It's real.
I suspect you'll find people simply don't give a fuck what policies you have or how the data is or is not being used. They just don't want their data being sent anywhere for any reason. Simply NONE of Microsoft's or anyone else's business.
I know people personally who have engaged in industrial scale review Shenanigans on Amazon for profit and can only imagine the cesspool of asshats involved. Screwing with Amazon has become an industry on to itself.
No point in using Amazon IMO. They spend too much time making excuses for their sellers. Seller reviews and good/bad ratio's are NOT front and center like they are on eBay. You have to go digging.
From my experience many sellers on Amazon have ratio's that would get them laughed at by any eBay buyer. (Low 90's or even 80's)
Then we have issues of Amazon actively leveraging their market position. Refusing to sell certain goods unless you join their little "Prime" club. Refusing to sell low cost items without buying something else. Playing games with intentional shipping delays while not offering much of anything in the way of savings.
Amazon refuses to keep their marketing goons on a leash and their community governance is teetering on the brink of Twitter level fail.
A lot of people felt physically ill when Trump won, so I imagine she was in a pretty bad place. I mean, it must have been exhausting, and to loose at the last hurdle because of a bullshit FBI investigation to a guy who doesn't even know what truth is... If it was a TV show I wouldn't believe it.
4k is an interesting marketing scam given perceptible "quality" issues are a direct result not of limited resolution but rather deliberate efforts to minimize bandwidth requirements for Internet streaming, satellite and cable to just below the threshold where most people would bitch.
Hey Russia if you could "locate" documents demonstrating collusion with what remains of the Wintel cartel I would be most grateful.
It doesn't. It's a horribly difficult experiment to measure and IF EM drives worked then they are effectivly perpetual motion machines, in that you could build a free energy device out of one.
Ordinary photonic thrusters have been demonstrated with 3x efficiencies of what is reported here simply by bouncing photons back and forth between mirrors thousands of times so momentum is more completely transferred. Are these perpetual motion machines too?
Since nobody has the faintest clue what if anything EM drive is actually pushing against how can one draw any conclusions with respect to conservation of energy?
People in this industry never seem to learn any lessons from previous failures. It is always double down and throw resources at unwinnable problems until your blue in the face.
Hey look this ransomware iterates sequentially through all directories reads files and writes encrypted versions of the files all we need to do is check for that heuristic and we win...
Next week ransomware iterates randomly through all directories and overwrites portions of files randomly at a time.
Time well spent?
What if instead they spent this time working versioned filesystems, better application jails and systematically addressing privilege escalation?
All that hard work by megacorps to secretly create a system which enables half the world to effortlessly move capital and chase cheap labor all the while imposing US's draconian over the top IP schemes including MMPA and suing governments for pursuit of public policy that makes megacorps lose money.. poof...gone.. up in smoke.
Lawyers love to push this kind of insanity in which everyone is guilty or liable for something as it translates into massive profits for themselves.
Lawyers within the US already eat up by far highest percentage of GDP of any other developed country. Obviously being #1 by a sizable margin still isn't enough for them. They always want more.
Bad enough these systems don't work and unnecessarily inconvenience legitimate users.
What makes them dangerous they may be leveraged to deny access and used as a vector to mask illegitimate activities. People deploying these systems may come to incorrectly depend on them as a "solution" for the underlying systems known vulnerabilities.
Finally placing middle boxes within trusted path exposes your system to any exploitable vulnerabilities these proxy systems may contain. Several components of the application stack used by this system have had known serious security vulnerabilities in the past.
The whining, crying and pointless protesting over someone you didn't like winning is more than a little pathetic.
You all knew the stakes and rules of the game going into it. How many of the whiners did anything meaningful to build consensus for different candidates? How many of them even bothered to mingle with commoners long enough to vote themselves?
I spent election night rooting for Trump to lose. Now I find myself laughing at the chorus of entitled "dumb fucks" who have the guts to publically bitch about Trump wanting to moderate their own spigots of cheap labor.
Slashdot Mirror
I call bullshit on you. The EFF's HTTPS-Everywhere is not "malarkey".
I don't know if you're trying to imply that HTTPS-Everywhere forces people to use HTTPS (it doesn't) and that therefor more people are self-signing certs which is would somehow be bad (it isn't)... I can only guess, because your post reads like buzzword bingo, and seems quite intent on undermining confidence in encrypting.
bull SHIT, brother.
Honestly I fundamentally don't get any of this. It makes no logical sense to me.
Let's encrypt (LE) runs some kind of agent that does some voodoo to automatically renew certs on a quarterly basis.
Commercial cert providers that cost what $10/yr allow you to put something in a folder on your unsecured website to verify possession. LE does essentially the same thing programmatically depending on responses from *unsecured* protocols.
All of these systems depend on totally unsecured communications channels to build trust which on it's face makes about as much sense as asking a liar if they are being truthful. Nothing about the current system makes sense to me.
If certs want to be free why not just let them be free without requiring these weird agents and piecemeal expiry periods? What's the point in that?
What EFF and others should have done was work to build consensus to move CA function to the domain registrars / make DANE usable and put an end to this senseless, redundant, counterproductive and dangerous system of CA's we have today.
What they did instead was make CA's even more dangerous by forcing them to compete with free.
How are ISPs supposed to get browsing history when all of the web traffic is encrypted? The best you can do is domain via SNI/public key transferred in the clear during handshake. Practically speaking you won't really get much more granularity out of that v. netflow.
Why the fuck would any Linux developer want to do this? It's not as if Windows 10 offers any significant, or even real, architectural advantage, and it's not like Linux doesn't have plenty of its own development tools. So far as I can tell, Windows 10 has absolutely no developer advantages at all, and in fact, simply represents a pointless extra layer for any developer working on Linux.
As someone who writes and tests as much code as possible in visual studio before compiling on Linux I disagree. Microsoft's developer tools are the best period. The ability to modify C code while software is running simply doesn't exist anywhere else Linux at any price. Debugging on Linux is like pulling teeth. I actively do everything I can possibly do to avoid it.
Apparently several versions of VS are already running quite well within Wine so this may be a viable solution after ditching MS.
Not interested in being spied upon by legions of Microsoft creepers and their friends.
Neither do I have any interest in participating in crazy forced update experiments from the same company that fired most of it's QA staff a couple years ago.
Microsoft has made moves over the last couple of years with unyielding upgrade harassment campaigns persistently ignoring users wishes and resorted to dirty underhanded UX tricks to fool people into installing Windows 10. Why should I or anyone else trust a company that behaves in this manner?
There have always been UNIX ports of everything readily available to any windows user who wanted them going back literally decades. The problem isn't the tools or even the operating system. The problem is the COMPANY.
Microservices are not hype. Anything that lets you scale your code without having to rethink how you write code and while reducing cost is pretty amazing.
It's fucking magic is what it is. It isn't a real concept and only works for trivially scalable problems that could easily be addressed in any number of ways.
If anything, I'd say microservices are underutilized these days, because it is often easier to start a new holistic system and architecture it for microservices than to convert aging systems to use a new model.
Fundamentally "service" approach is ass-backwards. The only thing that actually matters is structure of underlying data. All of these "services" build on top of data are worthless and expendable from a systems perspective. Data is almost always the controlling factor not services on top.
This step is kind of just wrong. Once converted most microarchitectures are actually faster to develop for if you've done things right, because you don't have to worry as much about scaling. The first question they ask you as a developer in your first job interview as a developer is probably about Big-O and time complexity. However, this has always mattered more for server-side operations than for client-side operations. If a server does something 1000 times slightly inefficiently, that inefficiency ads up. If an iPhone does something
If you have a CPU bound "Service" you just spin up more cores or machines and your trivial scaling problem is trivially solved big whoop. In the real world many people don't have this luxury because their systems are NOT CPU BOUND. The only way to scale non-trivially scaled problems is through hard work and superior design... NOT more buzzword bingo.
When Agile fails, it is almost always due to the implementation NOT actually being agile. There is such a deep belief by many old-timers that Waterfall is the only way to get things done, that many simply cannot make the transition.
This is all proponents of Agile ever say. A noun a verb and "Your doing it wrong".
I'm reading Andrew Ginter's book on SCADA security right now and reflecting on the insanity that there are SCADA systems, of all programming, being written on Windows, at all. There's one place the OpenBSD suggestion is quite serious. But even "OpenBSD" is just a buzzword unless you run your operations with security on your mind at all times. Schnier reduces this "mindfulness" argument to "read your logs", said it in three words.
I think it is interesting the "lessons" people chose to extract from events.
We already know what works and what doesn't work in VR.
In general, vehicular games are awesome. Flying, driving, magic carpets, etc.
Running games are pretty weak as it never feels like you're running.
And worst of all are "twitch" games which involve high velocity turns and mouse-looks.
Doom 3 is a twitch game, and a running game. It's a terrible idea for a VR port.
I used to think this. Now I'm convinced it is mostly a load of bunk.
Twitching is replaced not with stick inputs but people actually moving their heads and looking around. Pointing at things where they want to shoot with their own appendages. When you decouple look/movement/firing the result is an experience that agrees enough inertially with reality to actually be fun and work naturally without making you sick if you can keep the framerate up.
What is making people sick in current VR FPS games is the genius who figured it was a good idea to artificial couple motion with head position so where you look is always the direction your character is moving. This is a vomit fest constantly inducing unnecessary changes of direction that don't correspond with the real world.
The trick for FPS in VR is decoupled movement and maintaining 90FPS at all costs.
I was a software engineer in Windows Client, back in the good old Vista days. Microsoft's telemetry relies on Event Tracing for Windows (ETW), the lowest latency logging mechanism possible in the operating system, and the ETL files produced therein are usually post-processed by a performance analyst or software engineer to review timing, call stack, and memory utilization. Older OS tools like Dr. Watson were components of the Windows Customer Experience Program, and we would get crash dumps and other data from people who opted in.
Once, I wanted to look directly at a willing customer's machine remotely so I could gather some more information and do a debugging session. Remember, this was a willing customer who volunteered for this in his crash report. To do this, I had to go to a special training class on privacy and get permission from my management chain, just to look at the crash dump info.
This except is from Microsoft's current telemetry policy, found here: https://technet.microsoft.com/...
Ability to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.
Ability to get registry keys.
All crash dump types, including heap dumps and full dumps.
Nice try Microsoft Shill - DEFAULT "privacy" settings for Windows 10 grants MS this access. There is no OPT-IN or people explicitly granting anything there is only an IMPLICIT reliance on IGNORANCE.... You know those foolish enough to buy a computer and just use it as-is. They "deserve" what they get right?
There is no dialogue or prompt or message the user sees to control or approve of explicit data being EXFILTRATED from their systems WITHOUT THEIR KNOWLEDGE. You don't even obtain EXPLICIT CONSENT. What you rely on is legalese buried in a bunch of bullshit nobody reads or understands.
These are the same policies we had to follow then. We really had to follow them, or be fired. It's real.
I suspect you'll find people simply don't give a fuck what policies you have or how the data is or is not being used. They just don't want their data being sent anywhere for any reason. Simply NONE of Microsoft's or anyone else's business.
I know people personally who have engaged in industrial scale review Shenanigans on Amazon for profit and can only imagine the cesspool of asshats involved. Screwing with Amazon has become an industry on to itself.
No point in using Amazon IMO. They spend too much time making excuses for their sellers. Seller reviews and good/bad ratio's are NOT front and center like they are on eBay. You have to go digging.
From my experience many sellers on Amazon have ratio's that would get them laughed at by any eBay buyer. (Low 90's or even 80's)
Then we have issues of Amazon actively leveraging their market position. Refusing to sell certain goods unless you join their little "Prime" club. Refusing to sell low cost items without buying something else. Playing games with intentional shipping delays while not offering much of anything in the way of savings.
Amazon refuses to keep their marketing goons on a leash and their community governance is teetering on the brink of Twitter level fail.
A lot of people felt physically ill when Trump won, so I imagine she was in a
pretty bad place. I mean, it must have been exhausting, and to loose at the last hurdle because of a bullshit FBI investigation to a guy who doesn't even know
what truth is... If it was a TV show I wouldn't believe it.
Nice scapegoat.
4k is an interesting marketing scam given perceptible "quality" issues are a direct result not of limited resolution but rather deliberate efforts to minimize bandwidth requirements for Internet streaming, satellite and cable to just below the threshold where most people would bitch.
Hey Russia if you could "locate" documents demonstrating collusion with what remains of the Wintel cartel I would be most grateful.
It doesn't. It's a horribly difficult experiment to measure and IF EM drives worked then they are effectivly perpetual motion machines, in that you could build a free energy device out of one.
Ordinary photonic thrusters have been demonstrated with 3x efficiencies of what is reported here simply by bouncing photons back and forth between mirrors thousands of times so momentum is more completely transferred. Are these perpetual motion machines too?
Since nobody has the faintest clue what if anything EM drive is actually pushing against how can one draw any conclusions with respect to conservation of energy?
What goes around comes around. With persistent harassment campaign from Google to get people to install chrome they all need to fuck off.
As Nvidia's basic graphics driver downloads are replaced with malware.
This way there are more alternatives to Twitter and we don't see one or two giant systems owning all eyeballs.
People in this industry never seem to learn any lessons from previous failures. It is always double down and throw resources at unwinnable problems until your blue in the face.
Hey look this ransomware iterates sequentially through all directories reads files and writes encrypted versions of the files all we need to do is check for that heuristic and we win...
Next week ransomware iterates randomly through all directories and overwrites portions of files randomly at a time.
Time well spent?
What if instead they spent this time working versioned filesystems, better application jails and systematically addressing privilege escalation?
Detecting evil bits is a fools errand.
Only thanks to Sanders Clinton also was opposed to TPP. So even if she had won TPP wouldnt have gon forward.
Hillary would have tweaked it slightly purely for political effect and then enthusiastically supported the changed version.
All that hard work by megacorps to secretly create a system which enables half the world to effortlessly move capital and chase cheap labor all the while imposing US's draconian over the top IP schemes including MMPA and suing governments for pursuit of public policy that makes megacorps lose money.. poof...gone .. up in smoke.
Lawyers love to push this kind of insanity in which everyone is guilty or liable for something as it translates into massive profits for themselves.
Lawyers within the US already eat up by far highest percentage of GDP of any other developed country. Obviously being #1 by a sizable margin still isn't enough for them. They always want more.
Bad enough these systems don't work and unnecessarily inconvenience legitimate users.
What makes them dangerous they may be leveraged to deny access and used as a vector to mask illegitimate activities. People deploying these systems may come to incorrectly depend on them as a "solution" for the underlying systems known vulnerabilities.
Finally placing middle boxes within trusted path exposes your system to any exploitable vulnerabilities these proxy systems may contain. Several components of the application stack used by this system have had known serious security vulnerabilities in the past.
If you like Chrome use Chromium instead. At least you can turn off the spyware misfeatures.
It is not feasible to stop Chrome from calling home. It intentionally sends data to Google's main website URL to prevent anyone from trying.
The whining, crying and pointless protesting over someone you didn't like winning is more than a little pathetic.
You all knew the stakes and rules of the game going into it. How many of the whiners did anything meaningful to build consensus for different candidates? How many of them even bothered to mingle with commoners long enough to vote themselves?
I spent election night rooting for Trump to lose. Now I find myself laughing at the chorus of entitled "dumb fucks" who have the guts to publically bitch about Trump wanting to moderate their own spigots of cheap labor.
Enjoy the decline of American power folks.
I'd take Gazprom over PG&E any day.
Heil trump... the rise of fascism.
FTFY