EMPs are probably a moderately favorable case, since you need to do a reasonably visible launch to high altitude to get the best effect; but if somebody just puts a nuke in a cargo container that was supposed to contain xboxes and it levels one of the world's larger container ports, who exactly are you going to retaliate against?
Please let us establish secure connections using TLS-SRP in IE11. This would be most helpful. Imagine a world where even people with weak passwords (most everyone) fooled into supplying credentials to a phisher or MITM attacker face no risk for being suckers.
Apache and some of our Intranet applications support TLS-SRP already yet unfortunately usage is currently limited to machine to machine as none of our users have a browser that can negotiate it. This would be a perfect opportunity to get a leg up on your competition and provide an important security features no other browser vendor has yet to deploy.
Even 4k at highest possible FOV in full VR is overkill with a working eye tracker and clever photon source. 15 degrees of arc is all cones of human eyes can see../w rest requiring an irrelevant number of pixels.
There will be excuses like VR that will push legitimate uses of high density yet relatively low DPD (Dots-Per-Degree) displays for a number of years yet this is only a passing state of affairs.
TempleOS does not use memory protection. All code in the system runs at ring 0, the highest privilege level, meaning that a stray pointer write could easily crash the entire system.
This only makes sense if you're running one program at a time. But if you're running 20 or more programs at once, like a regular user, then a bug in any one of them can cause weird behavior in the others, and it's almost impossible to debug or fix.
I think this is all interesting. There have been research projects like singularity which seek to punt responsibility for system protection to VM which executes all code. Lets not forget the Linux kernel is massive and monolithic but it still works reasonably well.
Today we have operators no longer bothering with traditional multi-user security facilities because it is so easy to just spin up a new virtual machine or isolation something in a docker like container.
I'm not defending TempleOS or approaches but I find exploring what seem like dumb ideas interesting.
The 9/11 hijackers did nothing illegal until well after the cabin doors of their aircraft closed.
The TSA can't do shit against someone who has a brain and patience. Not. a. fucking. thing.
During their flight training they performed poorly, threatened women and treated people like the narcissistic religious nutcases they were. A brain and patience appear to be optional.
Should I care? If so why? They redacted even summary information categorizing what makes these people "suspicious". Is there any public information anyone can use to quantify the risk?
For all anyone knows "links to terrorism" means TSA employee once delivered a pizza to a network admin who prefers IS-IS to OSPF.
Have to love in a supposed free society maintenance of secret lists compiled using secret methods and criteria. A list whose names have no opportunity to know what they are even accused of let alone defend themselves.
The binary blobs are themselves dangerous - driver software is typically running with very high security clearance, and you have absolutely NO idea what is going on inside those blobs.
The hardware is dangerous typically running with very high security clearance, and you have absolutely NO idea what is going on inside those transistors.
Couple that with the fact that we now KNOW the NSA (and presumably other organizations as well) have actively recruited several major companies to collaborate in compromising the security of commodity hardware, and we're in the position of being completely unable to trust ANY binary-blob software in a security-critical scenario.
I KNOW there are devil worshipers operating in the world so I am "completely unable to trust" ANYONE because they may be a devil worshiper.
Without specific information what you KNOW is FUD.
Since Intel was pretty much the go-to option for decent(ish) fully open-source display accelerators, that alone validates a subset of the original question: What are our options now if we want a modern desktop that can be be audited for security?
Before the very same proprietary firmware was burnt into silicon. The only difference "now" is less ignorance.
Q: What guarantee do we have that these binary blobs don't contain root kits? A: None.
This really isn't acceptable.:(
This is madness. They own the hardware. If you don't trust the vendor they can still screw you in hardware. Your fucked either way.
I don't recall people bitching about CPU microcode or any of a dozen subsystems in a typical computer which run on closed proprietary firmware.
I actually think this is something we should be encouraging more of. What is dangerous is systems downloading firmware from onboard field upgradable roms because attackers have leveraged these vectors to destroy gear and persist ownage even after compromised systems have been completely wiped.
I'm waiting for somebody to come out with IPv7 that is compatible with IPv4 and convince Cisco or Juniper to put it on their boxes and submit it to IEEE. It might not even have to be IPv6-compatible to displace IPv6. Just like x86_64.
Have you ever considered the reason is that the problem fundamentally isn't solvable?
No matter how clever you are there is no getting around the pidgin hole problem.
Any scheme you can come up with has already been implemented as a transition technology, overlay or CGN and they all suck worse than simply deploying IPv6.
Security is a process. If that process is made easier for some users by using NAT, then it's a benefit. Home users can't manage firewalls effectively. NAT is a good method (even if flawed) to protect some classes of users. Is it perfect? No. But that's why you also have other protections at other layers (host-based firewall, virus scanners, etc.)
NAT is less secure than SPI due to existence of packet mangling ALG codes and gnarly assumptions made by application gateways attempting to deconflict sessions where ambiguities exist.
No more difficult for the end user if SPI is deployed instead of NAT.
Actually IPv4 is more CPU intensive due to where the checksum was implemented. IPv6's issue with hardware is more about memory.
The problem is older routers have ASICs hard coded for IPv4. They can't 'route' IPv6 in hardware like they can with IPv4 so they use their CPU to forward IPv6 which is much slower.
What does someone upgrading from Windows 7 to Windows 10 get out of the deal? A different UX and minor performance improvements only noticeable on low memory systems? Is there a list of substantive reasons for users to care other than 7 10?
I go through Microsoft's website and google.. all I see is BS about a new browser, Cortana and Xbox. Is there a list of useful changes somewhere?
The LHC will not start a chain reaction in the universe converting it all to a lower energy state and letting all the planets in all the solar systems turn to goo.
It will not blow a hole in space-time and let all the matter get sucked thru the hole. It will not destroy gravity.
I am not an atomic playboy as one of my critics labeled me colliding these protons to satisfy my personal whim.
I always thought it would be awesome that all the forced air vents in rooms were remote controllable so you could only heat or cool the rooms were people are. seems like a no brainer.
Interesting how things that seem like a good idea on the surface turn out to be counterproductive once you consider all the implications of doing them.
Damage to structures from condensation in structures, damage to HVAC equipment due to high static pressures, reduced heating/cooling efficiency of structures due to unbalanced air flows.
"The bill removes mass metadata collection powers from the NSA"
Unanimous 2nd circuit decision says no, original authors of the patriot act say no. Yet media completely ignores the issue and assumes without question patriot act authorized any such thing to begin with.
Third party doctrine predates the patriot act and Hayden goes around publically gloating Article II powers stemming from Bush era AUMF is the source of his authority.
Even if patriot act were left to expire wholesale without "USA Freedom Act" resurrection those against this FUD powered insanity were never even in the game.
Lots of devices, like AC motors require AC to run. This includes air conditioning systems and refrigerators, which are the biggest power users in a typical home
Replacing this inefficient crap with electronically commutated motors over time as they die out is a huge win for all.
News like this makes me angry and sad at the same time. The problem is that it's all so complicated that one cannot really understand the matter without spending years of work and research on it, and even then a citizen only gets a subset of all information that was presented.
You know what makes me angry and sad? The false assertion people need to become domain experts to make informed decisions. The health effects of EDCs are well known.
In this case merits of EU regulation don't even matter. There was no evidence offered new data was provided to support changing policy. Local policy seems to have been sidetracked by political concerns.
Unfortunately reality continues to exists independent of politics.
I put all my flash media (SSDs, SD-Cards, thumb drives) in a ziploc bag to protect them from condensation, put that inside a sealed mason jar (just in case there is a pinhole in the ziploc bag), and then put that in the bottom drawer of my refrigerator, right next to my battery stash.
This seems unwise. Packaging everything up in an airtight container under presumably room temperature and proceeding to put it in the fridge to "protect them from condensation" is great way to generate condensation.
You might want to consult a psychrometric chart or invest in desiccant.
I'm sure graphic designers have a load to complain about how you're incompetent too, while we're at it. Show me a bad metro UI by a graphic designer and I can show you an awful UI by a programmer.
Show me one fool operating out of their domain with poor results and I'll show you another doing the same. Neither should be working UI design.
GUIs are the way of the future and the metro style is here to stay.
Microsoft's competitors certainly hope this is the case.
Whoever wrote the article didn't watch CSPAN all the way to the end. Mitch McConnell moved to reconsider Sunday the 31st. They're going to put it to a vote the following Sunday, because the bill expires at midnight on that day. Meaning this could still pass. I'm betting they're going to twist some arms to make that happen. What was really disturbing about watching that whole ordeal last night was that McConnel was able to put it to a re-vote multiple times in hopes of getting the answer he was looking for.
I'm not sure what he was expecting here... you would have to be a fool to change your mind so quickly even if you wanted to. "I was against the same bill 10 minutes or 1 week before I was for it."... your political adversaries would be negligent not to hang you with that.
The public needs to write their senators ASAP this coming week to demand they vote it down or it's probably going to go through.
Slashdot Mirror
EMPs are probably a moderately favorable case, since you need to do a reasonably visible launch to high altitude to get the best effect; but if somebody just puts a nuke in a cargo container that was supposed to contain xboxes and it levels one of the world's larger container ports, who exactly are you going to retaliate against?
Whoever made that bomb would be my first guess.
Dear Microsoft,
Please let us establish secure connections using TLS-SRP in IE11. This would be most helpful. Imagine a world where even people with weak passwords (most everyone) fooled into supplying credentials to a phisher or MITM attacker face no risk for being suckers.
Apache and some of our Intranet applications support TLS-SRP already yet unfortunately usage is currently limited to machine to machine as none of our users have a browser that can negotiate it. This would be a perfect opportunity to get a leg up on your competition and provide an important security features no other browser vendor has yet to deploy.
When I hear 4K or 8K all I think of is a Spishak Mach 20.
https://www.youtube.com/watch?...
Even 4k at highest possible FOV in full VR is overkill with a working eye tracker and clever photon source. 15 degrees of arc is all cones of human eyes can see.. /w rest requiring an irrelevant number of pixels.
There will be excuses like VR that will push legitimate uses of high density yet relatively low DPD (Dots-Per-Degree) displays for a number of years yet this is only a passing state of affairs.
TempleOS does not use memory protection. All code in the system runs at ring 0, the highest privilege level, meaning that a stray pointer write could easily crash the entire system.
This only makes sense if you're running one program at a time. But if you're running 20 or more programs at once, like a regular user, then a bug in any one of them can cause weird behavior in the others, and it's almost impossible to debug or fix.
I think this is all interesting. There have been research projects like singularity which seek to punt responsibility for system protection to VM which executes all code. Lets not forget the Linux kernel is massive and monolithic but it still works reasonably well.
Today we have operators no longer bothering with traditional multi-user security facilities because it is so easy to just spin up a new virtual machine or isolation something in a docker like container.
I'm not defending TempleOS or approaches but I find exploring what seem like dumb ideas interesting.
The 9/11 hijackers did nothing illegal until well after the cabin doors of their aircraft closed.
The TSA can't do shit against someone who has a brain and patience. Not. a. fucking. thing.
During their flight training they performed poorly, threatened women and treated people like the narcissistic religious nutcases they were. A brain and patience appear to be optional.
Should I care? If so why? They redacted even summary information categorizing what makes these people "suspicious". Is there any public information anyone can use to quantify the risk?
For all anyone knows "links to terrorism" means TSA employee once delivered a pizza to a network admin who prefers IS-IS to OSPF.
Have to love in a supposed free society maintenance of secret lists compiled using secret methods and criteria. A list whose names have no opportunity to know what they are even accused of let alone defend themselves.
The binary blobs are themselves dangerous - driver software is typically running with very high security clearance, and you have absolutely NO idea what is going on inside those blobs.
The hardware is dangerous typically running with very high security clearance, and you have absolutely NO idea what is going on inside those transistors.
Couple that with the fact that we now KNOW the NSA (and presumably other organizations as well) have actively recruited several major companies to collaborate in compromising the security of commodity hardware, and we're in the position of being completely unable to trust ANY binary-blob software in a security-critical scenario.
I KNOW there are devil worshipers operating in the world so I am "completely unable to trust" ANYONE because they may be a devil worshiper.
Without specific information what you KNOW is FUD.
Since Intel was pretty much the go-to option for decent(ish) fully open-source display accelerators, that alone validates a subset of the original question: What are our options now if we want a modern desktop that can be be audited for security?
Before the very same proprietary firmware was burnt into silicon. The only difference "now" is less ignorance.
Q: What guarantee do we have that these binary blobs don't contain root kits?
A: None.
This really isn't acceptable. :(
This is madness. They own the hardware. If you don't trust the vendor they can still screw you in hardware. Your fucked either way.
I don't recall people bitching about CPU microcode or any of a dozen subsystems in a typical computer which run on closed proprietary firmware.
I actually think this is something we should be encouraging more of. What is dangerous is systems downloading firmware from onboard field upgradable roms because attackers have leveraged these vectors to destroy gear and persist ownage even after compromised systems have been completely wiped.
With a current home router and IPv4 + "NAT" the average home user can handle everything they know about today. Without having to learn anything new.
Are there any home routers with IPv6 support that don't come default out of the box with functionally same security policy implemented as SPI?
Most of them run Linux and same connection tracking code that make IPv4 NAT work is available for IPv6.
I'm waiting for somebody to come out with IPv7 that is compatible with IPv4 and convince Cisco or Juniper to put it on their boxes and submit it to IEEE. It might not even have to be IPv6-compatible to displace IPv6. Just like x86_64.
Have you ever considered the reason is that the problem fundamentally isn't solvable?
No matter how clever you are there is no getting around the pidgin hole problem.
Any scheme you can come up with has already been implemented as a transition technology, overlay or CGN and they all suck worse than simply deploying IPv6.
Security is a process. If that process is made easier for some users by using NAT, then it's a benefit. Home users can't manage firewalls effectively. NAT is a good method (even if flawed) to protect some classes of users. Is it perfect? No. But that's why you also have other protections at other layers (host-based firewall, virus scanners, etc.)
NAT is less secure than SPI due to existence of packet mangling ALG codes and gnarly assumptions made by application gateways attempting to deconflict sessions where ambiguities exist.
No more difficult for the end user if SPI is deployed instead of NAT.
Actually IPv4 is more CPU intensive due to where the checksum was implemented. IPv6's issue with hardware is more about memory.
The problem is older routers have ASICs hard coded for IPv4. They can't 'route' IPv6 in hardware like they can with IPv4 so they use their CPU to forward IPv6 which is much slower.
What does someone upgrading from Windows 7 to Windows 10 get out of the deal? A different UX and minor performance improvements only noticeable on low memory systems? Is there a list of substantive reasons for users to care other than 7 10?
I go through Microsoft's website and google.. all I see is BS about a new browser, Cortana and Xbox. Is there a list of useful changes somewhere?
The LHC will not start a chain reaction in the universe converting it all to a lower energy state and letting all the planets in all the solar systems turn to goo.
It will not blow a hole in space-time and let all the matter get sucked thru the hole. It will not destroy gravity.
I am not an atomic playboy as one of my critics labeled me colliding these protons to satisfy my personal whim.
I always thought it would be awesome that all the forced air vents in rooms were remote controllable so you could only heat or cool the rooms were people are. seems like a no brainer.
Interesting how things that seem like a good idea on the surface turn out to be counterproductive once you consider all the implications of doing them.
Damage to structures from condensation in structures, damage to HVAC equipment due to high static pressures, reduced heating/cooling efficiency of structures due to unbalanced air flows.
From the polls I've seen, the public hasn't "lost its shit" yet. The majority is kind of ok with this, which is why it continues.
The media regularly conducts polls to obtain feedback measuring effectiveness of their professional trolling, fear mongering and propaganda campaigns.
"The bill removes mass metadata collection powers from the NSA"
Unanimous 2nd circuit decision says no, original authors of the patriot act say no. Yet media completely ignores the issue and assumes without question patriot act authorized any such thing to begin with.
Third party doctrine predates the patriot act and Hayden goes around publically gloating Article II powers stemming from Bush era AUMF is the source of his authority.
Even if patriot act were left to expire wholesale without "USA Freedom Act" resurrection those against this FUD powered insanity were never even in the game.
Does this require you to create a Microsoft account or otherwise enable spying and calling home because ?
Is there a sane "privacy policy" for the production version of Windows 10?
I'm not trying to be an asshole... "free" frankly scares me.
Lots of devices, like AC motors require AC to run. This includes air conditioning systems and refrigerators, which are the biggest power users in a typical home
Replacing this inefficient crap with electronically commutated motors over time as they die out is a huge win for all.
DC has very rapid power loss over any kind of distance. DC in the home is based on the premise that the home will be powered off the local battery.
DC is slightly better than AC over the same wire at the same voltage and amperage as AC due to absence of "skin effect".
No. The proposed ban was suspended because researchers have, so far, been unable to find ANY actual causality.
Can you cite a source for this?
News like this makes me angry and sad at the same time. The problem is that it's all so complicated that one cannot really understand the matter without spending years of work and research on it, and even then a citizen only gets a subset of all information that was presented.
You know what makes me angry and sad? The false assertion people need to become domain experts to make informed decisions. The health effects of EDCs are well known.
http://apps.who.int/iris/bitst...
In this case merits of EU regulation don't even matter. There was no evidence offered new data was provided to support changing policy. Local policy seems to have been sidetracked by political concerns.
Unfortunately reality continues to exists independent of politics.
I put all my flash media (SSDs, SD-Cards, thumb drives) in a ziploc bag to protect them from condensation, put that inside a sealed mason jar (just in case there is a pinhole in the ziploc bag), and then put that in the bottom drawer of my refrigerator, right next to my battery stash.
This seems unwise. Packaging everything up in an airtight container under presumably room temperature and proceeding to put it in the fridge to "protect them from condensation" is great way to generate condensation.
You might want to consult a psychrometric chart or invest in desiccant.
I'm sure graphic designers have a load to complain about how you're incompetent too, while we're at it. Show me a bad metro UI by a graphic designer and I can show you an awful UI by a programmer.
Show me one fool operating out of their domain with poor results and I'll show you another doing the same. Neither should be working UI design.
GUIs are the way of the future and the metro style is here to stay.
Microsoft's competitors certainly hope this is the case.
Whoever wrote the article didn't watch CSPAN all the way to the end. Mitch McConnell moved to reconsider Sunday the 31st. They're going to put it to a vote the following Sunday, because the bill expires at midnight on that day. Meaning this could still pass. I'm betting they're going to twist some arms to make that happen. What was really disturbing about watching that whole ordeal last night was that McConnel was able to put it to a re-vote multiple times in hopes of getting the answer he was looking for.
I'm not sure what he was expecting here... you would have to be a fool to change your mind so quickly even if you wanted to. "I was against the same bill 10 minutes or 1 week before I was for it." ... your political adversaries would be negligent not to hang you with that.
The public needs to write their senators ASAP this coming week to demand they vote it down or it's probably going to go through.
Amen.