Interesting NSA is able maintain such a dominate position when it comes to employment of mathematicians in todays "high technology world".
I can see professional cosmologists not wanting to piss off NASA yet something seems quite wrong with my world view for there to exist such a lack of demand for mathematicians across the board.
Broadband Connection: A wired line or wireless channel that terminates at an end-user location and enables the end user to receive information from and/or send information to the Internet at information transfer rates exceeding 200 kbps in at least one direction.
Why does the FCC continue to define broadband as 200 kbps for the purposes of service provider reporting requirements when it is 100 times lower than their current definition of broadband?
I don't get it. Proprietary software has all sorts of serious vulnerabilities. Why is it that when a vulnerability is found in FOSS, you people all come out and mock it while ignoring all the incompetence of proprietary software?
OP's comments are worthless because it cherry picks a specific example to speak about a general category.
Your comments are equally silly..
Dude, man that Big Mac was awwwwefulll... Mc Donald's blows...
Why is it that "you people" all come out and mock it while ignoring the equally awful food served at Burger King?
As if it the commenter had some kind of duty to enumerate their disposition to everything else just to be "fair".
FOSS *is* more secure, and that's true even with the occasional vulnerability.
This is a worthless generalization that may be true or false depending on quality of specific systems under comparison.
You're extremely illogical to point to some vulnerabilities and conclude that it isn't more secure.
What is basis for your assumption FOSS is automatically more secure just because it is FOSS? Please cite a study or statistical information supporting your assumption.
How many vulnerabilities are not known about because no one can look at the source code?
The best course of action by far is to shut the city down. The downside of doing so when there is no snowstorm is far lesser than the opposite. Those who complain have no idea what the fuck they're talking about (and who really expects a cabaret singer to have any knowledge of risk assessment and weather prediction?).
There is also downside in possibility next time media and or government freaks out about a genuinely dangerous storm they will be ignored.
I don't even bother with commercial PC games anymore. Nobody can make a fun game today without treating users like shit once they purchase. Just isn't worth it.
I've seen this happen to friends with various puzzle games. Vendor either went out of business or sold out to someone else and games stopped working or couldn't be reinstalled after a computer crash because the registration servers no longer resolved.
Predict a coming wave of surprises in the future as people begin belatedly realize the strange wording on the side of the box saying vendors assert the right to abandon the game and deny access anytime they want isn't just an idle threat or legalese to be tuned out.
Like everyone else reporting on this story, it completely misses the point -- there's no *point* in Google writing a patch, none of the hardware companies involved would ever bother to deploy it. They have *no* control over that bit of code in your phone unless you're running a Nexus device.
This is just an excuse there are ways of architecting systems or adding strings and pressure that would have avoided these completely **predictable** unpleasantries from the start. This is like building a bridge that collapses during a wind storm and the builder/architect say hey not our fault we didn't cause the wind.
Clearly Google has decided that the solution for this problem is to update Android. This is not an unreasonable solution. The problem is fixed, and how you get the fix is well documented.
The problem is when your carrier prevents you from upgrading. Blame for this issue lies soley at the feet of Verizon, At&T, Sprint, T-Mobile, etc.
While mobile carriers and more importantly mobile vendors who unsurprisingly refuse to support their one-off creations are assholes iPhone and WP8 users don't have this problem. When Apple releases an iPhone patch it gets distributed.
A most dangerous category of automation is overly assumptive reflex actions based on incomplete knowledge of the situation.
What happens when I want to change lanes to avoid an accident and a computer has already decided to hit the breaks or apply them harder than intended? Now vehicle is turning and breaking at the same time probably in less than ideal conditions contributing to an initial event.
Only thing grosser than eating Cheetos and licking your fingers while texting and driving is making others pay for your cheesiness.
I don't believe in real quantum computers because they require operating on the premise you can just sit there and extract whatever unlimited amounts of computation from the universe for a cost exponentially approaching free.
No doubt at all these machines given enough time and effort will work and they will provide the world with useful benefits only those benefits will look nothing like:
"Problems that would take a state-of-the-art classical computer the age of our universe to solve, can, in theory, be solved by a universal quantum computer in hours."
Make your websites a PDF file. It will always look and print nicely without wasted time quibbling over screen size, browser compatibility, fonts, CMS security patches or complaints from clients who need your help changing x, y AND z by themselves for free.
The nice thing about PDF files creating them is just a click away for most WYSIWYG publishing systems and by withholding source document your clients will have no way of making any changes without paying you.
If you object to my response with reasonable arguments it may be better to consider a different approach better addressing your (customers) specific needs.
How many unauthenticated remote exploits in a HTTP stack does it take to lose a customer?
Never understood how Oracle is allowed to continue to operate like this. The only thing worse than a multi-billion dollar software company failing to exercise any discipline over their systems unauthenticated attack surface is length of time they must have sat on all of these exploits just so they could package it up and release all at once.
Snail mail and land line phones were never secure, all it took was a search warrant/court order (really easy to get) and the police had it. Email is no different.
Sure they are, you just need to add your own security on top of it. People have always been able to break out their favorite secret book and OTP their message or speak in code.
All the ranting about the NSA and government intrusion just diverts from the fact that; 1) if you don't want anyone to hear what you say, don't say it.
Unacceptable.
) if you don't want anyone to read what you write, don't write it down.
See above.
The USA founding fathers lived with the knowledge that they would be held accountable for what they said and wrote, and today it's no different.
Really so while negotiating and working to build consensus it was all out there for anyone to know their bargaining positions? There was no need for secrecy?
In the real world any serious attack would have been conduced in stealth far in advance with damage triggered at a time of the attackers choosing.
In the fantasy world military brass operate repelling a "cyber attack" means sitting in front of a oversized console while "god" yells Rabbit.. flu shot? Someone talk to me.
In what way does it not? With insurance someone else is paying the bill even when you fuck up. You will feel some additional pain but most of it is offloaded.
There are ways to turn costs or sudden losses into externalities via publicly provided or covered insurance, but that's not an consequence of all insurance.
My remarks are limited to "most Insurance".
It's been no easier in the past to deal with sudden catastrophes than it is now.
I'm not so sure. In isolation this is an easy case to make...hey a tree fell on my house and now I can afford to fix it... there are also downsides and opportunity costs.
Hospital industry is a good example of what happens when you allow externalities to run rampant. Huge increases in overall share of GDP for little measurable improvement in outcomes. What is worse most of the expenditures go into dealing with the consequences of diseases which normally only occur when people fail to take proper care of themselves.
In any event disagreement is not grounds for -1 troll mod and +4 insightful is hardly deserved by those who veer off topic.
I sincerely hope in the year 2020 there is an operating system in existence I would happily want to upgrade to.
Commercial vendors are spending too much time "playing games" and not enough time providing actual value to end users.. I fear by 2020 things will only get worse yet it is also clear MS has belatedly learned some lessons.
The final end of support for Windows 15 will be January 19th 2038.
SPDY will allow later requests to be answered before the first one. You seem to be focusing on the aspect of re-using old stale connections. I'm talking about the many dozens of connections needed on the initial visit to a web site right now.
When I mention head of line blocking I am referring to the transmission of the overall stream of data transported via TCP. Whatever structure comprises SPDY the stream itself is subject to head-of-line blocking. Multiple unrelated assets within a related stream are at the mercy of the properties of that stream. Multiple unrelated parallel streams are able to operate *independently* of the other.
The problem occurs normally (bad luck, ICW) and especially with lossy networks such as a high latency wireless network you end up blocking for RTT or RTO.. during that time nothing is transmitted with SPDY. If instead parallel TCP streams are used remaining streams are able to continue transmission.
The RFC itself says that it's vulnerable to replay attacks.
Of course it absolutely is.
Even more so than what's currently in use.
To conduct a replay attack you need to be able to get a copy of the packet to replay it. If you can do this you can own the TCP channel. I don't know how things can get any worse. In either case with or without fast open adding security (e.g TLS) is often helpful.
There's a different type of HOL blocking specific to multiplexed HTTP pipelining (at the next highest protocol layer). If one resource is slow to load because of being dynamic, it can hold up the entire queue.
This makes little sense. HTTP/1.1 pipelining is only even possible if the size of content is known a-priori. Hard to imagine limited cases where you can know the size in advance before taking time to generate it.
I do agree there are multiple instances at multiple layers that can have the affect of stalling the pipeline.
My understanding is that your browser cookies and user agent string would be re-sent with every request using RFC7413. That's not small.
Its insignificant, what matters for senders is latency.
And it can't handle POST requests safely, meaning fragmented protocols.
I hope your kidding there are no useful transaction semantics defined for POST requests or any other HTTP verbs. Any assumption this is somehow safe today is wrong. It can only be made safe by application layer detection.
Slashdot Mirror
Apple pioneered lack of choice and single vendor dominance over whole of hardware and software infrastructure. Congratulations.
Interesting NSA is able maintain such a dominate position when it comes to employment of mathematicians in todays "high technology world".
I can see professional cosmologists not wanting to piss off NASA yet something seems quite wrong with my world view for there to exist such a lack of demand for mathematicians across the board.
Asking scientists questions about topics for which they are not domain experts is misguided at best.
This was retrieved today from FCC website:
Broadband Connection: A wired line or wireless channel that terminates at an end-user location and enables the end user to receive information from and/or send information to the Internet at information transfer rates exceeding 200 kbps in at least one direction.
Why does the FCC continue to define broadband as 200 kbps for the purposes of service provider reporting requirements when it is 100 times lower than their current definition of broadband?
I don't get it. Proprietary software has all sorts of serious vulnerabilities. Why is it that when a vulnerability is found in FOSS, you people all come out and mock it while ignoring all the incompetence of proprietary software?
OP's comments are worthless because it cherry picks a specific example to speak about a general category.
Your comments are equally silly..
Dude, man that Big Mac was awwwwefulll... Mc Donald's blows...
Why is it that "you people" all come out and mock it while ignoring the equally awful food served at Burger King?
As if it the commenter had some kind of duty to enumerate their disposition to everything else just to be "fair".
FOSS *is* more secure, and that's true even with the occasional vulnerability.
This is a worthless generalization that may be true or false depending on quality of specific systems under comparison.
You're extremely illogical to point to some vulnerabilities and conclude that it isn't more secure.
What is basis for your assumption FOSS is automatically more secure just because it is FOSS? Please cite a study or statistical information supporting your assumption.
How many vulnerabilities are not known about because no one can look at the source code?
I give up... how many?
The best course of action by far is to shut the city down. The downside of doing so when there is no snowstorm is far lesser than the opposite. Those who complain have no idea what the fuck they're talking about (and who really expects a cabaret singer to have any knowledge of risk assessment and weather prediction?).
There is also downside in possibility next time media and or government freaks out about a genuinely dangerous storm they will be ignored.
I don't even bother with commercial PC games anymore. Nobody can make a fun game today without treating users like shit once they purchase. Just isn't worth it.
I've seen this happen to friends with various puzzle games. Vendor either went out of business or sold out to someone else and games stopped working or couldn't be reinstalled after a computer crash because the registration servers no longer resolved.
Predict a coming wave of surprises in the future as people begin belatedly realize the strange wording on the side of the box saying vendors assert the right to abandon the game and deny access anytime they want isn't just an idle threat or legalese to be tuned out.
You don't survive widespread nuclear war without some pretty drastic measures.
Follow Bert the Turtle's example and you will be just fine.
If the options were between martial law and severe curtailing of rights, or the complete collapse of society, I know which one I would pick.
Did this nonsense also come from the federal civil defense administration?
Like everyone else reporting on this story, it completely misses the point -- there's no *point* in Google writing a patch, none of the hardware companies involved would ever bother to deploy it. They have *no* control over that bit of code in your phone unless you're running a Nexus device.
This is just an excuse there are ways of architecting systems or adding strings and pressure that would have avoided these completely **predictable** unpleasantries from the start. This is like building a bridge that collapses during a wind storm and the builder/architect say hey not our fault we didn't cause the wind.
Clearly Google has decided that the solution for this problem is to update Android. This is not an unreasonable solution. The problem is fixed, and how you get the fix is well documented.
The problem is when your carrier prevents you from upgrading. Blame for this issue lies soley at the feet of Verizon, At&T, Sprint, T-Mobile, etc.
While mobile carriers and more importantly mobile vendors who unsurprisingly refuse to support their one-off creations are assholes iPhone and WP8 users don't have this problem. When Apple releases an iPhone patch it gets distributed.
A most dangerous category of automation is overly assumptive reflex actions based on incomplete knowledge of the situation.
What happens when I want to change lanes to avoid an accident and a computer has already decided to hit the breaks or apply them harder than intended? Now vehicle is turning and breaking at the same time probably in less than ideal conditions contributing to an initial event.
Only thing grosser than eating Cheetos and licking your fingers while texting and driving is making others pay for your cheesiness.
I don't believe in real quantum computers because they require operating on the premise you can just sit there and extract whatever unlimited amounts of computation from the universe for a cost exponentially approaching free.
No doubt at all these machines given enough time and effort will work and they will provide the world with useful benefits only those benefits will look nothing like:
"Problems that would take a state-of-the-art classical computer the age of our universe to solve, can, in theory, be solved by a universal quantum computer in hours."
Make your websites a PDF file. It will always look and print nicely without wasted time quibbling over screen size, browser compatibility, fonts, CMS security patches or complaints from clients who need your help changing x, y AND z by themselves for free.
The nice thing about PDF files creating them is just a click away for most WYSIWYG publishing systems and by withholding source document your clients will have no way of making any changes without paying you.
If you object to my response with reasonable arguments it may be better to consider a different approach better addressing your (customers) specific needs.
How many unauthenticated remote exploits in a HTTP stack does it take to lose a customer?
Never understood how Oracle is allowed to continue to operate like this. The only thing worse than a multi-billion dollar software company failing to exercise any discipline over their systems unauthenticated attack surface is length of time they must have sat on all of these exploits just so they could package it up and release all at once.
I think you spelled "reality" wrong :-) Never say or do anything you wouldn't want your mother to see on the front page of tomorrow's newspaper.
Good advice when making public statements or comments.
When having a private discussion with trusted people the government and any other peeping toms who think they have a right to it can eat random noise.
Snail mail and land line phones were never secure, all it took was a search warrant/court order (really easy to get) and the police had it. Email is no different.
Sure they are, you just need to add your own security on top of it. People have always been able to break out their favorite secret book and OTP their message or speak in code.
All the ranting about the NSA and government intrusion just diverts from the fact that; 1) if you don't want anyone to hear what you say, don't say it.
Unacceptable.
) if you don't want anyone to read what you write, don't write it down.
See above.
The USA founding fathers lived with the knowledge that they would be held accountable for what they said and wrote, and today it's no different.
Really so while negotiating and working to build consensus it was all out there for anyone to know their bargaining positions? There was no need for secrecy?
In the real world any serious attack would have been conduced in stealth far in advance with damage triggered at a time of the attackers choosing.
In the fantasy world military brass operate repelling a "cyber attack" means sitting in front of a oversized console while "god" yells Rabbit.. flu shot? Someone talk to me.
It seems every time I turn around there is yet another system process overwriting my iptables configuration.
Insurance externalizes internalities.
No, it doesn't.
In what way does it not? With insurance someone else is paying the bill even when you fuck up. You will feel some additional pain but most of it is offloaded.
There are ways to turn costs or sudden losses into externalities via publicly provided or covered insurance, but that's not an consequence of all insurance.
My remarks are limited to "most Insurance".
It's been no easier in the past to deal with sudden catastrophes than it is now.
I'm not so sure. In isolation this is an easy case to make...hey a tree fell on my house and now I can afford to fix it... there are also downsides and opportunity costs.
Hospital industry is a good example of what happens when you allow externalities to run rampant. Huge increases in overall share of GDP for little measurable improvement in outcomes. What is worse most of the expenditures go into dealing with the consequences of diseases which normally only occur when people fail to take proper care of themselves.
In any event disagreement is not grounds for -1 troll mod and +4 insightful is hardly deserved by those who veer off topic.
I sincerely hope in the year 2020 there is an operating system in existence I would happily want to upgrade to.
Commercial vendors are spending too much time "playing games" and not enough time providing actual value to end users.. I fear by 2020 things will only get worse yet it is also clear MS has belatedly learned some lessons.
The final end of support for Windows 15 will be January 19th 2038.
How are we supposed to root our devices if all the security holes get patched?
Chevy Bolt...really? Did the lawyers gather around in a drunken stupor one night and belch that one out?
Why can't electric cars look ... normal? Who wants to buy this? I just don't understand.
Even if this were true, what makes it a "pile of dogshit that smells". Insurance does serve a very useful role in our society.
Insurance externalizes internalities. It seems necessary because its existence over many decades has fucked up society enough to make it that way.
SPDY will allow later requests to be answered before the first one. You seem to be focusing on the aspect of re-using old stale connections. I'm talking about the many dozens of connections needed on the initial visit to a web site right now.
When I mention head of line blocking I am referring to the transmission of the overall stream of data transported via TCP. Whatever structure comprises SPDY the stream itself is subject to head-of-line blocking. Multiple unrelated assets within a related stream are at the mercy of the properties of that stream. Multiple unrelated parallel streams are able to operate *independently* of the other.
The problem occurs normally (bad luck, ICW) and especially with lossy networks such as a high latency wireless network you end up blocking for RTT or RTO.. during that time nothing is transmitted with SPDY. If instead parallel TCP streams are used remaining streams are able to continue transmission.
The RFC itself says that it's vulnerable to replay attacks.
Of course it absolutely is.
Even more so than what's currently in use.
To conduct a replay attack you need to be able to get a copy of the packet to replay it. If you can do this you can own the TCP channel. I don't know how things can get any worse. In either case with or without fast open adding security (e.g TLS) is often helpful.
There's a different type of HOL blocking specific to multiplexed HTTP pipelining (at the next highest protocol layer). If one resource is slow to load because of being dynamic, it can hold up the entire queue.
This makes little sense. HTTP/1.1 pipelining is only even possible if the size of content is known a-priori. Hard to imagine limited cases where you can know the size in advance before taking time to generate it.
I do agree there are multiple instances at multiple layers that can have the affect of stalling the pipeline.
My understanding is that your browser cookies and user agent string would be re-sent with every request using RFC7413. That's not small.
Its insignificant, what matters for senders is latency.
And it can't handle POST requests safely, meaning fragmented protocols.
I hope your kidding there are no useful transaction semantics defined for POST requests or any other HTTP verbs. Any assumption this is somehow safe today is wrong. It can only be made safe by application layer detection.