Also a valid point. I do a fair bit of phone hacking, but am very cautious about what I install from whom (it helps that I can decompile apps pretty well by now). Most people aren't, and somebody is going to want to take advantage of that.
Interesting! Not too surprising either; Japan is often on the leading edge of technologies like that.
Of course, NFC has got other uses, too. I've seen restaurants with NFC "Tap your phone here to leave feedback about your dining experience" stickers, businesses and hotels with "tap here to call a cab" stickers, smartphone car kits which automatically launch the navigation app when you insert your phone, and all manner of other such things... in the US and Europe. They aren't widespread yet, but they exist. Then there's stuff like the whole "tap-to-send" for inter-device file transfer that Samsung has been advertising for years.
NFC is a lot more than *just* payments... though it definitely does those, too.
That NFC will be made available via jailbreak, I do not doubt.
That it will happen quite that *fast*, I do doubt. Apple has gotten really good at lockdown.
Note that Lockdown != Security. Security means preventing unauthorized access. If you can't even authorize *yourself* to get access, it's either not "security" or it's not your device (or both).
If you want NFC, go with Samsung, or HTC, or Nokia, or one of the many other phone OEMs who have been including NFC hardware and software that lets you use it for years now.
1) Use the command line, if this is important to you. Graphical shells for Linux sometimes do this too; it's not a Windows-exclusive thing. It's mostly just a way to implement symlink-like behavior (put your pictures on the external drive, but make them still reachable from your user profile) without actually exposing a symlink interface (which NTFS actually supports, BTW). It's not like you can't find the real paths easily, anyhow.
2) I mostly agree, though there's basically always a way to find out what the actual error was. For example, the built-in network troubleshooter will tell you what it finds (and whether it was able to fix it or not), although it takes a while to run. Worst case, check the event log. All kinds of stuff winds up there but you can often find what you're looking for with only a little filtering.
3) That message appears when a Media Transfer Protocol (MTP) device does not report that it supports a file type and you try to copy it anyhow. Since MTP allows reporting supported file types (among other things, this allows automatic conversion of media files by sync utilities), it really is the responsibility of whoever wrote the device's MTP implementation to report its supported file types correctly. In the case of a smartphone, that may just be everything but the PC doesn't know that. For the record, copying an MP3 to my phone does *NOT* give that warning, although copying an EXE does.
4) Never going to happen. File locks are an OS-enforced security feature. Yes, it would be nice if the OS wee to go check what process has the handle open and tell you (starting with Vista, Windows will do this under *some* circumstances but it could really be more common). Ideally, it would then (assuming you have sufficient privileges, which may be as-is, may be Administrator, or may be something like SYSTEM) offer to close the handle for you, unlocking the file. Of course, this risks crashing the process that had the handle open - an obvious example would trying to delete the executable of a running process - but it would also be an acceptable option to just kill the process (again, assuming you have privileges). Sure, Linux gets by with its file access system, which has no way to lock a file (you can change the permissions on it if you own it or are root, but that won't stop somebody else who already has an open file descriptor from reading or writing to the file) but file locks have been a part of the Microsoft file system access paradigm for practically as long as they've been writing operating systems, and developers in the Windows world use them and rely on them. Changing that behavior in some drastic way would have a major impact on the security (and sometimes the simple correctness) of software written for Windows.
5) So what, MS should just assume that everybody who might ever want to store files in something like Box or OneDrive should already know about them, have downloaded and installed them, and that MS should never offer to integrate one of their products with another of their products unless you explicitly tell them to? Do you also object to Android automatically adding your Gmail account if you sign into it when setting up the phone, or to KDE opening AmaroK by default when you double-click a FLAC file? Oh, and if WMP is "spewing" its icon about, you have a definite case of PEBKAC. The only WMP icons on my machine are for launching the program itself (in Start or ont he taskbar, probably on the program binary too); all of my media files have icons from my preferred media player and have had those icons ever since I set the file association to that media player. Are you telling WMP to re-associate itself with its playable file types? Because it does not do that automatically...
Sandboxing and automatic updates. Those are two of the most critical features of the "Windows Store" apps.
All store apps run with extremely low privileges, and are only given access to the resources that they specify at installation. They can't read, much less wrote, most of the file system. They can't open arbitrary device handles. They can't enumerate running processes, much less open handles to them. They can't log your keystrokes (while the app lacks focus) or record your network traffic (except for the traffic to or from the app). They can *never* have Administrator powers.
All of this has two important effects. First, you can be sure that the apps are pretty safe to install, because there just isn't much that a Trojan app could do. Second, you don't have to worry much about the app being compromised by a remote attacker, because even if the attacker gets arbitrary code execution within the app there's basically nothing serious they can do with it. Worst case, you can uninstall an app (and guarantee that you get all of it).
The other key difference is the ability to do automatic updates. It's long been noted that while Linux's software repositories and package managers make keeping all your software current an easy process, on Windows you have practically every single app installing its own update mechanism... or not having any update mechanism and hence people run all manner of outdated versions. It's an extra burden on the developers and an inconvenience for the users. The store offers a built-in way to publish updates, notify users of updates, and even install updates automatically in the background if the user so desires.
Another one: You can launch he Control Panel (on the desktop) from the new menu that pops up when you hit Crtl+X or right-click the Start button.
Once you have the Control Panel open (on the desktop), right-click its Taskbar icon and select "Pin to Taskbar". Now you can launch the Control Panel with one click, or right-click it to launch directly to any of the commonly-used panels, all guaranteed to open on the desktop.
Hot corners are already optional and can be removed. On Win8.1, open Start, type "corner" (no quotes), and open the "Corners and edges" setting option that appears. Turn off the options under "Corner navigation".
Lol what, flamebait? Some mod was very confused...
Anyhow, it's a terrible idea *in general* to use HTTP for anything that is by default over HTTPS. Various reasons include: 1) As mentioned by other posters, we should be increasing the total encrypted traffic, right that decreasing it. Hide everything, even if you have nothing to hide. No good comes of letting everybody between you and Google (and their domestic or international spymasters) observe your traffic, but some harm may come of it. 2) Actual security risk: inadvertently exposing sensitive data. I would *hope* that Google is smart enough to use the Secure flag on all their sensitive cookies, but they wouldn't be the only Internet giant to fail to secure semi-sensitive cookies (ones that are not by themselves very sensitive, but can be used to launch more sophisticated attacks). Using SSL means that all cookies and other traffic is protected, sensitive or otherwise. 3) Actual security risk: SSL stripping. This is where an attacker tricks a victim into doing their browsing over HTTP (which the attacker is monitoring and editing) instead of HTTPS by re-writing any links to HTTPS as HTTP links instead (simple redirects from HTTP to HTTPS are silently completed by the attacker). This is a real-world attack for which freely-available and easily used tools exist. It relies on you going to an HTTP site first though; if you only use HTTPS the attacker can't get into your session to start the attack. 4) Privacy concern. A person's search history can reveal quite a bit about them. You can't keep Google from having it (well, except by using different search engines, especially the ones built for anonymity) but there's no need to make it *widely* available. You say you don't care now, but are you sure you never will? It costs very little to add some confidentiality to your online activities. 5) Convenience. As you note, you "have to" use a different and non-default search URL. That's silly. A minute of installing certificates could save you a lot of annoyance in the future
That's a terrible idea. You are aware that using a proxy with HTTPS is entirely possible, right? Set up the proxy to automatically generate trusted certificates using an internal CA key, import the proxy's CA key as a trusted CA, and go to town. I've used both Fiddler and Burp in this way, and I'm sure lots of other software supports it too (automatically, even). Make sure the proxy still performs cert validation and warns you if the validation fails (it should do this by default).
There. Now you can have your filtering and secure it too.
There's probably not much point in trying to fix the bodies anyhow; even without the freeze damage, the people are legally dead because their bodies were shutting down. In many cases, the freezing just finished a process of tissue damage that was already near-complete.
With that said, bodies (unlike brains) cannot currently be preserved without any freeze damage. Although some places will cycle cryopreservative though the bloodstream to mitigate the damage, others don't bother keeping the parts that can't be protected against freeze damage and only preserve the contents of the skull. Those people signed up for cryopreservation *knowing* their only hopes of revival were brain uploading or brand new bodies... and to them it was worth it. Why not? They were going to be dead anyhow.
Some of those early adopters... you mean, like the ones who put their own money into launching the industry, and are themselves cryogenically preserved? I doubt any of them thought they would be restored by now - they knew, as well as we know today, that technology would need to advance to the point of either completely rebuilding their bodies or making bodies themselves redundant - though I suspect some of them thought (and I'm sure they all hoped) there would be more research in the field. In any case, I'm not sure how something is supposed to be a scam when the people launching it put not only their own money but also their own bodies into it. It's not like these were young people out to make a quick buck...
As for the "died before freezing", that's literally a legal technicality, at least in many cases. They met the legal definition of dead - that is, their heart stopped beating - but even back then we could resuscitate people from that state in most cases. In many cases, not for long; their bodies would need to be kept operational through artificial intervention. So yeah, the bodies are dead. But the brains aren't. Your brain can endure a few minutes without oxygen before damage even begins to occur. That's why cryopreservation focuses on the brain. So yeah, the people "died" - but instead of being "brought back" for a brief time (as now happens routinely in hospitals every day) the brain was filled with a chemical that prevents freezing damage and preserved at the temperature of liquid nitrogen until it can be "brought back" into a new life entirely.
On the plus side, knowing your own death is coming and being at a hospital already gives the best chances for cryopreserving the brain before it begins to degrade. You can get a "standby" watch as the time approaches.
On the minus side, ALS is a neurological disease. It affects the motor neurons, not the ones responsible for cognition, but that includes the "upper" motor neurons... including the ones in the brain.
Maybe we'll be able to repair ALS-damaged neurons before we figure out how to safely reverse cryopreservation. Maybe we won't, but life support systems will be good enough it'll be worth bringing him out anyhow. Maybe we'll achieve brain uploading and ALS will be irrelevant. Any which way you look at it, though, he's going to need some work.
That's actually one of the (many) problems with cryopreservation research. We can't bring people out of full suspension right now, so cryopreserving a living person is legally considered killing them. Thus, it can only be done to people already legally dead. Legally dead people tend to have died *of* something. There just isn't any point to bringing people out of cryonics until we can repair (or replace) their bodies.
I don't deny this. The entire health insurance industry is a parasite on our economic ability to keep people healthy; it extracts value from the economy without producing anything of greater value. However, in the current environment, it's practically non-optional (actually, post-Obamacare, it's required even more so, but it was almost mandatory beforehand too). Healthcare in the US is phenomenally expensive compared to practically anywhere else in the world, and while I'll happily note that our doctors are excellent, they are *not* worth what they cost in most situations. Very few people set aside the kind of money required to cover the time when they *will* need it, and even those who otherwise would do so may find themselves unable to set aside that much if a medical emergency hits them young.
So yeah, universal health insurance (through mandatory patronage of for-profit insurance companies) is a sucky attempt at a solution. Sadly, it is *still* better than what we had before, for those who previously simply could not get such insurance due to pre-existing conditions or medical history.
While I agree, in general, with the claims of how shitty Obamacare is...
I have friends who now have health insurance, and another who has finally been able to leave his old employer (to start his own company and become self-employed), because of Obamacare. Specifically, two of these friends are cancer survivors (throat and cervical), one has fibromyalgia, and one has a chronic autoimmune disorder whose name I forget. They wouldn't have been able to buy health insurance, otherwise; nobody was willing to offer it. So, for them personally, Obamacare *is* better than what they had before.
Of course, there are a lot of less-fucked-up ways of addressing that issue.
That's *significantly* less than I made as a no-benefits intern (if you had extended said internship to a full year) with 3/4 of a Bachelor's degree six years ago. It's about 2/3 of the entry-level salary for a developer around here even if you aren't working at the good places, about half if you are, and that doesn't include benefits.
Are you sure that union is helping out? I mean, I assume your cost of living is a lot lower than mine - I'm in Seattle - but that is a seriously mediocre amount of money for this field. Are you saying that would make up the difference between what you make now and what you would be making working some other field?
Note that I'm not opposed to unions in theory. I just tend to think their implementation tends to have problems and sometimes is a significant net negative. There are fields where unions make a lot of sense - construction comes to mind, for example, and mining, and other dangerous jobs where one worker is largely interchangeable with another and consequently the workers have no power - but IT in general (be it support, development, consulting, or so on) are not such a field. I work 40 hours a week, have four weeks paid vacation a year plus paid sick days and holidays, can work from home when needed, make six figures plus bonuses, have a generous training budget, and get benefits. I'm 4.5 years out of college with an Engineering bachelor's, and took a six-month break in the middle of that. What would a union have gotten me that could possibly be worth its dues? That's ignoring the risk of the union making it hard to get rid of the people who sincerely need to go, and other such potential problems.
1 - Right-click the network icon in the system tray (it's in the same place on all versions of Windows from the last decade, and XP too for that matter). 2 - Select "Open Network and Sharing Center" (if on XP, just go to Properties, but make sure you got the right network interface if you have more than one). 3 - Click on the network interface name (something like "Local Area Connection" or "Ethernet"; XP users skip this step because you already chose the interface) to open the interface status. 4 - Click on Properties and, if not already running elevated, go through UAC. This gets you where the XP users were waiting (for the 13 years since their OS came out...). 5 - Double-click on "Internet Protocol Version 4". 6 - Change IP.
There's a number of alternate ways though some of those steps. You can also short-circuit the whole thing using netsh, but it was implied that you wanted the GUI technique. Oh, and these steps work for the last four (arguably five) OS releases, on everything from the extremely basic Starter SKU to the highest-end Windows Server Datacenter Edition to even the RT versions. Care to give the steps for Ubuntu 9.04 (a mere five years ago), or for Kubuntu/Xubuntu/etc.?
MS creates a lot of generic drivers (think stuff like USB mass storage, generic monitors, SATA controllers, Media Transfer Protocol devices, anything like that where there's a standard that the hardware implements). You can get a basic (but functional, if you don't mind probably having the wrong video resolution) computer running almost entirely on Microsoft-written drivers.
With that said, the vast majority of Windows drivers (by count, not necessarily by usage) are developed by hardware vendors. Microsoft probably doesn't even have 20k people in the Windows org at all, even if you include test, PM, and management. They certainly don't have that many on the kernel and devices team, never mind the portion of that team which is actually developing (including designing and testing) drivers.
Wow, you didn't even read the *summary*? That's some impressive skill there. Hint: Juniper routers do *not* run Windows. They do terminate SSL though, and therefore see all the data that goes in or out. Which means Heartbleed can be used to extract all that data... including login credentials.
No, it's not a good point because you're missing the entire point of the Heartbleed vulnerability. Heartbleed lets you get *everything* SSL-related on a host. It's not "just" the private keys and such; it also contains passwords, authentication tokens, two-factor auth values, and so on. In short, it gives you everything that is required to successfully impersonate a legitimate user, and gain just as much access as that user does.
As for IDS, how the hell is an IDS supposed to recognize that this is an attack? Sure, if it could recognize Heartbleed requests that would work, but if the IDS had been updated since Heartbleed went public then surely the router would have been updated too...
I like how you didn't actually refute a single one of my points. It gives me a warm fuzzy feeling to be subjected to insults on my intelligence from people who can't even make a counter-point. The closest you came was failing to understand what an implicit bribe is. If the crash dialog message - the one that pops up when the program segfaults, the equivalent of Windows' "do you want to send an error report to Microsoft?" box - includes a button to submit feedback about this whole project (which just ate your file and wasted your time), most people will ignore it but some fraction will take the chance to vent some spleen. That kind of thing is easy to get added to a project if you have a little money to funnel to some coder, but will inevitably produce far more complaints than accolades. There's opportunities all over something like this for money to subtly make life better for those who complain.
But, if you want to take the concept of "bribes" more literally, remember my third point above. There are, statistically, many times as many people who are annoyed at this software as there are complaints filed; given the number of people involved in this project that's inevitable. People don't like change, they don't like needing to learn things, they don't like it when the new thing introduces even minor annoyances that the old thing lacked (and conveniently forget that the old thing had worse annoyances that the new one doesn't), and there's always the minority who honestly like even an inferior product. If Microsoft managed to identify even 10% of those people and give them the least bit of incentive to file a complaint, most of them would not turn it down. "Oh wow, sure, I'd love tickets to the football [soccer] game!... Ha, you want to hear my thoughts on the software? Be ready for an earful!... You know, I'd never thought about it before, but maybe if I complain somebody *would* notice..." Hell, just offer entry in a drawing for some fairly-cheap prize if people submit feedback and then only advertise the drawing amongst the disaffected...
I will readily grant that I'm surprised that so many people thought gothzilla's post was insightful, considering that it literally contains a fundamental flaw of reading comprehension: the inability to separate the hypothetical scenario from the statement of fact. I never implied, or even "ask[ed] questions" suggesting, that this had actually happened. I pointed out that it was *possible*. In fact, I explicitly pointed out that it was implausible. Did you think I was trying some weird reverse psychology BS?
As for the "naïve" part, it's either that or simply ignorant of history. Microsoft, and various other moneyed interests on the other side of the libre-vs.-proprietary debate (Oracle, SCO-via-Microsoft, Sony, etc.), have a well-established history of throwing money are successful open-source initiatives and sometimes successfully making them go away. In what world is "Microsoft has money, Microsoft wants people to complain about the project, therefore Microsoft finds a way to buy complaints" not a completely obvious possibility to anybody who isn't the "oh, they would never do that!" category of naivete?
Reading comprehension fail? First, I said there were ways it *could* happen, not that I thought either had occurred. So no, I don't "really, honestly" believe that... Second, bribes don't need to be anything explicit - in fact, they rarely are, simply because it's so likely that people will report it - there just needs to be some kind of incentive. It doesn't need to be anything traceable to Microsoft; the people taking the hypothetical incentive never need have known from whence it came. Third, there are always tons of people upset about any given change; with the years this project has run, MS has had plenty of time to find them and encourage them to complain. No need to bribe people to file false reports; just convince those who wouldn't otherwise have complained to do so (and maybe those who would have sent praise not to do so). Fourth, I'm a security consultant. It is literally my job to be paranoid about potential attack vectors. That doesn't mean I think they'll happen - in fact, another part of my job is rating the risk of each threat coming to pass - but it's there. Fifth, anybody who *doesn't* see that as the obvious answer to how MS having a bunch of money at stake could lead to this is (IMO) dangerously naïve. It's not complicated; it just requires asking yourself how you could generate complaints if you had lots of money and no morals.
In fairness, there are at least two ways that could happen: 1) MS bribes people to complain. Unlikely, but not impossible. 2) MS bribes the relevant officials to *say* there have been overwhelming complaints. I mean, there are inevitably going to be complaints; that happens any time *anything* changes. The question is at what point they become important enough to sway the overall decision.
"Long-term" in this case meaning hours rather than seconds or minutes, which are typical times for a capacitor to discharge to an effectively useless voltage (though I admit to not having tried building a system that could use them). The system my parents use can run off stored capacity for around three days if needed (assuming typical usage but no charge for whatever reason), although the batteries would suffer damage from being drained (typically you don't want a nominally-12V lead-acid-chemistry battery to drop below about 11.5V if you can help it, anything below 11V and you're probably losing significant capacity; empty is around 10.8V).
Slashdot Mirror
Just after my points expire... *MAD* props to you, irq-1!
Also a valid point. I do a fair bit of phone hacking, but am very cautious about what I install from whom (it helps that I can decompile apps pretty well by now). Most people aren't, and somebody is going to want to take advantage of that.
Interesting! Not too surprising either; Japan is often on the leading edge of technologies like that.
Of course, NFC has got other uses, too. I've seen restaurants with NFC "Tap your phone here to leave feedback about your dining experience" stickers, businesses and hotels with "tap here to call a cab" stickers, smartphone car kits which automatically launch the navigation app when you insert your phone, and all manner of other such things... in the US and Europe. They aren't widespread yet, but they exist. Then there's stuff like the whole "tap-to-send" for inter-device file transfer that Samsung has been advertising for years.
NFC is a lot more than *just* payments... though it definitely does those, too.
That NFC will be made available via jailbreak, I do not doubt.
That it will happen quite that *fast*, I do doubt. Apple has gotten really good at lockdown.
Note that Lockdown != Security. Security means preventing unauthorized access. If you can't even authorize *yourself* to get access, it's either not "security" or it's not your device (or both).
If you want NFC, go with Samsung, or HTC, or Nokia, or one of the many other phone OEMs who have been including NFC hardware and software that lets you use it for years now.
1) Use the command line, if this is important to you. Graphical shells for Linux sometimes do this too; it's not a Windows-exclusive thing. It's mostly just a way to implement symlink-like behavior (put your pictures on the external drive, but make them still reachable from your user profile) without actually exposing a symlink interface (which NTFS actually supports, BTW). It's not like you can't find the real paths easily, anyhow.
2) I mostly agree, though there's basically always a way to find out what the actual error was. For example, the built-in network troubleshooter will tell you what it finds (and whether it was able to fix it or not), although it takes a while to run. Worst case, check the event log. All kinds of stuff winds up there but you can often find what you're looking for with only a little filtering.
3) That message appears when a Media Transfer Protocol (MTP) device does not report that it supports a file type and you try to copy it anyhow. Since MTP allows reporting supported file types (among other things, this allows automatic conversion of media files by sync utilities), it really is the responsibility of whoever wrote the device's MTP implementation to report its supported file types correctly. In the case of a smartphone, that may just be everything but the PC doesn't know that. For the record, copying an MP3 to my phone does *NOT* give that warning, although copying an EXE does.
4) Never going to happen. File locks are an OS-enforced security feature. Yes, it would be nice if the OS wee to go check what process has the handle open and tell you (starting with Vista, Windows will do this under *some* circumstances but it could really be more common). Ideally, it would then (assuming you have sufficient privileges, which may be as-is, may be Administrator, or may be something like SYSTEM) offer to close the handle for you, unlocking the file. Of course, this risks crashing the process that had the handle open - an obvious example would trying to delete the executable of a running process - but it would also be an acceptable option to just kill the process (again, assuming you have privileges). Sure, Linux gets by with its file access system, which has no way to lock a file (you can change the permissions on it if you own it or are root, but that won't stop somebody else who already has an open file descriptor from reading or writing to the file) but file locks have been a part of the Microsoft file system access paradigm for practically as long as they've been writing operating systems, and developers in the Windows world use them and rely on them. Changing that behavior in some drastic way would have a major impact on the security (and sometimes the simple correctness) of software written for Windows.
5) So what, MS should just assume that everybody who might ever want to store files in something like Box or OneDrive should already know about them, have downloaded and installed them, and that MS should never offer to integrate one of their products with another of their products unless you explicitly tell them to? Do you also object to Android automatically adding your Gmail account if you sign into it when setting up the phone, or to KDE opening AmaroK by default when you double-click a FLAC file? Oh, and if WMP is "spewing" its icon about, you have a definite case of PEBKAC. The only WMP icons on my machine are for launching the program itself (in Start or ont he taskbar, probably on the program binary too); all of my media files have icons from my preferred media player and have had those icons ever since I set the file association to that media player. Are you telling WMP to re-associate itself with its playable file types? Because it does not do that automatically...
Sandboxing and automatic updates. Those are two of the most critical features of the "Windows Store" apps.
All store apps run with extremely low privileges, and are only given access to the resources that they specify at installation. They can't read, much less wrote, most of the file system. They can't open arbitrary device handles. They can't enumerate running processes, much less open handles to them. They can't log your keystrokes (while the app lacks focus) or record your network traffic (except for the traffic to or from the app). They can *never* have Administrator powers.
All of this has two important effects. First, you can be sure that the apps are pretty safe to install, because there just isn't much that a Trojan app could do. Second, you don't have to worry much about the app being compromised by a remote attacker, because even if the attacker gets arbitrary code execution within the app there's basically nothing serious they can do with it. Worst case, you can uninstall an app (and guarantee that you get all of it).
The other key difference is the ability to do automatic updates. It's long been noted that while Linux's software repositories and package managers make keeping all your software current an easy process, on Windows you have practically every single app installing its own update mechanism... or not having any update mechanism and hence people run all manner of outdated versions. It's an extra burden on the developers and an inconvenience for the users. The store offers a built-in way to publish updates, notify users of updates, and even install updates automatically in the background if the user so desires.
Another one:
You can launch he Control Panel (on the desktop) from the new menu that pops up when you hit Crtl+X or right-click the Start button.
Once you have the Control Panel open (on the desktop), right-click its Taskbar icon and select "Pin to Taskbar".
Now you can launch the Control Panel with one click, or right-click it to launch directly to any of the commonly-used panels, all guaranteed to open on the desktop.
Hot corners are already optional and can be removed. On Win8.1, open Start, type "corner" (no quotes), and open the "Corners and edges" setting option that appears. Turn off the options under "Corner navigation".
Lol what, flamebait? Some mod was very confused...
Anyhow, it's a terrible idea *in general* to use HTTP for anything that is by default over HTTPS. Various reasons include:
1) As mentioned by other posters, we should be increasing the total encrypted traffic, right that decreasing it. Hide everything, even if you have nothing to hide. No good comes of letting everybody between you and Google (and their domestic or international spymasters) observe your traffic, but some harm may come of it.
2) Actual security risk: inadvertently exposing sensitive data. I would *hope* that Google is smart enough to use the Secure flag on all their sensitive cookies, but they wouldn't be the only Internet giant to fail to secure semi-sensitive cookies (ones that are not by themselves very sensitive, but can be used to launch more sophisticated attacks). Using SSL means that all cookies and other traffic is protected, sensitive or otherwise.
3) Actual security risk: SSL stripping. This is where an attacker tricks a victim into doing their browsing over HTTP (which the attacker is monitoring and editing) instead of HTTPS by re-writing any links to HTTPS as HTTP links instead (simple redirects from HTTP to HTTPS are silently completed by the attacker). This is a real-world attack for which freely-available and easily used tools exist. It relies on you going to an HTTP site first though; if you only use HTTPS the attacker can't get into your session to start the attack.
4) Privacy concern. A person's search history can reveal quite a bit about them. You can't keep Google from having it (well, except by using different search engines, especially the ones built for anonymity) but there's no need to make it *widely* available. You say you don't care now, but are you sure you never will? It costs very little to add some confidentiality to your online activities.
5) Convenience. As you note, you "have to" use a different and non-default search URL. That's silly. A minute of installing certificates could save you a lot of annoyance in the future
That's a terrible idea. You are aware that using a proxy with HTTPS is entirely possible, right? Set up the proxy to automatically generate trusted certificates using an internal CA key, import the proxy's CA key as a trusted CA, and go to town. I've used both Fiddler and Burp in this way, and I'm sure lots of other software supports it too (automatically, even). Make sure the proxy still performs cert validation and warns you if the validation fails (it should do this by default).
There. Now you can have your filtering and secure it too.
There's probably not much point in trying to fix the bodies anyhow; even without the freeze damage, the people are legally dead because their bodies were shutting down. In many cases, the freezing just finished a process of tissue damage that was already near-complete.
With that said, bodies (unlike brains) cannot currently be preserved without any freeze damage. Although some places will cycle cryopreservative though the bloodstream to mitigate the damage, others don't bother keeping the parts that can't be protected against freeze damage and only preserve the contents of the skull. Those people signed up for cryopreservation *knowing* their only hopes of revival were brain uploading or brand new bodies... and to them it was worth it. Why not? They were going to be dead anyhow.
Some of those early adopters... you mean, like the ones who put their own money into launching the industry, and are themselves cryogenically preserved? I doubt any of them thought they would be restored by now - they knew, as well as we know today, that technology would need to advance to the point of either completely rebuilding their bodies or making bodies themselves redundant - though I suspect some of them thought (and I'm sure they all hoped) there would be more research in the field. In any case, I'm not sure how something is supposed to be a scam when the people launching it put not only their own money but also their own bodies into it. It's not like these were young people out to make a quick buck...
As for the "died before freezing", that's literally a legal technicality, at least in many cases. They met the legal definition of dead - that is, their heart stopped beating - but even back then we could resuscitate people from that state in most cases. In many cases, not for long; their bodies would need to be kept operational through artificial intervention. So yeah, the bodies are dead. But the brains aren't. Your brain can endure a few minutes without oxygen before damage even begins to occur. That's why cryopreservation focuses on the brain. So yeah, the people "died" - but instead of being "brought back" for a brief time (as now happens routinely in hospitals every day) the brain was filled with a chemical that prevents freezing damage and preserved at the temperature of liquid nitrogen until it can be "brought back" into a new life entirely.
Yes, he was cryopreserved.
On the plus side, knowing your own death is coming and being at a hospital already gives the best chances for cryopreserving the brain before it begins to degrade. You can get a "standby" watch as the time approaches.
On the minus side, ALS is a neurological disease. It affects the motor neurons, not the ones responsible for cognition, but that includes the "upper" motor neurons... including the ones in the brain.
Maybe we'll be able to repair ALS-damaged neurons before we figure out how to safely reverse cryopreservation. Maybe we won't, but life support systems will be good enough it'll be worth bringing him out anyhow. Maybe we'll achieve brain uploading and ALS will be irrelevant. Any which way you look at it, though, he's going to need some work.
That's actually one of the (many) problems with cryopreservation research. We can't bring people out of full suspension right now, so cryopreserving a living person is legally considered killing them. Thus, it can only be done to people already legally dead. Legally dead people tend to have died *of* something. There just isn't any point to bringing people out of cryonics until we can repair (or replace) their bodies.
I don't deny this. The entire health insurance industry is a parasite on our economic ability to keep people healthy; it extracts value from the economy without producing anything of greater value. However, in the current environment, it's practically non-optional (actually, post-Obamacare, it's required even more so, but it was almost mandatory beforehand too). Healthcare in the US is phenomenally expensive compared to practically anywhere else in the world, and while I'll happily note that our doctors are excellent, they are *not* worth what they cost in most situations. Very few people set aside the kind of money required to cover the time when they *will* need it, and even those who otherwise would do so may find themselves unable to set aside that much if a medical emergency hits them young.
So yeah, universal health insurance (through mandatory patronage of for-profit insurance companies) is a sucky attempt at a solution. Sadly, it is *still* better than what we had before, for those who previously simply could not get such insurance due to pre-existing conditions or medical history.
While I agree, in general, with the claims of how shitty Obamacare is...
I have friends who now have health insurance, and another who has finally been able to leave his old employer (to start his own company and become self-employed), because of Obamacare. Specifically, two of these friends are cancer survivors (throat and cervical), one has fibromyalgia, and one has a chronic autoimmune disorder whose name I forget. They wouldn't have been able to buy health insurance, otherwise; nobody was willing to offer it. So, for them personally, Obamacare *is* better than what they had before.
Of course, there are a lot of less-fucked-up ways of addressing that issue.
That's *significantly* less than I made as a no-benefits intern (if you had extended said internship to a full year) with 3/4 of a Bachelor's degree six years ago. It's about 2/3 of the entry-level salary for a developer around here even if you aren't working at the good places, about half if you are, and that doesn't include benefits.
Are you sure that union is helping out? I mean, I assume your cost of living is a lot lower than mine - I'm in Seattle - but that is a seriously mediocre amount of money for this field. Are you saying that would make up the difference between what you make now and what you would be making working some other field?
Note that I'm not opposed to unions in theory. I just tend to think their implementation tends to have problems and sometimes is a significant net negative. There are fields where unions make a lot of sense - construction comes to mind, for example, and mining, and other dangerous jobs where one worker is largely interchangeable with another and consequently the workers have no power - but IT in general (be it support, development, consulting, or so on) are not such a field. I work 40 hours a week, have four weeks paid vacation a year plus paid sick days and holidays, can work from home when needed, make six figures plus bonuses, have a generous training budget, and get benefits. I'm 4.5 years out of college with an Engineering bachelor's, and took a six-month break in the middle of that. What would a union have gotten me that could possibly be worth its dues? That's ignoring the risk of the union making it hard to get rid of the people who sincerely need to go, and other such potential problems.
1 - Right-click the network icon in the system tray (it's in the same place on all versions of Windows from the last decade, and XP too for that matter).
2 - Select "Open Network and Sharing Center" (if on XP, just go to Properties, but make sure you got the right network interface if you have more than one).
3 - Click on the network interface name (something like "Local Area Connection" or "Ethernet"; XP users skip this step because you already chose the interface) to open the interface status.
4 - Click on Properties and, if not already running elevated, go through UAC. This gets you where the XP users were waiting (for the 13 years since their OS came out...).
5 - Double-click on "Internet Protocol Version 4".
6 - Change IP.
There's a number of alternate ways though some of those steps. You can also short-circuit the whole thing using netsh, but it was implied that you wanted the GUI technique. Oh, and these steps work for the last four (arguably five) OS releases, on everything from the extremely basic Starter SKU to the highest-end Windows Server Datacenter Edition to even the RT versions. Care to give the steps for Ubuntu 9.04 (a mere five years ago), or for Kubuntu/Xubuntu/etc.?
MS creates a lot of generic drivers (think stuff like USB mass storage, generic monitors, SATA controllers, Media Transfer Protocol devices, anything like that where there's a standard that the hardware implements). You can get a basic (but functional, if you don't mind probably having the wrong video resolution) computer running almost entirely on Microsoft-written drivers.
With that said, the vast majority of Windows drivers (by count, not necessarily by usage) are developed by hardware vendors. Microsoft probably doesn't even have 20k people in the Windows org at all, even if you include test, PM, and management. They certainly don't have that many on the kernel and devices team, never mind the portion of that team which is actually developing (including designing and testing) drivers.
Wow, you didn't even read the *summary*? That's some impressive skill there. Hint: Juniper routers do *not* run Windows. They do terminate SSL though, and therefore see all the data that goes in or out. Which means Heartbleed can be used to extract all that data... including login credentials.
No, it's not a good point because you're missing the entire point of the Heartbleed vulnerability. Heartbleed lets you get *everything* SSL-related on a host. It's not "just" the private keys and such; it also contains passwords, authentication tokens, two-factor auth values, and so on. In short, it gives you everything that is required to successfully impersonate a legitimate user, and gain just as much access as that user does.
As for IDS, how the hell is an IDS supposed to recognize that this is an attack? Sure, if it could recognize Heartbleed requests that would work, but if the IDS had been updated since Heartbleed went public then surely the router would have been updated too...
I like how you didn't actually refute a single one of my points. It gives me a warm fuzzy feeling to be subjected to insults on my intelligence from people who can't even make a counter-point. The closest you came was failing to understand what an implicit bribe is. If the crash dialog message - the one that pops up when the program segfaults, the equivalent of Windows' "do you want to send an error report to Microsoft?" box - includes a button to submit feedback about this whole project (which just ate your file and wasted your time), most people will ignore it but some fraction will take the chance to vent some spleen. That kind of thing is easy to get added to a project if you have a little money to funnel to some coder, but will inevitably produce far more complaints than accolades. There's opportunities all over something like this for money to subtly make life better for those who complain.
But, if you want to take the concept of "bribes" more literally, remember my third point above. There are, statistically, many times as many people who are annoyed at this software as there are complaints filed; given the number of people involved in this project that's inevitable. People don't like change, they don't like needing to learn things, they don't like it when the new thing introduces even minor annoyances that the old thing lacked (and conveniently forget that the old thing had worse annoyances that the new one doesn't), and there's always the minority who honestly like even an inferior product. If Microsoft managed to identify even 10% of those people and give them the least bit of incentive to file a complaint, most of them would not turn it down. "Oh wow, sure, I'd love tickets to the football [soccer] game! ... Ha, you want to hear my thoughts on the software? Be ready for an earful! ... You know, I'd never thought about it before, but maybe if I complain somebody *would* notice..." Hell, just offer entry in a drawing for some fairly-cheap prize if people submit feedback and then only advertise the drawing amongst the disaffected...
I will readily grant that I'm surprised that so many people thought gothzilla's post was insightful, considering that it literally contains a fundamental flaw of reading comprehension: the inability to separate the hypothetical scenario from the statement of fact. I never implied, or even "ask[ed] questions" suggesting, that this had actually happened. I pointed out that it was *possible*. In fact, I explicitly pointed out that it was implausible. Did you think I was trying some weird reverse psychology BS?
As for the "naïve" part, it's either that or simply ignorant of history. Microsoft, and various other moneyed interests on the other side of the libre-vs.-proprietary debate (Oracle, SCO-via-Microsoft, Sony, etc.), have a well-established history of throwing money are successful open-source initiatives and sometimes successfully making them go away. In what world is "Microsoft has money, Microsoft wants people to complain about the project, therefore Microsoft finds a way to buy complaints" not a completely obvious possibility to anybody who isn't the "oh, they would never do that!" category of naivete?
There's a line for that? Man I just thought we were supposed to do it on cue...
Reading comprehension fail?
First, I said there were ways it *could* happen, not that I thought either had occurred. So no, I don't "really, honestly" believe that...
Second, bribes don't need to be anything explicit - in fact, they rarely are, simply because it's so likely that people will report it - there just needs to be some kind of incentive. It doesn't need to be anything traceable to Microsoft; the people taking the hypothetical incentive never need have known from whence it came.
Third, there are always tons of people upset about any given change; with the years this project has run, MS has had plenty of time to find them and encourage them to complain. No need to bribe people to file false reports; just convince those who wouldn't otherwise have complained to do so (and maybe those who would have sent praise not to do so).
Fourth, I'm a security consultant. It is literally my job to be paranoid about potential attack vectors. That doesn't mean I think they'll happen - in fact, another part of my job is rating the risk of each threat coming to pass - but it's there.
Fifth, anybody who *doesn't* see that as the obvious answer to how MS having a bunch of money at stake could lead to this is (IMO) dangerously naïve. It's not complicated; it just requires asking yourself how you could generate complaints if you had lots of money and no morals.
In fairness, there are at least two ways that could happen:
1) MS bribes people to complain. Unlikely, but not impossible.
2) MS bribes the relevant officials to *say* there have been overwhelming complaints. I mean, there are inevitably going to be complaints; that happens any time *anything* changes. The question is at what point they become important enough to sway the overall decision.
With that said, I suspect you're right.
"Long-term" in this case meaning hours rather than seconds or minutes, which are typical times for a capacitor to discharge to an effectively useless voltage (though I admit to not having tried building a system that could use them). The system my parents use can run off stored capacity for around three days if needed (assuming typical usage but no charge for whatever reason), although the batteries would suffer damage from being drained (typically you don't want a nominally-12V lead-acid-chemistry battery to drop below about 11.5V if you can help it, anything below 11V and you're probably losing significant capacity; empty is around 10.8V).