Re: Glib rejoinder
I'm using fusion power right now, and it's keeping this room toasty warm and well-lit.
For safety reasons I keep the reactor about 1 AU away.
12336 publicly visible posts • joined 21 Dec 2007
Statistically, it's 50/50 that any individual driver is above or below average.
Only if by "average" you mean "median of a single scalar metric".
Since it's hard to imagine the median of a single scalar metric is a meaningful way to measure competence at a complex task such as driving, that would appear to be a pretty vapid statement.
Nobody, apart from those who would profiteer [sic], sees any benefit in the deal.
I don't believe that's true. While I think this deal is complete crap, I believe that at least some of the ISOC board members are sincere in their belief that it's a good idea. As I've noted in other threads about this, John Levine defended the decision on RISKS, and I don't believe he'll profit from it.
It's possible for well-meaning people to be misled. Happens all the time, in fact.
Oh, I wouldn't call the concessions feeble. I think they're pretty strong. It's just that they're concessions the objectors are being asked to make to Ethos, not the other way around.
"Look, if you approve this, we'll give ourselves the right to double the price over eight years, give the PIR board direct control over executive decisions, and give away $10M to whomever we like. Sound good?"
Indeed. What business wouldn't like to more than double its prices over the next 8 years? This isn't a sop to the objectors; it's a promise to gouge the customers.
The Stewardship Council - which obviously is just a proxy for the PIR board - and the promise to give $10M to their friends are similarly bogus.
The patents are not "just NAT circumvention". They're mostly about a TOR-like random-routing-with-encrypted-source-and-destination anonymization network. The novelty of the patents could be questioned based on the resemblance to TOR and similar approaches; but these patents are not primarily about videoconferencing or circumventing NAT.
According to an earlier Reg story, the patents were overturned at one point, following a long campaign by Apple, but may have been reinstated. (I don't care enough to look into the question.)
Because their patent basically covers ANY point to point videoconferencing connection
Does it? Or rather, do they, since Apple is accused of infringing (at least) two VirnetX patents (US 7,418,504 and 7,921,211)? Can you cite the relevant text in either of the patents? I skimmed them, and I don't recall any primary claim that would "cover[] any point to point videoconferencing connection".
Indeed, this is why UDF (like other user-mode driver designs in other OSes) exists: to get crap drivers out of the kernel. Code that's running in kernel mode can always crash things; the kernel can't protect itself from itself, because it all runs at a single privilege level.1
It's been in Windows since Vista, and I think was back-ported to XP. The real problem is that Microsoft introduced it relatively late (they should have provided it in NT4) and didn't lean hard enough on hardware vendors to replace kernel-mode drivers with user-mode ones.
1Well, it could make it harder for broken (rather than malicious) code to break things, by messing about with page permissions and such. But there would be a performance hit, and performance is why Windows dropped the HAL and other isolation techniques in the first place.
Autorun should never have been enabled on any OS for anything. It's a perfect example of a UX misfeature.
Non-technical users already understood that when they used a CD player, they'd press a "Play" button after inserting a disk. It's not a hard concept for users to grasp, and applying it to other sorts of content on removable media is intuitive.
101 years is a helluva innings.
Yes, and it's lovely that she lived long enough to receive the Medal of Freedom during her lifetime, and see her contributions properly acknowledged. Posthumous recognition would have been better than nothing, but it's far better to show the recipient our appreciation.
You can drive up Mount Washington. I've done that (well, ridden in the car of a friend who decided to do it; I'd rather walk, personally). It's a little shy of 2000m above sea level, and also features some of the most exciting weather in the US. Or, indeed, anywhere. Most places don't see straight-line winds of 230 mph (370 km/h).
You can drive up to about 3000m on Wheeler Peak, and then if you're in the mood walk up another km or so. It's mostly a pretty nice stroll, except for the scree fields near the peak - if you're not careful it'd be easy to twist an ankle there. But on most nice days in the summer you'll probably find a couple dozen people up there.
Observation Point in Zion National Park is nearly 2000m above sea level, and that's a doddle. I have a friend who's done the hike with his kids when the younger was 6 years old. Personally, taking a 6-year-old up that trail would make me nervous - it's not like there are guard rails or anything, and much of the time the drop is precipitous; but go there on a holiday weekend in the warmer months and there will be hundreds of people on the trail.
There are any number of ski resorts with lifts above 3000m.
Indeed. There's one that starts above 3000m only a short drive (or even a bike ride, if you're fit enough and acclimated to the altitude) of me here at the Mountain Fastness. Even here in the house I'm at about 2300m above sea level. (Earth does not look flat from here. Earth looks bumpy.)
The Great Disappointment is a more impressive example. According to Schultz in Being Wrong, the Millerite believers probably numbered in the hundreds of thousands. Many disposed of all their worldly goods before the expected Second Coming. The repercussions of the Disappointment continue to this day - some of the post-Millerite sects are still going strong.
What we need to do is charter a flight that goes from west to east (following the jet stream) around the world and then north to south to north crossing both poles. If doesn't convince them, nothing will.
I can't see why that would be convincing to a Flat Earther. Hell, I believe the earth is a spheroid,1 but if you told me I was on a charter flight that was going to circle the globe twice, following orthogonal routes, I'd think it more likely it was faked. What am I going to do, stare out the window and look for the latitude and longitude lines? "Oh, it looks like we're over the ocean. Oh, now it looks white - maybe we're over a polar ice cap?" Not wildly convincing.
We know from any number of psychological studies that firmly-held beliefs are rarely amenable to evidential challenge. Even beliefs in which people have little investment are hard to dislodge.
1Or more precisely, in attempting to base my model of the world on Perfect Bayesian Reasoning, even while acknowledging the many limitations of the human faculty for reason, I view this postulate about the shape of the earth as the most probable, by a large margin. Indeed, the second most probable would seem to be the solipsistic reduction (there is no world, it's all in my mind).
Indeed.
Scientific fraud is a problem - sometimes a very bad problem indeed (exhibit 1: Andrew Wakefield).
Probably a bigger problem is how the incentive structure discourages reproducing results, so relatively few studies are ever reproduced. And then there's excessive reliance on relatively weak statistical thresholds (particularly p < 0.05) in some fields, and the dominance of a handful of journals for certain fields, and the capture of a significant portion of research by corporations willing to selectively release results, and various other problems in how scientific research is conducted in practice.
It's still the best epistemological system we've come up with yet for producing reliable predictions.
Trump's businesses have phone lines. There's no need for "indirectly"; the telcos are in a position to write sweetheart contracts that directly affect those businesses' costs.
But there doesn't have to be any present quid pro quo. I doubt Trump himself devotes any of his (meager) intellectual resources to Pai or the FCC. They haven't aroused his ire, or that of anyone who has his ear. That's really all that matters.
Yes, the abysmal security of SIMs is well-documented - the SimJacker vulnerability and other issues with the S@T Browser were big news last year, and LaForge's presentation from 36C3 goes into some other weaknesses.
But what does that have to do with the post you replied to? It was about software on the main device, which is a different part of the attack surface.
Revocation is broken.
Revocation only helps if the CA enforces a new key pair for the new certificate. Considering how many CAs can get other basic requirements right, I'm not going to bet on all of them managing this one, either.
CRLs are a delayed mechanism, and they expire, which when combined with timestamped signatures make CRLs largely useless for some purposes (e.g. code signing). CRLs require the user agent (or whatever in the stack is responsible for fetching CRLs) periodically contact the CA to get the current list or a delta; that process is fragile. CRLs can be attacked out-of-band as part of an exploit chain.
OCSP is fundamentally broken - it fails unsafe. So an active attacker who can interfere with OCSP traffic can nullify it. OCSP adds significant latency, which makes client developers and users reluctant to enable it.
Forcing shorter renewal cycles is only useful if the CA verifies the key pair has been changed, too. And that the customer isn't just cycling between a couple of key pairs, and so on.
The PKIX revocation mechanisms (CRLs and OCSP) are hopelessly broken, so that's no help either.
The fact is PKIX, and X.509 PKIs in general, are a best-effort authentication mechanism, and "best" in this case is not very good. CT has helped somewhat. Google has actually helped somewhat, by using their market position to punish bad CAs. But we're still looking at a system that fails often enough that it's not even particularly remarkable when it does.
Personally, I'd really like to see Chrome and Firefox hold the line on this one, leaving Apple the odd vendor out. I'm not holding my breath, though.
Personally, I'm not concerned if Safari rejects my certificates. Safari can fuck right off.
Where this sort of thing (like much of what the CA/BF does) is really a hassle is with certificates issued by private, intra-organizational CAs, for internal systems and testing and so on. It's just one more unnecessary failure mode.
Sure, if you define "modern application" as "an application composed of 80 to 90 percent1 FOSS".
1"per cent"? Was this report written in 1970?
No, he's right.
Here's the attack:
1. Find a page that:
1.1. Dynamically loads additional content based on when it scrolls into view. Many sites do this with images, for example. (Yes, it's extremely annoying; but it's common.)
1.2. Has some target content that you want to test for far enough down the page that it won't scroll into view immediately.
2. Put a link to the page with an STTF fragment referring to the target content on a shared site (the "health portal" in this example).
3. Victim is interested in the target content, so clicks on the link.
4. DNS traffic indicates a request to resolve the dynamically-loaded content from the target area of the page from the victim's system.
STTF can activate side channels, such as load-on-scroll content.
The article provides a link to the WICG Github repository for the STTF proposal, which has a README.md that explains their rationale, including how STTF differs from fragments and user-initiated searches.
Essentially, it comes down to "we didn't like either of the wheels we already have, so we invented another wheel".
I used to be annoyed by WHAT-WG, but WICG is far worse.
STTF isn't an API. It's a user-agent (browser) behavior initiated by an extension to the URI syntax.
Personally, I think it's crap; though as WICG ideas go, it's somewhere around median crappiness. I'm hoping Dragon (my choice of Chromium-based browser when I really, really have to use a Chromium-based browser) either doesn't adopt it, or lets me disable it.
(WICG notes that users can just use the browser's find feature to achieve the same result, but that "Fewer than 1% of clients use the 'Find in Page' feature in Chrome on Android". What does that tell me? It tells me there's no great desire in the user base for STTF.)
My inclination is to believe people like John Levine, who's an ISOC board member and has had a long public career in computing. I don't believe, given the available evidence, that Levine is corrupt or looking to profit off this deal.
I don't know anything about the other ISOC board members. I'm suspicious of Sullivan. I don't have the slightest faith the good intentions of Ethos or Chehade.
It's not necessary that the ISOC board members be corrupt to have voted for this deal. People fall for swindles all the time - even, indeed especially, highly educated people (because of Dunning-Kruger and other psychological traps).
Yes. Especially for a task like clear-to-EOL, where you have to do Shift-Fn-Right and hope you haven't hit Ctrl or something by mistake.
My old Dell Lassitude has Home and End stuck up next to the function keys, for some reason, but at least it has them, and Page Up / Page Down. My newer Dell Derision has those stupid overloaded cursor keys, and I loathe them. (But at least it's in keeping with Dell's tradition of horrible design errors, something they've managed to achieve with every single one of the Dell machines my employer has ever saddled me with.)
Presidents have also issued mass pardons, such as John Adams' general amnesty for participants in Fries's Rebellion, and Johnson pardoned nearly everyone who had been in the Confederacy. In all Johnson pardoned over 7000 people. Truman pardoned around 1500 draft-dodgers. Eisenhower introduced a new type of "master warrant" for mass pardons, and also delegated pardon authority to his AG; someone later (Bush 1.0?) established an office of Pardon Attorney.
Those mass pardons frequently include people who haven't been charged yet, and sometimes people who haven't even been identified yet.
Agreed. Of course, it would help if OEMs would provide useful information about what their firmware updates actually do. I routinely reject firmware updates offered by OS and equipment vendors because the change notes are useless. ("Install this update to correct certain problems and improve performance.")
Having the "signing certificate" wouldn't do you any good. Certificates contain public keys. You need the corresponding private key.
Giving that out to customers would be idiotic; a private key isn't any good if it's not private.
In order to make it possible for users to install their own firmware, vendors would need to provide some secure mechanism for authorized users (i.e. equipment owners) to disable firmware signature checks; or to add additional public keys to the collection of verification keys; or, if the device implements a full hierarchical PKI, to add root certificates.
At that point, we're likely back to putting the responsibility on the OS.
Agreed. Palm and others showed that there was a market for handheld computers, and they pretty well showed what could be done (in an economically feasible manner) with the technology available at the time over the course of that era. We got smartphones when smartphones became technologically and economically viable.
Do you mean Mike Muuss?