Re: Seems ok
First rule of downvotes: don't complain about the downvotes.
Second rule of downvotes: engage in serious introspection that you might be wrong.
65 posts • joined 14 Aug 2009
Hydrofluoric acid -- there's a reason it's also known as "devil's p-ss".
As you say, concentrated sulfuric acid is a good option, but you really want to combine it with a strong oxidizer like hydrogen peroxide or potassium dichromate, as has been suggested by others, which will turn much of the carbon into carbon dioxide.
"High crimes and misdemeanors" means whatever the sitting Congress wants it to mean; the terms, as they relate to impeachment, are not defined in the US Constitution.
In theory, Congress could impeach the president 'because he looks funny,' though that would be a patently ridiculous thing to so, so it hasn't happened thus far-- we'll see if that changes after the next Democrat takes office.
With regards to the difference between misdemeanors and felonies in criminal law, their distinction is also up to the legislature (Federal, State, and local, and thus vary slightly between locales), but they generally refer to minor (public intoxication, disturbing the peace, and licencing violations) and serious (battery with serious injury, robbery or fraud in the thousands or more dollars, and murder) offences, respectively.
It's entirely possible, however, for the same crime to be a misdemeanor in one location but a felony in another. It's even possible to have a crime be both in one location, with the choice being up to the prosecutor. (These are called "wobblers," if you want to look them up.)
Fun fact about Miranda: law enforcement only need to Mirandize you once you've been arrested. Technically, he was not under arrest for the first part of his interview-- even though they had a warrant to arrest him. It's a technicality-- and a crappy one at that-- but it follows the letter of the law and has been allowed by the courts.
Edit to add: I should also clarify that-- contrary to television and the movies-- the police don't even have to Mirandize you at arrest; it's only necessary if they ask you questions. So if you're nicked for public drunkenness and start blabbing on the way to the local jail, that's on you. If, however, the police ask you questions-- where were you, who were you with, whose drugs are these-- without Mirandizing you, your attorney has a good chance of having your statements excluded from evidence.
So, when someone from law enforcement starts asking you questions: shut up. Don't try to be helpful, because you don't know if you are-- or will become-- a target of their inquiries. And for God's sake, don't discuss anything you know or suspect might be illegal with *anyone*, whether they've identified themselves as law enforcement or not.
Once upon a time, I crashed a Cisco 6509 core switch by connecting a new, yet-to-be-configured Netscreen firewall into it-- trust and untrust ports both. I hadn't realized that model firewall shipped in "transparent" mode, so it formed a loop on the switch.
I plugged the second interface in and, maybe two seconds later, every port indicator on the 6509 went dark and I heard some relays tick-over. Portfast was enabled on the switch ports.
After disconnecting the untrust port and configuring the firewall for NAT/routed mode, I was able to reconnect the untrust port without the switch falling over, so it wasn't electrical.
It probably didn't crash from the storm, either, but from a bug in the firmware-- I can't imagine a multi-gigabit, enterprise switch crashing from a measly 100 Mbps loop, but that's what happened.
The Space Shuttle-- at least near the end of the program, if not from the inception-- had the capability of automatic landings, but it was never used due to the culture at NASA that a human should always be in control of the craft. That culture originated with the early space program, when the recruited pilots objected to being mere passengers.
www.spaceref.com/news/viewsr.html?pid=10518
The seven year sentence does not include time served, which is six months at present, bringing his total sentence to 6.5 years. Unlike state prisons, the federal prison system does not offer parole or probation, so he'll serve almost all of that, minus up to 54 days per year for "good behaviour," so he could reduce that to a little more than 5.5 years.
I wonder how much discretion the police get, or if they have a huge backlog of super-serious crimes to prosecute.
Contrary to popular belief, the police in the United States don't charge or prosecute people. They collect evidence and they arrest people-- ideally people under reasonable suspicion of committing a crime, but regrettably that's not always the case.
The decision to file charges/prosecute a person rests with the District or State Attorney's office. There's no national standard or requirement that I know of, but generally the prosecutor's office has two or three days to file charges after an arrest, otherwise they are required to release the arrestee; in California, they have forty-eight hours.
It is not uncommon for someone to be arrested and then released without charge: because an honest mistake was made by the arresting officer; because the prosecutor's office decides there isn't enough evidence; or because the officer acted stupidly or maliciously.
My guess for this case is that the police and/or District Attorney's office don't want to get involved, probably because it's almost entirely a domestic dispute.
If the plaintiff manages to win the case, his attorney might hand the evidence collected to that point to the District Attorney's office, which might be enough to get them going, and he would probably file a bar complaint against the ex-wife's divorce attorney.
The events unfolding between Waymo, Uber, and Otto aren't unprecedented, but it's not just "hiring from the competition," either: this is a case of employees (plural) going rogue, stealing from their former employer, and selling to an unscrupulous competitor.
Look at the timeline (condensed):
* Dec 2015-Jan 2016: Levandowski downloads thousands of files from Waymo's servers, and (unsuccessfully) attempts to cover his tracks. During this time, he and another Waymo employee (Ron Lior) solicit other employees to jump-ship.
* Jan 2016: Levandowski and Lior resign, form 280 Systems (which will become Otto), and meet with Uber execs. Uber awards Levandowski 5.3 million shares of Uber stock, which begin vesting the day after he leaves Waymo.
* Feb 2016: Levandowski and Lior officially form Otto. They sign various agreements with Uber, and Uber and Otto begin the process for Uber to acquire Otto.
* July 2016: Multiple employees leave Waymo for Otto. Some downloaded more documents on their way out.
* Aug: 2016: Uber announces its acquisition of Otto.
There were some other shenanigans in there, involving companies called Odin Wave and Tyto Lidar. Odin Wave's registered address was a property owned by Levandowski. A manager at Tyto Lidar is a friend of Levandowski. The two companies merged, were acquired by Otto, and then Uber.
From an article at Axios, "In 2013, [Odin Wave] reportedly ordered a custom part from a vendor used by Google that was very similar to Google's. Google employees questioned Levandowski but he denied any involvement with the company."
There's a comprehensive timeline at axios.com, which includes links to supporting documents (legal filings and other news articles): https://www.axios.com/the-tortured-history-of-the-uber-waymo-legal-fight-all-in-one-place-2349566425.html
@ShelLuser
If you don't have access to the source code, you're left with either decompiling the software and/or running it in a debugger, laboriously reverse-engineering the software to see how it works and might be broken. That is a far slower process than running automated throw-it-at-the-wall-and-see-what-sticks sessions, and then checking out the interesting results.
'What's a relevant market? It is a market category, like "mobile phones" or "smartphones". It is NEVER "product x from a single company" unless there are no comparable products available from other companies'
Incorrect. Apple-- among others-- sold personal computers during the mid- to late-90s, at the same time Microsoft was in its prime. That didn't stop the Department of Justice from filing an antitrust suit against Microsoft in the mid 90s, and then again in the late 90s.
The complaint filed by the DoJ in the latter case specifically referenced "Intel-based" personal computers, and specifically stated the monopoly position existed for them. From the complaint: "The market for personal computer operating systems consists of operating systems written for the Intel x86/Pentium (or 'PC') class of microprocessors... Thus, OEMs and PC users do not consider an operating system that runs a non-Intel-based personal computer to be an effective substitute for an operating system that runs an Intel-based personal computer... And because there is no viable competitive alternative to the Windows operating system for Intel-based computers, OEMs consider it a commercial necessity to preinstall Windows on nearly all of their PCs." (See also: https://www.justice.gov/atr/complaint-us-v-microsoft-corp)
In the current instance, Apple manufacturers the hardware and operating system, but they do not write all the software, leaving that up to third-party developers. No third-party can make an Apple-compatible device (legally), and only through Apple can third-party software be sold.
This is different from Android-compatible applications, which can be run on devices from many different manufactures, and sometimes on devices that do not claim compatibility-- like Amazon devices, which are based on the Android OS, but which are not really, legally Android.
The market for Apple devices is smaller than Android overall (according to IDC), but is nonetheless substantial, and companies frequently write software for both so as not to miss profiting from each ecosystem's substantial user-base.
If the EC can make an argument for Google-- which gives away Android for 'free'-- being a monopolist in the Android ecosystem, where does that leave Apple and its iron-fisted control over the Apple ecosystem?
"Anyway, the fact Google takes the same 30% means any attempts to claim that 30% is excessive are unlikely to succeed."
Maybe, maybe not. Unlike Apple, Google allows third-party app stores (e.g. Amazon's app store, etc; search "third party android app stores" for a large list of potentially dodgy options), and therefore is not a monopolist for app stores on the Android platform.
“If we’re right it would mean the science is already done,” he explained. “What’s exciting is what we don’t know.”
'The most exciting phrase to hear in science, the one that heralds new discoveries, is not “Eureka!” (I found it!) but “That’s funny …”'
— Isaac Asimov (ascribed)
@ Bubba Von Braun
"Does not include development flights/failures as Atlas/Thor/Delta/Taurus failures are not available, so I excluded the Falcon 1 stats for balance."
And then you include a crap-ton of development flights for Falcon, e.g. anything listed as "Grasshopper" ("...consists of the first stage of Falcon-9 v1.0, fitted with only one Merlin-1D engine and fixed landing legs"), "Falcon-9R-Dev-1" ("...is test vehicle for the Falcon-9 v1.1 and consists of the longer first stage of Falcon-9 v1.1(ex), fitted with three Merlin-1D engine and operational deployable lightweight landing legs"), and/or "(R&D)".
There are many network protocols, and they exist in a hierarchy (I'm referring to the OSI model here; other models exist).
OSI layer 3, the Network layer, is "IP" or "Internet Protocol." Its job is to facilitate moving packets of data from one host to another, locally or across routers. While it is responsible for moving data between hosts, it cannot deliver it to the applications or services that need it-- that is done by OSI layer 4.
OSI layer 4, the Transport layer, is responsible for the end-to-end delivery of data for applications and services. There are two main Transport layer protocols for use with IP: "Transmission Control Protocol" or "TCP"; and "User Datagram Protocol" or "UDP."
You might recognize TCP from "TCP/IP," which commonly-- and improperly-- is used as shorthand for any Internet data communication. TCP is a "session oriented" protocol. That is, communication using TCP requires that the client and server establish a session before communication commences, which requires the client ask the server to start a new session, receive an acknowledgement from the server, and then negotiate the session details.
Setting up the session is, relatively, expensive: it take a bit of time, because multiple non-data exchanges need to occur first, and it requires a little more RAM to maintain information about the session. TCP has its benefits, however, because it guarantees the delivery of data by ensuring each packet is received and re-sending those that go missing. It also requires that the client address in the IP header be valid, because two-way communication is necessary to complete session setup. Most protocols make use of TCP: HTTP, SMTP, POP3, IMAP, SSH, TELNET, FTP, LDAP, SQL (Microsoft, MySQL, Postgress, Oracle, etc), and so on.
The other Transport layer protocol, UDP, is "the" problem. UDP is a "connection-less" protocol, which does not require any session setup. A client simply sends a UDP packet to a server and the server-- if it is listening-- sends a response. Because there is no session information, there is no built-in retransmission of lost packets, but that's usually okay because you rarely use UDP for anything sensitive to data loss: audio and video transmission are the most popular uses of UDP, along with DNS and NTP. It also doesn't perform any validation of the client address in the IP header.
The lack of session setup makes UDP ripe for abuse. A malicious user can create a UDP packet to a server with the "from" address field set to the target system the user wants to DDoS, "spoofing" the address. The server, upon receiving it, will then reply-- completely unaware that it is sending to a third-party.
UDP attacks are made worse by a process called "amplification." Take DNS, for example: the spoofed DNS request doesn't have to be very large-- maybe 120 bytes, maybe less-- requesting a particular domain name lookup, but the lookup could be for a domain name with lots of records, causing the reply to be ten or more times larger. This amplifies the attacker's power, allowing him to generate ten or more times as much traffic as he has directly available through his Internet connection.
Taking over an IoT device is even worse, as the attacker now has the potential to load custom scripts or firmware and generate attack traffic directly, without relying on amplification and with minimal Command and Control traffic. And because the traffic is sent using UDP, there's no session setup to prevent or mitigate the flood: it just goes and goes and goes.
It should be noted that TCP is not without its faults with regard to DoS attacks. One of the early DoS attacks involved sending bad session setup requests that were never completed but still caused the server to allocate resources while waiting for the session setup to complete, which ultimately lead to resource exhaustion and the denial of service. This has been at least partly mitigated, and tends to affect a small number of servers, so it is no longer a common attack method.
UDP attacks, on the other hand, are kind of like saturation bombardment: the target server is knocked out, and service is degraded or denied for anyone else using the same Internet connection as the target.
> SpaceX founder Elon Musk has laid out an audacious multibillion-dollar plan to send colonists to probably die on Mars.
Well, yes, they're colonists. Whether they die on their second day or forty years later, after having children and grandchildren, they probably will die on Mars.
But it has exposed USB ports. Seriously?
Even air-gapped systems need software updates, as well as data-in/data-out. Different amounts and types of security are used for different systems/classification levels/etc.
This is just another chink in the proverbial armor: those who thought they were sufficiently secure will again (as though they ever [or should have] stopped) reconsider their arrangements and make the necessary adjustments. Or they won't, in which case there's another opportunity for ex-filtration.
Also, it should be noted that while a system may be secure against this particular attack-- perhaps because they have disabled or epoxied closed their USB ports-- another researcher or villain may use it as a starting point for another attack vector, or adapt it to work with other USB devices (keyboards, perhaps).
Security is not a static thing: the white and black hats both work to reveal the weaknesses of existing (and sometimes future) systems, spurring changes in the relevant industries.
Many commercial truck (lorry) trailers in the USA are now fitted with "trailer skirts," which improve the aerodynamics of the trailer, and thus improve the fuel economy of the truck. Had the trailer been fitted with skirts, the car's LIDAR would probably have seen them and prevented the collision.
https://en.wikipedia.org/wiki/Trailer_skirt
But I agree with the OP: paying attention to the drive would have done the trick.
@Ivan 4
As we have all seen that extradition is only one way - country X to the US NEVER US to country X, for some very strange reason.
According to a FOIA request to the Home Office in 2012, seven people were extradited from the US to the UK (and thirty-three from the UK to the US) from 2004 through 2011.
https://www.whatdotheyknow.com/request/details_of_numbers_of_us_citizen
As for the reason for the imbalance between countries, you may reach whatever conclusion you wish, but I will not presume to know without details of the specific circumstances around each extradition and, importantly, any rejected requests.
I think that's rather unfair on an otherwise good investigative technique. Got any evidence that such abuse has ever happened?
Proving such abuse would be exceptionally difficult, as it would almost certainly require the handler to confess to the abuse; it might be possible to capture such abuse on video, but the cues used might be sufficiently subtle that it would require an examination of multiple true and false alerts to sort out.
However, a study by University of California at Davis showed that dogs do take cues from their handlers-- intentionally or otherwise-- with a recommendation that the study be replicated and expanded to determine what cues were causing the false alerts.
http://www.ucdmc.ucdavis.edu/welcome/features/2010-2011/02/20110223_drug_dogs.html
Joe, while I get where you're coming from, I fear you have a poor grasp of the ratios of income tax versus earned income for America's citizens.
In 2012, the top 1% of earners (people who reported earning more than $434k) paid a tad more than 26.7% of all "individual" (i.e. not corporate) taxes.
In the same year, the top 10% of earners (people who reported earning more than $125k, and including the top 1%) paid 70.2% of all individual taxes.
The bottom 50% of all individual tax returns paid 2.8% of the income taxes collected that year.
http://taxfoundation.org/article/summary-latest-federal-income-tax-data-0
Where to define the break between the "common taxpayers" and the, what, "uncommon taxpayers?" is open for debate. As the data in the link has certain defined breaks, let's use the bottom 75%, which includes anyone who earned less than $73k. The bottom 75% of all personal tax returns filed in 2012 paid 13.6% of the individual income tax collected.
Based on the percentages paid, I would argue that the "uncommon taxpayers," which include the "rich people" you referred to, are overwhelmingly responsible for "prop[ping] up their [own] ventures". Ventures which employ thousands of people directly, and which facilitate the employ of tens or hundreds of thousands indirectly.
I should also point out that the income tax numbers above and in the link are only about half of the taxes collected by the feds for that year. I don't have a link handy for 2012, but 2011's individual income tax income was similar, and was supplemented by about as much from payroll taxes, corporate taxes, and various "other" tax streams, like customs duties and excise taxes.
http://www.npr.org/sections/money/2012/04/13/150441259/what-america-pays-in-taxes
@Gordan That's one way. The other possibility-- perhaps mentioned in someone else's comment; quite a lot of chaff has been posted with the wheat-- is that deduplication is enabled but effectively applied on a per-user basis.
That is, if we accept that user data is being encrypted with the user's master key, and that only that single instance of the encrypted data is being stored by Mega (e.g. a second copy, encrypted with a Mega-owned key, is not also being stored), then the only *likely* instances of duplication the system will see will come from the user him/herself, either in the form of entire duplicate files or identical data chunks within those files (assuming the data chunks are encrypted independently of each other).
Data savings might be large enough to justify this, if we consider that there is a possibility for users to maintain multiple copies of the same music file (for example), either as identical tracks from different albums or as part of playlists. Yes, I know it is much more efficient to maintain playlists as text files pointing to member tracks, but it's often more convenient to copy the playlist tracks to their own directory. Of course, metadata for the tracks will probably be different-- different album names, publish dates, etc-- so deduplication is only likely if independent encryption of data chunks is performed.
> "Except that HP don't have just two production sites. They have dozens which will mostly NOT have local support."
"Production site," in this case, doesn't mean "manufacturing." In the IT world, a "production site" (or "production system") is the one in operation at the time. "DR" is the "disaster recovery" site, which maintains backup copies of all data and services, to be brought online should something happen to the production site.
As for support, it depends how they choose to manage that. Typically, data centers do not house first-tier support. With international companies, it is typically best for tier one to remain near the end-users, so they speak the same language and are familiar with the local processes, and have higher (more advanced) tiers more centrally located; end-users rarely interact with data center personnel.
Biting the hand that feeds IT © 1998–2022