"And a job offer"
Seriously, why doesn't someone like this get an on-the-spot job offer? This kid has already demonstrated more subject mastery than 70% of professional programmers.
<sigh> We'll probably lose him to a stock trading company.
Posts by Claptrap314
2445 posts • joined 23 Jan 2015
Page:
Student crashes Cloudflare beta party, redirects email, bags a bug bounty
China-linked fake news site shows disinformation on the rise
Software issues cost Volkswagen CEO Herbert Diess his job
Meta proposes doing away with leap seconds
Microsoft closes unfilled job openings in cloud and security
Outlook email users alerted to suspicious activity from Microsoft-owned IP address
UK lays world's longest autonomous drone superhighway
Just because you failed doesn't mean you weren't right
What are server makers really doing to and for the climate?
Cruise self-driving cars stopped and clogged up San Francisco for hours
Improve Linux performance with this one weird trick
Monday 18th July 2022 20:14 GMT 
I'm pretty sure
I mentioned this in my FIRST reply to the FIRST article that came out about SPECTRE. The drip, drip, drip of these exploits is precisely why NIST recommended (for twelve hours) turning speculative execution off. These partial mitigations add up, and in a big way.
I've interviewed with multiple companies who have gone this route for protected database servers and the like. The cost savings are enormous, and, as alluded to above, with proper least-access privileges implemented network-wide, quite safe.
What surprises me is that a mere kernel option can really do it. To really see the benefit, you need to turn off things like retpoline when you compile your applications and libraries. I would strongly urge something like Yggdrasil if a company I was advising was considering going this route.
Another tech giant changes course on hiring – this time it’s Google
Oracle agrees to settle class action over cloud sales tactics for $17.5m
Mergers and acquisitions put zero trust to the ultimate test
US EV drivers won't be able to choose vehicle safety alert sounds
SCOTUS judges 'doxxed' after overturning Roe v Wade
Wednesday 13th July 2022 23:50 GMT
We live in exceptionally dangerous times
when even the most conservative and originalist members of the USSC refer to our form of government as "democracy". It makes me wonder if they think in the back of their heads that they were elevated to the Court by some sort of plebiscite.
And as for everyone else, the US has never had, and hopefully will never have anything approaching democracy as its form of government. We are a constitutional republic. The very fact that laws are passed by congress, and that the Courts dare to occasionally dismiss such laws a unconstitutional should, I think, be a constant reminder of this fact, but apparently not.
Wednesday 13th July 2022 23:46 GMT
Re: Privacy is mentioned nowhere in the US Constitution.
I'm as much a conservative as you're likely to find, but I'm also an originalist, and you're not being honest in your reasoning.
1) The third amendment is very much, although not exclusively, about privacy. Pre-telephone, quartering is a VERY effective way of keeping an eye on "troublesome" people, and almost everyone involved in drafting and passing the constitution either themselves or their fathers would have qualified as "troublesome" not too much earlier.
2) The "and their papers" of the fourth amendment is, again, very much an issue of privacy. How would the "committees of correspondence" have fared if the government had driven very far against it? Or for that matter, what if a businessman happened to corrupt a government official & seize papers for competitive gain?
3) One of the objections that was raised against the Bill of Rights was that the inclusion of certain rights would result in the disparagement of others. The idea that these recent revolutionaries would have had _any_ truck with the "if you have nothing to hide, there should be no problem" bs that has occasionally been pressed by some faux-law-and-order types is laughable.
Privacy certainly _is_ one of the "unenumerated rights". That what has been done by prior courts at times under the banner of the privacy has been abominable does not affect this fact.
Defense contractor pays $9m to settle whistleblower's cybersecurity allegations
Tuesday 12th July 2022 06:37 GMT
Hmmm....
Let's see. We can net $142M this year. Now, there is this _tiny_ security fix we need for our system. It costs $34.5M. And, if we don't, the worst we can expect is a $9M fine. Maybe.
What is our fiduciary responsibility?
--
Seriously, I'm more upset with the government here than anyone. NO WAY was the unclassified network 100% p0wned, but the classified secure. That company should be fined out of existence, and that CEO behind bars for a decade or so, and not at Club Fed.
Unless the government _wants_ more of this for some unfathomable reason.
US military contractor moves to buy Israeli spy-tech company NSO Group
HavanaCrypt ransomware sails in as a fake Google update
Monday 11th July 2022 17:28 GMT
"Lastly, the malware looks at the system's MAC address and compares it to organizationally unique identifier (OUI) prefixes usually used by virtual machines."
This is just nuts. There is NO reason for a VM to use predictable addresses like this, and this obvious route to identifying the presence of a VM should have been revealed by even a cursory security review. Certainly, the services are a "bigger" issue in this regard, but to not even bother with such a simple & obvious change...
This is why we can't have nice things.
Leaked Uber docs reveal frequent use of 'kill switch' to deactivate tech, thwart investigators
Monday 11th July 2022 17:14 GMT
Re: "Dawn Raid Manual"
If you want a retroactive law in the US, checkout the 1993 tax hike. Passed after president Clinton assumed office, it took effect 1/1. Of course, for some strange reason Her Royal Clinton just happened to have asked to be paid for some of her 1993 "work" for some law firm in 1992--a request that was granted.
Yes, our written constitution has a clause against that. Constitutions are only worth the people who enforce them.
Systemd supremo Lennart Poettering leaves Red Hat for Microsoft
This is the military – you can't just delete your history like you're 15
Friday 8th July 2022 19:51 GMT
Re: I believe the story
That really depends on what exactly was SUPPOSED to be going on with those computers. It seems likely that was a TS site, and if the Powers That Be decide it's time to make an example, it's not that hard to turn any security violation of TS into hard time.
We were ALL briefed (repeatedly) about the consequences of violating TS security. (Technically, a firing squad is possible.)
US floats framework for international crypto regulations that cement its power
Friday 8th July 2022 19:16 GMT
Another Angle
I realized that holding a cryptocoin is holding stock--in a company with no income, assets, sales, employees, or liabilities, and with novel rules regarding stock issuance and the structure of the board.
I really think that, from the standpoint of consumer protection, coin regulation ought to start there. There is absolutely NO reason for governments to take seriously the notion that this stock is a currency. It clearly is not, and anyone with any sense of history or politics knows that if it ever were to reach such status, it would be attacked and destroyed almost immediately.
Friday 8th July 2022 19:05 GMT
A Ponzi scheme is a situation where the schemer promises guaranteed outsized returns in some other business with the intent to generate those returns primarily by attracting new investors. Ponzi himself claimed to generate money by investing in land deals.
Very few of these ventures meet that definition. In particular, there is not promise of any particular return & there is no other business involved.
Google said to be taking steps to keep political campaign emails out of Gmail spam bin
Thursday 30th June 2022 07:22 GMT
"Never forget"?
In both the 2016, and 2020 elections, these pages reported research that Google was biasing search to favor the D nominee. And I was present at a TGIF (attended by a substantial % of G workers) in 2015 when a director bragged about changing the election results in a Central American country.
It takes a "Some animals are more equal than others" kind of brazenness to claim that concerns of Republicans that they are getting unequal treatment regarding these filters.
Without reading the details of the proposed bill (something which usually takes a JD & access to the Federal Register to decode anyway), the description sounds like they are wanting to require that campaign-related email requires an opt-out. An ugly, transparently self-serving bill? Certainly. But G in particular has no valid claim of neutrality, so these untraceable in-kind donations must be stopped if there is to be any hope of free and fair elections.
The question that I have is: will the opt out actually work? I've got one company whose emails come through no matter how many filters I try to slap on it. (And yes, I only use gmail for work.)
City-killing asteroid won't hit Earth in 2052 after all
Arrogant, subtle, entitled: 'Toxic' open source GitHub discussions examined
Hangouts hangs up: Google chat app shuts this year
Soviet-era tech could change the geothermal industry
More than $100m in cryptocurrency stolen from blockchain biz
US senators seek input on their cryptocurrency law via GitHub – and get some
Linus Torvalds says Rust is coming to the Linux kernel 'real soon now'
Friday 24th June 2022 16:35 GMT
Remember when Scala was going to solve this problem for higher level languages?
I'm not holding my breath.
And my complaint against C for something like an OS kernel is that you loose direct access to the flags register. Integer overflow error almost disappear when you have it.
Think about that.
Bounds-checking array accesses become MUCH cheaper.
Think about that.
Imagine (if you're old enough) writing C with that capability in place. NOW, explain how excited you are about Rust.
Again, I'm not saying that Rust is no good for the kernel. However, it strikes me that people seem to want to jump to entirely new tools when really, some minor tweaks to existing tools can get them much of what they need.
Florida's content-moderation law kept on ice, likely unconstitutional, court says
Thursday 23rd June 2022 18:37 GMT
Re: Oh, now sites are responsible for what's posted on them?
I'm pretty sure I get what you're trying to say, but in fact, US laws generally DO apply globally--to US persons. In fact, we have laws expressly against certain types of sex tourism, for instance. Of course, if you travel (or operate) outside the US, the locals are going to demand that you obey their laws. A fact that seems to elude many people. (And get me lots of downvotes when I phrase it a certain way here.)
Investors start betting against Bitcoin with short-trade products
Thursday 23rd June 2022 18:25 GMT
If you are calling the US a "tin pot country", I might, depending on my mood & the subject, agree. But in context, I would say that you are at best misleading.
FDR outlawed it. From what little reading I have done, it seems that it is a preparatory step to going off the gold standard, which is why I stretched a bit & called it "generally outlawed".
Don't ditch PowerShell to improve security, say infosec agencies from UK, US, and NZ
Totaled Tesla goes up in flames three weeks after crash
Bipolar transistors made from organic materials for the first time
Thursday 23rd June 2022 17:50 GMT
Is this moving things forward?
I would like to know what kind of minimum feature size we are talking here. Also, switching speed. Also power consumption. Also MTBF (in several variants). Also, expected manufacturing complexity & stability...........
I'm not raining on conducting research, I just want to know what we really have here.
Mega's unbreakable encryption proves to be anything but
Thursday 23rd June 2022 17:42 GMT
Re: repeat after me
You must trust someone. The problem is that few people even have the education to even understand WHY they should not trust themselves. (Most can be browbeaten into submission, but that's a separate matter.)
I was just talking about this to a friend. There are probably about 3000 people in the world today who I would trust to write a crypto library. I'm arrogant enough to include myself in that list. But because I _am_ properly trained, I also know that it would take me FAR longer to convince myself that I had not messed something up than would be worth it.
DARPA study challenges assumptions about distributed ledger (and Bitcoin) security
Wednesday 22nd June 2022 17:15 GMT
What exactly is new here?
And by "new", I mean, "Not already discussed on the cyperpunks mailing list in the '90s?" Certainly, we did not call the pools by that name. But the concepts were all there.
The fact that this "report", or whatever they are styling it, doesn't even mention the 40% attack on Bitcoin means either someone needed to get something published, or that this paper is an attack on crypto. (This is coming from the US govt, of course.)
I was a cypto-skeptic in the '90s. I've never attempted to create an account. I've publically called BTC & friends "beenie babies" & "tulips" & worse. But this "report" contains less value than an airdrop in Somalia.
Cloudflare explains how it managed to break the internet
Wednesday 22nd June 2022 17:00 GMT
Re: I'm curious
It's $200/mo for something that their competition does for free. You attacked their business model over this. And I'm doubling down here--you're demonstrating an utter lack of proper prioritization on this point.
You know (apparently first hand) that the monthly cost of building a resilient app runs at least 6 figures a year. Against that level of spending, you're going to weigh $2500 priced as an addon? What if the cost of the base contract is $5000 less?
Look, if you just don't like them, that's fine. But any evaluation of a solution has to be based on total cost, and you're talking about a rounding error.
