"And a job offer"
Seriously, why doesn't someone like this get an on-the-spot job offer? This kid has already demonstrated more subject mastery than 70% of professional programmers.
<sigh> We'll probably lose him to a stock trading company.
2445 posts • joined 23 Jan 2015
I mentioned this in my FIRST reply to the FIRST article that came out about SPECTRE. The drip, drip, drip of these exploits is precisely why NIST recommended (for twelve hours) turning speculative execution off. These partial mitigations add up, and in a big way.
I've interviewed with multiple companies who have gone this route for protected database servers and the like. The cost savings are enormous, and, as alluded to above, with proper least-access privileges implemented network-wide, quite safe.
What surprises me is that a mere kernel option can really do it. To really see the benefit, you need to turn off things like retpoline when you compile your applications and libraries. I would strongly urge something like Yggdrasil if a company I was advising was considering going this route.
when even the most conservative and originalist members of the USSC refer to our form of government as "democracy". It makes me wonder if they think in the back of their heads that they were elevated to the Court by some sort of plebiscite.
And as for everyone else, the US has never had, and hopefully will never have anything approaching democracy as its form of government. We are a constitutional republic. The very fact that laws are passed by congress, and that the Courts dare to occasionally dismiss such laws a unconstitutional should, I think, be a constant reminder of this fact, but apparently not.
I'm as much a conservative as you're likely to find, but I'm also an originalist, and you're not being honest in your reasoning.
1) The third amendment is very much, although not exclusively, about privacy. Pre-telephone, quartering is a VERY effective way of keeping an eye on "troublesome" people, and almost everyone involved in drafting and passing the constitution either themselves or their fathers would have qualified as "troublesome" not too much earlier.
2) The "and their papers" of the fourth amendment is, again, very much an issue of privacy. How would the "committees of correspondence" have fared if the government had driven very far against it? Or for that matter, what if a businessman happened to corrupt a government official & seize papers for competitive gain?
3) One of the objections that was raised against the Bill of Rights was that the inclusion of certain rights would result in the disparagement of others. The idea that these recent revolutionaries would have had _any_ truck with the "if you have nothing to hide, there should be no problem" bs that has occasionally been pressed by some faux-law-and-order types is laughable.
Privacy certainly _is_ one of the "unenumerated rights". That what has been done by prior courts at times under the banner of the privacy has been abominable does not affect this fact.
Let's see. We can net $142M this year. Now, there is this _tiny_ security fix we need for our system. It costs $34.5M. And, if we don't, the worst we can expect is a $9M fine. Maybe.
What is our fiduciary responsibility?
--
Seriously, I'm more upset with the government here than anyone. NO WAY was the unclassified network 100% p0wned, but the classified secure. That company should be fined out of existence, and that CEO behind bars for a decade or so, and not at Club Fed.
Unless the government _wants_ more of this for some unfathomable reason.
"Lastly, the malware looks at the system's MAC address and compares it to organizationally unique identifier (OUI) prefixes usually used by virtual machines."
This is just nuts. There is NO reason for a VM to use predictable addresses like this, and this obvious route to identifying the presence of a VM should have been revealed by even a cursory security review. Certainly, the services are a "bigger" issue in this regard, but to not even bother with such a simple & obvious change...
This is why we can't have nice things.
If you want a retroactive law in the US, checkout the 1993 tax hike. Passed after president Clinton assumed office, it took effect 1/1. Of course, for some strange reason Her Royal Clinton just happened to have asked to be paid for some of her 1993 "work" for some law firm in 1992--a request that was granted.
Yes, our written constitution has a clause against that. Constitutions are only worth the people who enforce them.
That really depends on what exactly was SUPPOSED to be going on with those computers. It seems likely that was a TS site, and if the Powers That Be decide it's time to make an example, it's not that hard to turn any security violation of TS into hard time.
We were ALL briefed (repeatedly) about the consequences of violating TS security. (Technically, a firing squad is possible.)
I realized that holding a cryptocoin is holding stock--in a company with no income, assets, sales, employees, or liabilities, and with novel rules regarding stock issuance and the structure of the board.
I really think that, from the standpoint of consumer protection, coin regulation ought to start there. There is absolutely NO reason for governments to take seriously the notion that this stock is a currency. It clearly is not, and anyone with any sense of history or politics knows that if it ever were to reach such status, it would be attacked and destroyed almost immediately.
A Ponzi scheme is a situation where the schemer promises guaranteed outsized returns in some other business with the intent to generate those returns primarily by attracting new investors. Ponzi himself claimed to generate money by investing in land deals.
Very few of these ventures meet that definition. In particular, there is not promise of any particular return & there is no other business involved.
In both the 2016, and 2020 elections, these pages reported research that Google was biasing search to favor the D nominee. And I was present at a TGIF (attended by a substantial % of G workers) in 2015 when a director bragged about changing the election results in a Central American country.
It takes a "Some animals are more equal than others" kind of brazenness to claim that concerns of Republicans that they are getting unequal treatment regarding these filters.
Without reading the details of the proposed bill (something which usually takes a JD & access to the Federal Register to decode anyway), the description sounds like they are wanting to require that campaign-related email requires an opt-out. An ugly, transparently self-serving bill? Certainly. But G in particular has no valid claim of neutrality, so these untraceable in-kind donations must be stopped if there is to be any hope of free and fair elections.
The question that I have is: will the opt out actually work? I've got one company whose emails come through no matter how many filters I try to slap on it. (And yes, I only use gmail for work.)
I'm not holding my breath.
And my complaint against C for something like an OS kernel is that you loose direct access to the flags register. Integer overflow error almost disappear when you have it.
Think about that.
Bounds-checking array accesses become MUCH cheaper.
Think about that.
Imagine (if you're old enough) writing C with that capability in place. NOW, explain how excited you are about Rust.
Again, I'm not saying that Rust is no good for the kernel. However, it strikes me that people seem to want to jump to entirely new tools when really, some minor tweaks to existing tools can get them much of what they need.
I'm pretty sure I get what you're trying to say, but in fact, US laws generally DO apply globally--to US persons. In fact, we have laws expressly against certain types of sex tourism, for instance. Of course, if you travel (or operate) outside the US, the locals are going to demand that you obey their laws. A fact that seems to elude many people. (And get me lots of downvotes when I phrase it a certain way here.)
If you are calling the US a "tin pot country", I might, depending on my mood & the subject, agree. But in context, I would say that you are at best misleading.
FDR outlawed it. From what little reading I have done, it seems that it is a preparatory step to going off the gold standard, which is why I stretched a bit & called it "generally outlawed".
I would like to know what kind of minimum feature size we are talking here. Also, switching speed. Also power consumption. Also MTBF (in several variants). Also, expected manufacturing complexity & stability...........
I'm not raining on conducting research, I just want to know what we really have here.
You must trust someone. The problem is that few people even have the education to even understand WHY they should not trust themselves. (Most can be browbeaten into submission, but that's a separate matter.)
I was just talking about this to a friend. There are probably about 3000 people in the world today who I would trust to write a crypto library. I'm arrogant enough to include myself in that list. But because I _am_ properly trained, I also know that it would take me FAR longer to convince myself that I had not messed something up than would be worth it.
And by "new", I mean, "Not already discussed on the cyperpunks mailing list in the '90s?" Certainly, we did not call the pools by that name. But the concepts were all there.
The fact that this "report", or whatever they are styling it, doesn't even mention the 40% attack on Bitcoin means either someone needed to get something published, or that this paper is an attack on crypto. (This is coming from the US govt, of course.)
I was a cypto-skeptic in the '90s. I've never attempted to create an account. I've publically called BTC & friends "beenie babies" & "tulips" & worse. But this "report" contains less value than an airdrop in Somalia.
It's $200/mo for something that their competition does for free. You attacked their business model over this. And I'm doubling down here--you're demonstrating an utter lack of proper prioritization on this point.
You know (apparently first hand) that the monthly cost of building a resilient app runs at least 6 figures a year. Against that level of spending, you're going to weigh $2500 priced as an addon? What if the cost of the base contract is $5000 less?
Look, if you just don't like them, that's fine. But any evaluation of a solution has to be based on total cost, and you're talking about a rounding error.
Biting the hand that feeds IT © 1998–2022