Re: Global Warming?
The Greater Fool. (The Greater Fool.)
2995 publicly visible posts • joined 23 Jan 2015
They know how to destroy bitcoin. It was obvious when the first proposals came up on Cypherpunks in the 90's, and it is obvious today.
But there is always a cost to such things, and so far, they have not cared to pay the cost.
Really, this is why I've never been into coin. If the time comes that they do care, and it is FAR from clear that matters will actually get to this point, it will be decisive.
To see two entirely independent waves of this. There was a spasm of complaints in 1990. They started with the complaint against Senator Packwood. They miraculously ended when Senator Kennedy's name came up. Originally, the claim was, "a woman would never lie about such things". Then, "we must assume innocence."
The entire exercise was blatantly about who's ox was being gored.
Of course, this wave started with one aging starlet taking on perhaps the most notorious Hollywood abuser (see the original "A Star is Born" to get an idea of how long this has been going on), which immediately turned into an anti-Trump crusade. We also got another spectacular attempt to destroy a Supreme Court justice by false claims.
Wise pastors have known for decades never to have a closed door when counseling a woman. The Reverend Billy Graham was not the only one to have what amounted to a reputation body guard that _always_ went first into hotel rooms for him. I know two state legislators in the 90's who were not so careful and who lost their jobs this way.
And people complain that a certain US senator today won't meet with a woman over a meal by himself.
I feel ridiculous for having to say this, but I am NOT suggesting that even a majority of complaints are unfounded. I am saying that tribalism regularly eclipses everything else in these situations. Also, that anyone suggesting that we do away with due process in the workplace is bringing in lions to drive out dogs.
This is already long, but let's talk about solutions.
Singling out particular types of unacceptable behavior as if they are somehow more problematic is beneath us as IT professionals. It's not sexual harassment, or racism or some other narrow thing--it's abuse. The solution is a culture that does not tolerate it. But at the individual level, it is not so simple. I've been out of work for almost eighteen months. Do I refuse to even talk to Uber? High-minded behavior is a luxury of the fed. My longest period of employment was at a company which had a horrible culture--because for years my wife's health needs prevented me from pursing a move.
As for sexual harassment, it's bizarre to watch the blatant sexism in people's approach. It is not even a little bit credible to claim, for instance, that men and women should be paid the same while a woman's complaint of sexual harassment against a man is to be accepted without challenge. The problem is that we are attempting to deny a billion-year-old fact: men and women are deeply different creatures. Until our approach to the matter uniformly acknowledges that fact, we are like the cartoon of someone fighting a fire while a stick in their back pocket is dropping sparks.
is a lot bigger than the doom-sayers say. Having said that, when it DOES fill, the mess will also be bigger.
At the same time, various cleaning technologies are going to get easier almost every year, and the leadership of the big boys are rational enough that someone who declares, "We're going to zap object X in 48 hours unless someone objects" won't be known as the bad guys. The biggest thing is likely to be the national loss of face for some one else cleaning up your trash, but that's avoidable.
in technologies like self-driving cars.
IN THEORY, a company like SAP could back off the "new features", and focus on bug & vulnerability fixes for a couple of years, thus drying up the profitability of decompiling fixes. This, in turn, would cause the bad guys to move one & even lose expertise.
But no, we must have FEATURES! YESTERDAY!
<sigh>
My wife was offered a job by Ross Perot's company in 1989 with a very similar (but MUCH more onerous) arraignment. (We weren't married at the time.)
The detailed breakdown is the part that I don't buy. There are WAY to many ways to play fast & loose.
But an arraignment of "after x weeks training, you owe us y, prorated over z years" is a clear contractual arraignment. Take it or leave it, your call.
I've actually mentioned the possibility of a similar arraignment to potential employers regarding relocation support.
That's actually a dangerous heuristic you're implying. You certainly never spent much time on a farm, for instance.
Just because YOU don't know why something was done does not mean that there was no reason. There almost certainly was. The correct question is "is the reason currently valid?"
I'm sorry, but re-read what happened. That's the sort of error that should have either grounded the fleet, required some sort of fallback to a manual process, or overridden the computations to assume all passengers are adults.
This was a callous, even cynical decision by someone in the airline to go for profits over a blatant safety issue. Full stop. At Boeing, it can at least be argued that no one person had all the data to know that they would be endangering lives.
It took WAY too much effort to parse the article simply because I had no expectation that octets would treat a leading 0 as meaning that what follows is in octal.
Quick question: How would you parse 011.011.011.011? I would expect it to be decimal because I've got it in my head that some systems (old Windows? I don't know!) require three digits.
I could be completely wrong of course, and THAT is why I rely on a library to handle such things. In fact I did not even know that 1.2.3 was a valid IPv4 address until I grabbed the python library for a test project.
So, yes. If I'm faced with identifying, finding, reading, interpreting, and implementing some RFC, I'm going to instead look for a library with a decent reputation and use it.
IF, (and I do mean IF) I happen to observe something weird (like accepting 1.2.3 as a valid IPv4 address), I'll check around and see if that's correct.
But I'm probably NOT going to trust an npm. There is WAY too much bad mojo in that space.
It's tarring by association. Yes, cypherpunks@toad.com was a hotbed of technolibertarianism, and the common ideology supporting coin remains heavily libertarian. HOWEVER, tying with with "racists" and some other sleeze-du-jour links libertarians to these other groups in a way which is...propagandistic, and to a degree that far exceeds the Right-Pondians.
Nah, there has never been a major journalist or major news show spreading fake news.
Seriously, must I bring out Thomas Jefferson's famous quote on advantages of not reading the papers?
Fake news has been around since long before the Republic. It was VERY well known to the authors of the US constitution, as well as the members of the first US congress, which proposed the First Amendment, and to the members of the state legislatures, which passed it.
The purpose of the First Amendment freedom of speech and freedom of the press can only be honestly read as the right of the minority to loudly make statements which the majority would consider either to be lies or to be offensive. Statements accepted as true and unoffensive by the (current) majority need no such protection.
Lying is basic to human nature. Get your big boy skeptic pants on.
then it sounds like the judge does not understand what's going on. At all.
Google analytics is a domain serving javascript like any other. It has nothing to do with any particular browser. Any expectation that a browser's incognito mode would magically know about each and every of the hundreds of tracking domains and turn them all off...is magical thinking.
Unless Chrome is sending this data out itself, there is nothing here.
I am saying that
#1 The manufactures did due diligence at the time when implementing these features for consumer products.
#2 The manufacturers warned in the product literature that the parts were not certified for CONFIDENTIAL use.
There is nothing to apologize for. If you buy your three year old a plastic bat, and on the label it says, "Not for use with MLB", are you going to expect it to take a pitch from the Minors? I expect you will be wanting your money back...
Are you aware that in recent decades, a TLA would occasionally contact a company and say, "Hey, sign this NDA. We need to talk." followed by "We've observed foreign actors compromising your systems in the following fashion. You need to fix that. Quietly." To which the response is, "Huh. I can see that the attack would work, but we don't see any evidence of it being used."
The general conclusion was that the intelligence services were doing exactly what a rational actor would want them to do in a hostile world.
But yeah, not always.
We've gone through this many times in different permutations. The FDA was created to try to drive out the snake oil salesmen. The professional boards (mostly medicine & law) exist to try to keep the worst practitioners from causing the death of their clients. But in the end, the consumer remains king. We had a perfectly good consumer cell phone with a much better security model than Apple, let alone Android. Remind me, how is RIM's retail branch doing these days?
Okay, so consumers don't really understand the dangers of bad security. Even if they did, security is a distributed threat--99.9999% secure means 100% insecure. To argue that consumers are willingly going to bear the costs of security is to argue that Communism works. (Hint to the Millennials: even the Pilgrims could not pull it off.)
How about we start at the other end of the problem: what exactly is meant by "this server is secure"? istoomuch.jpg How about, "this code is secure". Care to back up that claim? May I see your MA in mathematics? Because proving that a piece of code actually does what you want it to do, and nothing else, is at least equal to a thesis. (And, yes, I do have one of those.) That's assuming that the compiler has also been proven. And whatever was used to create the compiler. And the OS. For both. And the cpu. For all. Moreover, your CPU must not only do what the architecture says, but must be side-channel free. That means (and I have the background to say this) either taking a 10x hit to speed, securing not just your code, but all code running on the server--including cross-domain interactions between applications (think: SQL injection), or getting completely new cache architecture.
Okay, so somehow we have a magically secure programming environment. Luckycharms.img And, you want some new code. You going to hunt down a mathematician to write it? Oh, but maybe we can use the model that engineers use. The mathematicians doesn't have to write the code himself--he can check the work and certify it. No. grumpycat.img Code is not a piece of metal that can be machined into tolerance. It does not have microfractures that only spread at a given rate. There is no procedure to guarantee changes are correct. kurtgodel.img When we are talking about demonstrating security, we are talking about creating valid proofs, and while two might be three times as fast, that's two fully trained mathematicians, not a mathematician and someone else.
But security really is that important. Why don't we pass some laws & regulations? yeahsure.jpg Just how long will a politician stay elected if he passes a bill that outlaws 99.99999% of existing code?
We are losing the war. We do need to fight it. But we must focus our efforts where it can be productive. We need public awareness of the pervasiveness of the security threat. Maybe we can get Bill Gates to fund a publicity campaign. I do believe that liability legislation has its place, but the only way that is going to survive is if it is extremely incremental. That is, too little to be effective until some sort of phase change happens. Something in the same spirit as the GDPR, but significantly more limited in relative scope.
Yeah, I really try not to think too hard about this. Kinda like the Cold War.
signifying nothing.
At the top of the article, you cite the utterly debunked Bloomberg magic chip as credible. And the quality of the analysis doesn't improve much from there.
I agree with the final paragraph, 100%. But ill-informed busybodies pontificating is not going to help anything.
Tell me. Does Rust prevent SQL injections? XSS? Unsafe object deserialization?
You've pulled the 70% out of thin air. Rust deals with certain common, but ultimately narrow class of low-level bugs. Certainly, an improvement in many cases, with cost. But you're not going to save Tinkerbell with it.
As the much-misunderstood general testified, "There are no civilians." If you want the government to protect you (ie: be a civilian), then you will need to have government provided built CPU, smart phone, OS, and all apps. No sites available unless they have been approved by the government, (and no changes on them without going through change management.)
I don't think you will be happy.
" If you were doing this then you were effectively impervious to that entire class of attack unless the attackers start on the inside of your network. (which should be guarded against by other access control measures)."
Seriously? Were you found in a cabbage patch this morning?
Even if, by some act of magic, your VPN was perfectly secure, that does close to 0 about one of your users who mistakenly clicked on an ad or clickbait article and now has been rooted.
Your user's machines have been compromised. All of them. For quite some time. Now--explain your security posture with twenty-year old procedures is adequate.
We still are not settled on exactly what should be considered proper MFA. Keeping up is going to matter for a while.
When someone speaks of their First Amendment rights, they are speaking about rights enshrined in the First Amendment. As part of the constitution, the Amendment can only address government.
Now, when I go to a public square, grab my soap box, and start speachifying, I am exercising my right to free speech. Humans being lazy creatures, I might even claim to be exercising my First Amendment right. If someone objects to my words, and they come by with a loud speaker, and use it speak over me, are you going to claim with an honest face that my right to free speech is at that point effective? There is a term, "heckler's veto". If we allow (or encourage) that, then we no longer allow effective use of the right.
What if, in some region of the country, a political party has come to dominate politics to the point that nomination by the party is tantamount to election. Suppose further that this party refuses my entry. No government violating any right as far as the eye can see. I claim that in fact said party is denying my right to be effective in my voting. (And for those who don't understand what I am talking about, in Grovey v. Townsend, the United States Supreme Court unanimously ruled that the rule by the Texas Democratic Party forbidding blacks from participating in their primary was constitutionally sound. Not our finest moment at all.
Big tech is hanging out at the town square. They are handing out megaphones to some people and not to others. (Also, playing Madame Defarge and plastering flashing signs all over the place) For many, many people, these platforms are loudspeakers allowing them to reach tens if not hundreds of times as many people (who actively want to hear what is being said) as any other method.
To deny the reality of the network effect and say, "build your own" or some such is at best disingenuous.
Certainly, we expect (and demand) that content promoting, planning or celebrating acts which are malum in se be taken down. But my idea of what counts differs rather drastically from, say, Pooh Bear's. And there is a strong concern that there is institutional bias in these companies against conservatives. It's easy to dismiss the anecdotes. I myself would be skeptical except that:
I personally witnessed, in 2015, a director at Google brag at a TGIF (weekly company-wide town hall meeting) that they had thrown an election in Central America.
Of course, El Reg reported research in August 2016 catching Google suppressing negative search suggested for Hillary Clinton.
El Reg also reported in 2012 that Facebook "partnered" with the Barack Obama reelection campaign to use their network. I've not heard of them doing so with any conservative candidate.
"Free speech", like "poverty", is intrinsically a comparative term. For thousands of years, even the ability to write a letter was the province of a few Mandarins. Then came universal education, and paper, so that the term "papers" was expressly included in the Fourth Amendment. Now, I can send an email to any of three billion people. IF, and ONLY IF, we can both find ISPs that allow us to do so.
I am reasonably certain that there was a clause in the original treaty of Union that allowed Texas to divide itself into five at will, as well as to secede. As is often the case, however, subsequent events, particularly those of 1861, nullified the treaty. Texas's annexation to the Union in 1865 did not undo that nullification.
Anyone naughty who cares about physical location has as their day job scouting buildings for potential interesting locations. Otherwise nondescript buildings with any sort of heightened security measures scream "Find out what's going on here!"
If we are lucky, it will mostly be ones & twos. Just don't anger anyone with the resources to digitally disconnect your break line. And pray that we never go to war with China. Or that Iran starts redirecting their resources from nukes to roots.
We JUST TODAY have an opinion piece about the sorry state of affairs in the software industry. Connect the dots, people. The failure mode that I'm worried about is system compromise. Convince me on that before surrounding me with thousands of murder machines.
"If the time has come for the lion to lie down with the lamb, I prefer to be the lion."-slight paraphrase
Morals are for the living. If we do not give our opponents good reason to worry either that their weapons will be ineffective, or that the response will be more than they want, they do as they please.
And what they please displeases me.