Re: Thank God it's just drugs..
It'd be a lot easier to toss in a salvo of shivs. Shivs are silent and a lot easier to conceal.
7218 posts • joined 10 Jun 2009
It'd be a lot easier to toss in a salvo of shivs. Shivs are silent and a lot easier to conceal.
Thing is, given the average human male's weight of 80kg, and given your average joint has about 5mg of THC in it, the math seems to indicate that THC will be the least of your worries when it comes to dying on joints. Now, the impurities and so on are another matter. Plus there's always the psychotropic X-factor (which is how many stoned people tend to get into trouble--not from the joint but from the things they were doing while high).
I have, though. As they say, your mileage may vary.
It was BOTH. Many times the corpses shot into the city were rotten or plague-ridden.
"So, you're telling me that the near billion quid a day that the government spend on welfare is insufficient, then?"
No, because for those on the wrong side of the tracks, many were DENIED. So where do you go from there? The gaol or the grave?
1. Depending on the location, radar may not be an option because it'll interfere with other radio operations. Also, these things are pretty small and usually made of plastic with a reduced radio reflection so may not trip most radar systems without raising the risk of false positives (think of the thing going off when nearby birds fly past).
2. Programmatic one-way drone flights will leave no radio signature. And if the transmitter is on a mobile base, or multistatic, it'll be hard to pinpoint.
3. A coordinated effort can distract the guards (say start a fight) while the payload is dropped off and secreted away.
PS. To the guy who suggested a truck-mounted trebuchet, something that big will be hard to erect, take down, and/or disguise in a hurry (the moment you launched, odds are someone will notice you and jot your plate). Also, the net can be very flexible and made of strong cords that give some, allowing it to absorb impacts and render it resistant to blunt-force penetration (the whole rig would give first before it broke), leaving direct cutting or going over, both of which have countermeasures against one-shots while a drone can perform a sustained effort.
But they probably stink in the payload department. There's a REASON for a preference for a high thrust.
No, because going straight means no opportunities which means they starve and DIE. For the TRULY desperate, it's literally crime or the grave.
"and an independent observer who have no incentive to collude."
There's ALWAYS an incentive to collude: bribery or blackmail are always available, so how can you be sure the "independent" observer really IS independent and not subverted behind your back?
That is frankly none of its business. That's a job for the higher layers.
But these same industrial systems are also expected to be tuned with higher precision. To get that higher precision, you need more readings at a time, which means lower latency. That's especially true in the field Kaspersky is most experienced: networking. If you plan to pass through multiple gigabits of data per second, you're talking a maximum lag time in the nanosecond. range. For turnarounds that quick, you MUST cut the processing time to the bare minimum, and that usually means getting close to the metal. Microkernels block this because they prevent close-to-metal access. Indeed, one caveat of seL4 is that the formal proof only applies if you disable DMA; guess what's one of the most common ways to reduce latency?
But then you have to deal with port forwarding, NAT traversal, VPN's sometimes, and TWO protocol stacks. It's unfortunately a necessary complexity.
If the description is accurate, it would only be the SECOND formally-proven kernel written (after seL4). The thing is, how well can such a microkernel perform when latency (such as high-throughput networking) is an issue?
Even security updates? Doesn't that just leave you open to being pwned and making everyone else's day miserable?
Why don't you just firewall the addresses that feed those ads and so on?
"plain vanilla Enterprise licensing"
I was under the impression that significant enterprises don't use the plain-vanilla Enterprise licenses and instead negotiate directly with Microsoft for certain terms since they have the clout to push back. Government agencies, industry leaders, and so on.
PCI and PCI Express are not fixed buses. You have to POLL them to learn what they house. Universal Serial Bus has to be polled. So does 1394 IINM. Unlike with most ARM configurations (fixed memory map), the system doesn't know what's in the system at the initial bootup, and the configuration change at runtime (like with USB and 1394 which can hotplug).
No, because if I can control a process's logging, I can do this, too (note, in this example ONE process wrote this):
[ rogue ] Something innocuous happened
[ fake process ] Something fake happened
How do you keep a rogue process from making a fake tag when the process can match any tagging the logging system uses?
"syslog tells you - both process name and PID. So your mythical pwned process could put whatever it likes on the line after that - but only the truly clueless would not notice that the very beginning of each line tells you exactly where the message came form."
The fake process newlines its log and creates a fake tag that ticks all the marks. And the log has to be able to newline in case of structured text output like a hex dump.
Watchdog crashes. What restarts the watchdog other than init, who's already asleep by your logic?
But if you DON'T double-guess, the AVERAGE user gets lost. Always remember, if you know what you're doing, you're in the minority, and the average user's money outvotes your money...by a large margin.
"Bollocks. I really hope you do not work with computers."
Bollocks on the bollocks. If you say a log can be reliably kept with nothing but ASCII, explain how you can say a coin landed edge when all you have to work with is a single bit: 1 or 0? Language can hit limits. Just as some things simply cannot be expressed in a yes or no, so some things cannot be reliably said in just ASCII. That's why there's such a thing as necessary complexity.
Can still be faked by a rogue process. How do you block rogue logging when it can do everything a real process can do with ASCII, including process and timestamps?
How do you know which process REALLY said what if all you have to work with is ASCII, which the pwned process is fully capable of using as well, meaning there's no way to distinguish a well-disguised fake log output pretending to be another process from the actual process. The range of your output is too limited to properly distinguish between them. Anything you can try to use within the ASCII range to safeguard them, the rogue process can mimic. It's a rogue edge case, just like you have no way to say a coin flip landed edge (the LITERAL edge case) if all you have to work with is 0 (heads) and 1 (tails). See where I'm going with this? Properly safeguarding the log from rogue output requires something beyond ASCII. It's a necessary complexity.
"if someone already owns the box to the extent that they can fake text log entries, they can surely fake binary log entries.."
Not if they only control ONE process (which they're using to post fake log messages using text formatting tricks). The thing with gatekeeping is that it's a lot harder to fake it since the gatekeeper knows which process is emitting which message. And the ONLY way to enforce this is to use a more-complicated logging format that allows for discrimination. You simply CANNOT do this correctly with a text-based log; it's too simple for that. To put it in perspective. If all you have to work with is a single bit (1 or 0), how do you correctly inform when a coin flip lands edge?
Well, what do you expect? More people don't know their way around a computer then do, yet their actions have repercussions that can affect you. What would you do to correct this problem?
"Users who want modern fripperies like an OS that will assume that because you plugged that USB stick in, maybe you'd like to access it, already use Windows or OSX (or more likely, don't own a traditional computer at all)."
And that attitude is why people will never be temtped away from Windows, no matter how much you want them to for security reasons or whatnow. Make up your minds.
It's trying to manage a system that keeps changing at all levels.
SysVInit was designed decades ago when hardware was static. Thus you hear stories of init scripts that reverse the order of network adapters (really bad when the system is a firewall).
And replace it with WHAT? Definitely not SysV which falls flat with dynamic hardware which is the norm these days on most systems.
And you can put a metal heat conductor between the air gap and the heat source. Metal is superior even to skin when it comes to thermal conduction, so it can soak up the heat and then employ radiation and convection to bear it off.
But your headlamp concentrates that heat at one spot on your head. With a wraparound design like Hololens, they can spread out the heat generators so instead of one 10W hotspot, it's several 2-3W spots spread around your head; you're less likely to feel several smaller hotspots. Plus with smaller hotspots, it's easier to find ways to dissipate the heat through thermal conduits and so on.
How about on Self-Service food service kiosks? or ATMs?
Not necessarily. If it was an old setup, the graphics chips in them may not have had the oomph to drive both screens. Or the flip side was added later on.
The BSOD gets all the attention simply because it's so easy to recognize (well, that and red-X dialogs). But I do recall at least one instance of seeing an OOPS on a billboard.
You start to see that around Chapter 8. It's meant to be a tongue-in-cheek way to inform you the facility's about to blow (tongue-in-cheek humor is signature to Portal). You can also see them on occasion with the user-made puzzles.
"Depends in which country you live in. Anyway, if your money in a bank are in local currency, it won't save you from hyperinflation or sudden devaluation. They will lose value exactly like money in a can."
Not if it's invested in a bank with a different currency.
"It's enough to make you want to keep all your cash in a coffee can burried in your garden. =-/"
Only to find out your country's undergoing hyperinflation and all the cash you buried isn't worth the paper on which it was printed.
"In the end, I think it's just Capitalism at work. The healthiest companies survive, those that cannot identify threats and define mitigations fail. Isn't that what Capitalism is all about ?"
Trouble is, capitalism doesn't take collateral damage into consideration, and that tends to have very innocent victims.
Why use force when finesse will do just as well? How often does a good pickpocket get caught?
You assume we have an option in the matter.
Simple way to stop the simple way to stop it: bribe or blackmail any legislators who dare to propose such a law. It's not like they're going to be affected. Let's face it. In our world, money talks, all else walks, and it costs less to pay out when the breaches occur than it does to take preventive action, especially since many markets are so tight that shopping becomes a Hobson's Choice: the only alternative is to go without.
"The authors' proposal is for a new SDN controller design: “treat arriving packets with pre-allocated buffers rather than new objects,”"
But the problem with pre-allocation is that you set a limit for yourself and there's always a chance the bugger gets overflowed. What then?
"Fail the third: Would a properly set-up firewall block that? What data does it send back to the mothership?"
Probably not if it uses an encrypted connected and mixes up the destinations, especially if they use legit IPs meaning you can't block them without collateral damage.
Works as in what? Can it run Android apps out of the box?
Last I checked, that's not an Android issue. That's an ARM issue as even ARM-based Linux distros like Raspbian have to deal with the problem (and guess where the CPU governors Android uses come from).
"The version I was taught was "I before E except after C, but only when the sound is E"
There are a few exceptions:
- If the combination is pronounced like an A ("weight") or an I ("height").
- Imported words. Many words of the first type are this type as well (in particular, a lot of the I-types come from Germanic languages where this combination is much more common, like "poltergeist").
- Diphthongs where the letters sit next to each other but are on different syllables so they're pronounced distinctly (like "agreeing").
But if it's blanket, no one reads it. Damned if you do, damned if you don't.
But they don't render them correctly, meaning they can't be relied for those types of documents, especially where formatting is sensitive and/or important.
"a really good password can be kept for DECADES, so long as it's hard to guess and easy to remember."
No password no matter how long is immune to shoulder-surfing and keyboard sniffing. In which case, the resultant breach could go unnoticed for decades, too.
Which would you rather have? A bunch of weak passwords that at least get changed every two months, closing any holes they might have made or stagnant passwords that in turn get stolen and go unnoticed?
"Wouldn't this get noticed the next time the user tried to log in and found their password didn't work any more, regardless of when they last changed it?"
Precisely the point!
If someone else changes a user's password without IT's knowledge (which is what an intruder would be forced to do if he stole account details and hits the forced-change deadline), then the real user would get locked out, find out about it, and inform IT. You WANT IT to be informed since that means a newly-detected breach.