To be effective potential needs wisdom...
or it will go to waste, you can see that happening all the time.
"...a tragic end for someone who showed so much potential."
Unfulfilled potential, there's plenty of that to go around.
The lingering fallout of security flaws in AMD processor chipsets has dominated the news this week, and it ain't over yet. The initial flaw disclosure on Tuesday was short on details and high on hype, and some thought that either the issue was massively overhyped or was being used to try and manipulate AMD's stock price. The …
Also, uncalled-for pious platitudes.
Shows potential: Excellent work in Galois theory at age 20
Tragic end: Stupidly killed in a duel (in which he should have ripped out everyone's throat and shat down their necks but wans't trained to so)
This is not that.
But not just wisdom.
Personal ethics (principles and values) are of paramount importance.
His record seems to show he had nothing of the sort.
He has been quoted (The Guardian 20180316) as saying:
“Had I done nothing, I would always have been left wondering whether the hundreds of thousands of documents that had been leaked to unknown third parties would end up costing lives, either directly or indirectly.”
If you're going to be THAT paranoid, you might as well assume ALL processors are backdoored in some way and accessible to SOME entity you don't like. Even if you try to look for some open-specced processor, you can't be sure that the final result will be identical, nor can you be assured that all the rest of the chips are similarly safe (and many don't have substitutes because they're patent-protected).
There's a small community of people working hard to address this problem. Verifiable hardware and software including the tools and supply chains. As we repeatedly find, trust is badly broken in our current methods and systems. Whether by intent, or no, really doesn't matter.
Anyway, keeps me amused as we turns things upside down, shake them, and shit keeps falling out.
He forgot to add that doing so would help Intel's bottom line and prepare for the announcement of the new improved backdoored Intel processors.
More likely he's simply shorting AMD stock. There's already evidence that was the plan, including CTSL's own admission of financial interest.
Personally, I don't give a goddamn what some mercenary asshat like Luk-Zilberman, who shows no understanding of the long and complex debates over reasonable disclosure, thinks about disclosure policies. Spare us that sophomoric bullshit. Even if he's sincere, he hasn't made a substantial argument about disclosure, and he hasn't done anything to earn the assumption that he has one to make.
I'm happy to see that CTSL has been roundly condemned by reputable security professionals. I hope this taints them for a good little while.
...for years how poor the lottery sites security is. For years they only allowed numbers and letters for a password and a small length. The originally didn't have a reset password option, you had to call them and it was clear the weak password policy was to cut down all support calls.
Eventually they allowed special characters but they don't tell you this when you change your password, they still have the wording numbers and letters.
They still have yet to implement 2 factor authentication.
I'm suprised they haven't been hit sooner.
For anyone responsible for the design of a password handling system, please remember that your users are almost certainly the weakest link in your design. Our brains are not good at random and not good at memorising character sequences with no pattern or overlaying meaning. We (users in general) fail to see how our password choice on catappreciation.com matters. It's not my bank after all. Inevitably, we put a 1 on the end of we're forced to add a number, and change a to @ for the symbol requirements to construct a simple to crack but hard to remember password.
My suggesting to system designers:
1. Get the server side right. Forget build your own hashing with sha-whatever. You need to be looking at bcrypt/scrypt/argon to manage things.
2. Guide your users well. Let them paste passwords so they can use a password manager. Integrate your (re)set password screen to pwndpasswords API (the V2 one) to reject stupid choices (or download the torrent and roll your own private version if you don't trust Troy). There are plenty of public libraries for nuget/mom/pretty much anything you can name already, so you are talking about an hour of effort to really practically boost your users' security.
while Torvald's sentiment of "security problems are primarily 'just bugs'." has a ring of truth to it, it also has a basic assumption behind it: you're running either the latest release or close to it.
Well, newsflash: sensors living on underwater cables are not running the latest release, industrial equipment in general doesn't.
So in the end of day, security bugs need to be handled differently, whether we like it or not.
O ffs. What's next, "tortured" by being fed Marmite? "tortured" by being forced to listen to your ashole neighbours car engine tuneing and late-night music?
Manning was held naked in solitary confinement for long perionds.
Not even English has a separate word for every separate concept, but that's not an excuse for being deliberately misleading.
Yes naked in solitary, while under a regimen straight out of the psychological warfare manual. Addtional treatment including forcing him to wake-ups constantly ensure dangerously extended sleep deprivation, stress positions, cold exposure, etc. etc.
In short, everything that they though they could get away with and skirt the limits of the constitution. Only as it turns out after the new regime took over they decided they had overstepped those bounds and had jeopardized being able to take him to trial.
Be careful how you let your government treat other people. You may be one some day, through no fault of your own.
I also wonder if we'd be reading this headline about Adrian Lamo if Manning had gotten a fair treatment and a real trial. Unfortunatly the names Manning or Lamo or Swartz don't get you the same special access to the legal system as names like Clinton, Trump, Bush or Kennedy.
To die so young is a tragedy, we mourn his passing with great sadness.
If anything it reiterates how important it is to ensure that we remember that those on the other side
of the screen are still fragile and emotional human beings and treat them with respect.
This is not the time for people to criticize political views and suchlike, so please do not.
There are no actual defects in the AMD CPUs. The only means to alter the secure area of the AMD CPUs is if you have full administrative privileges. The FUD claims of CTS Labs and others appear to be an effort to manipulate stock prices and divert attention away from Intel's documented CPU defects that can't be fixed. Some believe that Intel is behind the meritless security claims on AMD CPUs. When the smoke clears it looks like some folks will be spending a lot of time in the Iron Bar Hotel and Intel may be forking over billions to AMD before Intel declares bankruptcy for their decades productions of defective CPUs.
Biting the hand that feeds IT © 1998–2019