My first computer was an IBM System 360 model 50, with half a meg of fast core and one full megabyte of slow core, running OS/360 and COMNet/Alpha timesharing, with a Tektronix 4002 storage scope terminal and a 4951 joystick. The year was 1968 and I was 12 years old.
There's a youTube video of it working in a vac chamber:
Spends a bunch of time slurping everything it can from your LinkedIn account, then counts how many words from their sacred list show up in your resume, and that you should include more of them (which are pretty tightly focussed on the hell-dimension of lower-level burnout-inducing IT, I might add).
That's the sum total of useful stuff.
WASTE. OF. TIME.
ESR is making an early invalid assumption - that "fast transparent garbage collection will happen".
Sorry, no. The smartest people in the CS world - possibly the
smartest in the world, period (specifically those at MIT AI Lab,
Xerox PARC, BBN, TJ Watson, and Stanford) worked the GC problem
for literally 20 years, throwing hardware at it, software, tagged
architectures, secondary processors, all that.
They never cracked it. GCing at realtime speed is just a tough problem.
Unless ESR can show me code that can GC in faster than O(n) time
AND not have to freeze the allocator process for O(n) time, he's just
pitiably wrong.
(and no, I don't count flip and sweep GC as workable in this, as it
means that a buffer that DMA hardware is writing to will move without
warning. Nor is "generational" GCing, all that does is to stave off the
inevitable full-out GC for a few minutes to hours, which is fine for a
hacker sitting at a terminal but no good at all for a self-driving car or
SaaS server).
Now, I could be wrong; if he *has* a realtime garbage collection algorithm
then he deserves the Turing award.
But I'm betting "not".
Bricking insecure devices has a nice upshot - the cost of a returned device isn't just the profit - because all of the handling and
coping has to be done (so far) by a human, the actual _cost_ to the distributor or manufacturer of a failed device is often the
loss of profit on the whole minimum order quantity to the distributor - the whole crate.
That's why if you get a DOA item from Amazon, they often don't even want it back, they send you another on your word of
honor- not because they're so nice, but because (absent evidence of fraud) IT'S CHEAPER TO JUST SEND ANOTHER
RATHER THAN RECEIVING THE ORIGINAL DOA UNIT BACK AND DISPOSING OF IT UNTESTED. It's not free, just cheaper.
But just because it's cheaper, doesn't make it nonzero. Every bricked device replaced under warranty costs $$ and every
device that fails, in warranty or out, costs reputation. How much would you pay for an iPhone if the battery stopped
holding charge after between three days and six months of use?
Bottom line: it's damn expensive to adequately secure an already-damn-expensive IoT light bulb. And as BrickerBot
expands (and no doubt improves, just as the original chemotherapy drugs were improved) the cost to make a secure
IoT device is going to skyrocket.
Which may effectively doom IoT for consumers. Industrial IoT is a different game with different rules and the most
important is that airgapping is feasible.
There are two reasons to NOT change the software - or at least the view seen by the users:
1) Training - learning an application represents a significant investment in time and mental energy. Making a significant change in the interface (or worse, the actual workflow) means relearning the app, sometimes from worse-than-scratch because you already know what's wrong! So, if you have to relearn, you can relearn another app that doesn't have the feature and workflow churn.
2) Reliability - adding code adds bugs. Code that once worked fine now doesn't. This again forces users to consider if it's time to learn another application and workflow simply to get away from the bugs.
Using 2FA authentication won't work to stop them.
They ALREADY ask you to allow inspection of electronics. If you refuse to give them the password, expect to not get your phone, laptop, or tablet back till you either give them the password or they image the whole thing for NSA's "enhanced decryption".
Which leaves us with the interesting question of LastPass's business model.
1) Advertising? Knowing every site you visit - AND YOUR PASSWORD?
2) "We have a benefactor". Yeah. Except that maybe that benefactor is the NSA. Or is it the GRU? Or is it the MSS (China's NSA)?
No matter how I slice it, I can't figure out an angle that isn't kinda creepy.
Submerging plants in drinking water reservoirs is doubleplusbad. Not because of the carbon emissions, but because the rotting plants will give the water a bad taste for fifty years or so.
When the state of Massachusetts built the Quabbin reservoir in the 1930's, they did their level best to take out all of the wood and plants that would rot; clearcutting the forests, relocating, demolishing and carting, or burning farm buildings in place. Only the stone foundations remained. They even removed the railroad ties of rail lines. The result was a reservoir that is still the major reservoir of Boston to this day.
Yet another reason why adblockers and scriptblockers are essential.
Not just because ads chew up your pay-by-the-byte bandwidth, but because they are actively serving up malware.
Sorry, all you ad-supported sites... find another business model. Your current methods are dying a very painful death.
Unless there's money involved, I don't bother with a strong password.
Why? Because even if my password protocol and tradecraft are bulletproof, most sites aren't. Sites get
compromised so often that even a good password will fall in a year or two. Or your password _manager_ gets
compromised.
So... why bother? Start with "Password#1!" (which almost all sites will accept as "strong" and
when (not if, when) that compromises, move to "Password#2". And so forth.
Okay.... don't use the word "password". Use "Starbucks#1". Or "Galactica#!".
Other than a very few sites worthy of _trying_ to protect (your bank and maybe your primary email) one password
shared across all sites is more than adequate because compromise is inevitable. Make the cost of
compromise as close to nil as possible; that's the optimal behavior. I mean, who cares if your brownie
recipe gets trashed?
And never, ever store a password that can be turned into money on anything more connected than a
post-it note in your wallet next to your Benjamins.
The unfortunate truth is that once someone experiences the speed and cleanliness of adblocking, they simply won't go back. Not ever.
And, as explained in a previous post, the second thing they do is show their friends. And their relatives. And their social contacts.
And so it expands, like neutrons in a nuclear warhead; the chain-reaction gain is greater than 1 and the constraint of business models
("we don't take your word for the claim that the ad was shown") will either have to break down, or the whole business is "game over".
My advice to webvertizers: update your resume and find another line of work.
What the gods would destroy they first submit to an IEEE standards committee.
