If you ask the drive to read out the whole flash.
The maybe the firmware would have to go to the platter to get the real image.

Or the malware could regenerate the un-attacked version.

For instance: If it's a patch that loads into an otherwise cleared-to-known-vallue region it can detect that region while reporting flash content and report the cleared value, instead. Add a couple other tiny regions where it saved (or alread knew) the previous contents where it "sank it's hooks" and you can't tell it's there from its replies to dump requests.

JTAG seems safer.

Yep. JTAG, in principle, could be corrupted. But it would require substantial hardware support that almost certainly isn't there (yet!)

Which is why I always laugh my ass off at all these people who use PGP to sign things and put a hash on the same website you download it from ... look you can verify this file you downloaded from the website hasn't changed because theres no way anyone would be smart enough to update the hash as well!

That's why you SIGN the hash. Then only the public key needs to be published by a different route.

And it doesn't HURT to publish it on the web site as well: Then someone tampering by substituting a different public key sets off alarm bells when that differs from the public key obtained from another site or by another path. Blocking that makes man-in-the-middle more complex: The attacker has to have essentially total control of the path to the victim and be able to recognize and substitute the public key whenever it shows up. One slip-up and somebody may raise the alarm.

Meanwhile: Even if publishing hashes on the same site may not provide additional security against MITM, it DOES let you check the download wasnt corrupted in transit (in ways other than malicious substitution). With modern protocols that's less of a problem these days than it used to be, but a check would be comforting.

The Great Extinction, caused by Siberia becoming one gigantic lava bed (probably after an asteroid strike), was a bit further back in time. Geologically, Siberia is old. You might be confusing the vestiges of Ice Age dessication (which was 10,000 years ago) but which involves the organics on the surface with the geology (aka rocks).

Regardless, though, of how the craters are forming, the fact remains that an awful lot of greenhouse gas is being pumped into the air, an awful lot of information on early civilization is being blasted out of existence, and a lot of locals are finding that the land has suddenly become deadly.

That is a good question. The last time the courts ruled on this, the ruling was that the FCC had ceded power and couldn't claim it back without the will of god. Or Congress, or something.

Personally, I'm all in favour of Thor turning up to the Supreme Court, but he probably wouldn't be allowed in on account of not having a visa.

Myth: Anyone gives a damn about factually dubious rants.

As far as I know, Systemd has no capacity to think and therefore has no opinion on net neutrality.

... blue and brown. Just now, I opened the Washington Post link on my 24" screen in a sunlit room, and it was clearly white and gold.

Though the sensations are vastly different, brown is really dark yellow. The underlying color of that part of this dress seems to be very near the perceptual boundary (probably just on the yellow side of it). This picture seems to have the dress in a non-obvious shadow, so when it is viewed by someone whose visual system doesn't adequately pick up the shadowing and compensate, it crosses the boundary and appears light brown rather than dark yellow.

Another perceptual oddity is that a very slight bluish tinge to white makes it appear "whiter than white", especially in sunlight or other strong lighting. (I suspect this works by mimicing the differential response of the various color sensors in the eye when exposed to very bright light, though blue may also "cancel out" a bit of the yellowing of aging cloth.) Laundry products up through the 1950s or so included "bluing", a mild blue dye for producing the effect. (It fell out of use when it was replaced by a fluorescent dye that reradated energy from ultraviolet as blue, making the cloth literally "brighter than white" {where "white" is defined as diffuse reflection of 100% of the incoming light}, and which, if mixed with detergent products, would stick to the cloth while the surficant was rinsed away.) I suspect some of the "blueish is brighter" effect is going on here.

When I view the picture straight-on on my LCD display, the light cloth on the upper part of the dress appears about white and the image appears somewhat washed out. Meanwhile the lower half has a bluish tinge. So I suspect the cloth is actually nearly-white with a bit of blue. (Viewed off-axis it's very blue, but the other colors are over-saturated and/or otherwise visibly off-color. So off-axis viewing makes it look more blue and this probably adds to the controversy.)

Another color-perception issue is "teal", a color between blue and green. There are paint formulations of this color that give the sensation of "distinctly blue with a greenish tinge" to some people and "distinctly green with a bluish tinge" to others, even under the same lighting and viewed from the same angle. (I'm in the "slightly-bluish-green" camp.)

The first place I encountered this was on the guitar of the filksinger Clif Flint. (On which he played _Unreality Warp_: "... I'm being followed by maroon shadows ..." B-) ) Apparently his fans occasionally had arguments about whether his guitar was blue or green, so he sometimes headed this off (or started it off on a more friendly levl) by commenting on the effect.

Perhaps they should be asking for a ".google" gTLD, for that purpose, instead of trying to monopolize a generic identifier.

I was about to suggest the same, but with ".goog", to make it shorter. (Can't think of a less-than-three-letter symbol that points to them as strongly.)

(It's also their stock ticker symbol, so maybe it's not such a good idea - it could cause a land rush and litigation from all the other publicly traded companies.)

First, the complexity of the engine shouldn't matter. You will never get the bulk of users out there to use, or care about, the real power of the engine. They don't want to mess with the engine. The engine should be under the hood, in a black box, whatever engineering metaphor you want. Users just want things that work.

I remember way back when I was at university. There were various absolute rules for good software engineering. The first was that the user should be presented with a must-read manual no longer than one paragraph. Tips and tricks could be more extensive, but that one paragraph was all you needed.

The second was that the user absolutely must not care about how something was implemented. In the case of encryption, I take that to mean, in the case of e-mail, that the engine should not be visible outside of configuration. A supplied key should trigger any behind-the-scenes compatibility mode or necessary configuration to talk to that user. If the keys the user has aren't suitable to correspond with that person, the system should ask if one is needed and tie it to that protocol.

There should be no extra controls in e-mail, except at an advanced user level. If a key exists to correspond with a user, it should be used. If a key exists for inbound e-mail, the key should be applied. The process should be transparent, beyond getting passwords.

Any indexes (particularly if full indexes) should be as secure as the message, good security practices on both will take care of any issues.

Ideally, you want to have the same grades of authentication as for the early certification system, adapted to embed the idea that different people in the web of trust will have done different levels of validation and will be trusted to different degrees. The user should see, but not have to deal with, the level of trust.

Last, GnuPG is probably not the system I'd use. Compatibility cruft needs to be as an optional layer and I'm not confident in implementation.

There should be eight main libraries - public key methods, secret key methods, encryption modes, hashes (which encryption modes will obviously pull from), high level protocols, key store, index store and lacing store. (Lacing is how these are threaded together.) The APIs and ABIs to those libraries should be standardized, so that patching is minimally intrusive and you can exploit the Bazaar approach to get the best mix-n-match.

There should also be a trusted source in the community who can evaluate the code against the various secure and robust programming standards, any utilized theorum provers and the accepted best practices in cryptography. Essentially replicate the sort of work NIST does, but keeping it open and keeping it free of conflict of NSA interest.

Wrong, the EU courts don't have jurisdiction over this in the case of the U.K. Even worse the EU courts have insufficient evidence to even bring a case. All they have is a document that allegedly claims this which at best case scenario was stolen by someone now on the run. Good luck bringing a case on that evidence. So the EU courts simply can't fine the UK or the USA because without further evidence all we have is a circumstantial claim.

Further any attempt to take money from the USA government by taking from US based companies would be illegal under international law, and is simply not going to happen.