I, for one, welcome our new Foxconn overlords.

Average temperatures will probably rise a very small amount. CO2 causes a small increase. The computer models presume this small amount will be multiplied several times over by strong positive feedback. But the feedback amount and direction has yet to be empirically proven.

The relative stability of the climate, despite numerous past disruptions, argues against strong positive feedback. If there were strong positive feedback, past disruptions would have caused the climate to get apocalyptically hot, like the alarmists claim the current disruption will do. Warm-climate-doomsday didn't happen then, why will it happen now?

No one can prove temperatures will rise in the future. Nothing about the future can be proven until it happens and you measure it. Proof isn't the standard for discussions about predictions from computer models.

It's not whether it's happening, it's whether it's beneficial, neutral, a small problem, or a large problem. If it's not a large problem, why should we do anything?

And even if they had not, we still couldn't do anything very significant because we're only one country out of more than 200, with less than 5% of the world's population. And the US per capita carbon emissions have been dropping while per capita carbon emissions in India and China, countries which together have about 8x our population, have been rising fast.

We could definitely have a real discussion if it weren't always "We hate oil companies. We're all going to die!!!" vs. "It's 100% phony.". But that still wouldn't lead to any significant action, because all significant actions are extremely severe, and any action that is even remotely affordable is insignificant.

So what if humans impact the environment? Environmental righteousness is not science.

Alarmism is not fact. Alarmism is not science.

Familiarity with "the greenhouse effect" does not mean you have to believe the results of climate models or the doomsday predictions of political activists.

Hello,

Software vendors are not charged for submitting to the CMX, and the Taggant System is free for packer authors, as well.

It is the developers of anti-malware software who are paying for access to the CMX and Taggant System metadata, since they get the most value out of using that information. They are essentially underwriting the costs for everyone else in order to help provide a mechanism that helps clean up the ecosystem.

While there are probably some anti-malware software developers for whom this would be a big investment, there are probably a lot for whom it is not, and since this is being done under the auspices of the IEEE, I wouldn't be surprised if there wasn't some provision for academia, too.

Regards,

Aryeh Goretsky

Hello,

Oops. Thanks for catching this!

Regards,

Aryeh Goretsky

Hello,

I believe the idea is to allow legitimate developers of packers, cryptors, etc. a means of identifying their software. I would not expect those folks on the malware side of things to take any action as a result of this activity under the IEEE's auspices as it does not apply to them.

Regards,

Aryeh Goretsky

how will this help against self rewriting applications

Hello,

No problems viewing either PDF file via Sumatra PDF Reader. Perhaps you could try that.

Regards,

Aryeh Goretsky

The willful ignorance on display is pretty staggering...

OpenBSD has been designed and built from the ground up to be nearly impervious to malicious intent.

No it hasn't. It gets lots of code audits, which eliminate buffer overflows and the like, but does nothing to prevent properly operating malicious software. You want "trusted" computing for security against internal threats, and OpenBSD doesn't do it. Something like RHEL with SELinux properly configured and working, would offer better resilience to the kinds of attacks in question.

OpenBSD was no more immune to the OpenSSL heartbleed bug than any other platform.

And if you're really paranoid or anal, keyboards are cheap to replace -- or randomly cycle different brands/models/styles of keyboards between a set of PCs at random intervals...

Oh good! Now all I need to do is find a way to insert my hacked keyboard into the bunch from your order, and I can pwn your airgapped network in short order.

Once my malware is in, of course it'll spread over the insecure (no updates for systems on an air-gapped network) private network. From there, it could just cause everything to self-destruct at a prearranged time, or it could start searching for ways to communicate data back to me... be it the disabled wifi on one single machine on the network, or optical, if a machine with a webcam on the internet happens to be facing towards any of the air-gapped systems. Hell, depending on what it controls, you could modulate a tiny amount of information into the power grid output, or similar.