Why have the customers resorted to pen an paper if the vendor of the software was attacked? Could it be that the software stores the customer's data on the vendor's servers? Is this an acceptable practice?

I bet the customers were told the data would be safer that way. But such a critical service should have a separate server in its network storing database update log entries up to the second, using a write-once solution.

I think these flaws work approximately like this: Process 1 ensures that memory location X is in the cache (by accessing it), while memory location Y is not in the cache (by accessing enough other locations that location Y gets flushed out); then process 1 yields the processor to other processes.

The scheduler runs process 2 for a while. Eventually, process 1 is scheduled for execution again.

Then, when process 1 gets the processor back, some registers contain data that belong to process 2. If process 1 uses those data in any way, there is a trap, and the registers are loaded with the correct values for process 1 before the instructions accessing these registers finish execution.

However, process 1 now executes a program fragment consisting of two branches, one taken and one not taken. The processor executes both branches before it learns which branch is the correct one in the program logic. That is, the processor initiates execution of instructions from both branches before it knows the result of the test that decides what branch to take.

The branch not taken extracts a bit 'b' from a register that contains data belonging to the previous process, and executes a memory fetch from location "if b then X, else Y".

Had this branch actually been the one taken in the program logic, the fetch would have forced a trap. However, the trap is delayed until the processor knows if the trap is needed. Since that branch is not taken, the results of the speculative execution are discarded, and all registers touched by that branch are automatically restored to their correct values as per the execution of the second branch, and no trap is generated. The process learns nothing about bit b, or the contents of memory location X or Y. No trap is needed. Not generating the trap saves a few cycles.

However, process 1 may measure how long time it took to get past the branching instruction. This reveals if X or Y was accessed, and thereby reveals the value of bit b. That is the leak.

In the meltdown bug, the exploit could load bit "b" from a memory location that was not part of the process' address space but belonged to the kernel memory or to some other process, and the exploit could control what memory location to draw the bit from. Since many operating systems have all physical memory mapped in kernel memory space, the exploit could systematically retrieve every bit in physical memory.

To exploit the present bug, the exploit would probably have to engage a victim program, e.g. a web server running in the same processor, by creating network connections. It would have to do so repeatedly and hope that a context switch happens while the web server is doing cryptographic operations. I don't know if there are any clear ways to control this with sufficient precision to actually collect bits from a secret key. How can the attacker know what the contents of the registers really are at the time of the context switch? The attacker would perhaps only get a single bit from each authentication attempt. If each authentication attempt uses a different nonce, many of the register values will be uncorrelated from one authentication attempt to another. But of course, it is also possible that a register could contain a portion of the secret key. Having access to the relevant libraries, an attacker may be able to determine at what point the secret key will be loaded into what registers. Since I have no experience creating exploits, I have no idea if it is possible to force a context switch in a different process at exactly the opportune moment. If so, it is probably a matter of patience to get more an more information about the secret keys.

Sorry for mixing up.. Donald and Hillary was another analogy further down the page. In this thread it should be: it is equally valid to say that the fellow scientist at Alpha Centauri shook his marble first and forced your marble to assume the other color, as it is to say that you shook your marble first and forced the Alpha Centauri marble to assume the other color.

I was not thinking of determination through precision measurements. I was thinking of the fundamental issue of relativity theory, of the ambiguity of "simultaneity" for events that are "space-like" separated.

Space-like separation means that to some observers, in a certain state of motion, the events are exactly simultaneous. It's not about when they see the events as light from the events reach them. It's that even counting the time of propagation of light signals, these observers calculate that the events actually happened at the same point in time. But then other observers assign different time coordinates to the two events if they are moving relative to these observers along the axis separating the events. Depending on the direction of movement, they assign event A or event B the earlier time coordinate. And their descriptions are just as physically valid as the other observer's descriptions. All descriptions agree with the same laws of Nature.

In these circumstances, it is equally true and valid to say that Donald was asked first, and that question has an "instant" effect on Hillary who then answered correspondingly when she was asked later, as it is true that Hillary was asked first and Donald later.

Very good! Now add to this that to actually see the effect, somebody must ask Hillary the same question. They will have opposite opinions even if asked simultaneously while far apart. But then nobody can tell if it was you who started the effect by asking Donald and thereby made Hillary have the opposite opinion of Donald, or if it was the other person who asked Hillary who made Donald have the opposite opinion of Hillary.

The mystery is how Donald and Hillary seem to have a faster-than-light coordination channel. It looks as if they had agreed before how to answer, but the Bell tests show that the statistics of their answers do not fit a theory of previous agreement. However, in any case there is no faster-than-light communication between you and the other person who asks Hillary. You both get to know how Donald and Hillary respond, but none of you get to know anything that the other of you wanted to transmit through the questions. You don't get to know if the other person asked first. You need to meet before to coordinate your questions, or you can ask random questions and meet afterward and compare questions and answers. You will find that IF you happened to ask identical or similar question, then the answers were in fact opposite.

Improving the analogy a little:

1. Get two WHITE marbles, each with the property that if you shake it, it will randomly turn blue or red.
2. Put the marbles in boxes and mail one box to Alpha Centauri. Wait until you know it has arrived.
3. Open your box and shake your marble, and watch it become red. Now you know that the other marble will turn blue, or already turned blue as your fellow Alpha Centauri scientist shakes or shook his marble. This is because of a law of nature dictating that the total number of blue and red marbles in the Universe must balance.

Nobody can tell in a meaningful way who shook his marble first. Depending on the velocity of the observer, it could be either one of you who "instantly" programmed the other marble to assume the opposite color. (This is the part that most people forget when describing the spooky instantaneous, FTL action at a distance.)

Remember once more, none of you had any control over what color your marble turned.

Anyone of you may instead paint your marble to force it into the color of your preference, but that breaks the quantum spooky action at a distance. If/when your fellow shakes his marble, it may assume any color. But your fellow won't know the difference until you tell him that you cheated.

If you later communicate with your fellow and learn that his marble turned the wrong color, it just means that the marbles failed to become properly entangled.

I know little about biology and chemistry, but I have some questions that I have not seen addressed here. Anyone?

If a human body radiates like a blackbody radiator at the skin temperature, 30-35 degrees Celsius, doesn't the molecules deeper inside our bodies in a 37 degrees environment, emit and absorb copious amounts of radiation?

Blackbody radiation has a long and fat tail in the region of lower frequencies than the frequency of maximium intensity. Does not our body already bath in a continuous radiation in the 1900 and 800 MHz bands?

All molecules are continuously vibrating and bouncing off each other in a random, chaotic manner. Air molecules at room temperature have typical velocities like 500 meters per second, comparable to gun bullets. Heavier molecules move more slowly, just so that the average energy per degree of freedom is the same for the same temperature. The biology must tolerate such erratic blows to the molecules trillions of times per second. Right? Relevant?

This allows enzyme molecules turn their active sites toward, and probe, a large number of neighboring molecules in a short time, which in turn is essential for the efficiency of the enzymes. Right or wrong?

The energy transfer in the typical collision is no less than the energy of the thermally radiated photons (infrared, micrometer band). The energy of mobile phone radiation is much, much lower (centimeters or decimeters).

On the other hand, Radio transmissions use polarised radiation. Thermal radiation is utterly chaotic and has a low degree of coherence. (I cannot exclude some degree of coherence because, photons being bosons, the probability of emission from a molecule is probably higher when a photon of the right frequency is passing.) Perhaps some molecules are polar and tend to orient themselves in particular directions in the electric field of polarized radiation. This could make molecules who need to mate like in a kiss, always turn like faces looking in the same direction, ie, not looking at each other. But how strong could such an effect be, given the said environment of violent blows?

Radiation absorption is associated with state transitions in the absorbing system (which may comprise more than one interacting molecule). This implies that effects of radiation of specific wavelengths can be quite specific, affecting quite select molecules and molecular interactions. If the number of photons of the relevant frequency to disrupt a particular process is high, the disruption may be quite pervasive. Is this right? E.g., could the operation of the ion pumps in the cell membranes be affected? What kind of energy levels are involved in their operation? Consider that radio transmissions have likely a quite low spread in the frequencies of its photons, so the intensity at some particular frequency can be high compared to the thermal radiation present, which spreads over a wider frequency range.

It's not just the police that's out of control. When shit happens, juries are told the swat team methodology is just the right way of doing things. The whole nation believes the way things are done in TV films is the only way.

The handful of videos of police shootings I have seen lately show a police force acting very, very differently from how the police handle situations here in Norway. I think they must have been trained according to fundamentally different philosophies.

Logically, lesson 2 is wrong.

But how come I never even feel tempted the least to make that choice, while others have to resist temptation?

I think it must be inborn

Actually, I largely agree about this, k*T >> h*nu at body temperature T and relevant radio frequencies nu, but there are complications.

Radio emissions are largely polarized, and can, with reflections and resonances, produce a predominant orientation of polar molecules in a region. This can lead to key molecules having higher or lower probability of hitting the active site of an enzyme, for instance.

Most public evaluations of dangers limit themselves to judge the warming effect of microwaving tissue. That is a tad simplistic.

Breeding and natural processes can also cause disasters, like, for example, the HIV epidemic. GMO is yet another vector with a great potential to become far more effective than either earlier process. Both for better and for worse. Especially for worse.

Such power in the hands of private companies, with almost no real oversight, is scaring.

The same private companies also have an undue monopoly on much of the research and knowledge in the field, making it hard for the public to reveal any abuses, but also making it hard to trust any assurances from our authorities. We remember the influence the tobacco industry had on the public perception of the dangers of smoking.

Taxes are part of the economy. For instance, in some countries people pay their health insurance through their taxes, but that does not make their economies smaller.

I second this - almost.

If this is not a bubble yet, it may well become one. Even if there is a utility in this currency, there is a risk that the price goes higher than this utility dictates.

One day perhaps the pattern of usage stabilizes globally, and Bitcoin attains an equilibrium value. It's hard to say we have reached this point yet. As long as it's value is so volatile, it remains a vehicle of speculation, and that destroys it's stability.