I am not the one here that doesn't know what I am talking about.

Availability is a leg of the CIA triangle bro.. If the authorized user CANT get access and its not fixable. That is a security failure, and likely as serious as a total confidentiality failure.

You getting root does not make you the evil made, you getting root means you SE'd the owner into running something, found a nice heap spray in the browser followed by a local privesc etc. Realistically these are all going to be drive-bys of some kind, where the victim stumbles onto your watering hole, runs whatever code you the attacker react when the listener calls home. Go in plunder and leave if you identify the box as being someones home PC. You're not going worry about persistence or dwell time..

I wonder. Certainly in suburbia yes. Cities though.

People have to be able to park, vehicles have to be able to get by in the opposite lane if you cone off an area being patched. I am not sure you can necessarily fix every hole in a give couple blocks at the same time without creating a significant traffic problem.

Bullshit.

About the only thing secure boot really protects from is the evil-maid. All other cases affecting most users by the time something is in a position to modify the kernel or boot loader it was already in a position to do all the damage that would matter to that person.

You had root on my box, you have already had the opportunity to crypto ransom me, just vandalize my system in general, find and extract any sensitive data in my home directories and on any mounted volumes.

Even advanced persistent threats for the most part are not going to be trying to spliot the pre-boot environment, if I want dwell time on a corporate network I want to compromise assets that are usually always online.

In fact I would suggest for most users of home PCs anyway (to include laptops that rarely if ever travel) are less secure for using secure boot and even FDE. Most of them are one bad update or certificate expiration away from rendering their data completely inaccessible and unrecoverable. We know most of these users have no backups, and the tiny percentage who do have never tested them. -That is the opposite of security folks.

FDE does make sense for corporate environments and secureboot probably does as well but it has not f***king business at home and should NEVER be acceptable as being part of any requirement. It serves only one real use there denying people freedom to do what they like with their own hardware. It does nothing but enable DRM, and it does so at the cost of massive potential harm to the end user.

Only if it is in the public interest to destroy bitcoin.

Imagine if one person were suddenly revealed to unilaterally posses sole authority/ownership over 1/10th of dollars in circulation with no checks, or limits on how or what they could do with them, when or how fast!

Do you think that would do much for dollar confidence? I think likely lead to a pretty immediate discounting of the dollar probably around 10% in real value. The impact on Bitcoin would be a great deal more pronounced because Bitcoin is so much less liquid.

They (Iran) obviously chose it because it is at least in the short term comparatively difficult to sanction but also not to difficult to convert. It would not do them much good to collect tolls in some other currency and subsequently have US diplomatic pressure cut them off from the banking networks that generally handle that currency.

I am not saying that Bitcoin isn't highly traceable and that the US and other governments wont try and won't ultimately succeed making it so punitive to accept payments (in bitcoin) from Iran that Iran has to trade their bitcoin at a significant discount to those wiling to launder it and / or accept having tainted funds they can't spend a lot of place as well. That will happen, but will take some time to become really effective.

It does leave you wonder if the people who whisper in Trump's and Bibb's ears and their friends who might whisper in the ears IRGC types might indeed have provoked this whole thing in order to create a situation Bitcoin or some other crypto-currency could be forcibly inserted into the "international system".

It is interesting to think about because I do still believe in light of hyper-sonic missile and drone tech, and expanding Chinese influence there were / are good strategic reasons to remove Iran as an international player right now, for the US. Attacking Iran was a smart move... Letting them survive as even a regional power isn't. The ability to fight them is determined by the domestic clock on war powers. Trump is an idiot for wasting two weeks on this cease fire, he should economically disabled them, finishing it. Whoever he listened to on accepting those terms is not advising him well. We should have at least destroyed their remaining oil infrastructure, before any pause.

Well shoot, even the politicians jobs are not safe then!

I am very disappointed in Trump, there is no reason to give Iran and Islam in general credibility by labeling it a civilization.

Maybe we should just cool it with the guilt by association stuff. Yes Bill was friends with Epstine, and sure Malinda left and it looks likely because he a philanderer; but we don't really have any direct evidence he is a child molester.

There are lot of people who were and are important in terms of contribution to our society, who may at some point associated with an unsavory character or two. This is the trouble, where are lines. Why wasn't Obama's relationship with Bill Ayers disqualifying? He knew or reasonably could have know his opinions and involvement with terrorism, isn't Obama a terrorist by extension? How about everyone involved in Harvey Weinstein movie? His transgressions were ostensibly an open secret in the Hollywood community, some the victims were likely underage so we are in the same space as Epstein there, yet almost none of these people are considered untouchables now? why?

Epstine made it his business to get into the business of literally anyone with money or influence he could. I think there is a big difference between asking:

how is it the guy avoided the trip to Federal-pound-you-in-the-ass-prison for as long as he did?
Who was complicit in protecting him?
Why?
When will we bring them to justice for perverting justice as was obviously the case?

and this desire of some to try to tar everyone they don't like who happened to have gone to the same dinner party once.. One is witch hunt the other is not. Gates might indeed be abuser, but if we are going to treat him like one, even in the court of public opinion someone should be able to cite some harder evidence, than has been turned up so far.

^^^ Someone with some points please mod this (#66081144) up!

Indeed the The Commerce Clause has been so stretched as to place essentially nothing outside the bounds of federal law.

SCOUTS really needs to look hard at the individual precedents that have expanded that interpretation in light of that practical reality. Some or all of those have to be incorrect because there is no world where the 10th Amendment gets included, but the intent of Article:1-8-3, is as broad as supposed.

Red state AGs really should be shopping every case they can for opportunities to get in front of the Court while they have a small majority of justices that are at least slightly sympathetic to limits on federal power.

For the individual that is certainly better than Chrome, but from a perspective of does it give Alphabet, any less influence not really much better.

I come back to if we allow Chromium to become essentially the only online HTML Document rendering engine in use, Google makes all the rules. It is really to large a project for any entity not a large corporate to fork.

Just look at the whole plugin architecture(Manifest V2) stuff, Google got their way because the plugin architecture touches so much and nobody maintaining Chromium based alternative browser could realistically keep up with the mainline if they forked or tried to keep a patch set running.

Google basically unilaterally decided what web-plugins are allowed to do; and nobody was able to stop them.

Don't forget the children that don't eat, or miss out on a lot of opportunities because dad spend the money on whatever his version of a horse race happens to be.

I gambling should be restricted to private in person bets, between parties and it should be illegal to profit directly from any sort of book making or facilitation of gambling activities.

So if you and buddy you invited over to watch the game want to bet on the outcome with each other - legal

If you and some friends go the saloon/moose lodge and have a poker game at the table, while you order drinks - legal.

If the saloon charges you specifically for gambling use of the table, vs just requiring you buy a drink - not legal.

If the saloon wants a cut of the gambling - not legal.

  Market making is fine too, options etc on a commodity, and insurance - just fine, but there should have to be an underlying commodity that is actually being traded, or real property that is either impaired or not impaired in the life of the contract. An "event" alone is not a commodity. I can't sell you the results of presidential election (or if I can other things are very wrong). The idea these prediction markets are not 'gambling' is a farce. This judge is bonkers, and I hope this is over turned.

The trick with Iran if you want to be really America first about is not in the taking of the oil it is in the denying it to everyone else.

America is a net oil producer, we have a distribution problem that has us importing oil, while also exporting but we could 'fix' that, and probably would fix that given some time and a reasonable expectation that shipping anything via Hormuz was not going to be safe for the foreseeable future.

That would give America a tremendous economic advantage over the SE Asia, and event the EU.

I think it makes sense entirely to
1) Destroy all prospects of an economic future for Iran so the regime even though it will survive can't fund Hezbollah and others that interfere with our interests, because they'll all be too busy whoring for international food aide to do anything else.
1a) Declare victory and go home
2) Use DPA and any other legal means to keep domestic oil and gas, domestic.
3) Use (2) it advantage America industry down stream of oil and gas
4) Let the rest of the world figure out how to 'open the f***ing strait'

I am going call - homemade IoT stuff someone built themselves with a SBC or something out of scope.

What consumer or SoHo products can you point at that don't use the phone home model? I can't think of single one. Even stuff that really really should be able to talk to something local like my ecobee thermostats don't..

Let us also take DOS conditions out of scope, again if someone can send whatever packet that triggers a DOS on the device they are already on your internal network.

So the threat here if you smart lightbulb gets pwnt is that it could leave an attacker with place to maintain persistence after their foothold is fixed. IE the pwn your browser, gain persistence on your lightbulb, you patch browser, they maintain access to your internal network via the bulb.

Ok fine - but kernel exploits are *almost* *never* the issue there. It is nearly universally some defect in a listening service, not the IP stack itself. So that thing is getting popped via its bad telnet/web service regardless of the kernel is is running.

But what about local privilege exploits, those are frequently kernel issues. Once again does not matter for IoT devices, I don't care if you are root or bob on my light bulb. You bob can make outbound connections and give you are reverse tunnel to attack me thru just as well as root can. There are no authorization domains on my light bulb, you are me or your are not authorized the UID the kernel thinks you have is irrelevant.

Exactly Chrome and realistically Chromium is essentially malware. Geeks especially should consider it a civic duty to use basically anything else. Which pretty much leaves Firefox and Safari.

Browser diversity is critical to keeping the web actually open. Even if Chromium is open source, the reality is Google drives the project entirely. It puts them in a powerful position to gatekeep, and that is bad for all the same reasons it was bad when IE-5/6 ruled the web, nearly uncontested.

We don't want a web where the only standard is whatever chromium does.