He's a Martian robot spy send to sabotage the Earth prior to the invasion.

He probably bought shares in the company that makes the bars and considered that good enough.

Duggan: You can't make an omelette without breaking eggs.
Romana: If YOU wanted an omelette, I'd expect to find a pile of broken crockery, a cooker in flames and an unconscious chef.

I dunno, I.... just connect this scene to Musk's diabolical plans.

Misread that as "lunches" and wondered when SpaceX started hiring hobbits from the Shire.

Hmmmm. Microsoft did just fine with lying (even in court), and Enron would have gotten away with it too if it wasn't for those pesky kids and their mangy brownouts.

Psychologists argue that a primary trait of a good CEO is psychopathy, since it requires a personality that has no remorse or compassion and a willingness to do whatever it takes.

^thermodynamics^reality

I thought the plan was to use Grok to replace the rocket engineers.

Be fair! Musk rolled a natural 20 and passed his Charisma check agains the Orc Shareholders. Perfectly fair roll. Ok, the lead weight that fell out a little later was a little suspect, but that was definitely a natural 20.

The good news is that the Kessler effect won't wreck the next 14 parsecs.

The bad news is that I'm pretty certain we're well within that region. Even back in the Space Shuttle days, they were replacing windscreens due to paint flecks causing massive damage. We've far, far more stuff out there now.

Taxing assets is indeed incredibly hard.

A tax system based around the logistics function (so that the tax owed is the definite integral between the starting point and end point, with no tax credits for anything, and the function is asymptotic to acceptable extremes at both ends) would seem to be the best system in terms of a pay-as-you-earn type function, because you don't get anomalies on boundary conditions or weird pay schedules, and you should be able to eliminate most of the cost of the tax rebate system.

However, integrating that with assets is hard. Which assets would be included? If all of them, then that would have to include properties, and property values fluctuate massively. If you only include "squishy" assets like stocks (where you can sell them quickly), it would be easier but you'd have to know what happens if the upper end of the integral is below the lower end. Do you pay back? If so, what happens during a market crash? If neither side pays anything when the tax integral is negative, is that something that can be exploited to form a loophole in the system?

I honestly think one of the S-curves would be the logically correct tax system (so every cent is effectively in a new tax bracket), but deciding what goes in there is not easy.

Ok, fair point on the sarcasm, although it can be hard to spot at times.

Elon has a high IQ, the problem is that it's on the imaginary axis. This makes interacting with anything in the real world a complex situation.

Using Twitter to train AI is an interesting idea, but a highly unethical one. If it drives moderators insane to look through that stuff, then I can't imagine what it's doing to the AIs. If the robots rise up in revolution, it will be because people are training the AIs on social media and the AIs just can't take any more.

Although, technically, the share prices value Twitter at around $41 billion, the actual value of Twitter is much closer to the low that it reached of $10 billion. Arguably less, as they sacked almsot all the workforce, reliability is non-existent, and everyone but the right-wing trolls have left.

1. It very much is relevant.

a) NIDS isn't instantaneous, it takes time to detect intrusion attempts. No security is perfect, nor can it be, but if you slow an attacker down (because each piece of software is doing ONE simple thing and doing it well, with no privilieges beyond those needed to do that one simple thing, making it very hard to compromise enough layers to do anything useful), NIDS is going to be able to identify the attack and block it.

b) By bisecting the system, you DO keep each piece of software very simple. Complex software is your enemy. Very large arrangements of very simple systems are much much more robust.

2. Tunneling via IPSEC2 where both sides of the connection are certificate-validated as being who they claim to be damn well is relevant. Only a complete idiot would think otherwise. You can spoof IP addresses. You can redirect virtually anything you like on a network. But if you can't handle the double-sided authentication, then you can't form the conenction. That makes redirects just a little bit harder. Or didn't they teach you basic security in school?

4. Nobody has ICMP enabled these days, unless they're complete idiots. And if they're idiotic enough not to do that, then they're frankly not going to be capable of reading anything more complex than "Spot the Dog" books anyway.

6. Signing keys get compromised. It happens. Hell, the signing key for one of the major certificate vendors got compromised. Developers should sign binaries, packagers should sign packages, and you should always check both. Why? Because you don't have developers on the same network as you have the online storage, or even provide them access to it. That should be the exclusive domain of packagers. That means you've got a point of vulnerability. Anyone breaks into the work computer of a packager, they can package compromised binaries into the package. See the Internet Auditing Project's history for this sort of thing - took a three letter agency around 6 seconds to break into the IAP's computers. But if the binaries themselves are signed, independently, with keys that cannot be obtained by anyone who does compromise the packaging system, then there is absolutely no possibility the binaries can be tainted.

I've been on Slashdot a long time now and I've heard just about every horror story there is to hear. And, frequently, they get repeated because nobody bothered to learn the lessons. My rule is very simple -- if it has happened, it will happen. So you cover that scenario and lock it down. You do NOT assume State Actors play fair, you assume they play dirty. You have to assume they will try absolutely every possible vector. So you never, ever allow a single vector to be a single point of failure.
 

Redundancy for the sake of redundancy doesn't add security, but we've had plenty of occasions when master keys have been stolen. You cannot trust the signing key to be secure. You need a different, wholly independent, mechanism that verifies that the signed binary is actually from the legitimate store and isn't a binary on a hostile site that got signed by a stolen key.

An arbitrary tunnel doesn't add security, but an IPSec2 tunnel that uses certificates to validate both end-points most assuredly guarantees to each endpoint that the other endpoint is who they say they are.

PKI is NOT sufficient.Keys get stolen. You CANNOT rely on PKI alone, not when State actors are involved.

Only an idiot places infrastructure used to code on the public Internet. Yes, there are a lot of idiots out there, but you will notice that I did NOT have any public-facing development and that the servers NOR the file stores CANNOT be reached from the Internet directly. You have to break into multiple machines just to get to the servers, and once you're on the servers, you find that there's nothing writable anyway. You don't need any writable storage on such systems and the fileservers are immutable from that direction. (If you're clever, the fileservers are immutable from ANY direction. These should be physically read-only storage devices.)

Those who are really clever would also lock down all proxies and servers to be least privilege, making it difficult to go from one hop to the next simply by breaking out of the environment. They'd also add host intrusion detection and network intrusion detection. You don't need NIDS to be inline, for this, you just need breaking through the multiple layers to be slow enough that NIDS would catch and block the intruder at the outer firewall before they'd gone very far.

The hard guarantees you need are that the endpoints are who they say they are, and that you have two independent endpoints with no shared network at the supply end.

I don't agree, but a different method might have been better.

The main problem with the method used was a total lack of security. The obvious strategy would be to:

1. Force a secure connection where Notepad++ creates a tunnel using a public/private key pair, the public key being in Notepad++. This ensures that you're connecting to who you think you're connecting to. The download machine should not be directly on the Internet, nor should it be the webserver, it should be reached via a DMZed proxy where the proxy exposes just that one port and the downlod machine likewise exposes that one port to the DMZed machine.
2. You download the digitally signed installer file via the tunnel.
3. You validate the digital signature on the installer file.
4. If you're paranoid, you pull the SHA3 for the file from an independent path (https from the webserver?) and compare that as well. The webserver should also not be directly on the Internet, it too should be reached solely by a DMZed proxy. The webserver should not be able to talk to the download server and vice versa.
5. If, and only if, the signature and the hash both agree, do you run the installer.
6. You validate the digital signature on the installed binary - if there's a mismatch, you uninstall immediately.

This is not foolproof because keys can be compromised and the best security in the world can be broken. But this process makes breaking an entering a bit more of a challenge.