As someone who has been working in security for past 10 years and systems / network admin for another 10 before that, I don't even know what a firewall is supposed to be any more.
Also, since I've worked on military systems a lot, I suppose a military grade firewall is just iptables for which someone has written a shitty gui (that might as well just be a webshell) and packaged it into a green rugged box.
Consider this. Almost every car on the road today has an unsecured bus going back to like the 1980s. However you need to actually access the car to do something malicious so the threat vector is zero; since if you have access to the car you can also just cut brakes or put in a pipe bomb.
The only reason why this paradigm changes in the EV era is because the insistence on having EVs phone home. Now you can concievably hack all EVs of this model at once and that is now realistic and even attractive to do. But again not a necessity for running a car. Just something that modern software focused companies want to see that leads to a host of expensive security issues that didn’t exist before. The car could be airgapped with the dealer network used to flash software updates like they do with most other cars before EV era.
The threat is not exactly zero. In some cases, thieves can get physical access to the bus from outside the car, and then inject messages to unlock it, start the engine, and drive away: https://kentindell.github.io/2023/04/03/can-injection/
Sure someone in that situation could also "just cut brakes or put in a pipe bomb" but car theft is a lot more common than assassination, at least where I live.
There are plenty of cars on the road today where theft is as easy as splicing two wires together. And yet grand theft auto isn’t very common at all even with all of these cars capable of being stolen in 10 seconds are being parked unsupervised on just about every block. Seems there are other filters in the overall system of society that are effective in keeping these unsecured cars from getting stolen today.
> Almost every car on the road today has an unsecured bus going back to like the 1980s. However you need to actually access the car to do something malicious
See [1] from 2023, where popping the headlight gives access to the bus. Lack of internal security then gives a way to steal the car.
The threat just isn't the same as the one you are modeling.
Security will come eventually, if only to prevent bad publicity.
It begs to ask why a headlight ought to have a data connection and not just power connection like most other cars of say 20 years ago. But even then when does the arms race end? Someone given enough time can cake apart a car to access any piece of it. A slim jim gets you to the hood release and the ecu of a say 2000 honda civic in 20 seconds. Was this a real world issue however in the 2000s, people hacking into drive by wire early obdii era cars like the s2000 to assassinate them with misdirected inputs or whatever the threat vector might be? Not really. Old fashioned ways to screw with people are simpler and cheaper.
I think anybody using this term has a shallow understanding of network security and just bundles it all mentally into a “thing” that stops all the bad stuff from happening.
I know that "military grade" has some relevant distinction in automotive. For example, normal car parts are designed to withstand "up to 80°C" and military grade means "up to 120°C". That has an impact on material choices and cooling.
Such a thing exists though usually not called “military-grade” per se. It is more similar to a data diode [0] than a classic firewall but has significant differences from either.
Data streams are converted into a sequence of objects that are required to have and satisfy certain formally verifiable properties as a pre-condition of forwarding. Any data or objects that cannot satisfy formal analysis requirements are dropped. Forwarding policies are only applied to objects that meet the prerequisite of being rigorously analyzable.
This behavior is bidirectional. It applies equally to data egress to mitigate internal threats and accidental data leakage. The internal mechanics can be pretty complicated and they necessarily operate on a store-and-forward basis. The data objects may be “laundered” by the firewall, what you send may not be exactly what the other side receives.
To make this work, the wire protocol, data representation, etc must be designed specifically to allow this kind of rigorous analysis and work well within these constraints. It usually won’t work on a random web stream and the data representation often sacrifices efficiency of storage for efficiency of verification and analysis at runtime.
In reality, virtually no one uses this type of tech outside of defense and intelligence because it won’t let almost any of the standard web stack slop through.
I guess it's the same as a 'bulletproof firewall'. Just a colloquial saying indicating both high importance and required quality expected for operation in strong adverserial environments.
a firewall that prevents someone getting direct access to CAN bus and ECU, and sending messages like: "Key present", "Engine start", just by connecting to the wires of the headlight lamp (by prying a fender next to headlight)
In the Swedish game magazine Super Play (now defunct) they covered Fable development and the release, but IIRC they advised the reader to take Molyneux's claims with a grain of salt. The final review still made it to 9, or 10 out of 10 I think, but I'd have to check the issue to confirm.
I want to thank my father for giving in and purchasing Fable for me when it hit the shelves. Fable II was my favourite, a fantastic game.
I've been giving far too little though about AI and the hype around it (might call me a sceptic), but I feel compelled to defend the article as it gave me some new perspectives, and is undeserving of your, frankly, low quality comment. If it was a flame bait, then I got hooked (sorry HN)
You namedrop three(?) artists and insinuate something about two legal frameworks - but provides no arguments or context why they should've been a natural inclusion in the article or how your critique relates to it.
That's why it's possible to have a default deny rule in robots.txt
User-agent: *
Disallow: /
And possibly allow-list the ones you accept. This probably won't change the fact that you may allow a vendor at one point in time, only to realise they changed their crawling use case and has been scraping data for AI training for the past 6 months (before they go public about it).
It can be argued that if you are a server operator, you always know which User-agents are making requests to your resources.
The prediction does not hinge on inheritance (most folks manage to start their own lives, careers and families well before their parents pass), but on the upbringing, milieu and economic as well as social capital available.
"You're likely to stay in the social class you were born into" - is basically what the predictor means.
And the American modern Santa Claus has been greatly influenced by the jovian illustrations by Haddon Sundblom for Coca-Cola advertising (1930s). Haddon himself was a descendant of folks from Åland Islands, Finland, mentioned in the article.
It's where I'm from as well, and as a young kid, me and friends would visit the houses in the village at the date mentioned, and receive candy (or else!). It's very similar to the trick or treat tradition during Halloween.
I'm a paying user so I can't speak about the free Spotify experience, but..
Spotify will only repeat a song during shuffle if you also activate repeat. It will also repeat a song if you actually added the song twice or more to said playlist. You can try it out by shuffling a playlist+deactivate repeat then check which songs have been queued from start to finish.
Smart Shuffle -despite the name- is more a playlist function than a shuffle function. It's like the Radio playlists but with the songs interspersed temporarily in your own playlist. Note that these songs were not already in your playlist - so they do not repeat unless you activate repeat.
While I agree that the article overlooks the security aspects of inline scripting[1], we do have content security policy[2] at our disposal using CSP nonce[3] and hash[4] keywords to allow inline script and CSS. On the other hand, the articles ease-of-use argument of inlining doesn't really hold up after factoring in CSP.
In my opinion, it's consideration as unsafe isn't intended literally. It has more to do with:
- The human error aspect of understanding and tightly implementing CSP,
- Separating style and JS into their own files provides some security as is (and allows ignorance of CSP to continue even though it has it's use case here as well).
Now, if your company takes this pretty seriously, they likely require that CSP should be part of your security process already. If that's the case, any use of unsafe inline in your markup will be blocked by default until concrete steps are taken to have nonce or hash in place.
Edit: I did not intend to sound harsh - just wanted to chip in about the nuances about the possibilites we are provided :)
