For the past 30 years (a very long period of time), the U.S. has bought mountains upon moutains of crap from China, in both military and civilian sectors. But there is not even a single high-profile hardware backdoor incident publicised, except maybe the Bloomberg big hack fiasco. This tells you something.
> But there is not even a single high-profile hardware
> backdoor incident publicised. This tells you something.
Not so much. If the US military found a hardware backdoor, would they want to publicly tell their enemy that their strategy is effective? Not only this, but if they tell their enemies which ones they find, by doing so they also tell them which ones they haven't found.
The only reason details of these fakes were published was likely because the Chinese company couldn't reasonably be considered as acting maliciously in this regard. Rather, they were just trying to turn a quick buck.
>Not so much. If the US military found a hardware backdoor, would they want to publicly tell their enemy that their strategy is effective? Not only this, but if they tell their enemies which ones they find, by doing so they also tell them which ones they haven't found.
This thinking can be used to start real wars then, we know X has illegal weapons, trust us we have proof but we can't show it, sure years later after lots of deaths and bilions spent on war you find that it was all propaganda.
> This thinking can be used to start real wars then, we know
> X has illegal weapons, trust us we have proof but we can't
> show it, sure years later after lots of deaths and bilions
> spent on war you find that it was all propaganda.
That's not what I was talking about. What I discussing is security, you always need to assume the worst to build good defenses and information leakage only serves to help those who aim to break your security.
Going to war is another thing altogether. Having overly good defenses have little consequence (beyond primary resources such as time and money). The consequence of fighting a war without good reason can be extremely bad in every sense. That's why wars need to have consequences for those who incorrectly start them.
>That's not what I was talking about. What I discussing is security, you always need to assume the worst to build good defenses and information leakage only serves to help those who aim to break your security.
Assuming is not the same as accusing, I am OK if you say that for national security all sensitive hardware needs to pass some criteria, what I do not agree is "we know X has backdorrs,weapons but we can't show it to you because we don't want them to know what we know"
So instead they leave backdoors in thousands of servers, affecting almost 30 U.S. companies, storing personal and private data on millions upon millions of people?
Even if the US military wants to keep them in place, as to "not to tip off the Chinese", I'm pretty certain those companies CISO's would not go along with that.
All it would take is just one guy with access to the hardware to leak a sample of this imaginary "Chinese super chip" to then make the story: "US military forces US tech companies to keep Chinese spy-chips in place", the blowback to that would extremely nasty and uncontrollable.
Sorry, but no matter how "The Big Hack" is spun, it remains a prime example of FUD [0].
On that basis, you shouldn't trust any chip on any piece of hardware out there, ever.
It's also not "me" speaking on authority, I'm merely going by what the actual authorities and responsible people are saying [0]. I mean, this was months ago, still no actual samples of that chip, still no CVE out about any of it.
We've (the "community"?) have been trying to build/have built phones without baseband backdoors/hardware killswitches, chips without Intel Management Engine, etc.
Feel free to check out those threads if you've missed them.
This isn't about a specific case, by the way. This is the reality of the state of chip production.
Sorry, I see you replied before I edited that out. Apologize.
They may not want to reveal details, but even not to the various Congressional committees for more funding (among many reasons) to fight back the enermy? The U.S. Congress could publicly condemn these kind of bad doings
by China without publishing details. Plus, in the U.S. information has lots of ways to leak out, from Snowden to some pesky jounalists.
Regarding shortcuts, this is where using Vim emulator extensions help a lot. I just install such an extension on any new browser, then the shorcuts are more or less the same (vim keybingdings).
Can you please make the popped up bookmark dialog box much much bigger? Please!
When clicking the star icon at the end of the address bar, the bookmark dialog box pops up. But it is too small! It only shows very few folders and choices. In order to locate a desired bookmark folder, people have to click and scroll many times. The whole dialog box is $^%&*& too small! Please make it bigger to show much more folders! Like three times bigger! Chrome has the same problem. Firefox can do better!
Also, please make the last used bookmark folder as the default folder at the next time when the bookmark dislog box opens, because people often bookmark many related/similar pages consecutively in one short period of time. Thank you. I love Firefox.
The consequences might be like this (in addition to many other possible forms):
Previously, my little factory spent 100% of the budget for component x and component y on buying from American suppliers (quality and price are both very good).
But going forward, we plan to spend 70% to buy from Americans, 20% from other countries, and 10% to fund demestic research, and we will
reduce the 70% part as soon as we can manage.
You can imagine if multiplying our small adjustment by the actions of hundreds of thousands of similar businesses around the world who are watching closely what's going on recently, then the interests of American businesses will probably be severely affected.
I've noticed that there are not as many Vim/Emacs related posts on HN during the past two years than before. And the discussions and upvotes have been less enthusiastic.
If it's indeed the case (I might well be off the mark), I can think of a few possible reasons,
Maybe because VS Code has won. It is much easier for beginners than Vim/Emacs (duh) but still powerful, so less questions and issues are raised. Its default setup is very good so customization is minimum, its plugins system are both vast and easy to use, etc.
Or, Vim itself has become easier to operate since version 8, tutorials are better than before, plugins are better,
Or on HN people these days have much more interests in talking about other topics. What do you think?
this is very interesting, never thought that black pepper can be mixed in tea! I am very tempted to try that at home. Do you add milk/sugar in masala tea?
Not GP, but yes, people in India mostly add both milk and sugar to masala tea, i.e. it is not had with just tea and the masalas - IME, at least. Can't say specifically what is common in Gujarat, though, since I haven't been there except in early childhood a few times (with parents), and didn't drink tea then.
Sugar as per taste but milk is a must! I use 1:2 water:milk but you can vary it. About 1 tsp of masala per cup or mug. Typically you’d heat the whole concoction till the milky water rises once or twice. I don’t put in the tea (loose or tea bag) from the start as it tends to become bitter but it must still boil with the rest for a minute or two.
thanks, the information on the process to make the tea is super helpful. I was just going to ask about it, now things become much clear to me. 1:2 water:milk? man, that's a lot of milk. But I love milk, so that will be great. Also, I guess unlike what the Chinese normally do, there is no refilling hot water into the pot/mug to drink more, right?
I now use 1:3 or less especially when using whole milk, 1:2 or 1:2.5 when using 2% fat milk. Experiment and see what you like! There is no one true recipe!
Definitely no refilling with hot water! As the whole process takes time, I used to make 3-4 cups in the morning and take the remaining tea in a thermos to work.
Curious to know, are there ways that a country (in fact mainly the U.S.) can 'flip the switch' (weaponize, if you will) on fundamental internet tech, such as DNS, TCP/IP, HTTP and many many others, to severely affect a foreign adversary's business (either a company or a country)?
Sure those are merely standards/protocols, still, is it possible these tech and their current world-wide setup be effectively used in conflicts by issuing government executive orders or enacting new laws?
Edit: just found this on reddit. Not exactly what I was asking (fundamental internet standards/protocols), but still somewhat related.
From a reddit post --
"Huawei is no longer able or allowed to work on standards for Wi-Fi, USB and SD cards. "Temporarily restricted" by Wi-Fi Alliance, voluntarily withdrew from JEDEC (USB etc) and no longer a member of SD Associaton (which technically means no more SD slots)"
Fundamentally I would say yes, however most of the countries that the US would likely do this to (Russia, Iran, China, Cuba) have contingencies in place through the implementation of country wide intranets[0][1]. Within those countries you also have localized social, financial and e-commerce services that minimize the general populations dependency on foreign companies and services.
So the US could cut cut them off or manipulate their connectivity to the global internet through something like BGP or DNS, but the impact would be far less than the US doing that against a country such as Canada that has a deep reliance on US infrastructure and services.
China's economy is very export dependent. If Chinese businesses cannot use internet to access a lot of U.S. allies, it would suffer badly.
For example if, say, all U.K's companies are not allowed to use email or skype to talk to the Chinese, or all U.S., Canada and Australia, etc. web sites are not accessible from China because of some executive orders or laws by the U.S. (similar to google complying with the order currently), then I guess China's economy would be severely affected.
F#, to me, has the most beautiful syntax. Reading F# code is such an eye pleasing experience!
I actually don't know much about the language, but always dream about being an expert in it and using it every day.
Edit: to give some context, the others I find especially beautiful syntax-wise are Ruby, Lisp, Haskell, Ocaml(very similar to F#). Still I think F# is the best.
Apologize if this is not the right place to ask for help.
Two days ago when I began to develop a web site backend, a strange thing happened. Visiting "mydomainname.com" in Firefox v66 gave me back error message saying site not found, but visiting "mydomainname.com/index.html" (or index.php) would be fine, the content of that page was returned.
After one hour struggle, I used another browser (and my phone) to open "mydomainname.com", and it worked fine! It returned the index.html page. So it's not the issue of the default file setup.
Did I miss something obvious? I felt stupid. I am now using Chrome but I would like to come back to Firefox. Thanks for any help.
Does the error happen in a Private Browsing window? Maybe Firefox cached some "site not found" result it shouldn't have? This sounds more like a server configuration issue than a Firefox bug.
__Edit: I installed the lastest Firefox v67, the problem is gone. It works great.__
Thanks. no it's not in a private browsing window.
I also asked other people to visit the site(mydomainname.com) from their computers and phones, all worked fine.
The hour long struggle left me with painful memories. :) I never had issue like this previously in Firefox or other browsers. On that day, Chrome and IE worked without problem on my computer (Win 7 32bit), so the computer should not be the culprit.
That leaves Firefox v66 standing. I don't know why.
