This is common practice across the US and the rule-of-thumb 40x generally tries to take most cases into account. i.e., 40x after taxes and other typical debt levels is "risk appropriate" for landlords... Though don't get me started on how this reduces landlord risk to a level where they should not see profits...
It does seem odd though when you consider one person with 40x may have a completely different net than another.
Underground, perhaps (although German's U-Bahn is the equivalent). Metro, accent aside, is in common use worldwide, isn't it? (Tokyo, Washington DC, to name two Metro systems)
When people say Metro I think the Mexico City Metro. "Metro" is not only used to brand the trains, but also the BRT service ("Metrobús").
When people mention The Tube I do think London though. I haven't heard anyone else call their subway "the tube". To be fair though, the London Underground _is_ quite more tubular than other systems around the world.
Posted this after receiving an email from the Wiretrustee team this afternoon. Unfortunately it seems their RPi CM4 SATA board has been cancelled (supply chain!). Full text of the email appears below.
---
After you haven't heard from us since August, we are calling you with some news today. It is with a heavy heart that we have to announce that we have stopped working on the Wiretrustee CM4 SATA board. It was a very exciting time for all of us in the team during which we received a lot of support from all of you. Almost 10,000 followers of our Crowd Supply page show that we were not completely wrong.
But in the end, we don't see any improvements in the current situation of the global electronic components supply chain. So far, there's no telling when we might be able to offer you the board at an acceptable price.
To offer you at least something, we have decided to open-source all the design files that we created so far. You will find them soon on GitHub under the following link:
https://github.com/wiretrustee/cm4-sata-board
In the meantime, we have fully dedicated ourselves to another project and further expanded the P2P network developed for the board. We will now continue to pursue this with full force and extend it with further functionalities to a full open-source alternative for traditional VPN.
Frustratingly, they have obviously not open sourced all design files. The only similar file formats present in that repo are: PDF, DXF, and SVG. No source files!
Very exciting! Happenstance yesterday renewed my interest in DIYing a CM4-based laptop motherboard replacement, and having more open designs to learn from will only help that. I'm looking at qty=1 so expensive components aren't such an impediment...
I wish more designs would go open when they're no longer commercially viable. All it's going to do in the long term is breed better hardware designers, after all.
I think it's largely too early to say (in the sense that it has yet to be thoroughly researched in vaxx'd areas). It's clearly taken over the population of infections in South Africa but they're rolling with fairly low vax rates (I have seen a few figures reported but < 40%).
There are some protein/spike characteristics of this variant which alarm scientists who think it might evade vax-generated antibodies better--i.e. alpha/delta-targeting vax antibodies may provide less resistance to this one.
So on the one hand it //could be// worse than Delta but I am personally waiting for more data to flow out (esp. beyond SA).
It also, in early estimates, has a higher infectivity rate than the Delta variant, which is disquieting because Delta was already about as contagious as chicken pox.
Numbers this early can be very misleading, but anecdotes have cropped up about infections occurring from one hotel room to another, possibly through the HVAC system, which is not a durability trick that previous variants were believed to have.
> "for his involvement in the Sparks Group, an international piracy group that illegally distributed movies and television shows on the Internet."
(from the announcement) in case you were wondering if this was some "simple" torrent usage or what...
> "In furtherance of its scheme, the Sparks Group fraudulently obtained copyrighted DVDs and Blu-Ray discs from wholesale distributors in advance of their retail release date by, among other things, making various misrepresentations to the wholesale distributors concerning the reasons that they were obtaining the discs prior to the retail release date."
They bought DVDs with a paper trail, shipped them internationally, ripped them and then uploaded to scene sites with photos of the retail packaging. Not difficult to see how they got caught.
One can't help but feel sorry for them. Commercial copyright infringement in the states probably carries a $1e308 financial penalty and/or life imprisonment. The fact that the article is written about a UK national just highlights the asymmetry in the treaty – meanwhile, US citizens can literally get away with manslaughter [1] without being extradited...
For the record, I was joking – if the sentences were served sequentially the article implies that the person extradited would be on the hook for a 30 year sentence. My perhaps unfair "joke" was supposed to be hinted at the ~floating point overflow fine at the same time. (For the record, I think this is utterly disproportionate to the crime – they certainly did not cause Hollywood multi-million losses.)
The reason behind my perhaps slightly uncouth reference to the Death of Harry Dunn [1] was because 30 years is nearly double that faced by the US citizen who killed him, refusing to return to the UK as "the potential 14-year sentence [is] not proportionate" as it "would not usually result in a prison sentence in the US" [her lawyer, also 1]. I find it very interesting (as a commentary on the role of media, technology, and incentives in society) that using DeCSS and creating a torrent is apparently punishable by a long gaol sentence, yet negligently killing someone is apparently not.
Anyway, another poster has subsequently pointed out that I am wrong to draw this conclusion as a different treaty was used -- and, I should probably not overly politicise HN either -- my apologies for both.
No, it doesn't show much of anything about the US-UK treaty because that treaty wasn't used. They were extradited from Cyprus, which is noted in the article (reproduced below). I would agree that the handling of the Sacoolas situation was very problematic.
> OIA also provided critical support in working with Eurojust and Europol in planning the coordinated operation in August 2020 and provided critical assistance in securing the defendant’s extradition from Cyprus.
Your comparison between vehicular homicide and commercial copyright infringement would work better if the perpetrator of the former were not protected by diplomatic immunity.
(1) "In court papers, the former Foreign Office (FCO) minister Tony Baldry said the diplomatic immunity deal reached in 1995 was intended specifically to exclude dangerous driving cases, or indeed any actions not related to the work of the staff at the base"[1]
(2) Even if (1) were not the case, there have been documented cases where the US has "put pressure" on genuine diplomats working on US soil who have committed offences in order to be able to prosecute in the US (something about a Georgian diplomat in 1997 IIRC). Why should the rest of the world be subjected to "do as I say, but not as I do" with the US ?
(3) What about that stupid "surprise surprise" show Trump attempted to put on at the Whitehouse ? I mean that's just sticking two-fingers up in the air to the UK family by saying "well, you can meet the perpetrator who's waiting in the next room ... ready to shed some crocodile tears for the cameras".
Diplomatic immunity is intended to prevent the host country (the UK) from subjecting diplomats to unreasonable detention, imprisonment etc, or to protect them from work done as part of their job (the host country might consider it spying).
Responsible countries either waive the diplomatic immunity, or prosecute the offender in their own courts. The USA has done neither.
In 2002, a Colombian diplomat had his immunity waived, allowing the UK to prosecute him for manslaughter. [1]
I'd like easier to buy or rent DVD's. The DRM in it has been broken for so long that it is basically DRM-free and the quality is good enough for most of mine entertainment purposes. I fear streaming services will make buying DVD's harder.
Are Blue-Ray as easily watchable as DVD's these days?
The DRM on blurays has been broken for over a decade now. The newer 4K blurays are a pain though, there are only a few drives that work and you will probably need to reflash the drive firmware.
Thought this was a compelling illustration of how market dynamics intersect w. potential shenanigans... Carol is careful to not level any direct accusations, which I appreciate--but the presentation definitely suggests the data is either inaccurate or the liquidation was in Binance's favor (unwittingly or otherwise).
Wholeheartedly agree about process vs. color-by-number recipes... For those who do like to read offline, I do recommend Ruhlman's "Twenty" [0]. It is well written and illustrated and provides a lens into process via carefully selected recipes.
[0] Full title being ``Ruhlman's Twenty: 20 Techniques, 100 Recipes, A Cook's Manifesto (The Science of Cooking, Culinary Books, Chef Cookbooks, Cooking Techniques Book)``
Cracking DES as set 9 of cryptopals [0] :) ? Awesome challenges in general, of course, but iirc no actually breaking a symmetric key cipher ("actually" doing a lot of work here, I admit, since there's all kinds of oracle attacks which are awesome!).
[0] For the uninitiated: https://cryptopals.com, which is of the parent's and collaborators' creation!
Ninja edit to add: This is all in good fun, recognizing that cryptopals focuses on real-world crypto that actually is used today!
The reassuring thing about DES is that DES is actually broken only for the reasons people knew about when DES was standardised in the 1970s.
The DES key size is too small (56 bits) and the DES block size is too small (64 bits).
Practical attacks on DES (as opposed to stuff like oracles that isn't a block cipher problem per se) all attack these known weaknesses of DES, theoretically it's still fine, within the bounds of those two fatal limitations.
That's reassuring because it means we're probably done. AES is faster, and it fixes the two things that are wrong with DES by having the longer keys (128-bit or 256-bit) and the larger blocks (128-bit) and so if DES is any indication there won't be a need to replace AES in the foreseeable future.
But I'm pretty sure it makes this hypothetical Cryptopals set silly. On specialist hardware DES cracking via these two obvious flaws is practical, though not exactly cheap, but "Pay somebody some Buttcoins to crack the key" isn't much of a Cryptopals exercise, and "Build your own DES cracker" is more hardcore electronics project than crypto introduction.
No need to replace AES except for implementation concerns, because constant-time AES on a CPU with caches but without AES in hardware is an absolute nightmare. I mean, have you seen how bitslicing works? It’s awful. Brilliantly clever, but still awful.
I believe better performance without hardware specializations is why the chacha cipher was invented and added to TLS. I even think most big websites prefer it, for better mobile experience.
> I even think most big websites prefer it, for better mobile experience.
Actually the clients get to present a list of ciphers in descending order of preference, a server can (and most will) choose the first from the list that they're willing to use.
So from most heavier devices AES will be chosen because they have a hardware AES accelerator and so they put AES suites at the top of the list, while devices that don't are likely to put a suite with ChaCha20 at the top.
AES is Mandatory To Implement for modern TLS, even if your client can't do it efficiently you will need to support it in case your peer doesn't want to agree anything else.
I liked Heys so much that I thought about putting together a block cipher cryptanalysis Set 9, but I'd much rather do someone else's Set 9 and learn from it. Maybe I can troll Aleks and Thomas Pornin into doing it.
And, as usual, Coinbase is also down at the moment [0]. Don't have a super-strong opinion on the crash itself (or whether we should call it a crash given crypto's volatility)--but it does seem peculiar that the exchanges in the space tend to drop when things get rough.
[0] https://status.coinbase.com as of 13:51 UTC status was "intermittent downtime" and "delayed withdrawals"
I very clearly recall Coinbase structurally having these outages back in 2017/2018 as well. Always when big price movements are about to happen, but often before the volume spike. Nothing but funny coincidences I'm sure.
It does seem odd though when you consider one person with 40x may have a completely different net than another.