The most essential check is SPF and DKIM which authenticate if the message has come from an authorized server. The problem is that most mail services are too lenient with mismatched sender identification. On one hand, people would be quite vocal about their mail provider sending way too much legitimate (but slightly misconfigured) mail to the spam folder. However it allows situations like to happen where the FROM header, the "From:" address, and the return path are all different.
Most mail systems have several stages of filters, and the first ones (checking authentication) are quite basic. After that, attachments, links, and contents are checked for known malware. Machine learning might kick in after this, if certain criteria are met. Mail security is very complicated and works well except for the times it falls flat on its face like this.
If I'm remembering correctly, it's because the previous government set the price floor to the average natural gas price, artificially propping up their north sea oil & gas industry that's been noncompetitive for decades. Even though they can make cheap energy, consumers get screwed because of national security concerns.
Unfortunately I don't have a source, and would appreciate a UK national with better understanding than me to chime in :)
Pretty much all electricity markets worldwide set the unit price based on the the cost of the "marginal" (most expensive) generator running during each time period. It's a weirdly common misconception that the UK is unique in doing this.
If you paid generators what they bid, then they're incentivised to manipulate their bids to try and make the most money, distorting the market.
Almost all the wind farms and many solar farms in the UK operate under the "contract for difference" system, where they're guaranteed a fixed price per unit and have to pay back any income above that. So a lot of the money paid is clawed back through that method.
The reason the UK's electricity has been expensive over the last few years comes down to:
- Shutdown of several nuclear plants without any replacement
- Shutdown of coal plants and replacement with gas
- The Ukraine war affecting gas prices
- Clean energy surcharges on bills (which hit electricity bills a lot harder than gas bills, regardless of how clean the electricity is...)
There will be a bunch more renewables coming online soon which will hopefully start crowding out gas and driving the price down more regularly, so hopefully prices will start dropping faster soon.
>Pretty much all electricity markets worldwide set the unit price based on the the cost of the "marginal" (most expensive) generator running during each time period
Indeed. This is inherent failing of the use of auctions for setting price. While using auctions is a laudable goal, in reality it is not very efficient and easily gamed. Having a central purchaser model is not idea from a ideological standpoint but clearly more efficient allowing correctly controlling for more variables than can (crudely) be transmitted through a 30 minute auction period.
The only reason the wind farms got built was because they got guaranteed a high price of electricity that took the risk out of it. This changed more recently which is why building stopped.
Another factor is in the UK everything below the average tide line is owned by the Crown (as in the King not the government) who were very happy to get lease income. The Govt was also happy so it didn't look like the people were funding the King (which they are).
Also the public are very against wind turbines on land which is reasonable in England where there isn't much isolated land to put them.
At least they got built, which is more than can be said for the nuclear plants.
https://www.electricitybills.uk/ shows a breakdown of the components of consumer energy bills. It's not as simple as saying "it's expensive because of gas", though pricing based on the marginal production cost is one component.
GM-5 is probably the greatest pocket-size mirrorless, and maybe the last. The GX-85 is also great, but it does have a larger grip and more of a shoulder at the top.
The G-100D is also quite small, but the faux pentaprism at the top makes it just a bit too big to justify being MFT.
I have a GM1, it's truly a standout camera. GM5 makes it even better. It's quite funny nobody wants to attempt similar sizes, even when the market has voted for pocketable cameras.
Especially OM - with all their troubles, if it were me I'd have pivoted the company to sizes that do justice to the mount's inherent size advantage. They have a rich legacy of amazing small cameras (Trip, Pen, XA series, and the overrated mju ii) - yet it's fuji selling an order of magnitude more x-halfs than anything OM is producing.
If they just remade it with modern AF software, I'd probably carry mine around most every I went. Not to mention what they could do by updating hardware.
This is a good thing. It might inconvenience some old suburban men that have no hobbies other than making their lawn look like astroturf, but those of us that breathe air regularly should be asking for this in their own jurisdiction.
Unlike your car, a four-stroke engine with a catalytic converter, a leaf blower is a two-stroke that burns oil by design. The amount of particulate emissions is hard to understate, and the amount of NOx these belch out is staggering. Asthma, cancer, heart disease, COPD, all are on the table with this type of system.
Suburban homeowners can use electric blowers. They're good enough now and not silent but way quieter and non-emitting. If you get the mower and trimmer and chainsaw, etc in the same system, they all share batteries. It's SO NICE not having to repair, refuel, tune, and tolerate small engines.
These tools probably aren't ready for professional landscapers yet but they're almost there.
A lot of 4-stroke don't have much emissions controls either although it does burn cleaner than a two stroke. If you buy heavy equipment like excavator or tractor under 25hp you can get it with no emissions controls which is highly sought after because they don't break down as often.
I'm not sure where you are located, but that is not the case in the majority of the US. In most of the US they are overwhelmingly 2-stroke.
Just checked a couple local hardware store websites too to make sure I wasn't crazy... there aren't any 4-strokes leaf blowers available in-store, they're all 2-stroke.
I agree in theory, but doing so would have been very difficult practically. The IPv4 header structure is very rigid, and it wouldn't have been possible to just add more bits to the src/dst fields without breaking things.
The only reasonable route I've seen would have been to add an "area code" or "country code" to the Options fields and have huge border routers to translate packets between different locales. It would have solved one problem, only by creating an arguably much worse one.
Sure, but there was also no need to reinvent address assignment, routing and bunch of other stuff that now causes a massive headache due to mismatch of architectures on dual-stack deployments.
I agree, though it takes some discipline to keep it simple and small. It can be really easy to let your clusters get huge, tools get complex, operator sprawl, etc. but keeping it simple and understandable is worth it in the long term.
The biggest problem is that most of the popular tools are built for the target audience of "dedicated infra team", when in reality most k8s users don't really have that.
Yeah, I don't see a way to get around the fact that space is a fabulous insulator. That's precisely how expensive insulated drink containers work so well.
If it was just about cooling and power availability, you'd think people would be running giant solar+compute barges in international waters, but nobody is doing that. Even the "seasteading" guys from last decade.
These proposals, if serious, are just to avoid planning permission and land ownership difficulties. If unserious, it's simply to get attention. And we're talking about it, aren't we?
You should read the linked article, they talk about it there. You radiate the heat into space which takes less surface area than the solar panels and you can just have them back to back.
In general I don't understand this line of thinking. This would be such a basic problem to miss, so my first instinct would be to just look up what solution other people propose. It is very easy to find this online.
Taking a system which was conceptualized about a quarter of a century ago and serves much different needs than what a datacenter in space needs (e.g. very strict thermal band, compared to acceptable temperature range from 20 to 80 degrees) isn't ideal.
The physics is quite simple and you can definitely make it work out. The Stefan Boltzman law works in your favor the higher you can push your temperatures.
If anything a orbital datacenter could be a slightly easier case. Ideally it will be in an orbit which always sees the sun. Most other satellites need to be in the earth shadow from time to time making heaters as well radiators necessary.
These data centers are solar powered, right? So if they are absorbing 100% of the energy on their sun side, by default they'll be able to heat up as much as an object left in the sun, which I assume isn't very hot compared to what they are taking in. How do they crank their temperature up so as to get the Stefan Boltzmann law working in their favor?
I suppose one could get some sub part of the whole satellite to a higher temperature so as to radiate heat efficiently, but that would itself take power, the power required to concentrate heat which naturally/thermodynamically prefers to stay spread out. How much power does that take? I have no idea.
σ is such a small number in Stefan-Boltzman that it makes no difference at all until your radiators get hot enough to start melting.
You not only need absolute huge radiators for a space data centre, you need an active cooling/pumping system to make sure the heat is evenly distributed across them.
I'm fairly sure no one has built a kilometer-sized fridge radiator before, especially not in space.
You can't just stick some big metal fins on a box and call it a day.
Out of curiosity, I plugged in the numbers - I have solar at home, and a 2 m2 panel makes about 500w - i assume the one in orbit will be a bit more efficient without atmosphere and a bit more fancy, making it generate 750w.
If we run the radiators at 80C (a reasonable temp for silicon), that's about 350K, assuming the outside is 0K which makes the radiator be able to radiate away about 1500W, so roughly double.
Depending on what percentage of time we spend in sunlight (depends on orbit, but the number's between 50%-100%, with a 66% a good estimate for LEO), we can reduce the radiator surface area by that amount.
So a LEO satellite in a decaying orbit (designed to crash back onto the Earth after 3 years, or one GPU generation) could work technically with 33% of the solar panel area dedicated to cooling.
Realistically, I'd say solar panels are so cheap, that it'd make more sense to create a huge solar park in Africa and accept the much lower efficiency (33% of LEO assuming 8 hours of sunlight, with a 66% efficiency of LEO), as the rest of the infrastructure is insanely more trivial.
This argument assumes that you only need to radiate away the energy that the solar actively turns into electricity, but you also need to dissipate all the excess heat that wasn’t converted. The solar bolometric flux at the earth is 1300 w/m2, or 2600 for 2 sq m. That works out to an efficiency of ~20% for your home solar, and your assumed value of 750 w yields an efficiency of ~30%, which is reasonable for space-rated solar. But assuming an overall albedo of ~5% that means that you were only accounting for a third of the total energy that needs to be radiated.
Put another way, 2 sq m intercepts 2600 w of solar power but only radiates ~1700 w at 350 k, which means it needs to be run at a higher temperature of nearly 125 celsius to achieve equilibrium.
It receives around 2.5kW[0] of energy (in orbit), of which it converts 500W to electric energy, some small amount is reflected and the rest ends up as heat, so use 1kW/m^2 as your input value.
> If we run the radiators at 80C (a reasonable temp for silicon), that's about 350K, assuming the outside is 0K which makes the radiator be able to radiate away about 1500W, so roughly double.
1500W for 2m^2 is less than 2000kW, so your panel will heat up.
>Depending on what percentage of time we spend in sunlight (depends on orbit, but the number's between 50%-100%, with a 66% a good estimate for LEO), we can reduce the radiator surface area by that amount.
You need enough radiators for peak capacity, not just for the average. It's analogous to how you can't put a smaller heat sink on your home PC just because you only run it 66% of the time.
Yes it's fun. One small note, for the outside temp you can use 3K, the cosmic microwave background radiation temperature. Not that it would meaningfully change your conclusion.
It's definitely a solvable problem. But it is a major cost factor that is commonly handwaved away. It also restricts the size of each individual satellite: moving electricity through wires is much easier than pumping cooling fluid to radiators, so radiators are harder to scale. Not a big deal at ISS scale, but some proposals had square kilometers of solar arrays per satellite
That exactly. It's not that it's impossible. It's that it's heavy to efficiently transport heat to the radiators or requires a lot of tiny sats, which have their with problems.
But heat = energy, right? So maybe we don’t really want to radiate it, but redirect it back into the system in a usable way and reduce how much we need to take in? (From the sun etc)
Useful, extractable energy comes from a temperature differential, not just temperature itself. Once your system is at temperature equilibrium, you cant extract energy anymore and must shed that temperature as heat
That's not how physics works. Heat in and of itself does not contain usable energy. The only useful energy to be extracted from heat comes from the difference in temperature between two objects. You can only extract work from thermal energy by moving heat from one place to another, which can only happen by moving energy from a hot object to a cold one.
This is all fundamental to the universe. All energy in the universe comes exclusively from systems moving from a low entropy state to a higher entropy state. Energy isn't a static absolute value we can just use. It must be extracted from an energy gradient.
Call me old-school, but I really liked how EV certs looked in the browser. Same with the big green lock icon Firefox used to have. I know it's all theatrics at best and a scam at worst, but I really feel like it's a bit of a downgrade.
Only IT understand any of this SSL/TLS stuff and we screwed up the messaging. The message has always been somewhat muddled and that will never work efficiently.
> Call me old-school, but I really liked how EV certs looked in the browser.
I agree, making EV Certs visually more important makes sense to people who know what it means and what it doesn't. Too bad they never made it an optional setting.
When you request an EV. They call you by the phone number that you give to ask if you requested a certificate. That was the complete extend of the validation.
I could be a scammer with a specificity designed domain name and they would just accept it, no questions asked.
> In addition to all of the authentication steps CAs take for DV and OV certificates, EV certificates require vetting of the business organization’s operational existence, physical address and a telephone call to verify the employment status of the requestor. [1]
Tying a phone number to a physical address and company is a lot more useful than just proof of control over a domain. Of course its not 100% fool proof and depends on the quality of the CA but still very useful.
> Tying a phone number to a physical address and company is a lot more useful than just proof of control over a domain.
It might be useful in some cases, but it is never any more secure than domain validation. Which is why browsers don't treat it in a special way anymore, but if you want you can still get EV certificates.
It was easy to provide the information for an existing business you're completely unrelated to. Reliably verifying that a person actually represents a company isn't possible in most of the world.
Many countries has official register of companies with at least post box address. Requiring to answer a physical letter sent to an address from the central register will be much more reliable.
IMO it would make sense to tie into the trademark system. Allowing companies to build a brand reputation and protect it from impersonators is literally the whole point of that part of our legal system.
Imagine if only the owner of the McDonald's trademark could issue a certificate which displays the McDonald's name and logo, for example.
Depends on the registrar. Globalsign required the phone number to be one publicly listed for the company in some business registry (I forget exactly which one), so it had to be someone in our main corporate office who'd deal with them on the phone.
Dun and Bradstreet (?). I believe I'm remembering this correctly. I still deal with a few financial institutions that insist on using an EV SSL certificate on their websites. I may be wrong, but I believe that having an EV SSL gives a larger insurance dollar amount should the security be compromised from the EV certificate (although I imagine it would be nearly impossible to prove).
When I last reissued an EV SSL (recently), I had to create a CNAME record to prove domain ownership, as well as provide the financial institution's CEO's information which they matched up with Dun & Bradstreet and called to confirm. The entire process took about three days to complete.
For an online business in a dubious (but legal) domain, my co-owner spent a few hundred bucks registering a business in New Mexico with a registered agent to get an EV cert.
I have an almost identical story except the state in question was Nevada. I’m curious what “dubious” domain it was, for me it was video game cheats. Maybe I’m actually the co-owner you’re talking about. :)
I'd love a referral to your certificate authority and rep - we go through a big kerfluffle each renewal period, only eventually receiving the certificate after a long exchange of government docs and CPA letters. For us, only the last step is the phonecall like you say.
This exchange seemingly proves the argument that user trust gained from the EV treatment is misplaced, and that the endeavor was a farce all along. It's not as though the user's browser was distinguishing the good CAs from the bad!
I disagree. I specifically said in my original comment they were very useful for those that knew what EV certs were and EV certs weren't.
You may not know that Digicert is a quality CA who wasn't going to risk their position as a CA to sign an EV cert for a typo squatting phishing site pretending to be PayPal but there are those who do. The green UI in chrome & firefox made finding all of this information out incredibly simple and obvious.
It was used correctly. What CAs wanted to sell wasn't something browsers wanted to support, and EV was the compromise. It just happens that what EV meant wasn't that useful irl.
What's the alternative, showing the company's unique registration ID?
CAs invented EVs because the wanted to sell something which could make them more money than DVs. The fact that company names aren't unique means that the whole concept was fundamentally flawed from the start: there is no identifier which is both human-readable and guaranteed to uniquely identify an entity. They wanted to sell something which can't exist. The closest thing we have got is... domain names.
The alternative would have been to have the CA use human judgement when approving EV certificates and reject applications from organizations whose names shadowed better-known firms, or to only accept applications from a select set of organizations (like, say, banks). But either of those possibilities would have increased the cost of the program and limited the pool of applicants, so CAs chose the cheap, easy path which led to EV certificates becoming meaningless.
How many CAs do you think there are? How many countries do you think they operate in?
Maybe we could augment the old EV cert indicator with a flag icon, but now there's yet another thing that users have to pay attention to. Maybe the CA/Browser Forum could run a clearinghouse for company names, but apart from trivial examples, there might very well be legitimate cases of two companies with the same name in the same country, just in different industries. Now do we augment the indicator with an industry icon too? Then the company changes its name, or forms a subsidiary relationship, or what have you. Now do we need to put "Meta (formerly Facebook)" or "Facebook (division of Meta)" etc. in the name?
There's just so many problems with the EV cert approach at Internet scale and they're largely beyond solvable with current infrastructure and end-user expectations.
How do you decide when a company is "well-known"? What's going to happen when there are two well-known companies with the same name or a very similar name? What if a well-known company in country A expands to country B, where a well-known company with that name (but active in a different industry) already exists? How are you going to deal with subsidiaries which are both legally and organizationally separate? Who gets to keep the EV when a company spins off a division but both parts retain the same name?
"Use human judgement" might work for trivial examples of fraud, but it quickly breaks down once you try applying it to the real world. Besides, how are you going to apply the same "human judgement" across hundreds of employees at dozens of CAs? If anything, you're just begging to get sued by large corporations whose complex situation fell on the wrong side of your human judgement.
The problem is that people wrongly believe that company names are unique. In reality you're just some paperwork and a token registration fee away from a name clash.
If anything, it's a disadvantage. People are going to be less cautious about things like the website's domain name if they see a familiar-sounding company name in that green bar. "stripe-payment.com" instead of "stripe.com"? Well, the EV says "Stripe, Inc.", so surely you're on the right website and it is totally safe to enter your credentials...
In many countries, company names are unique to that country. And combined with country TLDs controlled by the nation-state itself, it'd be possible for at least barclays.co.uk to be provably owned by the UK bank itself when a EV cert is presented by the domain.
In the US though, every state has it's own registry, and names overlap without the power of trademark protection applying to markets your company is not in.
Are company names even unique within the UK? Sure, there can be only one bank named Barclays because of trademark laws, but can't there be a company in a different sector with the same name? Like Apple the computer business vs Apple the record company?
Or don't you have small local businesses (restaurants, pubs, stores) with duplicate names as long as they're in different locations? I know here in Flanders we have, for example, tens if not more places called "Café Onder den toren" (roughly translated as "Pub beneath the tower"). Do all local businesses in the UK have different names?
That's not exactly a great example, is it? "Barclay" even has a disambiguation page on Wikipedia, because it's a reasonably common Scottish surname.
For example, there used to be a Scottish company constructing steam locomotives which traded under the "Barclays & Co" name - because it was founded by one Andrew Barclay. There's also the Barclay Academy secondary school, and a Bentley dealer which until recently operated as Jack Barclay Ltd.
And that's just the UK ones! Barclays operates internationally, which means they want "barclays.com", so suddenly there's also Barclay-the-record-label, Barclay-the-cigarette-brand, Barclay-the-liquor-brand, Barclay College, golf tournament The Barclays, Barclays Center (whose naming rights were bought by the bank, but they of course want their own completely distinct website), Barclay Theatre, three Barclay Hotels.
Of course there's also all the stuff under "Barkley", "Barkly", "Berkley", and probably a dozen other variations just waiting to be used to scam dyslexic Barclays custumers.
Barclays used to operate under Barclays Bank PLC. IMO, if disambiguation was problematic online they would have reverted back to that name.
You bring up good points, but I don't think that company naming has to be 100% proof against confusion, it's just one more helpful thing for consumers to identify whom they are doing business with.
In the case of close names like "Barkley", if they're doing banking, there is probably a trademark case against if they actually use it to confuse customers.
The correct way would be to publish packages on a proper registry/repository and install them with a package manager. For example, create a 3rd party Debian repository, and import the config & signing key on install. It's more work, sure, but it's been the best practice for decades and I don't see that changing any time soon.
Sure, but it all boils down to trust at the end of the day.
Why would you trust a third-party Debian repository (that e.g. has a different user namespace and no identity linking to GitHub) more than running something from evidently the same user from GitHub, in this specific case?
I'm not arguing that a repository is nice because versioning, signing, version yanking, etc, and I do agree that the process should be more transparent and verifiable for people who care about it.
A NAS will use a network file protocol (SMB/NFS/AFP/SFTP etc) to access data rather than direct disk access, so the types of failures are different. Generally you don't really have to "eject" but disconnecting during a large transfer can cause incomplete writes.
The main risk with directly attached storage is that most kernels will do "buffered writes" where the data is written to memory before it's committed to disk. Yanking the drive before writes are synced properly will obviously cause data loss, so ejecting is always a good idea.
Generally, NAS is a bit safer for this type of storage because the protocols are built with the assumption that the network can and will be interrupted. As a result, things are a bit slower since you're dealing with network overhead. So, like everything, there are some trade-offs to be made.
The most essential check is SPF and DKIM which authenticate if the message has come from an authorized server. The problem is that most mail services are too lenient with mismatched sender identification. On one hand, people would be quite vocal about their mail provider sending way too much legitimate (but slightly misconfigured) mail to the spam folder. However it allows situations like to happen where the FROM header, the "From:" address, and the return path are all different.
Most mail systems have several stages of filters, and the first ones (checking authentication) are quite basic. After that, attachments, links, and contents are checked for known malware. Machine learning might kick in after this, if certain criteria are met. Mail security is very complicated and works well except for the times it falls flat on its face like this.
https://en.wikipedia.org/wiki/Sender_Policy_Framework https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
reply