Leaderboard

A trecut conferinta, parerea personala e ca a fost ceva mai reusita decat cea din anii trecuti. Mai multi oameni, locatie mai misto, CTF-uri, traininguri, 2 track-uri de prezentari... Vorbind de prezentari, RST-ul a fost reprezentat in 2 prezentari: Less Known Web Application Vulnerabilities, Ionut Popescu Man-in-the-browser attacks, Daniel Tomescu Majoritatea prezentarilor au fost publicate pe pagina evenimentului, aici si aici.

https://pastebin.com/aZyyS16w

Si apoi, dupa ce s-a facut vanzarea: https://www.sec.gov/Archives/edgar/data/732712/000073271217000003/a2017_10x3xoathxexhibitx991.htm Mda...

LMFAO - http://www.newsweek.com/trump-team-leaks-about-israels-hack-kaspersky-lab-could-further-damage-ties-686500 Ca in filmele cu prosti... Americanii spioneaza lumea, dar la randul lor sunt spionati de Rusi care la randul lor sunt spionati de Israelieni - dar cand cei din urma le spun de treaba asta la muricani, aia incep sa trambiteze.

Sysadmins and developers rejoice! WSL is now a fully fledged part of Windows 10, starting with the latest Fall Creators Update. terested in running Linux on Windows 10 with Windows Subsystem for Linux (WSL), but nervous about it being both a beta and only available in Windows 10 developer mode? Your worries are over. In the Windows 10 Fall Creators Update (WinFCU) WSL has graduated to being a Windows 10 feature that can be run by any user. Tested for over a year, WSL on WinFCU is bringing many new features to this combination of the Linux Bash shell and Windows. Besides WSL no longer being a beta or requiring users to be in developer mode, the new features include: Install Linux distros via the Windows Store WSL now runs multiple Linux distros WSL comes to Windows Server & Microsoft Azure VMs WSL now supports USB/serial comms Miscellaneous fixes and improvements Besides Ubuntu, the new WSL-supported Linux distros are SUSE's community openSUSE and its corporate SUSE Linux Enterprise Server (SLES). Fedora and other distros will arrive in the store shortly. If you've previously installed WS, your existing "legacy" Ubuntu instance will continue to work, but it's deprecated. To continue to receive support you should replace it with a new store-delivered instance. Without this, you won't receive Canonical or Microsoft support. To keep your old files, you should tar them and copy them to your Windows file system; for example: `/mnt/c/temp/backups` and then copy them back to your new instance. In addition, instead of jumping through hoops to install Linux on Windows, you can install one or more -- yes, you can have multiple distros on a single Windows 10 system -- Linux distros from the Windows Store. To do this, you must first enable the WSL feature in the "Turn Windows Features on or off" dialog and reboot. No, WSL is not active by default and yes, you must reboot. After rebooting you simply search for "Linux" in the Windows Store, pick a version to install, hit install, and in a few minutes you're good to go. If you already have a Bash instance installed on WSL, you can start afresh with the lxrun /uninstall command. You run this command from the command prompt or PowerShell. Besides being able to install multiple Linux distributions, you can simultaneously run one or more Linux distros. Each distro runs independently of one another. These are neither virtual machines (VMs) nor containers, and that means they need their usual system resources. I, for example, would only want them on systems with at least an additional 2GBs per instance of running WSL. WSL itself requires only minimal system resources. Rich Turner, Microsoft's senior program manager of WSL and Windows Console, wrote: "We don't list [RAM requirements] because, frankly, we don't have any of note! If you don't install WSL, we add no RAM footprint. If you do enable WSL, there's a tiny 850KB driver loaded briefly, and then it shuts down until you start a Linux instance. At that point, you load /init which launches /bin/bash. This causes the 850KB driver to load, and creates Pico Processes for init and bash. So, basically, WSL's RAM requirements are pretty much whatever the RAM is that you need to run each Linux binary, plus around 1MB of working set in total." The Linux distros can also access Windows' host filesystem, networking stack, etc. That means you should be cautious about changing files on the Windows filesystem. Why would you run multiple distros at once? Microsoft points out: You can now install Linux distros right from the Windows Store. Linux developers will be pleased to find that USB serial comms are now supported. This enables your shell scripts and apps to talk to serial ports. WSL also now supports mounting of USB-attached storage devices and network shares. That's the good news, The bad news is it only supports the NT filesystem IO infrastructure. In other words it only supports FAT/FAT32/NTFS formatted storage devices. Want *nix file systems? Microsoft encourages you to upvote and/or comment on the associated UserVoice ask. Digging deeper into the new improvements, under the hood WSL on WinFCU now includes: Improved TCP socket options inc. IP_OPTIONS, IP_ADD_MEMBERSHIP, IP_MULTICAST, etc /etc/hosts will now inherit entries from the Windows hosts file xattr related syscalls support Fixed several filesystem features and capabilities Improved PTRACE support Improved FUTEX support chsh, which enables you to change shells, now works. This enables you to use your favorite shell directly. Shell startup file other than ".bashrc" will now execute. The following syscalls were added for the first time during the FCU cycle: Prlimit64 getxattr, setxattr, listxattr, removexattr As expected, WSL is also on its way to Windows Server and to Microsoft Azure Windows VM instances. This will make WSL even more useful for sysadmins. All these improvements have made it even easier for developers and system administrators to run Linux shell commands on Windows. While this isn't very useful for ordinary desktop users, for serious IT staff it's a real step forward, making Windows more useful in a server and cloud world that's increasingly dominated by Linux. Even on Azure, over a third of VMs are Linux. With WSL, most Linux shell tools are at your command. These include: apt, ssh, find, grep, awk, sed, gpg, wget, tar, vim, emacs, diff, and patch. You can also run popular open-source programming languages such as python, perl, ruby, php, and gcc. In addition, WSL and Bash supports server programs such as the Apache web-server and Oracle's MySQL database management system. In other words, you get a capable Linux development environment running on Windows. While you can run Linux graphical interfaces and programs on WSL, it's more of a stunt than a practical approach at this time. Of course, with a little work... How does WSL work? Dustin Kirkland, a member of Canonical's Ubuntu Product and Strategy executive team, explained: "We're talking about bit-for-bit, checksum-for-checksum Ubuntu ELF binaries running directly in Windows. [WSL] basically perform real-time translation of Linux syscalls into Windows OS syscalls. Linux geeks can think of it sort of the inverse of 'WINE' -- Ubuntu binaries running natively in Windows." Regardless of the technical details of how WSL does what it doess, what matters now is that WSL works very, very well. Enjoy! Via zdnet.com

A newly discovered vulnerability in generation of RSA keys used by a software library adopted in cryptographic smartcards, security tokens and other secure hardware chips manufactured by Infineon Technologies AG allows for a practical factorization attack, in which the attacker computes the private part of an RSA key. The attack is feasible for commonly used key lengths, including 1024 and 2048 bits, and affects chips manufactured as early as 2012, that are now commonplace. Assess your keys now with the provided offline and online detection tools and contact your vendor if you are affected. Major vendors including Microsoft, Google, HP, Lenovo, Fujitsu already released the software updates and guidelines for a mitigation. Full details including the factorization method will be released in 2 weeks at the ACM CCS conference as 'The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli' (ROCA) research paper. Description of the vulnerability A security vulnerability was found in the implementation of RSA keypair generation in a cryptographic library used in a wide range of cryptographic chips produced by Infineon Technologies AG. The product is also integrated in authentication, signature and encryption tokens of other vendors and chips used for Trusted Boot of operating systems. The vulnerability is present in NIST FIPS 140-2 and CC EAL 5+ certified devices since at least the year 2012. The algorithmic vulnerability is characterized by a specific structure of the generated RSA primes, which makes factorization of commonly used key lengths including 1024 and 2048 bits practically possible. Only the knowledge of a public key is necessary and no physical access to the vulnerable device is required. The vulnerability does NOT depend on a weak or a faulty random number generator - all RSA keys generated by a vulnerable chip are impacted. The attack was practically verified for several randomly selected 1024-bit RSA keys and for several selected 2048-bit keys. The specific structure of the primes in question allows for a fast detection of vulnerable keys, even in very large datasets. This property is useful for mitigation (users can assess own keys for vulnerability), but also for potential attackers (keys vulnerable to factorization can be pre-selected, without undergoing time-consuming factorization attempts). The worst cases for the factorization of 1024 and 2048-bit keys are less than 3 CPU-months and 100 CPU-years, respectively, on a single core of a common recent CPU, while the expected time is half of that of the worst case. The factorization can be easily parallelized on multiple CPUs. Where k CPUs are available, the wall time required for the attack will be reduced k-times - allowing for practical factorization in order of hours or days. The worst-case price of the factorization on an Amazon AWS c4 computation instance is $76 for the 1024-bit key and about $40,000 for the 2048-bit key. The difficulty of the factorization attack is not the same for all key lengths and is NOT strictly increasing (some longer keys may take less time to factorize than other shorter ones). The following key length ranges are now considered practically factorizable (time complexity between hours to 1000 CPU years at maximum): 512 to 704 bits, 992 to 1216 bits and 1984 to 2144 bits. Note that 4096-bit RSA key is not practically factorizable now, but may become so, if the attack is improved. The time complexity and cost for the selected key lengths (Intel E5-2650 v3@3GHz Q2/2014): 512 bit RSA keys - 2 CPU hours (the cost of $0.06); 1024 bit RSA keys – 97 CPU days (the cost of $40-$80); 2048 bit RSA keys – 140.8 CPU years, (the cost of $20,000 - $40,000). The vulnerability was found by a close inspection of a large number of RSA keys generated and exported from the manufacturer smartcards by researchers at CRoCS laboratory, Masaryk University, Enigma Bridge and Ca' Foscari University. The full results will be presented at an academic ACM Conference on Computer and Communications Security (ACM CCS '17) starting from October 30th. The vulnerability was disclosed to Infineon Technologies AG, following the responsible disclosure principle, in the first week of February with agreement of an 8 month period before a public disclosure. We cooperated with the manufacturer and other affected parties to help evaluate and mitigate this vulnerability during this period. Major vendors including Microsoft, Google, HP, Lenovo, Fujitsu already released the software updates and guidelines for a mitigation. We are now notifying general public and releasing tools for assessmnet of the individual keys. Impact A remote attacker can compute an RSA private key from the value of a public key. The private key can be misused for impersonation of a legitimate owner, decryption of sensitive messages, forgery of signatures (such as for software releases) and other related attacks. The actual impact of the vulnerability depends on the usage scenario, availability of the public keys and the lengths of keys used. We found and analyzed vulnerable keys in various domains including electronic citizen documents, authentication tokens, trusted boot devices, software package signing, TLS/HTTPS keys and PGP. The currently confirmed number of vulnerable keys found is about 760,000 but possibly up to two to three magnitudes more are vulnerable. The details will be presented in two weeks at the ACM CCS conference. The vulnerable chips are pervasive and not necessarily sold directly by Infineon Technologies AG, as the chips can be embedded inside devices of other manufacturers. Detection tools, mitigation and workarounds The first step is to detect if you use a chip with the vulnerable library. As the vulnerability is present in the on-chip software library and not limited just to a particular batch of hardware, the only reliable way is to generate an RSA keypair on the device and test the public key by the provided tools (see below). It is recommended to test also the keys already in use. We believe the tools are very accurate - it is highly unlikely that a secure key would be flagged, as well as that a vulnerable key would be missed. We provide the following tools: Offline testers: Python/Java/C++ applications and tutorials (https://github.com/crocs-muni/roca). We release all offline tools under the MIT license so it can be embedded into other testing applications and services. Online testers: Upload public key to https://keychest.net/roca or https://keytester.cryptosense.com to test your key. Email S-MIME/PGP tester: Send a signed email to roca@keychest.net to obtain an automatic email response with the analysis of the signing key vulnerability. If a vulnerable key is found, then you should contact your device vendor for further advice. The following general advices may apply: Apply the software update if available. Replace the device with one without the vulnerable library. Generate a secure RSA keypair outside the device (e.g., via the OpenSSL library) and import it to the device. We are not aware of any vulnerability in connection with the actual use of the key, only the generation phase has a confirmed vulnerability. Use other cryptographic algorithm (e.g., ECC) instead of RSA on affected devices. Apply additional risk management within your environment, if the RSA key in use is detected as vulnerable. Use key lengths which are not currently impacted (e.g., 3936 bits) by our factorization method. Be aware: use this specific mitigation only as a last resort, as the attack may be improved. Team The vulnerability was discovered by Slovak and Czech security researchers from the Centre for Research on Cryptography and Security at Masaryk University, Czech Republic; Enigma Bridge Ltd, Cambridge, UK; and Ca' Foscari University of Venice, Italy. Updates 2nd of November 2017 - Presentation of all details at the ACM CCS conference (to come) 16th of October 2017 - The initial version of the public disclosure published May to October 2017 - Cooperation with the manufacturer and other affected parties to help evaluate and mitigate the vulnerability 1st of February - The vulnerability disclosed to Infineon Technologies AG End of January - The vulnerability found Q&A Techincal references Infineon, Information on software update of RSA key generation function: https://www.infineon.com/RSA-update Infineon, Information on TPM firmware update for Microsoft Windows systems https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 Microsoft Vulnerability in TPM could allow Security Feature Bypass: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012 Google, The Chromium project Trusted Platform Module firmware vulnerability: https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update Media ArsTechnica: https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/ Forbes: https://www.forbes.com/sites/thomasbrewster/2017/10/16/worse-than-krack-google-and-microsoft-patch-massive-5-year-old-encryption-hole/#40c81a9447c3 Estonian ID cards: http://news.err.ee/616732/potential-security-risk-could-affect-750-000-estonian-id-cards The Register: https://www.theregister.co.uk/2017/10/16/roca_crypto_vuln_infineon_chips/ Paper details Paper title: The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli [ACM CCS 2017] Authors: Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec and Vashek Matyas Primary contact: Petr Svenda svenda@fi.muni.cz Conference page: ACM CCS 2017 Download author pre-print of the paper: (to be released 2nd November) Bibtex (regular paper): @inproceedings{2017-ccs-nemec, Author = {Matus Nemec and Marek Sys and Petr Svenda and Dusan Klinec and Vashek Matyas}, Title = {The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli}, BookTitle = {to appear at 24th ACM Conference on Computer and Communications Security (CCS'2017)}, Year = {2017}, ISBN = {978-1-4503-4946-8/17/10}, Publisher = {ACM} } Source

[...] So unless your Wi-Fi password looks something like a cat's hairball (e.g. ":SNEIufeli7rc" -- which is not guessable with a few million tries by a computer), a local attacker had the capability to determine the password, decrypt all the traffic, and join the network before KRACK. KRACK is, however, relevant for enterprise Wi-Fi networks: networks where you needed to accept a cryptographic certificate to join initially and have to provide both a username and password. KRACK represents a new vulnerability for these networks. Depending on some esoteric details, the attacker can decrypt encrypted traffic and, in some cases, inject traffic onto the network. But in none of these cases can the attacker join the network completely. And the most significant of these attacks affects Linux devices and Android phones, they don't affect Macs, iPhones, or Windows systems. Even when feasible, these attacks require physical proximity: An attacker on the other side of the planet can't exploit KRACK, only an attacker in the parking lot can. [...] Nicholas Weaver [...] One of the problems with IEEE is that the standards are highly complex and get made via a closed-door process of private meetings. More importantly, even after the fact, they're hard for ordinary security researchers to access. Go ahead and google for the IETF TLS or IPSec specifications -- you'll find detailed protocol documentation at the top of your Google results. Now go try to Google for the 802.11i standards. I wish you luck. The IEEE has been making a few small steps to ease this problem, but they're hyper-timid incrementalist bullshit. There's an IEEE program called GET that allows researchers to access certain standards (including 802.11) for free, but only after they've been public for six months -- coincidentally, about the same time it takes for vendors to bake them irrevocably into their hardware and software. This whole process is dumb and -- in this specific case -- probably just cost industry tens of millions of dollars. It should stop. [...] Matthew Green

Yahoo s-a dus, rămășițele sale devin Altaba by unacomn on 10/01/2017 Achiziția companiei Yahoo de către conglomeratul de telecomunicații american Verizon s-a încheiat. Această afacere se află în desfășurare încă din vara anului trecut, trecând de atunci peste câteva hopuri, după ce Yahoo a dezvăluit că a fost de două ori victima a celui mai mare incident de hacking din istoria internetului, fiind periclitate inițial o jumătate de miliard de conturi, iar apoi un miliard întreg. Totuși, în ciuda revoltării generale la adresa modului în care Yahoo a tratat incidentul, achiziția nu a fost afectată, iar Verizon a plătit suma de 4.8 miliarde de dolari pentru ceea ce a fost odată cea mai valoroasă companie de internet din lume. După această achiziție, toate funcțiile principale ale Yahoo vor trece sub tutela Verizon, urmând ca investițiile companiei în Alibaba și alte companii din Asia să fie consolidate sub numele Altaba. Aceasta componentă va rămâne independentă și în efect reprezintă tot ce mai rămâne din Yahoo care să nu fie o proprietate a Verizon. Conducerea curentă a Yahoo și-a luat tălpășița, Marissa Mayer nu mai este CEO, co-fondatorul companiei David Filo nu se mai află acolo, iar o mare parte din toți ceilalți care au ghidat compania spre situația sa precară vor căuta acum alte locuri de muncă. Serviciile Yahoo vor rămâne în funcțiune, dacă încă le mai folosește cineva. [Ars Technica] Sursa: https://zonait.tv/yahoo-nu-mai-exista/

Patch-urile sunt disponibile de ani de zile...

Cresterea automatizarii / robotizarii in diverse domenii e prezentata mai tot timpul apocaliptic, desi nu e cazul. Principalul rol al automatizarii e sa ajute oamenii sa isi desfasoare activitatile, nu sa ii inlocuiasca. Se pot automatiza activitatile repetitive, lipsite de creatie, lipsite de umanitate. Asfel oamenii se pot concentra mai mult pe cercetare, creativitate, arte, sporturi, dezvoltare personala etc. Da, unele meserii vor disparea. Altele se vor transforma. Dar daca treaba ta de zi cu zi poate fi inlocuita de AI si robotei, atunci probabil ca deja iti irosesti viata cu activitati monotone si lipsite de creatie...

Subestimezi instinctul de supravietuire al bacteriilor/parazitiilor. Isi gasesc intotdeauna o gazda de care sa se lipeasca si pe spatele careia sa se inmulteasca. Insa sunt si ei oarecum necesari pentru evolutia speciei (mai putin unii de misuna pe aici pe forum )

A suite of utilities simplilfying linux networking stack performance troubleshooting and tuning. https://pypi.python.org/pypi/netutils-linux netutils-linux It's a useful utils to simplify Linux network troubleshooting and performance tuning, developed in order to help Carbon Reductor techsupport and automate the whole linux performance tuning process out of box (ok, except the best RSS layout detection with multiple network devices). These utils may be useful for datacenters and internet service providers with heavy network workload (you probably wouldn't see an effect at your desktop computer). It's now in production usage with 300+ deployment and save us a lot of time with hardware and software settings debugging. Inspired by packagecloud's blog post. Installation You'll need pip. pip install netutils-linux Utils Monitoring All these top-like utils don't require root priveledges or sudo usage. So you can install and use them as non-priveledged user if you care about security. pip install --user netutils-linux Brief explanation about highlighting colors for CPU and device groups: green and red are for NUMA-nodes, blue and yellow for CPU sockets. Screenshots are taken from different hosts with different hardware. network-top Most useful util in this repo that includes almost all linux network stack performance metrics and allow to monitor interrupts, soft interrupts, network processing statistic for devices and CPUs. Based on following files: /proc/interrupts (vectors with small amount of irqs/second are hidden by default) /proc/net/softnet_stat - packet distribution and errors/squeeze rate between CPUs. /proc/softirqs (only NET_RX and NET_TX values). /sys/class/net/<NET_DEVICE>/statistic/<METRIC> files (you can specify units, mbits are default) There are also separate utils if you want to look at only specific metrics: irqtop, softirq-top, softnet-stat-top, link-rate. snmptop Basic /proc/net/smmp file watcher. Tuning rss-ladder Automatically set smp_affinity_list for IRQ of NIC rx/tx queues that usually work on CPU0 out of the box). Based on lscpu's output. It also supports double/quad ladder in case of multiprocessor systems (but you better explicitly specify queue count == core per socket as NIC's driver's param). Example output: # rss-ladder eth1 0 - distributing interrupts of eth1 (-TxRx-) on socket 0 - eth1: irq 67 eth1-TxRx-0 -> 0 - eth1: irq 68 eth1-TxRx-1 -> 1 - eth1: irq 69 eth1-TxRx-2 -> 2 - eth1: irq 70 eth1-TxRx-3 -> 3 - eth1: irq 71 eth1-TxRx-4 -> 8 - eth1: irq 72 eth1-TxRx-5 -> 9 - eth1: irq 73 eth1-TxRx-6 -> 10 - eth1: irq 74 eth1-TxRx-7 -> 11 autorps Enables RPS on all available CPUs of NUMA node local for the NIC for all NIC's rx queues. It may be good for small servers with cheap network cards. You also can explicitely pass --cpus or --cpu-mask. Example output: # autorps eth0 Using mask 'fc0' for eth0-rx-0. maximize-cpu-freq Sets every CPU scaling governor mode to performance and set max scaling value for min scaling value. So you will be able to use all power of your processor (useful for latency sensible systems). rx-buffers-increase rx-buffers-increase utils, that finds and sets compromise-value between avoiding dropped/missing pkts and keeping a latency low. Example output: # ethtool -g eth1 Ring parameters for eth1: Pre-set maximums: RX: 4096 ... Current hardware settings: RX: 256 # rx-buffers-increase eth1 run: ethtool -G eth1 rx 2048 # rx-buffers-increase eth1 eth1's rx ring buffer already has fine size. # ethtool -g eth1 Ring parameters for eth1: Pre-set maximums: RX: 4096 ... Current hardware settings: RX: 2048 Hardware and its configuration rating server-info Much alike lshw but designed for network processing role of server. # server-info show cpu: info: Architecture: x86_64 BogoMIPS: 6799.9899999999998 Byte Order: Little Endian CPU MHz: 3399.998 CPU family: 6 CPU op-mode(s): 32-bit, 64-bit CPU(s): 2 Core(s) per socket: 1 Hypervisor vendor: KVM L1d cache: 32K L1i cache: 32K L2 cache: 4096K Model: 13 Model name: QEMU Virtual CPU version (cpu64-rhel6) NUMA node(s): 1 NUMA node0 CPU(s): 0,1 On-line CPU(s) list: 0,1 Socket(s): 2 Stepping: 3 Thread(s) per core: 1 Vendor ID: GenuineIntel Virtualization type: full layout: '0': '0' '1': '1' disk: sr0: model: QEMU DVD-ROM vda: model: null size: 64424509440 type: HDD memory: MemFree: 158932 MemTotal: 1922096 SwapFree: 4128764 SwapTotal: 4128764 net: eth1: buffers: cur: 2048 max: 4096 conf: ip: 10.144.63.1/24 vlan: true driver: driver: e1000 version: 7.3.21-k8-NAPI queues: own: [] rx: [] rxtx: [] shared: - virtio1, eth0, eth1 tx: [] unknown: [] It also can rate hardware and its features in range of 1..10. # server-info rate cpu: BogoMIPS: 7 CPU MHz: 7 CPU(s): 1 Core(s) per socket: 1 L3 cache: 1 Socket(s): 10 Thread(s) per core: 10 Vendor ID: 10 disk: sr0: size: 1 type: 2 vda: size: 1 type: 1 memory: MemTotal: 1 SwapTotal: 10 net: eth1: buffers: cur: 5 max: 10 driver: 1 queues: 1 system: Hypervisor vendor: 1 Virtualization type: 1 Download: netutils-linux-master.zip or: git clone https://github.com/strizhechenko/netutils-linux.git Source: https://github.com/strizhechenko/netutils-linux

Multumesc frumos.

Internetworking with TCP/IP Volume One (6th Edition)

omul a pus poza cu tableta nu cu frigider

Cred ca, teoretic, daca AI s-ar dezvolta suficient, multe pozitii IT s-ar putea inlocui. La inceput, o sa fie AI care face "munca de jos", si noi sa ne batem capul doar cu concepte mai high-level (pana ajunge si AI-ul acolo, and then repeat). Totusi, poate(sper) o sa fie schimbari pozitive per total, poate o mai scoata lumea din "rat race" si oamenii o sa aiba timp sa fie mai mult oameni, si mai putin sclavi moderni, ceea ce s-ar putea sa si imbunatateasca relatiile dintre oameni. Sunt multi oameni care nu fac deloc ceva ce le place, pt ca isi consuma aproape tot timpul cu un job care ii ajuta doar sa supravietuiasca, si asta contribuie la multe lucruri negative. Dar o posibila parte negativa e ca daca ai tehnologie care face aproape totul pentru tine ca om, multi nu o sa isi mai exerseze abilitatile cognitive prea mult, ducand astfel la o scadere a inteligentei (am ajuns la acest nivel de inteligenta ca oameni tocmai prin rezolvarea problemelor pe care le intampinam), cu alte cuvinte lumea o sa se prosteasca si mai tare, ceea ce o sa fie un punct de exploatat pentru unii. Desigur, TV-ul si internetul folosit doar pentru divertisment fac asta deja cu multe persoane, dar sper sa nu creasca prea tare numarul lor in viitor.

@QuoVadis mi-ai amintit de bijuteria asta