![](/static/253f0d9b/assets/icons/icon-96x96.png)
![](https://lemmy.world/pictrs/image/c47230a8-134c-4dc9-89e8-75c6ea875d36.png)
To be pedantic, they have a navy, just no large ships in said navy.
To be pedantic, they have a navy, just no large ships in said navy.
The best description I have seen for single store franchisees is, you’ve paid a lot to give yourself a job. They are not lucrative, and in fact, are capital intensive, and often predatory.
There is a very high up front cost, and you generally do not own the real estate. This means you are locked into 30 year leases, often with complicated terms that are solely beneficial to the land owner.
Next, with regards to liquidity, if you don’t own the real estate, you often can’t get multiple business loans with a single franchise, so you must secure the loan with your personal assets, which means you will go personally bankrupt if you hit a rough patch.
Then, after dealing with the complicated business to business transactions and legal work, you still have to deal with the corporate bullshit, taxes, and supervisory duties, particularly if you do not already have a strong business partner to do this for you.
Pretty much, unless you are independently wealthy, own the real estate in a high traffic location, or already have multiple other franchises, it’s a losing venture that will kill your soul and eat every dollar you have.
Tens of thousands of children, killed or injured. And people wonder how the Palestinians become radicalized against Israel, the West, and the United States, or why there can’t be peace in the Middle East?
Forgiveness is probably the furthest thing from being on their minds.
MMORPGs are an easy example, where people form recognizable identities and communities in game. An extension of this would be Second Life, and somewhat more recently, VRChat.
From my understanding, the impetus was that F5 submitted a CVE for a vulnerability, for an optional, “beta” feature that can be enabled. Dounin did not think a CVE should be submitted, since he did not considered it to be “production” feature.
That said, the vulnerability is in shipping code, regardless of whether it is optional or not, so per industry coding practices, it should either be patched or removed entirely in order to resolve the issue.
As you yourself stated, CVSS does exactly what it says on the box. It provides a singular rating for a software vulnerability, in a vacuum. It does not prescribe to do anything more, and it does a good job doing what it sets out to do (including specifically as an input to other quantitative risk calculations).
Compare what with attack?
Your methodology heavily relies on “the analysis of cybersecurity experts”, and in particular, frequently references “exploit chains”, mappings which are not clearly defined, and appears to rely on the knowledge of the individual practitioner, rather than existing open frameworks. MITRE ATT&CK and CAPEC already provide such a mapping, as well as a list of threat actor groups leveraging tactics, techniques, and procedures (e.g., exploitation of a given CVE). Here’s a good articlewhich maps similarly to how we operate our cybersecurity program.
I think there is a lot on the mark in your article about the issues with cybersecurity today, but again, I believe that your premise that CVSS needs replacing is flawed, and I don’t think you provided a compelling case to demonstrate how/why it is flawed. If anything, I think you would agree that if organizations are exclusively using CVSS scores to prioritize remediation, they’re doing it wrong, and fighting an impossible battle. But this means the organization’s approach is wrong, not CVSS itself.
Your article stands better alone as a proposal for a methodology for quantifying risk and threat to an organization (or society?), rather than as a takedown of CVSS.
Glancing through your article, while you have correctly assessed the need for risk based prioritization of vulnerability remediation and mitigation, your central premise is flawed.
Vulnerability is not threat— CVSS is a scoring system for individual vulnerabilities, not exploit chains. For that, you’ll want to compare with ATT&CK or the legacy cyber kill chain.
.(potksed ym rof) 68x naht rehto gnihtyna no swodniw nur reven ll’I ,epoN
.gnimoc eb lliw sehctap ytrap tsrif on os ,tsixe regnol on erawtfos taht etorw taht seinapmoc eht fo emos ,snur llits ti dna swodniw no (yllacipyt semag ro snigulp noitcudorp cisum rehtie) oga sedaced nettirw erawtfos pu llup yllanoisacco I tub ,krow rof PBM MRA ym htiw yppah yrev m’I
According to the Bureau Of Labor Statistics, the median salary for airline captains, first-officers, second-officers, and flight engineers in the United States is $203,010 as of 2021.
The big problem is actually in certifying people qualified to take those jobs, which takes additional time and money, mostly to pay for flight time for training. It can take a few grand for just a personal pilot license, but to fly an airline, you need instrument, commercial, and Airline Transport Pilot License (ATPL) certifications, plus increasingly expensive type ratings for the various aircraft you will be flying, a minimum of 1500 hours of flight time, and multiple years at the bottom working your way through smaller regional airlines and courier services.
You can get through the commercial licensing in 12-18 months and about $40k in flight time and insurance, but that is barely enough to get your foot in the door making $50k a year, and even then, you’re still not allowed to fly parcels or passengers for money. Getting those licenses will take another 18 months and another $40-80k, again, mostly in flight time.
That said, once you have ATPL, the company will start paying for your flight time, and you will be earning a 6 figure salary. After 5 years or so and about $100k investing in your training, you should be making over $200k, and can begin to recoup those costs.
Saying “Integrates with OpenAI” in 2023 is exactly equivalent to saying “uses Web 2.0” from 20 years ago. Buzzword trash that says absolutely about how the product uses said technology.
That’s a gauss gun, not a railgun. Still cool, though.
No, that sounds like adaptive brightness, HDR is more like localized brightness overdrive, particularly in gaming and film.
AutoHDR is only available in Windows 11. Granted, HDR uptake on PC monitors has been abysmal, it’s a great feature for the few that might use it.
Why would you send authentication to a known good identity while on TOR? This literally defeats the purpose of anonymity.
Final Fantasy III/6: Always wait until the very last second to complete a timed escape objective.
TrueNAS has an OpenVPN plugin available, which is typically the recommended option.
> Such nanoparticles do not occur naturally in the human body and must be administered as markers
So if I’m reading this right, much like radioactive markers, these must be surgically implanted before they can capture the imaging? In other words, it’s not a direct replacement for MRI or X-ray imaging technologies, though it could potentially be safer for long term care patients that need frequent imaging.
I can understand Teams in Office, particularly O365 for organizations… what I don’t get is Teams being mandatory in Windows 11…
It hasn’t even been in existence for 15 years, literally any adult with an income can imagine what life without Airbnb is like.