explain xkcd - User contributions [en]

2007: Brookhaven RHIC

2018-06-16T14:35:35Z

162.158.74.171: /* Explanation */

{{comic
| number = 2007
| date = June 15, 2018
| title = Brookhaven RHIC
| image = brookhaven_rhic.png
| titletext = "Buddy, you trying to pull something? I can't buy this gold--all the electrons are missing. I could face serious charges!"
}}

==Explanation==
{{incomplete|Created by a HEAVILY CHARGED BOT ION - Please CHANGE THIS comment when editing this page. Do NOT delete this tag too soon.}}
The {{w|Relativistic Heavy Ion Collider}} is a particle accelerator designed to collide gold ions together at incredibly high speeds. This is normally done to study particle physics - the high-energy collisions allow us to learn more about how subatomic particles behave.

[[Randall]] proposes that, instead of using the beam of gold ions for particle collisions, it should be diverted and sold at cash-for-gold stores to make money. The joke is that because they are traveling at relativistic speeds, the mass of the particles being sold will be much more than the mass of the ions being supplied to the collider's input. However, it would be very difficult to sell a beam of charged particles{{Citation needed}}. The amount of gold involved is below microscopic scales. This is probably why Brookhaven rejected Randall's proposal. Randall has done many comics describing impractical{{Citation needed}} research proposals.

The title text imagines the owner of the stores complaining about the sale, not because of impracticality, but because Randall tries to sell gold ions with the entire positively-charged nucleus of the gold atom with all 79 electrons stripped from it instead of normal, electrically neutral gold atoms. And this is also a pun on the word "charges", which could refer to {{w|electric charge}} or to {{w|criminal charge|criminal charges}}.

The cash for gold stores depicted in the comic are, from left to right:

We Buy Gold
451 Glen Dr
Shirley, NY 11967

Cash for Gold
969 Montauk Hwy
Shirley, NY 11967

Enrico's Jewelry Exchange
442 William Floyd Pkwy
Shirley NY 11967

==Transcript==
{{incomplete transcript|Do NOT delete this tag too soon.}}

:[A single panel contains a simplified overhead map view of the Brookhaven Relativistic Heavy Ion Collider and some of the surrounding area. The map is rotated 90°; north is to the left. The collider is located on the left hand side of the image as a yellow beam (representing the Gold ions) outlined in black. Parts of the collider are are labeled and there are light gray arrows indicating the direction of travel for the ions. At the bottom of the main accelerator ring there is a diverter that splits the ion beam and directs it towards a set of three Cash for Gold stores, passing through a more diverters along the way. Each Cash for Gold store is represented with a yellow burst and is marked with a Google maps style "store" locator pin. The following labels are written on the map.]

:Brookhaven Relativistic Heavy Ion Collider
:Gold Ion Source
:Accelerator Ring
:Diverter
:Gold Ion Beam

:[There are arrows coming from this label pointing at each store]
:Cash for Gold Stores

:[Caption below the panel:]
:Sadly, Brookhaven rejected my proposed experiment

{{comic discussion}}

[[Category:Physics]]
[[Category:Science]]
[[Category:Comics with color]]

2007: Brookhaven RHIC

2018-06-16T14:34:59Z

162.158.74.171: /* Explanation */

{{comic
| number = 2007
| date = June 15, 2018
| title = Brookhaven RHIC
| image = brookhaven_rhic.png
| titletext = "Buddy, you trying to pull something? I can't buy this gold--all the electrons are missing. I could face serious charges!"
}}

==Explanation==
{{incomplete|Created by a HEAVILY CHARGED BOT ION - Please CHANGE THIS comment when editing this page. Do NOT delete this tag too soon.}}
The {{w|Relativistic Heavy Ion Collider}} is a particle accelerator designed to collide gold ions together at incredibly high speeds. This is normally done to study particle physics - the high-energy collisions allow us to learn more about how subatomic particles behave.

[[Randall]] proposes that, instead of using the beam of gold ions for particle collisions, it should be diverted and sold at cash-for-gold stores to make money. The joke is that because they are traveling at relativistic speeds, the mass of the particles being sold will be much more than the mass of the ions being supplied to the collider's input. However, it would be very difficult to sell a beam of charged particles{{Citation needed}}. The amount of gold involved is below microscopic scales. This is probably why Brookhaven rejected Randall's proposal. Randall has done many comics describing impractical{{Citation needed}} research proposals.

The title text imagines the owner of the stores complaining about the sale, not because of impracticality, but because Randall tries to sell gold ions with the entire positively-charged nucleus of the gold atom with all 79 electrons stripped from it instead of normal, electrically neutral gold atoms. And this is also a pun on the word "charges", which could refer to {{w|electric charge}} or to {{w|criminal charge|criminal charges}}.

The cash for gold stores depicted in the comic are, from left to right:
We Buy Gold
451 Glen Dr
Shirley, NY 11967

Cash for Gold
969 Montauk Hwy
Shirley, NY 11967

Enrico's Jewelry Exchange
442 William Floyd Pkwy
Shirley NY 11967

==Transcript==
{{incomplete transcript|Do NOT delete this tag too soon.}}

:[A single panel contains a simplified overhead map view of the Brookhaven Relativistic Heavy Ion Collider and some of the surrounding area. The map is rotated 90°; north is to the left. The collider is located on the left hand side of the image as a yellow beam (representing the Gold ions) outlined in black. Parts of the collider are are labeled and there are light gray arrows indicating the direction of travel for the ions. At the bottom of the main accelerator ring there is a diverter that splits the ion beam and directs it towards a set of three Cash for Gold stores, passing through a more diverters along the way. Each Cash for Gold store is represented with a yellow burst and is marked with a Google maps style "store" locator pin. The following labels are written on the map.]

:Brookhaven Relativistic Heavy Ion Collider
:Gold Ion Source
:Accelerator Ring
:Diverter
:Gold Ion Beam

:[There are arrows coming from this label pointing at each store]
:Cash for Gold Stores

:[Caption below the panel:]
:Sadly, Brookhaven rejected my proposed experiment

{{comic discussion}}

[[Category:Physics]]
[[Category:Science]]
[[Category:Comics with color]]

456: Cautionary

2018-06-12T15:00:19Z

162.158.74.171: /* Explanation */

{{comic
| number = 456
| date = July 30, 2008
| title = Cautionary
| image = cautionary.png
| titletext = This really is a true story, and she doesn't know I put it in my comic because her wifi hasn't worked for weeks.
}}

==Explanation==
[[Cueball]]'s cousin decides to install Linux on her new PC, and calls Cueball, whom she views as her personal Linux expert. The overarching joke revolves around the fact that Linux, especially home PC-based GNU/Linux, is much more often used as a "hobby" OS, as compared against a "productivity" OS such as {{w|Windows}} or {{w|macOS}}. Large numbers of people use Windows or Mac by default, because it came with their computer hardware when they bought it, and it already had the software suite they wanted to use installed along with it. Linux, on the other hand, rarely comes pre-installed on PC hardware and generally must be deliberately chosen and acquired; and while it can be set up to achieve efficient and productive workflow in virtually any area on PCs, because it often must be consciously selected, installed, and configured by users, it tends to either attract or, in a few cases, create individuals who take disproportionate pleasure in, and derive self-identification from, hacking the operating system itself. Thus, many people who are {{w|Linux}} {{w|Hacker (hobbyist)|enthusiasts}} began by not really knowing anything about it other than that it's {{w|Gratis|free of cost}}, but the process of actually building Linux on their machines gradually led them to take an increasing interest in it, which the comic humorously likens to substance addiction.

Xorg (officially {{w|X.Org Server|X.Org}}) is an implementation of the X Window System, a program responsible for the graphical display used on Linux. If it has configuration problems, which was quite common with some video card drivers back in 2008 (especially {{w|fglrx#Linux|those
for ATI Radeon cards}}), it is often difficult and/or painful to fix (see [[963: X11]]). {{w|man page|Man pages}} are manual pages for Unix-based operating systems and software, usually accessible online but also bundled with the software itself. Considered helpful and clear by the sorts of advanced computer users who typically run Linux, the text only documentation requires a bit of a learning curve and is not generally adequate for less-technical users. Here the joke starts to build in that Cueball's friend, a computer novice who just wanted something to work out of the box, is now having to learn how to understand Linux documentation in order to even 'attempt' to fix her ongoing Xorg problem (likely an inability to start a graphical terminal, something a novice user would depend on).

In the third panel we see that the friend's problems are persisting. She may have been able to get a graphical terminal to work, but now Ubuntu's built-in auto configuration tools are failing to address another critical problem. She suggests that she is considering switching to a more "advanced" Linux distro in order to sidestep the failing autoconfig issues. A Linux "distribution" is a suite of tools and applications that provide a specific user experience on top of the core Linux operating system. Each distribution, or "distro", has a different look and feel, and different feature sets and design philosophies. {{w|Ubuntu (operating system)|Ubuntu}} is a very popular "beginner" version of Linux, designed to "just work" and be familiar/usable to people fresh out of Windows. {{w|Debian}} is a popular but somewhat more "advanced", traditionally "{{w|Unix-like}}", distro, with a huge and diverse base of supported software that generally requires more Linux know-how to configure and use. In fact Ubuntu is based on Debian, and under the hood they have similar features, so that it would not be considered much of a leap for an competent Ubuntu user to switch. {{w|Gentoo Linux|Gentoo}}, on the other hand, is a very advanced distro allowing for extreme customization and optimization but requiring extensive install and setup time. It is generally considered to be extremely complex and beginner-unfriendly (to the point that its difficulty has become somewhat mimetic in the Linux world), a trade-off for providing a powerful and versatile set of tools for advanced system hacking. It appears that during her six-week struggle to build her system, Cueball's cousin has started to consider that her problem would require a solution that could only be accommodated by complex tweaking.

In the fourth panel there is a strong implication that the friend has indeed switched to Gentoo because a hallmark of that distribution is the kernel (the basic core of the operating system) must be compiled from source code upon installation. Source code is a computer program expressed in an somewhat human-readable format, often simply as text. However, source code cannot be run directly by a computer, and instead needs to be "compiled" into low level machine instructions the computer can understand. This means that with Gentoo, instead of downloading an already functional Linux system to install and run, users download the source code for the system, customize it to their own needs, then compile the code into a runnable version of the OS, all before they can begin to use the system. The friend has been forced to do this because whatever her problem is, the solution required a customized kernel. This could include needing the kernel to be compiled in a non-standard way not supported by more mainstream distros, incorporating experimental third party code into the kernel or modifying the kernel herself to fix the problem. Compiling a kernel with the aforementioned modifications is a tricky affair since any mistake or oversight can render the kernel, and thus the computer, non-functional. If a mistake is made or the custom kernel does not fix her problem the kernel needs to be compiled anew. The fourth panel also implies the friend has been stuck in a {{w|Trial and error}} loop, compiling the kernel over and over again for the better part of 6 weeks in an attempt to fix her problem.

To many such advanced users, their installation of Linux is like a hobby sportscar: A never-ending project, constantly tweaked and cleaned and adjusted to improve performance, that spends far more time sitting around with its hood open than actually being used for its ostensible purpose. However, for more typical users who are interested in a functional computer system instead of a toy or project system, Gentoo can be highly frustrating or plainly unusable. By week 12, Cueball's friend is likely suffering from the {{w|Sunk cost fallacy}}, in that she believes that since she has put in so much time she needs to see it through. She might also be optimistically underestimating how much additional work will be required since at each point Linux does at least offer potential solutions due to its customizability. Finally there could be an element of {{w|Target fixation}}, in that the friend has become so focused on the problem, she has forgotten about her original plans for the computer or that Windows is still an option.

In the fifth panel, Randal riffs on the old anti-drug message "Parents, talk to your kids about drugs before someone else does", with the meaning being if a responsible adult does not educate their kids about the dangers of drugs (or Linux), then someone else (likely a peer) might convince them that drugs (or Linux) is a good idea. This brings us to the overall theme of the comic in that Linux might 'seem' like a good idea for the average, less-technical user, but in reality will open up a world of pain that will hinder their ability to be a computationally functional member of society. There is an additional call to the theory of {{w|gateway drugs}} where mild drugs like alcohol or cannabis will lead to harder drugs like cocaine and heroin. In the comic, Cueball's friend starts out with Ubuntu, a "gateway" version of Linux. However it quickly leads to harder and harder versions, all in a futile effort to solve her problem, with the end result being her vanishing for weeks inside her house like a junkie hopelessly hooked on drugs.

The title text continues the joke about Linux's poor support for many {{w|Wi-Fi}} cards common in 2008, a device that is not only well supported on Windows, but was typically seen as making networking easy for less technical users.

While the comic primarily pokes fun at the difficulties in using Linux (circa 2008), it indirectly shows some of the advantages. The first one is that it is a freely available alternative to Windows and the second is that it provides users the tools to make fixing problems possible, whereas with Windows the only problems that are fixed are the ones Microsoft chooses to fix. The comic is also somewhat anachronistic as over time hardware support in Linux has become much more robust. It is currently unlikely that Cueball's friend would wind up in kernel compile hell to enable basic functions such as graphics and Wi-Fi. The world's most popular operating system, Android, is a flavor of Linux and the growth of web-based applications have pushed much of even the desktop user experience into the browser. As of 2017 it would be unlikely that the friend would even consider a desktop computer, instead relying on her Android phone or tablet.

==Transcript==
:Linux: A True Story:
:[Cueball talks on a cell phone.]
:Week One:
:Cousin: Hey, it's your cousin. I got a new computer but don't want Windows. Can you help me install "Linux"?
:Cueball: Sure.

:[Cueball's cousin sits in an office chair with her laptop on her lap. She is on the phone.]
:Week Two:
:Cousin: It says my XORG is broken. What's an "XORG"? Where can I look that up?
:Cueball: Hmm, lemme show you man pages.

:[Cueball's cousin crouches on the floor with the laptop on her lap. She is still on the phone.]
:Week Six:
:Cousin: Due to auto-config issues, I'm leaving Ubuntu for Debian.
:Cueball: Uh.
:Cousin: Or Gentoo.
:Cueball: Uh oh.

:[Cueball's Cousin lies on her stomach with the laptop on the floor. On the floor are several pieces of paper and a book. Cueball stands to her left.]
:Week Twelve:
:Cueball: You haven't answered your phone in days.
:Cousin: Can't sleep. Must compile kernel.
:Cueball: I'm too late.

:[Box with text:]
:Parents: talk to your kids about Linux... Before somebody else does.

{{comic discussion}}
[[Category:Comics featuring Cueball]]
[[Category:Linux]]
[[Category:Man pages]]

456: Cautionary

2018-06-12T14:45:04Z

162.158.74.171: /* Explanation */

{{comic
| number = 456
| date = July 30, 2008
| title = Cautionary
| image = cautionary.png
| titletext = This really is a true story, and she doesn't know I put it in my comic because her wifi hasn't worked for weeks.
}}

==Explanation==
[[Cueball]]'s cousin decides to install Linux on her new PC, and calls Cueball, whom she views as her personal Linux expert. The overarching joke revolves around the fact that Linux, especially home PC-based GNU/Linux, is much more often used as a "hobby" OS, as compared against a "productivity" OS such as {{w|Windows}} or {{w|OS X}}. Large numbers of people use Windows or Mac by default, because it came with their computer hardware when they bought it, and it already had the software suite they wanted to use installed along with it. Linux, on the other hand, rarely comes pre-installed on PC hardware and generally must be deliberately chosen and acquired; and while it can be set up to achieve efficient and productive workflow in virtually any area on PCs, because it often must be consciously selected, installed, and configured by users, it tends to either attract or, in a few cases, create individuals who take disproportionate pleasure in, and derive self-identification from, hacking the operating system itself. Thus, many people who are {{w|Linux}} {{w|Hacker (hobbyist)|enthusiasts}} began by not really knowing anything about it other than that it's {{w|Gratis|free of cost}}, but the process of actually building Linux on their machines gradually led them to take an increasing interest in it, which the comic humorously likens to substance addiction.

Xorg (officially {{w|X.Org Server|X.Org}}) is an implementation of the X Window System, a program responsible for the graphical display used on Linux. If it has configuration problems, which was quite common with some video card drivers back in 2008 (especially {{w|fglrx#Linux|those
for ATI Radeon cards}}), it is often difficult and/or painful to fix (see [[963: X11]]). {{w|man page|Man pages}} are manual pages for Unix-based operating systems and software, usually accessible online but also bundled with the software itself. Considered helpful and clear by the sorts of advanced computer users who typically run Linux, the text only documentation requires a bit of a learning curve and is not generally adequate for less-technical users. Here the joke starts to build in that Cueball's friend, a computer novice who just wanted something to work out of the box, is now having to learn how to understand Linux documentation in order to even 'attempt' to fix her ongoing Xorg problem (likely an inability to start a graphical terminal, something a novice user would depend on).

In the third panel we see that the friend's problems are persisting. She may have been able to get a graphical terminal to work, but now Ubuntu's built-in auto configuration tools are failing to 'address' another critical problem, and possibly getting in the way of fixes suggested in the previously mentioned man pages. The friend suggests that she is considering a more "advanced" distribution in the hopes that they might offer some additional flexibility to fix the problem at hand. A Linux "distribution" is a suite of tools and applications that provide a specific user experience on top of the core Linux operating system. Each distribution, or "distro", has a different look and feel, and different feature sets and design philosophies. {{w|Ubuntu (operating system)|Ubuntu}} is a very popular "beginner" version of Linux, designed to "just work" and be familiar/usable to people fresh out of Windows. {{w|Debian}} is a popular but somewhat more "advanced", "{{w|Unix-like}}, distro, that is nevertheless considered mainstream with a huge and diverse base of supported software that generally requires more Linux know-how to configure and use. In fact Ubuntu is based on Debian and it would not be considered much of a leap for an Ubuntu user to switch. {{w|Gentoo Linux|Gentoo}}, on the other hand, is a very advanced distro allowing for extreme customization and optimization but requiring extensive install and setup time. It is generally considered to be the most difficult form of Linux to use and is often joked about as being a form of technological masochism. It appears that during her six weeks struggle to build her system, Cueball's friend has started to consider that her problem would require a solution that could only be accommodated by Gentoo.

In the fourth panel there is a strong implication that the friend has indeed switched to Gentoo because a hallmark of that distribution is the kernel (the basic core of the operating system) must be compiled from source code upon installation. Source code is a computer program expressed in an somewhat human-readable format, often simply as text. However, source code cannot be run directly by a computer, and instead needs to be "compiled" into a low level machine instructions the computer can understand. This means that with Gentoo, instead of downloading an already functional Linux system to install and run, users download the source code for the system, customize it to their own needs, then compile the code into a runnable version of the OS, all before they can begin to use the system. The friend has been forced to do this because whatever her problem is, the solution required a customized kernel. This could include needing the kernel to be compiled in a non-standard way not supported by more mainstream distros, incorporating experimental third party code into the kernel or modifying the kernel herself to fix the problem. Compiling a kernel with the aforementioned modifications is a tricky affair since any mistake or oversight can render the kernel, and thus the computer, non-functional. If a mistake is made or the custom kernel does not fix her problem the kernel needs to be compiled anew. The fourth panel also implies the friend has been stuck in a {{w|Trial and error}} loop, compiling the kernel over and over again for the better part of 6 weeks in an attempt to fix her problem.

To many such advanced users, their installation of Linux is like a hobby sportscar: A never-ending project, constantly tweaked and cleaned and adjusted to improve performance, that spends far more time sitting around with its hood open than actually being used for its ostensible purpose. However, for more typical users who are interested in a functional computer system instead of a toy or project system, Linux can be highly frustrating, requiring far more time and effort just to bring the system to the point where they can use it for what they wanted to do all along. By week 12, Cueball's friend is likely suffering from the {{w|Sunk cost fallacy}}, in that she believes that since she has put in so much time she needs to see it through. She might also be optimistically underestimating how much additional work will be required since at each point Linux does at least offer potential solutions due to its customizability. Finally there could be an element of {{w|Target fixation}}, in that the friend has become so focused on the problem, she has forgotten about her original plans for the computer or that Windows is still an option.

In the fifth panel, Randal riffs on the old anti-drug message "Parents, talk to your kids about drugs before someone else does", with the meaning being if a responsible adult does not educate their kids about the dangers of drugs (or Linux), then someone else (likely a peer) might convince them that drugs (or Linux) is a good idea. This brings us to the overall theme of the comic in that Linux might 'seem' like a good idea for the average, less-technical user, but in reality will open up a world of pain that will hinder their ability to be a computationally functional member of society. There is an additional call to the theory of {{w|gateway drugs}} where mild drugs like alcohol or cannabis will lead to harder drugs like cocaine and heroin. In the comic, Cueball's friend starts out with Ubuntu, a "gateway" version of Linux. However it quickly leads to harder and harder versions, all in a futile effort to solve her problem, with the end result being her vanishing for weeks inside her house like a junkie hopelessly hooked on drugs.

The title text continues the joke about Linux's poor support for many {{w|Wi-Fi}} cards common in 2008, a device that is not only well supported on Windows, but was typically seen as making networking easy for less technical users.

While the comic primarily pokes fun at the difficulties in using Linux (circa 2008), it indirectly shows some of the advantages. The first one is that it is a freely available alternative to Windows and the second is that it provides users the tools to make fixing problems possible, whereas with Windows the only problems that are fixed are the ones Microsoft chooses to fix. The comic is also somewhat anachronistic as over time hardware support in Linux has become much more robust. It is currently unlikely that Cueball's friend would wind up in kernel compile hell to enable basic functions such as graphics and Wi-Fi. The world's most popular operating system, Android, is a flavor of Linux and the growth of web-based applications have pushed much of even the desktop user experience into the browser. As of 2017 it would be unlikely that the friend would even consider a desktop computer, instead relying on her Android phone or tablet.

==Transcript==
:Linux: A True Story:
:[Cueball talks on a cell phone.]
:Week One:
:Cousin: Hey, it's your cousin. I got a new computer but don't want Windows. Can you help me install "Linux"?
:Cueball: Sure.

:[Cueball's cousin sits in an office chair with her laptop on her lap. She is on the phone.]
:Week Two:
:Cousin: It says my XORG is broken. What's an "XORG"? Where can I look that up?
:Cueball: Hmm, lemme show you man pages.

:[Cueball's cousin crouches on the floor with the laptop on her lap. She is still on the phone.]
:Week Six:
:Cousin: Due to auto-config issues, I'm leaving Ubuntu for Debian.
:Cueball: Uh.
:Cousin: Or Gentoo.
:Cueball: Uh oh.

:[Cueball's Cousin lies on her stomach with the laptop on the floor. On the floor are several pieces of paper and a book. Cueball stands to her left.]
:Week Twelve:
:Cueball: You haven't answered your phone in days.
:Cousin: Can't sleep. Must compile kernel.
:Cueball: I'm too late.

:[Box with text:]
:Parents: talk to your kids about Linux... Before somebody else does.

{{comic discussion}}
[[Category:Comics featuring Cueball]]
[[Category:Linux]]
[[Category:Man pages]]

1957: 2018 CVE List

2018-03-02T19:31:20Z

162.158.74.171: /* Table of possible CVE */

{{comic
| number = 1957
| date = February 19, 2018
| title = 2018 CVE List
| image = 2018_cve_list.png
| titletext = CVE-2018-?????: It turns out Bruce Schneier is just two mischevious kids in a trenchcoat.
}}

==Explanation==

{{w|Common Vulnerabilities and Exposures|CVE}} (Common Vulnerabilities and Exposures) is a standardized format for assigning an identity to a cybersecurity vulnerability (similar to the way that astronomical bodies are assigned unique identifiers by committees). Giving vulnerabilities a unique identifier makes them easier to talk about and helps in keeping track of the progress made toward resolving them. The typical format of a CVE identifier is '''CVE-[YEAR]-[NUMBER]'''. For example, the CVE identifier for 2017's widespread {{w|Meltdown (security vulnerability)|Meltdown vulnerability}} is [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754 CVE-2017-5754]. CVEs also contain a short description of the issue.

In this comic (released in February 2018), Randall presents a number of spurious predicted CVEs for later in 2018. Each CVE identifier is given as "CVE-2018-?????", reflecting the fact that they have not yet happened so we don't know exactly what their CVE identifier will be.

==Table of possible CVE==
{|class="wikitable"
! style="width: 30%;" | Security Vulnerability
! style="width: 70%;" | Notes
|-
|Apple products crash when displaying certain {{w|Telugu language|Telugu}} or {{w|Bengali language|Bengali}} letter combinations.
|This refers to a real vulnerability in iOS and MacOS publicized a few days before the comic was released,<ref>https://techcrunch.com/2018/02/15/iphone-text-bomb-ios-mac-crash-apple/</ref> as well as past similar iOS vulnerabilities<ref>https://thenextweb.com/apps/2017/01/18/iphone-ipad-apple-text-ios-bug/</ref><ref>http://www.telegraph.co.uk/technology/2018/01/18/apple-text-bomb-can-crash-iphones-single-message/</ref>.
|-
|An attacker can use a timing attack to extploit [''sic''] a race condition in {{w|Garbage collection (computer science)|garbage collection}} to extract a limited number of bits from the Wikipedia article on Claude Shannon.
|The reference to using a Timing Attack to exploit a race condition in garbage collection refers to Meltdown and Spectre CPU flaws that can be exploited in a cloud server like the ones in Wikipedia. {{w|Claude Shannon}} was an early and highly influential information scientist whose work underlies compression, encryption, security, and the theory behind how information is encoded into binary digits - hence the pertinence of extracting just some of the bits from his Wikipedia entry. This is not really a security problem, since all the bits of the article are publicly available.
|-
|At the cafe on Third Street, the Post-it note with the WiFi password is visible from the sidewalk.
|Cafés often offer free access to WiFi as a service to patrons, as a business strategy to encourage said patrons to remain in the building and buy more coffee. Some use a password, so that only patrons can use the WiFi, and may display the password on signage inside. Since anybody could go into the cafe to read the post-it, and then use the network from nearby, the ability to read it from outside is, at most, a trivial problem. For systems that are supposed to be secure, writing passwords in a visible place is a major security flaw. For instance, following the [[wikipedia:2018 Hawaii false missile alert|2018 Hawaii false missile alert]], the agency concerned received criticism for a press photo showing a password written on a sticky note attached to a monitor.<ref>http://uk.businessinsider.com/hawaii-emergency-agency-password-discovered-in-photo-sparks-security-criticism-2018-1?r=US&IR=T</ref>
|-
|A remote attacker can inject arbitrary text into public-facing pages via the comments box.
|Describes a common feature on news sites or social media sites like Facebook. The possibility for users to "inject" text into the page is by design. This is a humorous reference to the relatively common security vulnerability "[[Wikipedia:Cross-site_scripting|persistent cross-site scripting]]", where input provided by a user, such as through a comment section, can result in dangerous content containing arbitrary HTML or JavaScript code being displayed to other users.
|-
|MySQL server 5.5.45 secretly runs two parallel databases for people who say "S-Q-L" and "sequel."
|Some people pronounce "{{w|SQL}}" like "sequel", after SQL's predecessor "SEQUEL (Structured English Query Language)". The standard for SQL suggests that it should be pronounced as separate letters; however, the author of SQL pronounces it "sequel", so the debate is persisting (with even more justification than arguments about how to pronounce "GIF"). MySQL is an open-source relational database management system. The latest generally available version (at the time of writing) is MySQL 5.7.
|-
|A flaw in some x86 CPUs could allow a root user to de-escalate to normal account privileges.
|{{w|Privilege escalation}} refers to any illegitimate means by which a system user gains greater access than they are supposed to have, and most hackers will seek to achieve this if they can. The most highly-sought privilege is that of the root user, which allows complete access to an entire system.

This CVE, however, presents the reverse situation: that a flaw can allow a root user to ''de-escalate'' to a less privileged user. This would have no obvious benefit, since anything the user could do in the new mode, they could have done before anyway. In any case, the root user can always de-escalate manually if they so choose, as they have complete control.
|-
|Apple products catch fire when displaying emoji with diacritics.
|This is a reference to a common problem of modern gadgets catching fire (usually related to flaws in lithium-ion batteries), as well as to Apple products crashing when attempting to display certain character sequences. Diacritics are the accents found on letters in some languages (eg. č, ģ ķ, ļ, ņ, š, ž). These would not normally be found on emojis.
|-
|An oversight in the rules allows a dog to join a basketball team.
|This probably refers to the movie {{w|Air Bud}}, about a dog playing basketball. This has been a common theme in xkcd comics: see [[115: Meerkat]], [[1439: Rack Unit]], [[1819: Sweet 16]], [[1552: Rulebook]].
|-
|Haskell isn't side-effect-free after all; the effects are all just concentrated in this one. computer [''sic''] in Missouri that no one's checked on in a while.
|{{w|Haskell (programming language)|Haskell}} is a functional programming language. Functional programming is characterized by using functions that don't have side effects (can't change things which would be accessible in other parts of the program), as in [[1312: Haskell]]. The joke here is discovering that it does indeed have side-effects, but for some unknown (and highly absurd) reason they only manifest on a specific computer in a nondescript location, but no one has noticed.
|-
|Nobody really knows how hypervisors work.
|[[wikipedia:Hypervisor|"Hypervisors"]] are a tool for computer virtualization. Virtualization is complex to implement, as it requires a computer to completely simulate another computer, with its own unique hardware and software. Many IT professionals and businesses rely heavily on various forms of virtualization, but most of the individual employees would be hard-pressed to explain how it works. Programs running on other virtual computers, or on the real computer, may be able to access information on a virtual computer in ways which would not be possible with a single real computer. Consequently, understanding how the hypervisor works is important to assessing the security of a virtual server. Meltdown and Spectre are related to this.
|-
|Critical: Under Linux 3.14.8 on System/390 in a UTC+14 time zone, a local user could potentially use a buffer overflow to change another user's default system clock from 12-hour to 24-hour.
|This joke is about arcane systems that are running Linux in exceedingly rare situations, meaning that reproducing errors would be incredibly difficult or inconvenient, and would only affect a very tiny user base (if any at all). {{w|IBM System/390 ES/9000 Enterprise Systems Architecture ESA family|System/390}} is an IBM mainframe introduced almost 30 years before this comic, which has a version of Linux. UTC+14 is a time zone used only on some islands in the Pacific Ocean (Primarily [[Wikipedia:Line_Islands|the Line Islands]]) and is also the earliest time zone on earth. Even if all of these absurd conditions were met, the resulting vulnerability would still be relatively benign: simply changing a user's preferred clock display format. Other xkcd comics make references to such obscure computer-time issues relating to time zones and time conversions, and how many programmers find these issues frustrating or even traumatizing.
|-
|x86 has way too many instructions.
|The x86 architecture (used in many Intel and AMD processors) is very complicated. Processors typically implement such a complex architecture using programs (microcode) run on a set of hidden, proprietary processors. The details of these hidden machines and errors in the microcode can result in security vulnerabilities, such as Meltdown, where the physical machine does not match the conceptual machine.

A more complicated instruction set is more complex to implement.{{Citation needed}} The x86 architecture is considered "CISC" (a "{{w|Complex instruction set computer}}"), having many instructions originally provided to make programming by a human simpler; other examples include the 68000 series used in the first {{w|Apple Macintosh}}. In the 1980s, this design philosophy was countered by the "RISC" ("{{w|Reduced instruction set computer}}") design movement - based on the observation that computer programs were increasingly generated by compilers (which only used a few instructions) rather than directly by people, and that the chip area dedicated to extra instructions could be better dedicated to, for example, cache. Examples of RISC style designs include {{w|SPARC}}, {{w|MIPS}}, {{w|PowerPC}} (used by Apple in later Macintoshes) and the {{w|ARM architecture|ARM}} chips common in mobile phones. Historically, there was considerable discussion about the merits of each approach. At one time the Mac and Windows PC were on different sides; owners of other competing systems such as the Archimedes and Amiga had similar arguments on usenet in the early 1990s. This "issue" may be posted by someone who still recalls these debates. Technically, the extra instructions do slightly complicate the task of validating correct chip behaviour and complicate the tool chains that manage software, which could be seen as a minor security risk. However, the 64-bit architecture introduced by {{w|AMD}}, and since adopted by {{w|Intel}}, does rationalise things somewhat, and all recent x86 chips break down instructions into RISC-like micro-operations, so the complication from a hardware perspective is localised. Recent security issues, such as the speculative cache load issue in Meltdown and Spectre, depend more on details of implementation, rather than instruction set, and have been exhibited both by x86 (CISC) and ARM (RISC) processors.

This explanation has way too many words.
|-
|NumPy 1.8.0 can factor primes in ''O''(log ''n'') time and must be quietly deprecated before anyone notices.
|NumPy is the fundamental package for scientific computing with the programming language Python. ''O''(log ''n'') is [[wikipedia:Big_O_notation#Infinite_asymptotics|Big O notation]] meaning that the time it takes for a computer algorithm to run is in the order of log ''n'', for an input of size ''n''. ''O''(log ''n'') is very fast and is more usual for a search algorithm. Prime factorization currently is ''O''(''2''''n''n)). If something can find the prime factors of a number this quickly, especially a [[wikipedia:semiprime|semiprime]] with two large factors, it will enable attacks to break many crypto functions used in internet security. However, prime numbers have only a single factor, and "factoring primes" quickly is a simpler problem, that of [[wikipedia:Primality test|proving that a number is in fact a prime]].
|-
|Apple products grant remote access if you send them words that break the "I before E" rule.
|Another joke on the first CVE and [[wikipedia:I before E except after C|a common English writing rule of thumb]], which fails almost as often as it succeeds. Could also be a joke about the iPhone name which follows the rule. Also possibly a jab at Apple's image, portraying their software as unable to handle improper grammar or spelling.
|-
|Skylake x86 chips can be pried from their sockets using certain flathead screwdrivers.
|Skylake x86 chips are a line of microprocessors made by Intel. Some processors are soldered directly to a system board or daughter board, while others are attached to boards that plug into the system board by means of a socket (pins or connectors that make physical contact with receptacles or connectors on a system board). Some sockets, especially older ones, require force to insert or remove, and often require the use of a flat blade screwdriver or a specialized tool, but most modern ones use ZIF (Zero Insertion Force) techniques, often involving a lever or similar to tighten or loosen the friction/tightness of the contacts. No screwdriver is needed in this case. However, any processor ''can'' be forcefully removed from its socket with a screwdriver.{{Citation needed}}
|-
|Apparently Linus Torvalds can be bribed pretty easily.
|{{w|Linus Torvalds}} is the benevolent{{Citation needed}} dictator of the Linux kernel codebase. Normally it is hard to make changes because he has the last word, and because the kernel is replicated in all Linux installations. Linus made the news in January 2018 when, having looked at one of Intel's proposed fixes for the Spectre and Meltdown vulnerabilities, he declared "the patches are COMPLETE AND UTTER GARBAGE".<ref>https://techcrunch.com/2018/01/22/linus-torvalds-declares-intel-fix-for-meltdown-spectre-complete-and-utter-garbage/</ref> Presumably, it may be found that he may be successfully bribed to be less blunt and/or less critical of vulnerability fixes that are complete and/or utter garbage. If this were the case, this would be a severe critical vulnerability to all Linux servers and machines.
|-
|An attacker can execute malicious code on their own machine and no one can stop them.
|The point of an attack is to make someone else's machine perform actions against the owner's will. Anyone can make their own machine execute any code if they have root access and the necessary tools, but this would usually not be described as an attack, except in the case of a locked-down appliance, such as a video game console, a John Deere tractor, or pay TV decoder.
|-
|Apple products execute any code printed over a photo of a dog with a saddle and a baby riding it.
|This could refer to a CVE vulnerability of JPG files where JavaScript embedded within the image file is executed by some application. In this case, though, the code is visible on the image instead of invisibly encoded within the image file. The code is also only executed if the image contains a photo of a baby in a saddle riding a dog. It's unclear whether the photo would be a digital photo, a printed photo (i.e. as taken using a digital camera), or maybe both. This "bug" would not only require the device to figure out specifically what the photo contains image-wise (something that's REALLY HARD for computers to do reliably), but would also require OCR (optical character recognition) code to convert the text superimposed on the photo into executable code. In other words, it's hard to believe in 2018 that such a bug could exist. Maybe in the future when such things are more routine...? As an example, OCR used to be hard to do reliably, but now it's a lot more routine and built into a lot of devices.
|-
|Under rare circumstances, a flaw in some versions of Windows could allow Flash to be installed.
|Flash has been an integral browser plugin for decades, but has fallen out of favor in the 2010s, and eventually discontinued because of its notoriously abysmal security record. All security experts advise against installing it. Preventing installation of Flash would make systems more secure, but most versions of Windows do not prevent Flash installation. The joke here relates to the difficulty of keeping Flash up to date, or even installed properly to begin with. A common user experience, which is the subject of numerous jokes and memes, is the constant nagging notification to install or update Flash in order for web pages to display properly. Many IT professionals will bemoan the trouble they have experienced in the workplace due to these notifications and problems related to them.
|-
|Turns out the cloud is just other people's computers.
|This refers to a meme that demands that "cloud" be replaced with "other people's computers" in all marketing presentation to CEOs and non-computer literate persons evaluating the security impact of using cloud services. Part of the humor here is that "the cloud" is, in actuality, simply a term for hosted services, or in other words computers being run by other people (typically businesses that specialize in this type of "Platform as a Service" or "PaaS" service model). Referring to "the cloud" as "other people's computers" is, at its core, entirely accurate, though it takes away the business jargon and simplifies the situation in such a way that it might cast doubt on the security, reliability, and general effectiveness of using "cloud" solutions.
|-
|A flaw in Mitre's CVE database allows arbitrary code insertion.[[779|[~~CLICK HERE FOR CHEAP VIAGRA~~]]]
|Mitre's CVE database is where all {{w|Common Vulnerabilities and Exposures|CVEs}} are stored. This log message forms the punchline of the comic, as it implies that all of the exaggerated error messages above might have been inserted by hackers exploiting the vulnerability. To pour salt in the wound, they then included in a typical spam link purporting to offer inexpensive {{w|Viagra|brand-name Sildenafil}}.
|-
|It turns out Bruce Schneier is just two mischevious kids in a trenchcoat.
|Appears in the title text. {{w|Bruce Schneier}} is security researcher and blogger. The "two kids in a trenchcoat" is a reference to the {{tvtropes|TotemPoleTrench|Totem Pole Trench}} trope. Shortly before this comic was posted, a [https://rare.us/rare-humor/two-kids-dressed-as-a-tall-man-to-get-into-black-panther-is-caught-on-video story went viral] in which two kids were photographed attempting this for real to get into a screening of ''Black Panther''.
|}

== References ==
<references/>

==Transcript==
:[A heading is centered above a list of 21 vulnerabilities]
:<big>Leaked list of major 2018 security vulnerabilities </big>

:CVE-2018-????? Apple products crash when displaying certain Telugu or Bengali letter combinations.
:CVE-2018-????? An attacker can use a timing attack to extploit a race condition in garbage collection to extract a limited number of bits from the Wikipedia article on Claude Shannon.
:CVE-2018-????? At the cafe on Third Street, the Post-it note with the WiFi password is visible from the sidewalk.
:CVE-2018-????? A remote attacker can inject arbitrary text into public-facing pages via the comments box.
:CVE-2018-????? MySQL server 5.5.45 secretly runs two parallel databases for people who say "S-Q-L" and "sequel."
:CVE-2018-????? A flaw in some x86 CPUs could allow a root user to de-escalate to normal account privileges.
:CVE-2018-????? Apple products catch fire when displaying emoji with diacritics.
:CVE-2018-????? An oversight in the rules allows a dog to join a basketball team.
:CVE-2018-????? Haskell isn't side-effect-free after all; the effects are all just concentrated in this one. computer in Missouri that no one's checked on in a while.
:CVE-2018-????? Nobody really knows how hypervisors work.
:CVE-2018-????? Critical: Under Linux 3.14.8 on System/390 in a UTC+14 time zone, a local user could potentially use a buffer overflow to change another user's default system clock from 12-hour to 24-hour.
:CVE-2018-????? x86 has way too many instructions.
:CVE-2018-????? NumPy 1.8.0 can factor primes in ''O''(log ''n'') time and must be quietly deprecated before anyone notices.
:CVE-2018-????? Apple products grant remote access if you send them words that break the "I before E" rule.
:CVE-2018-????? Skylake x86 chips can be pried from their sockets using certain flathead screwdrivers.
:CVE-2018-????? Apparently Linus Torvalds can be bribed pretty easily.
:CVE-2018-????? An attacker can execute malicious code on their own machine and no one can stop them.
:CVE-2018-????? Apple products execute any code printed over a photo of a dog with a saddle and a baby riding it.
:CVE-2018-????? Under rare circumstances, a flaw in some versions of Windows could allow Flash to be installed.
:CVE-2018-????? Turns out the cloud is just other people's computers.
:CVE-2018-????? A flaw in Mitre's CVE database allows arbitrary code insertion.[~~Click here for cheap viagra~~]

==Trivia==

Randall has previously referenced diacritics in [[1647: Diacritics]].

Bruce Schneier was previously mentioned in the title texts of [[748: Worst-Case Scenario]] and [[1039: RuBisCO]].

{{comic discussion}}

[[Category:Comics with color]]
[[Category:Charts]]
[[Category:Programming]]
[[Category:Computers]]

1957: 2018 CVE List

2018-02-19T14:43:28Z

162.158.74.171: /* Explanation */

{{comic
| number = 1957
| date = February 19, 2018
| title = 2018 CVE List
| image = 2018_cve_list.png
| titletext = CVE-2018-?????: It turns out Bruce Schneier is just two mischevious kids in a trenchcoat.
}}

==Explanation==
{{incomplete|Created by HACKING THIS WIKI VIA THE EDIT BOX - The explanation looks like a list. Explain the comic and put the security vulnerabilities in a table. Do NOT delete this tag too soon.}}

{{w|Common Vulnerabilities and Exposures|CVE}} (Common Vulnerabilities and Exposures) is a standardized format for assigning an identity to a cybersecurity vulnerability (similar to the way that astronomical bodies are assigned unique identifiers by committees). Giving vulnerabilities a unique identifier makes them easier to talk about and helps in keeping track of the progress made toward resolving them. The typical format of a CVE identifier is '''CVE-[YEAR]-[NUMBER]'''. For example, the CVE identifier for 2017's widespread {{w|Meltdown (security vulnerability|Meltdown vulnerability}} is [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754 CVE-2017-5754]. CVEs also contain a short description of the issue.

In this comic (released in February 2018), Randall presents a number of spurious predicted CVEs for later in 2018. Each CVE identifier is given as "CVE-2018-?????", reflecting the fact that they have not yet happened so we don't know exactly what their CVE identifier will be.

{|class="wikitable"
! style="width: 30%;" | Security Vulnerability
! style="width: 70%;" | Notes
|-
|Apple products crash when displaying certain Telugu or Bengali letter combinations.
|This refers to a real vulnerability in iOS and MacOS publicized a few days before the comic released <ref>https://techcrunch.com/2018/02/15/iphone-text-bomb-ios-mac-crash-apple/</ref>.
|-
|An attacker can use a timing attack to extploit[sic] a race condition in garbage collection to extract a limited number of bits from the Wikipedia article on Claude Shannon.
|Timing Attack to exploit a race condition in garbage collection refers to Meltdown and Spectre CPU flaws that can be exploited in cloud server like the ones in Wikipedia. Claude Shannon was an early and highly influential information scientist whose work underlies compression, encryption, security, and the theory behind how information is encoded into binary digits - hence the pertinence of extracting just some of the bits from his Wikipedia entry.
|-
|At the cafe on third street, the post-it note with the wifi password is visible from the sidewalk.
|Writing passwords in a visible place is a major security flaw. For instance, following the [[wikipedia:2018 Hawaii false missile alert|2018 Hawaii false missile alert]] the agency received criticism for a press photo showing a password written on a sticky note attached to a monitor.<ref>http://uk.businessinsider.com/hawaii-emergency-agency-password-discovered-in-photo-sparks-security-criticism-2018-1?r=US&IR=T</ref> However, if a cafe posts their wifi password for customers, this suggests that it's ''supposed'' to be public knowledge. In this case, having it visible through the window as well presents only a very minor reduction in security.
|-
|A remote attacker can inject arbitrary text into public-facing pages via the comments box.
|Describes a common feature on news sites or social media sites like Facebook. The possibility for users to "inject" text into the page is by design. This is a humorous reference to the relatively common security vulnerability "[[Wikipedia:Cross-site_scripting|persistent cross-site scripting]]", where input provided by the user is displayed to other users in a dangerous fashion that allows attackers to inject arbitrary HTML or Javascript code into e.g. a comment section. It might also be a humorous reference to the events before, during and after the 2016 US Presidential elections where Internet Research Agency employees based remotely in St. Petersburg, Russia, but disguised as US citizens, "injected" arbitrary text in the form of political propaganda into comments on multiple web sites, according to an indictment returned by a federal grand jury on February 16, 2018.
|-
|MySQL server 5.5.45 secretly runs two parallel databases for people who say "S-Q-L" and "sequel."
|Some people pronounce "SQL" like "sequel", after SQL's predecessor "SEQUEL (Structured English Query Language)". The standard for SQL suggests that it should be pronounced as separate letters; however, the author of SQL pronounces it "sequel", so the debate is persisting (with even more justification than arguments about how to pronounce "GIF"). MySQL is an open-source relational database management system, the latest GA version (at the time of writing) is MySQL 5.7.
|-
|A flaw in some x86 CPUs could allow a root user to de-escalate to normal account privileges.
|{{w|Privilege escalation}} refers to any illegitimate means of giving a system user greater privilege than they are supposed to have, and most hackers will seek to achieve this if they can. The most highly-sought privilege is that of the root user, which allows complete access to an entire system.

This CVE, however, presents the reverse situation; that a flaw can allow a root user to ''de-escalate'', the exact opposite of what a hacker would want to achieve. (In any case, the root user can always de-escalate manually if they so choose, as they have complete control).
|-
|Apple products catch fire when displaying emoji with diacritics.
|Diacritics are the accents found on letters in some languages (eg. č, ģ ķ, ļ, ņ, š, ž). These would not be found on emojis. It is also a reference to a common problem of modern gadgets catching fire (usually related to flaws in Lithium-Ion batteries).
|-
|An oversight in the rules allows a dog to join a basketball team.
|This likely refers to the movie {{w|Air Bud}}. It is a movie about a dog playing basketball. This has been a common theme in xkcd comics, see [[115: Meerkat]], [[1439: Rack Unit]], [[1819: Sweet 16]], [[1552: Rulebook]]
|-
|Haskell isn't side-effect-free after all; the effects are all just concentrated in this one. Computer in Missouri that no one's checked on in a while.
|Haskell is a functional programming language, functional programming is characterized by using functions that don't have side effects in other parts of the program. The joke here is discovering that indeed it does have side-effects, but for some unknown (and highly absurd) reason they only manifest on a specific computer in a nondescript location, but no one has noticed.
|-
|Nobody really knows how hypervisors work.
|[[wikipedia:Hypervisor|"Hypervisors"]] are a tool for computer virtualization. Virtualization is an extremely complex topic, as it requires a computer to completely emulate a different computer with its own unique hardware and software. Many IT professionals and businesses rely heavily on various forms of virtualization, but the individual employees would be hard-pressed to explain how it works. Meltdown and Specter are related to this.
|-
|CRITICAL: Under Linux 3.14.8 on System/390 in a UTC+14 time zone, a local user could potentially use a buffer overflow to change another user's default system clock from 12-hour to 24-hour.
|This joke is about arcane systems that are running Linux in exceedingly unique situations, such that reproducing the error would be incredibly difficult or inconvenient, and would only affect a very tiny user base (if any at all). Other xkcd comics make references to such obscure computer-time issues relating to time zones and time conversions, and how many programmers find these issues frustrating or even traumatizing. UTC+14 is a time zone used only on some islands in the Pacific Ocean, i.e., [[Wikipedia:Line_Islands|the Line Islands]], and is also the earliest time zone on earth.
|-
|x86 has way too many instructions.
|The x86 architecture is considered "CISC" (a "complex instruction set computer"), having many instructions originally provided to make programming by a human simpler; other examples include the 68000 series used in the first Apple Mac. In the 1980s, this design philosophy was countered by the "RISC" ("reduced instruction set computer") design movement exemplified by SPARC, MIPS, PowerPC (previously used by Apple) and the ARM chips common in mobile phones - based on the observation that computer programs were increasingly generated by compilers (which only used a few instructions) rather than directly by people, and that the chip area dedicated to extra instructions could be better dedicated to, for example, cache. At the time, there was an internet war about the merits of each approach (with the Mac and PC being on different sides, at one time; owners of other competing systems such as the Archimedes and Amiga had similar arguments on usenet in the early 1990s); this "issue" may be posted by someone who still recalls these debates. Technically, the extra instructions do slightly complicate the task of validating correct chip behaviour and complicate the tool chains that manage software, which could be seen as a minor security risk; however, the 64-bit architecture introduced by AMD and since adopted by Intel does rationalise things somewhat, and all recent x86 chips break down instructions into RISC-like micro-operations, so the complication from a hardware perspective is localised. Recent security issues such as the speculative cache load issue in Meltdown and Spectre depend more on details of implementation rather than instruction set, and have been exhibited both by x86 (CISC) and ARM (RISC) processors.
|-
|NumPy 1.8.0 can factor primes in O(log n) time and must be quietly deprecated before anyone notices.
|NumPy is the fundamental package for scientific computing with Python. If something can find the prime factors of a number this quickly, there are attacks to break many crypto functions used in internet security. However, prime numbers have only a single factor, and "factoring primes" quickly is a simpler problem.
|-
|Apple products grant remote access if you send them words that break the "I before E" rule.
|Another joke on the first CVE and a common English writing rule of thumb, which fails almost as often as it succeeds. Possibly a jab at Apple's image, portraying their software as unable to handle improper grammar or spelling.
|-
|Skylake x86 chips can be pried from their sockets using certain flathead screwdrivers.
|Skylake x86 chips are a line of microprocessors. Yes, you can forcefully remove any processor from its socket with a screwdriver. There are many reports from people not using common sense.
|-
|Apparently Linus Torvalds can be bribed pretty easily.
|Linus Torvalds is the benevolent dictator of the Linux kernel codebase. Normally it is hard to pass a change because he has the last word about what merge to the code base because that code is replicated in all Linux installations, but apparently he is easy to bribe, which would be a severe critical vulnerability to all Linux servers and machines.
|-
|An attacker can execute malicious code on their own machine and no one can stop them.
|The point of an attack is to make someone else's machine perform actions against the owner's will. Anyone can make their own machine execute any code, but this would usually not be described as an attack.
|-
|Apple products execute any code printed over a photo of a dog with a saddle and a baby riding it.
|This could refer to a CVE vulnerability of JPG files where javascript embedded within the image file is executed by some application, only this time is in a printed photo instead of encoded into the image itself.
|-
|Under rare circumstances, a flaw in some versions of Windows could allow Flash to be installed.
|Flash was discontinued because of its notoriously abysmal security record. All security experts advise against install. The joke here relates to the perceived difficulty with keeping Flash up to date or even installed properly to begin with. A common user experience which is the subject of numerous jokes and memes is the constant nagging notification to install or update Flash in order for web pages to display properly. While anecdotal, many IT professionals will bemoan the trouble that Flash has given them in the workplace due to these notifications and problems related to them.
|-
|Turns out the cloud is just other people's computers.
|This refers to a computer meme where replace "cloud" with "other people's computers" must be used in all marketing presentation to CEOs and not computer literate persons to evaluate the security impact of using "Cloud services". Part of the humor here is that "the cloud", in actuality, it simply a term for hosted services, i.e., computers being run by other people (typically businesses that specialize in this type of "Platform As A Service" or "PAAS" service model). Calling "the cloud" as "other people's computers" is, at its core, entirely accurate, though it takes away the business jargon and simplifies the situation in such a way that it might cast doubt on the security, reliability, and general effectiveness of using "cloud" solutions.
|-
|A flaw in Mitre's CVE database allows arbitrary code insertion.[~~CLICK HERE FOR CHEAP VIAGRA~~]
|Mitre's CVE database is the database where all CVE are stored. This is a joke relating to the 4th CVE in this list, pointing out that the CVE site is also vulnerable.
|-
|It turns out Bruce Schneier is just two mischievous[sp?] kids in a trenchcoat. (title text)
|Bruce Schneier is security researcher and blogger. He was mentioned in the title texts of [[748: Worst-Case Scenario]] and [[1039: RuBisCO]]. The "two kids in a trenchcoat" is a reference to the Totem Pole Trench trope.<ref>[http://tvtropes.org/pmwiki/pmwiki.php/Main/TotemPoleTrench TV Tropes:Totem Pole Trench trope]</ref>
|}

== References ==
<references/>

==Transcript==
LEAKED LIST OF MAJOR 2018 SECURITY VULNERABILITIES

CVE-2018-????? Apple products crash when displaying certain Telugu or Bengali letter combinations.

CVE-2018-????? An attacker can use a timing attack to extploit[sic] a race condition in garbage collection to extract a limited number of bits from the Wikipedia article on Claude Shannon.

CVE-2018-????? At the cafe on third street, the post-it note with the wifi password is visible from the sidewalk.

CVE-2018-????? A remote attacker can inject arbitrary text into public-facing pages via the comments box.

CVE-2018-????? MySQL server 55.45 secretly runs two parallel databases for people who say "S-Q-L" and "sequel."

CVE-2018-????? A flaw in some x86 CPUs could allow a root user to de-escalate to normal account privileges.

CVE-2018-????? Apple products catch fire when displaying emoji with diacritics.

CVE-2018-????? An oversight in the rules allows a dog to join a basketball team.

CUE-2018-????? Haskell isn't side-effect-free after all; the effects are all just concentrated in this one. Computer in Missouri that no one's checked on in a while.

CVE-2018-????? Nobody really knows how hypervisors work.

CVE-2018-????? CRITICAL: Under Linux 3.14.8 on System/390 in a UTC+14 time zone, a local user could potentially use a buffer overflow to change another user's default system clock from 12-hour to 24-hour.

CVE-2018-????? x86 has way too many instructions.

CVE-2018-????? NumPy 1.8.0 can factor primes in O(log n) time and must be quietly deprecated before anyone notices.

CVE-2018-????? Apple products grant remote access if you send them words that break the "I before E" rule.

CVE-2018-????? Skylake x86 chips can be pried from their sockets using certain flathead screwdrivers.

CVE-2018-????? Apparently Linus Torvalds can be bribed pretty easily.

CVE-2018-????? An attacker can execute malicious code on their own machine and no one can stop them.

CVE-2018-????? Apple products execute any code printed over a photo of a dog with a saddle and a baby riding it.

CVE-2018-????? Under rare circumstances, a flaw in some versions of Windows could allow Flash to be installed.

CVE-2018-????? Turns out the cloud is just other people's computers.

CVE-2018-????? A flaw in Mitre's CVE database allows arbitrary code insertion.[~~CLICK HERE FOR CHEAP VIAGRA~~]

{{comic discussion}}

Talk:765: Dilution

2017-06-16T02:50:30Z

162.158.74.171: Log scale

Technically, however, homeopathy states that diluted semen should act as a contraceptive. To get pregnant, they would have to dilute a birth-control pill or something.{{unsigned ip|134.94.171.148}}
:I remember someone complaining that homeopathic medicines are labeled similarly to the real thing on drug store shelves. Wouldn't this mean that, at least in some interpretations, it's the medicine which can be diluted into a cure?[[Special:Contributions/173.245.52.135|173.245.52.135]] 17:47, 13 April 2014 (UTC)
::No, the previous user is correct. The "theory" of homeopathy is that to cure a symptom you provide something that would cause that symptom diluted into some ridiculously small dose. Any products that are marketed with the label "homeopathy" but are primarily an active ingredient that would have a detectable effect are using the label incorrectly. For example, there are two kinds of zinc in Zicam, both diluted at 2x, which means they're 1% of their original solution strength. The label doesn't indicate the original solution strength and doesn't indicate how much zinc is actually present in the medicine. Zinc is known to improve the immune system, so taking a diluted zinc supplement to stop a cold would, if homeopathy were true, would be the opposite of what you'd want to do. Contrast this with the homeopathic remedy Belladonna, prepared at 30X concentrations (preparation is 1x10^-30 of original concentration) supposedly cures the circulatory system, because in normal concentrations Belladonna causes tachycardia, among other things. [[User:Ioldanach|Ioldanach]] ([[User talk:Ioldanach|talk]]) 14:16, 17 September 2014 (UTC)
:::Any marks for realising why scientists can't replicate homeopathy's results? :))
::::Maybe Cueball is Sterile?[[Special:Contributions/108.162.215.89|108.162.215.89]] 00:07, 17 May 2015 (UTC)

[[User:Weatherlawyer| I used Google News BEFORE it was clickbait]] ([[User talk:Weatherlawyer|talk]]) 21:40, 26 January 2015 (UTC)

Can we conclude that the woman is Megan? [[Special:Contributions/67.188.195.182|67.188.195.182]] 21:32, 5 September 2013 (UTC)
:The woman is in fact Megan, I did edit the transcript.--[[User:Dgbrt|Dgbrt]] ([[User talk:Dgbrt|talk]]) 22:38, 5 September 2013 (UTC)

I found this explanation of the wording helped: "Traits that cause greater reproductive success of an organism are said to be selected for, whereas those that reduce success are selected against." (From http://en.m.wikipedia.org/wiki/Natural_selection) --[[User:Insomniac|Insomniac]] ([[User talk:Insomniac|talk]]) 05:59, 26 September 2013 (UTC)

I find it more likely that the female is [[Danish]], as she has longer hair.--{{User:17jiangz1/signature|09:41, 25 August 2015}}

I wrote out 1 nonillion, because #1162 also applies to quitters who don't have enough text space to make their point properly. [[User:International Space Station|International Space Station]] ([[User talk:International Space Station|talk]]) 23:26, 18 December 2015 (UTC)
:You still used a log scale. That’s approximatwly what place-value system ''is'', as was pointed out in a few What-Ifs. There [[wikipedia:Orders_of_magnitude_(data)|has not been enough hard drive space yet manufactured]] to make your point properly (assuming at least one bit per part water). --[[Special:Contributions/162.158.74.171|162.158.74.171]] 02:50, 16 June 2017 (UTC)

I like homeopathy, and enjoy talking to its proponents. I find it incredibly entertaining.
[[Special:Contributions/108.162.245.106|108.162.245.106]] 20:51, 15 May 2016 (UTC)

Talk:1818: Rayleigh Scattering

2017-03-31T17:22:47Z

162.158.74.171:

I keep trying to correct the misspelled joung Girl to Young Girl but it keeps reverting. I corrected the two non-capitalized sentences and they stay put. Does "joung" have a meaning i don't understand? [[User:ExternalMonolog|ExternalMonolog]] ([[User talk:ExternalMonolog|talk]]) 14:55, 31 March 2017 (UTC)
:There might be conflicting edits, that happens a lot with new comics[[User:Dontknow|Dontknow]] ([[User talk:Dontknow|talk]]) 15:34, 31 March 2017 (UTC)

Question - while I understand the intent of the comic is that overly complicated explanations can be confusing, isn't the title-text analogy incorrect? Doesn't chlorophyll scatter green light and absorbs other colors, whereas with the sky, it's really just different levels of scattering and very little absorbing (hence why a clear sky at dusk can appear red, the sky wasn't absorbing red light, it was just scattering it differently than blue light). Isn't that fundamentally different from the way most other common objects get their perceived color? (ps - I'm not a scientist, just curious, appreciate any feedback)

"Why are leaves green?" "Well, the leaf absorbs most of the colors, but not the green light, which it scatters instead." "Why is my shirt black?" "Well the cloth absorbs most of the colors, but just scatters the black light... wait..." [[User:Andyd273|Andyd273]] ([[User talk:Andyd273|talk]]) 15:46, 31 March 2017 (UTC)

I like to think this is Miss Lenhart, continuing her science teaching in the same vein as in 'Venus'. There's no proof in the comic, but it fits nicely. Potentially something to add as a possibility in the explanation? [[Special:Contributions/162.158.154.247|162.158.154.247]] 16:38, 31 March 2017 (UTC)

Yesssss <3 I had the exact same thought the first time Rayleigh scattering was explained to me: "isn't that just a specific mechanism of air being blue?" For some reason such explanations majorly tend to insist that the air is not in fact blue, and it has always bothered me. [[Special:Contributions/162.158.111.19|162.158.111.19]] 16:41, 31 March 2017 (UTC)

Maybe the explanation should point out that the real reason the planes "stay up" is that the tiny birds are '''under''' the wings.--[[Special:Contributions/162.158.92.34|162.158.92.34]] 17:20, 31 March 2017 (UTC)

If air is blue how come a sunset, with LOTS of air, is red? I know the answer but it is the obvious next question with this explanation. [[Special:Contributions/162.158.74.171|162.158.74.171]] 17:22, 31 March 2017 (UTC)

1800: Chess Notation

2017-02-18T19:49:59Z

162.158.74.171: /* Chess games and conversations */

{{comic
| number = 1800
| date = February 17, 2017
| title = Chess Notation
| image = chess_notation.png
| titletext = I've decided to score all my conversations using chess win-loss notation. (??)
}}

==Explanation==
{{incomplete|Please change this comment when editing this page and not remove it too fast.}}

[[Cueball]] begins a conversation with [[White Hat]] with the declaration that he will be scoring his conversations using chess notation.

Given the caption, Cueball believes that this is a drawn conversation since White Hat doesn't care.

The double question marks at the end of the title text can be interpreted in two ways: on one hand, they can indicate that the other party is confused by the statement, not understanding what it means. At the same time, the question marks in parentheses can also be interpreted as chess annotation commenting on the soundness of such move, as explained below.

=== Chess notation (and annotation) ===

{{w|Chess}} players and critics use certain {{w|chess notation|notations}} to write down chess games in a very short fashion (for example the {{w|Forsyth–Edwards Notation}}, which is both computer- and human-readable). In addition, ''{{w|chess annotation symbols}}'' like ! and !? help to comment certain moves in a similarly short fashion. That way it is possible to print or discuss a chess game (or a chess opening) in a limited space, for example in printed reference manuals.

A short synopsis about common chess annotation symbols:

!! – brilliant move: Very strong and counter-intuitive move. A sound sacrifice. 
! – good move: A surprisingly good move. 
!? – interesting move: Risky, or worthy of attention and analysis. 
?! – dubious move: Designates a move that may be bad, but it is hard to explain why. 
? – mistake: Poor move that should not be played. 
'''??''' – {{w|blunder (chess)|blunder}}: Exceptionally bad move, usually designates a move that turns a winning position into a draw, or a draw into a losing position. 

The score of the "white" player is always given first, followed by the score of the "black" player. Possible {{w|Chess tournament#Scoring|notations}} for the game outcome are: 

1-0 – a win (for white) 
0-1 – a loss (for white) 
'''½-½''' – a draw 

Because every chess game begins by moving a white piece, the following can be observed: When Cueball ends a conversation with 1-0,
* he either began the conversation, and won it;
* or he responded to a communication request, and lost the conversation.

=== Draws in chess ===
A chess game can be won (and lost for the other party) or {{w|draw (chess)|drawn}}. It should be noted that draws most commonly occur by {{w|Draw by agreement|agreement}}, or very rarely by {{w|stalemate}}. A stalemate is a situation where the opponent's king is not in check, but none of the opponent's pieces can be moved in a legal way. In a human conversation, what amounts to a draw, and what amounts to a stalemate?

If agreed draws should be allowed (and under which circumstances) is a matter of some discussion among chess players, thus adding another point to Randall's comic. For example, some tournament rules (e.g. the so-called "{{w|Draw by agreement#Only theoretical draws allowed (Sofia Rules)|Sofia Rules}}") do not allow a draw to be offered directly - any player has first to announce the intention of drawing to the arbiter (referee), who then decides if the position should be played out further or not.

The official chess rules offer some ways the concept of a "draw" could be applied to a human conversation. According to the {{w|World Chess Federation}} (FIDE) rules, a draw can occur:
#by agreement. Any player can offer a draw when it is his turn to move.
#by stalemate. As explained above: The king is not in check, but no legal moves are available.
#when the same position (with the same possible legal moves) occurs at least three times, with the same player having the same possibilities of moving his pieces. This draw must be requested by the player. According to the FIDE rule 9.6, the arbiter himself declares the game drawn when the same position occurs five times.
#when 50 moves have passed without a capture or a pawn move. Again, the draw occurs only upon request. According to the same FIDE rule 9.6, the arbiter declares the game drawn when 75 moves have passed, without a request by either player.
#when one of the players has used up his time, but his opponent has not enough material to mate. For example, king and pawn mate against a king in certain situations, while king against king leads to a draw by the 50-move-rule.
#when both players have used up their time, but the arbiter cannot determine who did so first. This is impossible with modern electronic chess clocks, though.
#upon request, when the opponent does not play seriously, and attempts to win the game by timeout.

=== So, what's a "draw" in a conversation? ===
*Draw agreed: As pointed out by Randall in his cartoon, a drawn conversation is one where all participants agree.
*50-move-rule: Conversation is drawn, based on the excessive duration of the talk.
*Draw by repetition: Both participants have talked in circles, arriving at the same conclusions all over again. No progress has been made.
*Draw by stalemate: When A cannot convince B, but B doesn't have any legal argument left, and would have to resort to lies or logical fallacies in order to continue.

=== Chess games and conversations ===
The notion of applying chess scores to conversations begs the question if and how chess play and conversations can be compared.

Chess games and human conversations do have some things in common:
*The outcome fully depends on the behaviour of the partner/opponent.
*As in chess, there is no certainty that a certain statement will have the desired effect. The opponent can always react in a surprising way.
*Chess players, like conversation partners, do not "calculate" the opponent's next move(s). They don't compute anything. They are not cold-blooded machines. They do, however, similar to conversation partners in a job interview or a televised debate:
**create a plan, and revise and refine it as necessary
**try to get a good feel of the situation, and try to remember how they dealt with a similar situation in the past
**try to identify the opponent's weaknesses, and try to remedy one's own weaknesses. Prepare against surprises and pitfalls.
**focus on a few promising moves, and quickly spot if they're easily refutable. "You see, I spent 8 years programming {{w|BANCStar programming language|BANCStar}} applications at..." - "Anybody with that experience is dangerous and should be locked up." - "Oh."
*The question of what is considered a good move (or statement) can only be answered in a subjective way. Chess engines though use algorithms to assess the position; and they can calculate the value of different possible moves. In human conversations, social norms help avoid making bad moves.
*It is difficult to win against an experienced, alert partner or opponent. Competent exploitation of the opponent's errors is often the only way to win.
*In both, you will try to find moves that make your win more probable, while avoiding deleterious moves. Due to inadequate computing power, it is hitherto impossible to calculate all possible ways a chess game (or a conversation) could play out. See also [[1002: Game AIs]]. Therefore it is impossible to design a path that leads to a guaranteed outcome - except when the situation has been simplified enough. There are handbooks to play endgames, explaining how to secure either a win or a draw, no matter the capability of the opponent. Nowadays, computer-generated {{w|endgame tablebase}}s exist for six-piece and seven-piece endgames. Those for six pieces are freely available and are about 1 terabyte large.

Differences:
*Chess games are inherently competitive, zero-sum ventures; if one player wins, the other loses. In contrast, conversations aren't usually competitive, so there isn't really a concept of a winner and loser unless the conversation was an argument or debate. Often, both people in a ''friendly'' conversation will benefit ("win") from having had the conversation.
*Both chess games and conversations are turn-based, but lacking time controls, people's statements sometimes last up to an hour.
*Especially in disputes, (agreed) draws are extremely rare.
*It is difficult to judge the winner of a conversation.
*In chess, every position of the pieces can be analyzed completely independent of the previous moves. It does not matter how the situation evolved. After 1.e4 e5 and 1.e3 e6 2.e4 e5, there is an identical situation. Due to human emotions, though, this is not the case for conversations. No situation is ever exactly the same.
*Chess games are extremely constrained by a set of rules. Players are expected to behave gentlemanly, and arbiters can hand out punishments for any behavior that brings the game in disrepute.

==Transcript==
:[Cueball and White Hat facing each other.]
:Cueball: I've decided to score all my conversations using chess win-loss notation.
:White Hat: I don't know or care what that means.
:Cueball: Fine.
:White Hat: Fine.

:[Caption below the frame:]
:½–½

{{comic discussion}}

[[Category:Comics featuring Cueball]]
[[Category:Comics featuring White Hat]]
[[Category:Chess]]