I'd like them to axe the clowns who arranged inclusion of NovoSecEngine2 in the BIOS
But that does not seem likely...
255 publicly visible posts • joined 20 Oct 2007
Most probably, the first man-made object outside atmosphere was V2, the first man-made object on Earth orbit was Sputnik. This plug, if it did not disintegrate (and most likely it did) and kept escape velocity when it exited the atmosphere, could claim to be the first man-made object to go to space and stay there.
Otherwise, that would be Luna 1, launched in 1959.
> There should have been a division between crypto and protocols from the beginning.
And there was, in case anyone did not notice. SSLeay/OpenSSL came as two libraries, libcrypto and libssl from the very start. And in case anyone did not notice, s2n replaces the latter, but uses the former.
OpenSSL code is not as bad as it is often presented nowadays. Although it does suffer from the luggage of old coding practices, and lack of attention from infosec experts (for a long time, the latter problem is rectified now). Lack of strong leadership contributed to the problems, too, I think, since the original authors where kidnapped[*] by the NSA.
[*] Figuratively speaking. Don't go looking in the Snowden files. It happened in 1998 when Eric Young and Tim Hudson where hired by RSA and where not allowed to touch SSLeay code since then. That's the official story, anyway. There was only one post signed by Eric Young since then, and nothing from Tim Hudson.
It was bad enough when FIDO Alliance came into being and stole it from the good old FidoNet. And now this.
Insurance market in not competitive, and as a result, those who own an insurance company have "free money" to invest. OK, I got it.
But Buffett's not the only insurance company in existence. Why aren't the owners of other insurance companies making the same crazy profit as Buffett?
The point of the tech in question here is that Alice can prove to Bob that The Man guarantees that she is above 18 yo, and that The Cashier received payment from her. So now Bob can send a p0rn flick to her but neither The Man nor The Cashier are wiser about her taste of movies.
Of course Bob has to trust The Man and The Cashier.
I believe that many, if not most, "pirates" are willing to pay fair price for the content they consume. I for one certainly am. The problem is, in many if not most cases, that the consumer is denied access altogether. Such as, in order to watch "Citizen Four" I would need to request visa to the US, buy a $1000 air ticket, and go to a movie theatre there for $10.
Copyright regulation that is fair to both creators and consumers should disallow creation of artificial barriers, such as geographic restrictions or lock-in on particular technological solution (implied by DRM). The only legal reason to deny the consumer access should be their refusal to pay the price.
I don't want "product of human creativity" to be "free as beer". But I do want it to be "free as speech".
(Yes, I know that it is hard.)
@Ben
I am not familiar with truecrypt, but I assume that it does not let an observer see "a blob of random data" precisely because it would be pretty convincing evidence of "hidden volume". If my assumption is true, then the mere fact that truecrypt can have hidden volume is no better proof than the fact that a bikini picture can have hidden information.
I am not sure how this kind of possibility is realized in real life (and IANAL), but surely, even if you don't have TrueCrypt in plain view, a prosecutor can argue that you have data steganographically hidden in your holiday photos (or free sectors on the disk) and demand that you decrypt it. There is no difference in the possibility of a hidden truecrypt volume and the possibility of secrets hidden in plain view without truecrypt.
Whatever their cost base, they're going to charge us consumers the maximum they can get away with. So increasing the spectrum price doesn't change what we pay.
Err... I am not so sure about the logical relation between these statements.
When there is competition, every player wants to cover costs plus get as much profit as they can without losing their customers to competition. When the cost base is the same for all competitors, they all end up adding some "average" profit margin on top, and this results in the "average market price" that the consumers pay.
When cost rises for all the competitors, they all do the only possible thing, and raise prices simultaneously, preserving the margin. If any of them don't, it starts losing money and go out of business. If any of them rises prices too high, it loses customers and go out of business.
In a sense, auction on "natural resource" is anticompetitive, because it raises the barrier of entry, while doing nothing to impose "fairness".
What does exist in the way of hardware monitoring
Most virtualized environments these days are hardware-assisted (on mainframe, for a long time; on x86 - for a few years now). Even so it is tricky to hide the fact that a program is running in a VM from that program. It is possible, but in most real-life scenarios it is better to let it know, so the fact is rarely being hidden well enough to fool sufficiently sophisticated malware.
Running the program in a VM allows the researcher to observe "from the outside" (i.e. from the hypervisor) what the program is doing, down to one instruction at a time when necessary. On bare metal, the malware will just do its deed without giving the researcher any insight about how it works.
"Unfortunately you get no benefit from the traffic and its costing you money"
Consumer ISPs have paying customers. The more service (i.e. data transferred to customers), the more revenue (at least, that is how it should be - service must be paid for). For the customers to want the service, there must be people whose data the customers want to get. I.e. Netflixes etc.
ISPs should praise those data producers, buy them flowers, and maybe even share some of their revenue with them. Not demand money from them.
This is how it is when there is no monopoly.
the correct fingerprint is stored on the card and it is likely a canny thief could reprogram the card, or take a copy of the data stored on it.
This particular attack is very unlikely. EMV cards are quite good at preventing the leak of data stored in the chip (otherwise it would be easy to clone, and we don't hear much about that).
Making a gelatine "fake finger" from a fingerprint is relatively easy, and will defeat best mass market readers. It is easier than chopping off fingers. But still more difficult than simply eavesdropping on the pin entry.
Let me get it straight.
I'm not convinced about NFC payments though (via card or mobile) how is this safer than Chip and PIN?
NFC payments are not safer than EMV (known in Britain as "chip and pin"). Cards use basically the same messaging protocol over the wires and over radio. NFC is equally safe, but more convenient.
"The mobile payments world has hailed Apple Pay as the start of the mobile payments revolution, something which happens about as often as Voyager 1 “leaves the solar system”, but it could be the death of the technology. Apple Pay is (surprise!) an Apple-only system and doesn’t offer any way in for the operators.
On the NFC side, Apple Pay is standard EMV over NFC, like the bank-issued contactless cards. And like Google Wallet. If proliferation of Apple Pay makes the merchants rise their collective back-side from the chair and upgrade POS terminals, that will be a boost for all other NFC payment systems.
Exactly. Why force vendors to install software feature that is difficult to use and easy to abuse when you can force operators to keep track of IMEI last used by a customer, and if the customer reports theft to police, add it to public blacklist?
Both the argument and counterargument in this debate are just stupid.
The stance "if you are a target then this technology won't help you" is red herring.
Of course it will not. If you are targeted then (presumably) you know what you are doing, and know how to protect yourself.
The point of technology similar to this is to thwart NSA-style opportunistic eavesdropping rather than CIA-style targeted operations. As long as it works - job done.
Thanks Mr. Worstall for spelling the word of reason! Data gathering in the interest of commerce has indeed quite different implications from data gathering in the interest of the state.
But, monopolization of commercial data gathering greatly simplifies state data gathering, and for this reason is dangerous. I share the view that we'd be better off if more of our Net life happened in distributed systems (similar to email) and less - in centralized (similar to Facebook).
or its knockoffs? They've been here, like, forever. I remember playing on Palm Tungsten. Admittedly, the ribbon that you had to direct through the tunnel did not flap its wings, though. Sunflat is still alive, though I am not sure that there weren't any earlier versions.
(I want an icon of a man with long grey beard)
That's right, paying per Gb (or having capped tiers, like I have from my provider) is the way. The consumer should pay fair price for the service. That is capitalism.
By the way, the top tier, 100Mbit symmetric without caps costs under $30/mo where I live. Admittedly, we have multi-story buildings, so providing the last mile is cheaper per user than in the US.