2588 posts • joined 21 Dec 2007
Re: Keypad anyone?
I looked at a handful of cheap qwerty-keyboard grey-market Android phones last year on Amazon and bought an unlocked, new, in-the-box LG C555 for less than $100. Works fine with my AT&T-based MVNO. No doubt under-spec'd by the standards of the Reg and folks who want to stream video, play games, etc; but it does exactly what I need (phone, text, GPS, calendar, notes). Has an SD slot and replaceable battery. Only one SIM but it's easy to change (I switched to a GiffGaf SIM when I was in England for a week). Slide-out physical keyboard.
I put PuTTY on it and ssh'd into a server just to see how it went. Again, not ideal (no Esc key makes vim hard to use) but probably useful in an emergency.
It's not perfect; for example, Bluetooth support is limited to phone and modem operations, so you need to use USB to transfer pictures and the like. Not a big deal for me.
Apparently the stock has since dried up - Amazon's only showing them at ridiculous prices. But more may show up and there were a number of similar alternatives. You needn't resort to eBay yet.
Re: Boring selection
They all look alike because that's the nature of a mobile touchscreen device.
What rubbish. I own a mobile touchscreen device that doesn't possess this "nature". There's no reason for smartphone designs to slavishly follow the "screen with as little plastic/material around the edge and as little material on the back as possible" diktat.
Fortunately, I have no need or desire for a phone that costs £150, and at the real low end there's more variety.
Re: No news
Would be nice to see how their previous forecasts have held up.
Well, why don't we?
In 2010, according to the Reg, IDC predicted:
- Netbooks will be around for a while. Well, they didn't put a time limit on this one, so one might argue they meant only for 2011. Netbooks aren't looking so healthy now.
- The adoption of open-source software by businesses had "plateaued". I don't have any figures on this myself, but my sense is that this was a miss.
- Around 570 million PCs would be sold in 2014. By March of this year they had revised this down a tad, to 292 million. But what's a 49% correction between friends? Looks like their latest estimate is 307 million, so that 570m was only off by ~46%.
- They were dubious about Microsoft winning 30 million feature-phone users over to WinMob 7. They might have been right about this one.
- By the end of this year, 70% of server workloads would run on VMs. No idea if this is correct; it sounds plausible to me - if indeed not low. Most mainframe workloads are running on LPARs, for example, and that's an awful lot of "workload". But are they including HPC in "server workload" here? That would throw the numbers off.
There were a bunch of other predictions that I couldn't be bothered with. Feel free to do your own search.
Credit where it's due - Michelle Yeoh was also indispensable in Supercop. (Ah, that motorcycle-onto-moving-train stunt. Priceless.)
Re: "If you don't understand why, it's not good science"
Whatever happened to the idea of science being about observations trumping theories by falsifying them, among other things?
For one thing, Popper's model of scientific epistemology was superseded by Perfect Bayesian Reasoning, a considerably more accurate and more formally defined one. Popper's gives falsification a special epistemological status which isn't necessary; the Bayes model precisely and formally explains the proportionally greater effect of a contrary result on an established hypothesis.
For another, he didn't say repeatable observations were "no good". He said the science wasn't good until you have a theory that's congruent with the observations (and, presumably, meets various other tests - but the man wasn't trying to provide a formal definition of scientific epistemology, so perhaps you should relax a bit). Observations by themselves are just data. They are a necessary part of scientific epistemology (along with experimentation protocols, formal methods, calculation, and so on), but they are not sufficient.
Re: Why Are Apple DOOM Analysts Worth Quoting?
cranberry sales surge as holidays draw near
Most cranberries eaten as part of holiday meals in the US are canned - either whole-berry or jellied varieties of cranberry sauce. Since those are preserved, there's no need for a surge in purchasing by the processors during the holiday season.
Meanwhile, cranberries are 1) a major cash crop1, so they're relatively unaffected by a seasonal bump in consumption; and 2) they're still grown outdoors and are subject to the seasons. They'll be bought when they're sold.
Now, if you had said cranberry sauce sales surge ... yeah, I could see that.
1Because cranberries are the Bumbles of fruit: they bounce. The air pockets that make them float (and thus wonderfully easy to harvest) also act as shock absorbers. That makes them unusually suited, among the fruits, for transport. Consequently cranberries are the main ingredient of many processed-fruit products, such as "fruit leathers". The Economist did a story on this some years back.
The gTLDs .corp and .home were "deferred indefinitely" due to the huge number and frequency of name collisions. They'll never be resolved by the public DNS system.
I endorse this move, and suggest ICANN extend it to around 100,000 more of the most common English words and abbreviations thereof.
Re: Why hello there officer...
a 9.6 second 0-60 time is fine. That's faster than any cars I rent in Europe, and while on the slow side by American standards it isn't out of line for an economy car
And it wasn't "on the slow side by American standards" all that long ago. 9.6s is faster than, say, a '93 Toyota Camry LE, or a '90 Celica GT-S, according to one site. And somehow we lived through those dark times.
Hell, it's faster than the car I was driving before I got my fancy-shmancy Volvo XC70 - a 1997 Plymouth Breeze. (Faster than the Breeze was when it was new, I mean; by the time I got rid of it, its 0-60 time was somewhere between "eventually" and "maybe tomorrow".)
Cars these days are ridiculously overpowered.
Binding it with carbon is even easier because you don't have to "recharge" the metal.
Right. If we're producing enough electricity that we're considering storing hydrogen on a large scale, it's probably better to synthesize propane from the hydrogen and the waste carbon we have lying around everywhere (e.g. in landfills). It's a lot easier to store, and we already have all the infrastructure for storage, transport, distribution, and consumption. Existing IC gasoline engines can easily be converted to use it. Propane-fired home generators are available off the shelf.
We could synthesize other hydrocarbons, but propane's something of a sweet spot both for technical and economic reasons (all that existing infrastructure).
While we're tossing around blue-sky schemes, how about a big thermal-solar plant in the Sahara, HVDC transmission to the coast (pick one), a combination desalination and electrolysis plant there, and a propane-synthesis plant with a gas terminal at the nearest big harbor. Start moving Europe's gas-burning infrastructure from CNG to LPG and weaken Gazprom's influence on European energy markets.
Re: voting reasons?
those of us with reading comprehension and memory longer than 10 years will find it extremely valuable
Will we? In most elections, for most races, the choices I'm faced with are between "ugh" and "oh, hell no". A bunch of explanations for past votes is not likely to change that.
There are positions on my ballot where additional information would be handy, most are for positions where, by state law, candidates are not allowed to make any substantive statements - judgeships.1 The other races where more information would be useful are the local ones where often many of the candidates can't be bothered to make their positions known, for example via the website run by the local paper for exactly that purpose, so I'm stuck trying to decide if I want to vote for any of the clueless and/or lazy folks who've thrown their hats in the ring.
But for national office, lack of information on a candidate's voting record has never been a problem.
1Which I firmly believe should not be decided by popular election, since there's no way for the populace to make an informed decision, short of reading thousands of pages of court transcripts. And probably not even then.
Re: Do I care enough to comment???
That policy has now been in-place for what, over a decade now? (That we know of?) And if I am not mistaken was created by a Republican, and then only strengthened by a Democrat?
It wasn't created by any one person, or any one party. Plenty of folks eagerly contributed to the present US police state. Blaming it on one side or the other just perpetuates the fiction that there are sides.
Re: Please hold...
Note the actors involved. All the supporters are the usual leftist suspects, and not one shred of the GOP reasoning for opposition is given in the article,
You and your twelve upvoters need to learn to read. Amash's objections were quoted at length. They're indented and in fucking boldface.
It's certainly true that many people on both sides of the aisle are more than happy to keep Federal government surveillance programs essentially unchanged, with only cosmetic attempts (like this one) at "reform" as a pretense of addressing constituents' concerns. It's also true that there are a handful on both sides (including Amash on the right) who are keen to see real reform.
But throwing a hissy fit and acting like this article - which cites critics of the bill, quotes Amash, and is if anything critical of the bill in itself ("As for non-Americans, there was little in the legislation to cheer about") - is somehow pro-Democratic Party propaganda just makes you look ridiculous.
Mica features "cutting-edge design"
Really? I don't see any.
Now, my Leatherman pocket tool - that thing has some cutting edges. Why, I cut stuff with it all the time.
Re: Welcome and useful
No encryption will help you against that one.
There are protocols that use encryption to obstruct traffic analysis.
Here's a trivial one: encrypt your message with the public key of the recipient, and broadcast it. Everyone receives it; only the intended recipient can decrypt it.
Rivest's "chaffing and winnowing" protocol is another example.
Re: Anytime the KKK are mentioned...
...and not the medium of interpretive dance?
All media are forms of interpretive dance, as Richard Rorty (interpreting Donald Davidson) pointed out in Contingency, Irony, Solidarity. That's how signification works: people create models of meaning and update them based on their interactions with interlocutors and texts.
Aside from certain very specialized tautological forms (mathematical formalisms and the like), it's interpretive-dance turtles all the way down.
Re: Serioiusly where is the problem?
You need to have access to a USB device in order to re-program it. If you have that you can just as well open it and replace the electronics...
Reprogramming a device is a hell of a lot cheaper than disassembling it and replacing the electronics, so it's a much better attack vector for attackers with a limited budget or other constraints (e.g. the tools they can have on-hand), or for mass attacks.
Re: NoXo cubes
I've had reindeer. It's quite tasty if prepared properly.
Re: Easier to patch?
reportedly there are issues with some systems that rely on TLS 1.2 connections
The SChannel update included a bunch of behavior changes - it didn't just patch this hole. For example, SChannel no longer includes the Supported Points Format Extension in its ServerHello message (reported by Mounir Idrassi on OpenSSL-Users). This is allowed by the protocol, but it's had the effect of breaking interoperability with at least OpenSSL prior to 1.0.1c for ECC suites.
There seem to be a number of changes that have similarly broken interoperability with other implementations that aren't fully standards-conforming, for the less-used suites. So expect some issues following the fix.
Re: Why bother?
By the time a quantum computer will be breaking encryption written today, the art of encryption will have moved beyond what would make that quantum computer practical.
The "art of encryption" is already well beyond anything threatened by known QC algorithms. It's the practice of encryption that's potentially at risk, but that's trivial to fix.
QC does not threaten general-purpose cryptography. It just doesn't. This is one of the most prevalent myths about QC, and there's no reason for it to go uncontested on a technical site.
If we ever do have practical QC, its utility will be in making a larger pool of real instances of NP problems (and possible some problems that aren't in NP but simply have really bad polynomial complexity) tractable.
Re: It's harder than it looks
it's a long way from being able to solve the sorts of real-world problems that it is supposed to be able to make trivial -- such as the factorization of RSA moduli
No one in the know has ever seriously claimed that QC would make RSA factorization "trivial".
Shor's algorithm offers exponential reduction in number of trials, but the exponent is just 0.5 - that is, it reduces the work factor to its square root.
That's equivalent to cutting the key length in half. There's a known remediation: double the key length.
QC may someday be used to factor old, short RSA products. There's no reason to believe it will ever be used to break RSA in general, in practice, because users can just move to larger keys. That's an arms race QC cannot win.
Re: "...nothing for the early users who grew up..."
Mine watches minecraft videos all the time too ... I dont get it either
When I were a lad, I knew folks1 who would regularly watch television programs like Bassmasters.
That's TV about fishing. Fishing. On the TV. Video of a bunch of guys in waders casting lines and occasionally pulling out a fish, which they'd then toss back in.
Compared to that, Minecraft videos sound positively compelling.
That said, I admit the only person I've seen watch Minecraft videos on Youtube also records her own, generally tutorials on how to use the mods she's written. And she's 10, so she's not as jaded as the typical Reg reader.
1Men. There may be women who do this, but I've never encountered any.
Re: So should we have good design or not?
I don't own any Apple kit, and I'm still offended by bad design - in hardware or in software
I'm annoyed by bad design, but my idea of "good design" is clearly very different from Ive's, since I haven't liked an Apple product since the //gs. I think he (and most designers) rather drastically underestimates the subjective aspect of his "good design". It's not a Platonic essence.
Re: Xerox didn't invent the GUI
Lord. Even Wikipedia knows the history of the GUI better than the people posting in this thread.
1963: Ivan Sutherland's Sketchpad. A CAD GUI. This was a GUI application, and not a general-purpose OS, but was clearly a graphical user interface.
1968: The Mother of All Demos. Doug Engelbart introduces the mouse (Sketchpad used a lightpen as the pointing device), multiple application windows, etc. But Engelbart & Co's NLS was not entirely a GUI shell in modern terms; for example it mostly used text windows, with some embedded graphics.
1972: The Alto at Xerox PARC. While not a commercial machine, the Alto is the first graphical workstation produced in significant quantities and running a GUI OS. It's the first thing that would be generally recognizable today as a general-purpose GUI machine. There are numerous contributors, such as Alan Kay.
The Star came 9 years later, in '81; it was the first commercial GUI system. Two years later, GUIs appeared for Apple and IBM PCs (the Lisa and Visi On, respectively), as did SunView. Then the Macintosh and X Window System in '84 and Microsoft Windows in '85. (And who could forget Presentation Manager in '88?1)
So roughly speaking, the GUI was invented at Sutherland at MIT, Engelbart and his team at SRI, and Xerox PARC, from '63 to '72. Major innovations leading to the dominant GUIs of today (iOS, Windows, Android, X) date from the mid-80s onward.
1You did, didn't you. You forgot Presentation Manager.
Isn't this this sort of social engineering that the Chinese government does, which our hacker spies are now admitting to?
Welcome to the 1980s, when sock-puppetting on online forums became too common to be remarkable. Even Wired magazine covered the phenomenon in '96, and they're usually a couple of decades behind the curve. (Why are all those kids on my lawn?)
Personally, I miss the days when some 'bots were memorable enough to become famous, like Serdar Argic.
All that's really changed is that we now have better algorithms and more computing power to devote to fully automating the bots. For many attackers, though, it's just as economical to have people do it, whether they're cheap labor, motivated by ideology, or rewarded in some other fashion.
for 60 quid, you get a tablet with an HD screen 16gb of storage and a free 16gb sdcard.
wtf is your problem ?
Better cheap tablets are available for the same or less?
Someone above mentioned the Hisense Sero 7. You can get those for $40-$100 from Amazon, depending on who's selling what at the moment, and whether you'll take a used one. They have 4GB or 8GB RAM, and are otherwise better-spec'd than this crapfest.
Yes, the alternatives are generally Android rather than Windows. Many apparently see that as a plus. (It'd be my preference, if I were interested in tablets. And not having Office is a bonus in my book.)
Re: Flash: misleading statements and overall low journalism standards
For all intents and purposes, Adobe included, Flash is fortunately dead
Tell that to the Homestuck fans - ibf you dare.
Indeed, Flash is still widely used for electronic literature, and it was the most popular electronic-literature medium for years, as well as being prominent in related areas such as interactive fiction. It'll be important for archival purposes pretty much forever.
So no, not "all intents and purposes". Your experience is not universal.
In case anyone else is reading this late:
- The invalidated '094 and '872 patents appear to be for a transmit buffer that automatically starts transmitting when the buffer reaches a trigger level, and the trigger level can be set programmatically.
- '459 is buffering to reduce the send-complete interrupt load from the NIC.
- '313 is a general patent for buffering on the NIC.
SONIC was a National Semiconductor chipset for EISA bus-master Ethernet NICs, apparently.
anyone know about MS?
David LeBlanc is still there; I don't know that he qualifies as a "full time (researcher) cryptographer", but at least some of his work is cryptographic research.
Microsoft Research has a cryptography group.
Microsoft's a big company with fingers in lots of IT pies and a significant research arm. Crypto is big business and has a lot of visibility in academia. It'd be very odd if they didn't employ some crypto researchers.
Re: SSL is ok...
No, SSL (and TLS) are a disaster. They're simultaneously over-engineered and under-specified (at least up until TLS). They use the god-awful X.509 PKI (for suites with authentication). While TLS 1.1 has finally fixed most of the known inherent design flaws, it's terribly stovepiped.
And yes, implementation is hard. In fact, it seems to be impossible, since - as this article points out, and I pointed out a couple of days ago in response to another article - all the major current implementations have been shown to have severe, security-compromising flaws in less than a year.
Like any security measure, SSL is supposed to increase the attacker's work factor more than the defender's. It's proving to be rather poorer at the former than advertised, and not so great at the latter either.
Unfortunately, for many applications there's no good alternative currently available or on the horizon. SSH's DIY PKI is an unmitigated disaster, and PGP/GPG's isn't much better, even if it were suited to SSL-style applications. Various VPNs have their own security flaws and aren't suited to the ad hoc connections SSL is primarily used for. IPSec is dead in the water.
Re: Supposed to be internal testing.
Oh well, it sure beats reading pcaps all day.
Rubbish. Nothing is better than reading pcaps.
Mind you, these newfangled TCP-based protocols aren't a patch on our old SNA ones. LU6.2 BIND RUs, say - there was some good readin' on those!
is it really that hard to detect things going wrong
In Target's case, their (outsourced) IDS team did detect the breach. They informed management, per procedure, and were ignored.
More-sophisticated malware (such as Backoff) can make detection difficult. As with pretty much anything in security, there's a tradeoff: the attacker can expend more effort to force the defender to expend more effort.1
Often, though, the problem is not detection. The problem is bureaucracy, and an aversion to interfering with operations (and so taking a hit on revenue) in order to investigate possible intrusions.
1This ought to be obvious, but years of reading comments to security-related stories in the Reg has taught me that much of the readership remains stubbornly ignorant of even the most basic concepts in information security. I suppose that's because there are only dozens or hundreds of well-known, accessible, free sources of information on the subject readily available to them.
Re: An optimist?
These days, so few people can grow their own food (or fix their own vehicles or...) that any significant % of the food producing population (especially among transport workers!) being taken out then we could have some major "shortages" very quickly. Knock out people who can fix stuff, and you have even more problems. "Self-sufficiency" is a largely dead art.
A good point. It's the system effect - as systems grow more complex they become less reliable (and must devote more resources and complexity to compensating for the increased instability), and that includes specialization in human society. (Tenner's When Things Bite Back is an interesting treatment of the subject vis a vis technology. There was also a nice little article on infrastructure collapse in Greece on cracked.com.)
But I wouldn't say self-sufficiency is "largely dead", even in the industrialized world. I live in a city in Michigan, and I'm in walking distance of a number of family farms. I have lots of friends around here who raise livestock and hunt. I have friends who identify and prepare edible wild plants; make textiles from plant and animal fibers; cure leather; and so on. I've knapped flint points, started a fire with a hand drill, made ceramics. And we're not preppers or reenactors or anything like that - there's just a lot of DIY in the culture around here.
And, importantly, this kind of infrastructure collapse hits the poor the hardest. The wealthy will expend resources to keep some minimal civilization going. It'd be nasty - scales of inequity that will make today's look like a leftist utopia - but even with drastic population loss I think the wealthy could keep enough infrastructure running to prevent, say, a complete return to a non-industrial civilization.
Five major SSL implementations fallen this year
So, in the space of a year or so, we've had public disclosure of major flaws in RSA BSAFE (defaulting to Dual_EC_DRBG and CVE-2014-0636), OpenSSL (Heartbleed), GnuTLS (certificate validation bug), Apple's SSL implementation (ephemeral key substitution and weak PRNG), and now Microsoft's SChannel.
That's five major implementations - possibly the four biggest, plus GnuTLS, which is not widely used but is the darling of some FLOSS ideologues - in about a year.
SSL is broken. No one can produce a secure version of it, whether FLOSS or proprietary (and damned expensive). It's overengineered and yoked to terrible ideas like X.509 PKI (and thus to ASN.1, a horrible mess all on its own), but perhaps the biggest failing is the requirement for interoperability, which makes the attack surface too damn big and the system too complex.
And no, the LibreSSL hipsters are not going to fix this, regardless of how much they ironically employ Comic Sans (and unironically use KNF, which needs to be killed with fire).
I remarked on this back in April. I speculated then that we'd be seeing an exploit against SChannel soon. Right on the money, but then it was hardly a daring prediction.
Re: Heartbleed V2.0
The first one sounds a lot like the infamous OpenSSL bug (in effects, if not in details).
If you're hard of hearing, I suppose. Heartbleed was a data-exposure bug - it allowed an active attacker to extract information from a victim process. The SChannel bug is a remote-code-execution vulnerability. Right in the article it says "allows a hacker to execute malicious code".
Those are somewhat different effects.
Re: FCC= Title II for everyone... They are all the same...
"if the currant month's bill was not on their desk by Nov 31st."
Do they add an extra day in November over the pond to make up for thanksgiving?
Don't be ridiculous. It was added to expand Black Friday.
Also, those are raisins, not currants.
Re: The HDD in your mirror is much larger than it appears
"To reach 20TB by 2020, the 500GB/platter drives will have to increase areal density 44 times in six years. It isn't going to happen."
Huh? to reach 20TB by 2020, areal density would need to double a little more than 5 times in the next 6 years.
Yes, 44 is 2a little more than 5. (It's a bit less than 25.5, actually, but why quibble.) He didn't write "double ... 44 times". I admit the phrasing is confusing, but it hardly seems a stretch to interpret it as "increase by a factor of 44".
That said, I'm not sure where the 44 comes from. 20*1024/500 looks like ~41 to me.
The doubling rate for total data generation appears to be faster than the doubling rate in total storage. So we're actually forgetting more, faster, than ever before.
Only under a specific and rather peculiar definition of "forgetting". Most of the data being "generated" is actually either low-entropy data that contains little additional information beyond what is stored, or it's the result of measuring signals that weren't being measured before (or calculations upon such measurements, which are equivalent for our purposes here). Discarding the former only means "forgetting" information at a rate much lower than the actual data rate; and the latter means "forgetting" things we wouldn't have known under other conditions, so there's no net increase in "forgetting" in a pragmatic sense.
Basically, the "forgetting more" claim is an abstract epistemological one. And as epistemological problems go, it's not one of the important ones.
Re: I'm old enough to remember
The US stock market HAS risen forever: http://stockcharts.com/freecharts/historical/djia1900.html
Except the DJIA is a nearly meaningless metric, since it's an arbitrary and changing basket of stocks. And that graph doesn't appear to be in constant dollars (but then it's not clear whether the "keep rising forever" claim is meant to refer to constant terms, or just to the market tracking inflation, or something else).
each passenger would have about a dozen bits per second
When I were a lad, we'd've sold our dear mums for a dozen bits per second. Luxury!
In practice, not all the passengers would provide for the service, so with any luck you could get 300bps. That was good enough in 1980; it should be good enough now for real work.
C'mon, jake, back me up on this.
Re: So if there's no Facebook, there's no FB Chat App...
Yes, snowflake, if you and your friends don't use it, then no one should.
I don't use Facebook messenger either, or indeed any chat clients. I've never been fond of IM as an interaction model, even back in the days of UNIX write(1) and the like. I did use chat for a few years for work reasons but it fell out of favor there and I don't miss it.
But I don't understand this obsession a certain segment of the Reg readership has with telling us they don't use Facebook, or whatever the object of scorn du jour may be, in the comments for every single fucking story about Facebook. If you can spare some time from not participating in Facebook, Google Plus, Pinterest, Snapchat, Twitter, and whatever else is popular these days, maybe you could refrain from telling us about it as well?
(Really, in retrospect I'm amazed Usenet wasn't full of posts from UUCP fans proudly proclaiming their independence from TCP/IP. "NNTP is nothing but an excuse to post uuencoded binaries! If your message doesn't fit in a single V.42bis block, it's not important.")
the same government that runs this thing
USPS is largely independent from the Federal government, except as a victim of extortion.
Don't let facts get in the way of your rant, though.
Re: Permanent hackings, access to all areas, the works!
Funny how prescient THAT was.
Was it? I must have missed all the hackers with their VR gear flying around virtual firewalls and avoiding the IDSes that can remotely electrocute them.
Gibson's stuff may be pleasant fantasy (personally, it leaves me cold), but accurate it is not. Nor was his vision of an eternal struggle over computer access particularly ahead of its time; Neuromancer was published in 1984, when "hacking" in the computer-security-breaching sense was already well-known. Hell, Wargames came out the year before.
Re: Who the hell are they hiring?
I can't see any good reason for the US Postal Service to attach its Human Resources database to the public Internet.
Subsequent events suggest that their VPN was compromised, so it's a typical escalation: public Internet to VPN to sensitive resources. USPS is a very large organization that's forced by its mission to be geographically distributed, and is in an eternal budget crisis (thanks to Congress regularly stealing from it). They have no choice but to use a VPN and make a lot of their sensitive systems accessible over it.
And VPNs are vulnerable, if systems outside the corporate firewall are allowed to connect to them (as opposed to just using the VPN to route among corporate networks). Subvert a home user's PC, install a keylogger and remote-control software, grab creds, and now you're on the VPN too.
From there, yes, you should still need other exploits to get to sensitive systems - except for the ones your victim already has access too.
According to the news today, they've eliminated all home access to the VPN. That's a pretty serious response.
Revocation is of limited use anyway. It's up to the recipient to check for revocation, using a CRL (which may well be out of date) or OCSP (which drastically slows the connection process, and we can't have that, because I need to read inane Facebook updates or buy that shiny thing now now now).
I don't know how well recent browsers do, but at least as recently as 2011 they were terrible at checking for revoked certificates. And many people are still running old browsers.
The entire X.509 PKI system is an irreparably broken mess, but revocation stands out as especially broken, and stovepiped with unsuccessful attempts at patching the problem. (And this is an area where the PGP/GPG Web of Trust PKI doesn't do significantly better.)
PKI is a collection of hard problems, and we flunked this one.
Re: Just as I thought...
"Not that I know anything about physics, really."
And yet you have an opinion on fundamental particles.
If knowing something about the subject were a prerequisite for having an opinion on it, these forums would be nearly empty.
Re: Well, this was bound to happen
Their business model is providing a connection between an antenna in one city, and a receiver in another.
Their business model was providing a connection between a receiver in a private home and an imaginary fairy antenna, wink wink. The "antenna" was nothing more than a legal beard. It proved insufficient.
Re: Wii Console
Nope. I had the in-laws setup with a Wii. The moment they saw my Roku the were like "why didn't you ever tell me about this. Buy me one of these."
Indeed. When we get a set-top box, it'll be whatever my wife believes will require the least amount of setup and cause her the least amount of grief. I don't care enough about television to bother with one at all, and for her it's minimum-effort entertainment. She already does plenty of things that require thought - she's a professor and a university administrator, she reads on average a novel a day, and so on. When she decides to take a little time out for TV, she doesn't want to have to download apps or do anything besides tell the thing to find whatever she wants to watch.
I expect we'll end up with Apple TV, because she has all the Apple gear. (I don't like anything Apple's made since the //gs, but as I said I don't really care.) But she also has Prime, so maybe she'll go with Amazon. So long as I don't have to spend time troubleshooting it, it's all fine with me.
there's a big difference between being forced-fed somebody else's choice of adverts on your own device, and the Google model of somebody else's choice of adverts displayed where you would in any event encounter adverts anyway
There is? I don't see it. Whenever I encounter advertising, it's always "somebody else's choice" - it'd be pretty odd for me to decide to advertise things to myself. (Yes, I know the target audience, but the conversion rate is horrible.) And my Kindle extra-cheap-because-I-let-Amazon-show-ads model displays ads only on the sleep screen and in a banner at the bottom of the main menu. They're less intrusive than ads in magazines (remember those?), far less intrusive than TV commercials (sometimes I'm in the room when someone else is watching live TV), and far, far less intrusive than the ubiquitous, ham-handed product placement in actual programming.
As for "where you would in any event encounter adverts anyway" - why, because you're in their natural habitat?
Re: This is bad but inevitable
Under what plausible threat model is a network-connected, locally-executing home AI significantly less "pre-compromised" (ugh) than one that's not executing on premise? It's a vapid distinction.
And why you think on-premise software is "loyal to you" and "under your control" is beyond me.
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Hi-torque tank engines: EXTREME car hacking with The Register
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Product round-up Trousers down for six of the best affordable Androids
- Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...