3697 posts • joined 10 Jun 2009
I would ordinarily say if you limit your use of public WiFi points to basic web surfing (news sites and the like), there would be little to worry about, but then you hear those stories about hotspots being hijacked and any new connections being probed by malcontents for direct penetration points (since by logging in you obtain an IP hackers can use to probe your device directly---part of the spec).
As for a VPN connection, I'm seeing more home-grade routers support the ability... EXCEPT...they only work in Bridge Mode (TAP). Wouldn't you know it? Most smartphones and the only ONLY accept VPNs in Tunnel Mode (TUN). Make routers take Tunnels or smartphones accept bridges and perhaps more people will be inclined to use them by default.
I was thinking that, too. I was under the impression that "dropping" something means to discontinue development on it, not to release it. Perhaps "Google to DEPLOY SDK..." would make for a more sensible title.
Re: We don't need no steenkin' PonoPlayers
I think the term you want is "lossless" rather than "uncompressed".
Re: all digital recordings
Choppiness is usually the result of bad processing. As for audio quality, it depends on the source (GIGO). Me, I have a decent ear and can distinguish the artifacts from low bitrates so I stick to straight rips at the spec limit of 320kbps. It may be lossy, but it's close enough for my ears, and I can still pack a nice collection into a few GB. Anyone asks, I just say I lack the ear for better and go my way.
Re: Am i being a numpty
The "audiophiles" are claiming the loss occurs sooner: at the point of digital conversion (like at the ADC). They figure humans have an Uncanny Valley of audio perception and can subconsciously detect the discrete steps.
Re: CAPS LOCK MUSIC
I'd be curious to know if research can prove a true audiophile exists and, if so, what this person would use as audio equipment.
After reading the article, I went to the Play Store to check. Be advised that little bit about "ad-free" has a footnote attached: for a limited time
Re: When is an upskirt not an upskirt
""No one taking pictures of her in a public environment can be accused of voyeurism."
In a swimsuit on public property? She's exposing herself.
So Yeah, Really.
Re: Bob Camp
Even if the skirt were ankle-length, it still wouldn't be long enough to cover up the infamous "shoe camera" (and note they said the perv took movies, which means the shutter wouldn't sound), as a show can still slip under the skirt from behind where she wouldn't notice. Any lower than that and the skirt risks scraping the ground and potentially getting caught on ground obstacles.
Re: When is an upskirt not an upskirt
Simple answer: When there's no skirt up which to look.
A woman in swimwear is basically self-exposed at or near the limit of decency. No one taking pictures of her in a public environment can be accused of voyeurism.
Pants and shorts of a decent length don't provide sufficient opportunity to look up them, rendering the matter for them moot.
It's only with skirts and the like where we run into the thorny issue of an expectation of privacy concerning body parts covered by said garment. It's an edge case in this case and needs to be addressed by a specific law (which is what the court is telling the legislature to do).
Re: Wrong law.
The point is that the peeping tom had the right because it wasn't abridged by any law (that was the finding of the court--that he can't be charged with a crime because, as the law stands it's not a crime).
Note that the court's ruling is very specific and with a narrow justification. In essence, in addition to telling the state why the peep can't be convicted but also how to prevent a repeat performance ("You want to make the practice illegal, pass a law saying so.").
Re: Block 1 of new off-shore tax haven
Yeah yeah, the old libertarian offshore city idea. Here's the rub. How does the chocolate factory get to their new offshore city without attracting the fed's attention ON THE WAY? IOW, moor offshore and the US can just consider the installation an international location and impose taxes, tariffs, customs dues, etc. on anything heading to or coming from there. And given that a lot of Google's customers are in the US, it would be kinda hard to avoid the port of entry.
So Apple believes people are willing to commit a felony (falsifying a government document; I know it's a felony in some US states but what's the case in England?) in order to commit a misdemeanor (stealing the iPad)?
Re: @ Dodgy Geezer
I suppose it depends on what is meant by a probate. If you mean a full hearing and so on, not really. Wills are meant to minimize the need for such hearings. In one case, I was designated executor in a will. I took the will to the City Hall where the deceased last lived (where it goes depends on the location, but it's most often the lowest judicial authority for your area--the one that handles all the local affairs). Your basic municipal hall should contain a probate office or the like. Armed with the will and proof of ID, one should be able to submit the will to the office, have it probated by a clerk (the will now becomes their property and is now legally binding--but it now acts in lieu of a probate ruling). They then issue you a document officially declaring you executor of the estate, giving you the authority to attend to estate matters in the deceased's name.
Re: No it still isn't enough
Perhaps what Apple's waiting for now is Declaration of Executor (which would be issued to the two of them once the will is actually executed by the local authorities IIRC). Armed with the declaration, they would OFFICIALLY be the executors of the estate (perhaps that was what was meant by a "court order" even though a judge need not get involved in your typical probate with a will).
Re: Worse to come...
I think Apple's big enough to fight back with those fateful four words, "They were never SOLD." Unless a court of some significance declares T&C's of the likes of Apple's to be unenforceable (Note: a similar T&C term exists for Valve's Steam system, so they'd be interested, too), then NOTHING sold via these stores is transferable from person to person: not even by inheritance (as I recall, lotteries do the same thing for their annuities, which is why many big winners prefer lump sums).
Re: There's quite a story behind this... :-)
Well, it's not like the tech has been classified. Because goals were attached to the funding, they have to make regular reports on the progress of the thing. As for whether or not the tech makes it to commercial applications, I think the rub will be the eventual power/size ratio of the finished product should it succeed. Even the Navy would have a minimum goal profile (likely stated in a nutshell as no bigger than their existing fission tech).
Re: I blame quack science
I think the BIG big thing Greenpeace has against fusion is that it won't advance their "renewables" agenda. In their mind, if it doesn't come directly form the sun, the wind, or the sea, it's taboo and must be avoided.
As for not being capable of supporting civilisation as it is now, some extreme environmentalists look at that and say, "Good!" because they feel the world is overpopulated and beyond the viability limit. IOW, they figure a human population reduction of say...75%...would be good for the planet in general.
Re: Just remember...
US Law requires distilled spirits (and wine/beer) to be radioactive. Sure it is a bit indirect, but the law DOES require it.
Let's talk context. The reason for this requirement is that they want to make sure the ethanol used in the drink came from plant products rather than petroleum. They do this by testing for the presence of radioactive Carbon-14 (which would be pretty fresh in plant-based alcohols in contrast to petroleum-based ones).
Perhaps we can ask the residents of New Hampshire or Cornwall. Both are situated on significant granite deposits.
Re: Wouldn't this be making more money for the broadcasters?
Oh? Comcast owns NBC, one of the big broadcast networks, AND is an ISP. I'd call that vertical integration.
Key word ALMOST. Sometimes, they ARE the exclusive source, leaving you, like I said in a Hobson's choice (as in Take It or Leave It). Or ALL the alternatives are similarly blockaded (I've seen that happen). It provokes some thinking on whether or not it's REALLY worth it.
This is only going to get worse as more and more sites adopt ad-detection-detection and raise clickwalls and other blockades to stop them. I think if it developed into a tech war, the server has the ultimate advantage since they can just require subscription which opens the legal door for data mining.
They counter with clickwalls and captive markets. When you're the ONLY source of something popular AND you've created your site such that ANYONE coming with with AdBlock, NoScript, or whatever is firmly told "Access Denied until you turn that crap off," you're kinda left in a Hobson's Choice.
Re: As long as it runs Android...
> True. Although if you encrypt securely with a decent key higher up the stack all the radio/WiFi sees is encrypted traffic.
Not unless the plods have other parts of the system borked like the OS core, the CPU, or a hardware security chip: areas where the key HAS to be readable in order to be useable. Meaning even if you encrypt before the modem/radio chip, they'll still know how to decrypt it.
> No, there are no better alternatives. But that was my point Android is no better or worse starting place than any other mobile OS. At the moment its security credentials (like most other OS) are lacking.
Meaning, all other things being equal, the price tag wins. Meaning AOSP (price tag $0) wins. Yes, it needs serious security hardening, but as you've said yourself you need to do that ANYWAY, so don't handicap yourself by paying for an OS license on top of that.
Re: As long as it runs Android...
And now to address each point:
1) Most Andorid handsets come bundled with (closed source) vendor bloatware. Some of which can be disabled some of which cannot. Possibly not the fault of the OS, but thats the way it is.
These are vendors interested in data mining. This one is figuring on the opposite, so bloatware should be reduced to just Silent Circle and a few essentials.
2) Android is not really open source. The source code/apis for dual SIM functionality has never been released.
Got any better alternatives besides the Android Open-Source Project? Ubuntu's too new, QNX has to be licensed to use, and Blackberry's in limbo. Besides, do any of them support dual SIMs? The main reason it's not community-supported goes to your next point below.
3) Modem/radio part of the firmware tends to be vendor specific. Lots of scope for NSA abuse there. (Maybe not part of the Android OS but you won't get far without it)
If you can't trust the radio or modem chip, you're basically screwed since these chips are usually patent-encumbered meaning an open version of such won't exist. And if it's not the NSA poking backdoors in the hardware, it's their Russian or Chinese counterparts. Why not just X-ray each lot that comes in to make sure their pattern matches a known-good spec?
(Going back to dual SIMs, there's more than one way to make it work. Dual SIM controllers are as closed as radio and modem chips. THAT'S why they're not community-supported.)
4) Even in a stripped down Android with no Gapps (including Cyanogenmod) it reaches out to Google servers. Specifically clients3.l.google.com (check getDefaultUrl() in the ConnectivityService). This at the moment is fairly harmless, but could be exploited in the future and there may be others.
Is this true even of non-Google Android devices like the Amazon Kindles and B&N Nooks? Besides, something like that should be easy to edit in the source. It's just that many open-source distros don't bother.
5) Apps can and do request lots of permissions. These cannot be turned off. You either install the app or you do not. Is it the OS role to police the apps? Maybe not, but it could be improved. Like disabling perm by perm after installation.
Not even with App Ops or a similar security program? And there are versions that work with the latest Android 4.4.2 KitKat.
What you describe is similar to the Freenet system which uses hashes and generated keys as resource locators. The main problem with your idea (and with Freenet) is routing. Part of the reason IP works as it does is it allows switches and other routing hardware to map out where certain packets have to go. It's actually very important because it conserved bandwidth which can add up as you go up the backhaul. Without that routing information, you end up having to poll the whole network to try to find the destination, and it's never going to be as snappy as the open Internet because efficiency leaves traces that plods can sniff out. IOW, INefficiency is pretty much required to improve security, creating a tug of war between the two since both have practical implications.
Re: The long necked chicken
So the only way these phones could add to the security of the user would be to keep a connection to "the other guy" 24*7¹. Somehow I don't think that people value their security enough that they'd be prepared for that much of a bill every month.
That's part of how Freenet works, doesn't it? It keeps connecting to all sorts of peers 24/7. Only trick right now keeping this from working on mobile network is usage caps. If phones had usage to spare, then perhaps they can obfuscate by holding lots of fake conversations between each other. Then how would the spooks distinguish the real conversation from the chaff?
Re: Tricky to parse those first paragraphs.
That's what I was noting. OK, so Ichan's a jerk, but that doesn't preclude him having a point. Unless someone can show us otherwise, these could be seen as cases of failure of fiduciary duty, insider trading, or both.
Honest question here. Aren't SOME things regulated by law, such as fiduciary duty? Isn't that why such things as insider trading are legal no-no's?
What I'm getting at is that Ichan seems to be alleging either failure of fiduciary duty (selling at an avoidable loss) or insider trading, either of which IS a legal matter. Ichan may be a jerk, but even jerks have a point sometimes, so has anyone taken a serious look at his allegation. If so, why doesn't it have merit?
The real goal is to make the connection look like an innocuous connection like a web session. Trouble is, innocuous sessions are typically wide-open and easy to inspect. Trying to do anything outside that purview, such as using exotic flags, is going to trip flags.
Frankly, given the current state of the Internet, I don't think it's possible to "hide in plain sight" and get a detailed message anything past a knowledgeable and savvy power who outlaws all encryption as a matter of course and can routinely sniff connections. The reason being just about anything you try will either (a) leave telltale clues when you try to parse it as it appears, or (b) is vulnerable to mangling such that the end product retains purpose as it appears but ruins stego (ex. whitespace-washing text, resizing images, resampling/recoding audio, etc.). You could probably get away with pre-arranged signal images and the like, but anything spontaneous or detailed would probably require another approach (if any is possible).
It can only do so much. A savvy power would know real binary data would be formatted. That's why the "magic numbers" technique works. Attempt to obfuscate and they'll try to parse it, which will likely produce telltale clues. As for steganography, mangling inputs should break all but the most robust (and lowest bitrate) systems.
Re: Unless you don't live in the US.
Not even after Waco, Ruby Ridge, and ESPECIALLY Oklahoma City, all perpretrated by natural-born Americans?
Re: Another Boeing Project 25?
And aren't there electronics and even chemicals sensitive to X-rays? What if the phone has a lead lining or other form of X-ray shielding?
BECAUSE it's so open. They can gut out all the insecure stuff and replace it without having to relicense or pay anything for the base. QNX, for example, requires licensing. Besides, the Linux-based Android kernel includes SELinux, which they helped to develop.
Re: Security on Phones
The Cold Boot attack. Perhaps encrypt the RAM and use a secure SoC where only the CPU can read the key. There's already commercial examples of such systems.
Re: Maybe they really _are_ lost
So paper money can't be incinerated into invisible particulate matter and coinage can't be melted down into a useless amalgamation of base metals? You may still have stuff left afterward, yes, but whatever the heck it IS, the one thing it certainly ISN'T is money. Besides, by law, there has to be a way to retire old money so that fresh currency can take its place.
According to Coinbase, which is one of the more legitimate sites with proper accounting, bank ties, and legal paperwork filed, as of the time of this message, about $560 per.
Re: No Duty on Brewing
Alcohol tax revenues go to the STATE, as the fed washed its hands of all alcohol-rated taxation with the 21st Amendment (the A in ATF deals mainly with transport, not with production—IOW bootleggers and smugglers). The reason alcohol laws are so uniform across states is because they tie federal road funds to certain alcohol-related prerequisites (like a minimum age of 21). Licensing is issued by the state (for example, the Virginia Alcoholic Beverage Control board), and they DO have reason to regulate for safety reasons. Many moonshine stills are in the woods, so if the moonshine there catches fire, there's a potential forest fire to deal with. Also, victims of exploding stills may not be well to do, meaning the government has to help foot the cost of healthcare for the injured. So you see, the money and the safety angle are intertwined.
Re: Beyond 18% ABV...
Try a Samuel Adams Utopias. They worked long and hard to come up with the right yeast strain. AFAIK, they made it to 50 proof (25% ABV): the strongest purely-fermented alcoholic beverage known. Some claim higher but those are either jacked or fortified.
Re: No Duty on Brewing
/ believe the prohibition has less to do with safety and more to do with control of a desireable commodity and, of course, tax revenue
If that were true, homebrews would be subject to similar restrictions (after all, most people drink beer, not booze, and drink more of it). Nah, safety's the bigger issue here. Not only do some unscrupulous shiners sell the foreshot, but there have been instances of accidents occurring at moonshine stills (either the shine catches fire or a bad setup causes the boiler to explode).
Re: No Duty on Brewing
Sounds a lot like the general rules in America (it varies from state to state). Homebrews are generally accepted as long as they're not sold commercially. Distillation requires a license. As I recall, controlling the toxic "foreshot" is one thing, I think another reason has to do with fire codes (since you're using heat to distill and the final result can potentially be flammable).
Funny. I saw those names and thought something else entirely: an anime involving outer space bounty hunters.
So it begs the question, which came first: Cowboy Bebop or Girl Genius?
On third thought, perhaps something prior to both used those names in the past, and each independently took them on.
A flood of red ink tends to evoke the metaphor "bleeding money" instead.
I agree that "IMPLODED" is a better term, although by the time I type this they've settled on "BOMBED" which evokes a similar image.
Re: Your data
They don't have to trump it. They just IGNORE it: "Ink On A Page". It's not like you can vote in anyone else to replace them (no one even gets on the ballot unless they're in on the plot). And the average American is to apathetic (or busy trying to earn a living) to organize a massive uprising a la Kiev.
Re: @Charles 9
So someone wanting to get your stuff would need to successfully hack into a US and Chinese cloud provider, and crack the encryption.
You forget the very real possibility the NSA and its chinese counterpart routinely hack into EACH OTHER. Meaning it's passing fair one encounters the other's file, puts two and two together, and obtains a copy of the other's file, reducing the number of places you have to hack. Furthermore, merely finding something like this would likely draw an investigation into who did something this elaborate.
Re: "Most systems currently expect the call to drop, which means you’ll have to redial."
Guess we'll have to agree to disagree, because my experience was the exact opposite of yours. My N95 missed half the time while the Android rarely missed. Meanwhile, I'm used to saying "Call" because I once had a *1G* phone that allowed voice calling. Flip open the phone and it asked, "Who would you like to call?" Android's a touch more complicated than that these days, but then again I also use the extra functionality, too.
Re: Mainframe infected by nasties ..
If I recall, that was only true if the mainframe ran on Harvard architectures which separated the code and data. Trouble was, Harvard architectures prevented certain useful things such as varying forms of compilation like Just-In-Time and other situations where code and data are one and the same.
Plus that's just one way to pwn a machine. What about Return-Oriented Programming, which cherry-picks existing code instead?
If you study the Japanese kana tables (what are essentially the Japanese version of the alphabet--only they represent phonemes), you'll see many different consonants being represented there: including "ra", "ro", etc. But there's none starting in "l". It's just the way their language developed. I can see why the connection was made, though, since similar tongue motions are done with the Japnaese style of "r" and the English "l" (which also involves lightly touching the palette). The point is that this idiosyncracy in language presents a "lost in translation" problem sometimes. I'm not implying anything good or bad about it; happens all the time between distant languages. I once heard an African tongue (one that involved lots of tongue motion, I think) that made me think in wonder, "How did a language like that develop?"
- YARR! Pirates walk the plank: DMCA magnets sink in Google results
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- OnePlus One cut-price Android phone on sale to all... for 1 HOUR
- UNIX greybeards threaten Debian fork over systemd plan