Not with all the services they provide with no viable substitutes...
5152 posts • joined 10 Jun 2009
Not with all the services they provide with no viable substitutes...
When the Steam OS comes of age, nVidia and AMD will make Valve bend over. Valve needs them for good graphics performance. They can stick to Windows.
Licensing costs IIRC. Also it's x86 arm isn't as robust as its ARM arm.
But that means having a second device to power the camera, which they'll just own first. And running extra data channels gets expensive, so it's one channel or bust.
More DISCLOSED vulnerabilities which would in turn be patched up. I'd call that a better shot than fewer disclosed vulnerabilities and a whole bunch of undisclosed zero-day bugs hiding in the darknet.
"LOL @ Android and secure in the same sentence."
As I recall, there was no hide or hair mentioned of the Android application framework, only the Linux core behind that framework, which last I checked is still pretty tight. The last vulnerability I could pick up came from the baseline Linux kernel, not from anything Google did to it, and that's since been fixed.
IOW, perhaps the article's rather misnamed as the new OS is closer to Chrome OS (a web-based thin client) than Android.
" you may be hit by a bus tomorrow, and in this situation if you are killed immediately fitness won't help. If you're hospitalised for a prolonged period, then it will."
Fitness may also alter the odds of actually surviving the impact. Different body types offer different resistance to the impact of the bus, resulting in different possibilities. A fat person has more impact-absorbing lard but may lack strength in the bones a fitter person is likely to have, and so on. Just saying.
But what happens when the moment symptoms appear is already past the point of no return? Isn't that why there's a concern for checking out every little variance? In case it's something extremely serious where time is of the essence?
"How much you can sandbox it all really depends on the app itself and of course many need access to all manner of local and remote resources that seriously restrict what you are able to do to secure it."
Some antiquated software also drives antiquated hardware and therefore CAN'T be virtualized (and the hardware itself can't be replaced because there's no substitute or it's still being amortized). NOW what?
"f that's the case then why not leave it in there for a couple of years more to allow the sys admins time to beg the PHB for money to redevelop the applet that should never have been written in the first place."
Because Catch-22 applies here. As long as NPAPI works, the PHB will never see a reason to put down for a new version. PHB's are reactive, not proactive and will only put down when their own neck's on the line: IOW, when something breaks.
Unless Google is claiming NPAPI is too old TO sandbox properly. We don't know if Apple's approach is breaking stuff since the MacOS presence is relatively small. Meanwhile, like I said, Firefox's is off by default, which leads me to suspect it's likely to break things. If the only way to properly sandbox NPAPI breaks too much, then perhaps Google has a point.
Trouble is, non-interactive web pages are more trouble then they're worth now, so you're caught between Scylla and Charybdis. The ONLY way you can attract enough e-business is to render yourself vulnerable. So do you sink or swim with the sharks?
But what happens when the only alternatives lead to pwning, which leave users in a bind: the ONLY browsers they can use to work leave them with their butts in the breeze, so to speak, basically putting am minefield between them and their work and in the dilemma of neither being able to stand still nor move forward.
Java's supposed to be sandboxed, too. Guess what happened? Malware found ways to escape sandboxes, so perhaps Google doesn't consider a sandbox much of an assurance. Firefox added the capability, too, but it's not on by default. Probably because of the risk of the access restrictions breaking essential plugins: another concern of any form of new access restriction.
Except because we're only human, every single implementation would be vulnerable to some human mistake. The chief (and irremovable) reason software is vulnerable is because it or something else along the line is made by humans.
The "better browsers" BREAK the antiquated-yet-irreplaceable plugins on which your business relies. What's your answer to an antiquated-yet-irreplaceable piece of custom software that's too expensive to replace yet so insecure and rickety it can break at any moment?
But the attack surface has grown to the point that ANY public web page can be an attack vector. That's how Drive-By Attacks work. It's like animal fighters picking any house with the door unlocked to hold their fights. It's just not safe to leave the door unlocked anymore because it can become a big problem at any time. IOW, it's reached the point that a certain level of security is ALWAYS necessary.
PS. To the guy who's worried about their family pictures being picked off the wire, how about your website being co-opted into a botnet or DDoS node instead?
"Self Signed plus DNSSEC plus a signature in DNS is enough to verify that the site is what it claims to be at least as far as DNS goes (which is good enough for 99% of cases.. it flags MITM and government/corporate snooping which is what we're interested in).. DANE solves the same problem."
What about government MITM using the actual key, which they can co-opt? They can flood a web of trust and spoof any lighthouse sites, too.
Self-generated certificates and offline key exchange?
But REAL real security usually involved hoop-jumping the general public isn't willing to jump. You have to come up with a system that's BOTH extremely secure AND ridiculously easy to use. Given the normal scale of secure-vs-ease of use, I don't think that's possible.
"Until such times as that happens, theodore, in all of the places and spaces that really matter and effectively driver the future..."
And that time will never come since humans are fallible, and the bad guys only have to be lucky once...
As the article linked in the article notes, failure is unacceptable but also inevitable.
They developed techniques during the '94 World Cup, which the US hosted, to allow for in line ads without having to resort to a lot of commercials. Many sporting events around the world use such techniques now. Also, American sports have the decency to limit most ads to the grounds and walls (auto racing is an exception-cars and uniforms there).
"To go back to the TV tuner example, Linux provides a whole raft of TV tuner drivers. They all run in kernel space. BSD doesn't provide any TV tuner drivers, but provides a kernel mode character driver that can be used to communicate with USB devices. The Linux drivers are then run entirely in user space, communicating using this simple kernel driver. Performance + inability for a TV card to oops your system."
And while that may suffice for stuff like TV tuners, high-performance devices like 3D graphics and high-throughput (GBit+/sec) networking tend to need to be in kernel space due to the severe performance penalties involved in context switching. I've heard work on hybrid dual-space drivers but I haven't seen their application in graphics and certain other performance-intensive applications.
But the tricky part is figuring out early moves. Even chess has a limited move set towards the end game as pieces are removed and routes are cut off (particularly if the king is under threat--check cuts the number of possibilities drastically).
But now the casinos have to watch out for linked smart watches and camera glasses (the latter in particular because there could be actual prescription lenses in the frame, rendering them a medical necessity due to otherwise-poor vision).
Go is much more difficult for computers simply because the number of positions is much greater (19x19 vs. 8x8) and because it's a game of placing rather than moving, so each turn has a much higher number of possibilities which then cascade in a look-ahead system. Shogi is tougher for a computer to lick because its move set is more varied.
But to build a high-security module that's resistant to acoustic, electrical, and other forms of side-channel attacks, you need way more than a halfway-competent designer. You basically need an expert or three poring over every little detail for a significant amount of time. It also means going beyond the FPGA design and onto a more-dedicated chip design where every detail, even on the electrical level, can be scrutinized with the utmost care.
Cash doesn't necessarily allow the underworld to work, it's just the easiest thing for them to use over barter or a substitute currency like gold dust. If all cash were to disappear tomorrow, they'd quickly settle on something else, much as how the world of Fallout happened to settle on bottlecaps...
But watermarking of this nature is basically a variant of steganography, and there are already various techniques in the know to mangle stego. Even the vaunted Cinavia audio watermark has been shown to be vulnerable.
No, it's not common sense. That doesn't give enough time for advertisers to get the time they pay for, and recall that advertisers can usually pay more than any group of end-users can come up with, which is why many systems today are ad-based even when users are willing to pay (because the amount they'd have to pay to make up the difference would make them balk).
It's a technique used for product placement these days, but IIRC they don't do it yet for HD broadcasts due to the re-encoding load this places.
Unless you BAKE the watermarks into the actual encode, anything you try will be easy to strip. And once you bake them in, you'll fall into the pit of having to encode the episode multiple times for each screener, which given they're 1080p will take a noticeable amount of time even with professional hardware, and even then the pirates have been noted to take watermarked copies and work on scrubbing them later.
And here are why your ideas won't work:
"1. Get the translators to come to your studio to do the translation and don't let them in or out with any media or recording equipment. I believe Apple had this approach when previewing the Watch to some devs."
They'll refuse to put down the travel expenses because it wouldn't be worth it for them. It's MUCH easier and less expensive to send a disc or hard drive than a translation team. If they're THAT paranoid, they can courier the copy with an agent from THEIR studio, with all the expenses that implies.
"2. Remove all the bits where nobody is speaking before sending it for translation. It would probably make the movie unwatchable."
Don't forget signs and other visual translations, at which point it would probably become barely watchable and worth a pirate's time.
"3. Obscure a significant portion of the image with a big black rectangle. Again, it would make it unwatchable."
It also removes key context needed for some translating to make sense. Recall that English isn't exactly the most precise of languages.
"4. Send each scene to a different translation bureau - chances of them all being dishonest is smaller."
As another poster noted, consistency is essential for a good translation, which means it has to be a single firm throughout the run or else inherent translation variations build up to result in misnterpretation which can occur at key plot points, ruining the experience.
Answer's probably no for two reasons. Making custom encodes for each of the screeners and translators is going to take a good deal of time, even with professional hardware. Second, custom encodes make the videos unsuitable for sending pressed BDs, which are the only way you can send ones protected by ROM-Marks (it's part of the spec). At least a short run of about 100 copies can be justified going through the process of making the press master.
They'll take it anyway. They take copies that emblazon "THIS IS A SCREENER," for crying out loud.
Given the time it would take to encode each one for each screener/translator, not to mention the problem that this would also make them unsuitable for pressing (and you can only get a ROM-Mark with a pressed BD), how do you make a short-run screener unsuitable for pirating?
I suspect that ANY screener/translator copy is worth pirating. I see bootlegs with burned "THIS IS A SCREENER" subtitles here and there. If pirates are willing to take blatantly-obvious watermarked copies, few things will be taboo for them.
IIRC they're in high-def and some translators have shoddy Internet access, so it's physical or bust. Besides, even for an Internet copy, a determined foe would use an HDCP stripper combined with an HDMI recorder.
The point is that MPEG video compression is lossy, so watermarks either have to play by MPEG's rules or risk being degraded beyond usability. That said, some screeners are willing to use destructive artifacts such as a burned "THIS IS A SCREENER" subtitle pasted periodically in the video. I suppose it depends on how far the producer is willing to go to detect or defeat screener pirates, since customizing each encode for each screener means you have to encode the movie multiple times, depending on how sophisticated your tools are (at the least, each altered section needs to be re-encoded and grafted onto the original stream).
"Doesn't matter. It changes the requirement from needing one compromised source to several in order to pull off this "co-operation". You are supposing many sources to be compromised and conspiring. If there are few or only one, you have again narrowed your investigation enormously."
Thing is, if nations can cooperate on matters of mutual benefit, a group of ragtag pirates with a common goal should be able to put their heads together easily, especially since each additional leaked source (and as these and other popular series prove, their very popularity makes them hot targets for theft, especially from the inside) means one more set of tracks on the same road, messing each other up. It's much like with computer entropy: barring a super-human intelligence able to deduce a complete entropy trail and negate it, any new source you throw into the mix will usually help the cause and at worst do nothing to help or hurt it.
There's also the issue that the screener copies can get stolen without the screener's knowledge, copied regardless of the watermarks (you should see the bootleg markets) and then sent to all and sundry.
Plus, as noted, some pirates are determined to cover their tracks and are willing to cooperate with others to cover each other's butts by collaborating on their copies to defeat watermarks. Even audio watermarking like Cinavia has been shown to be vulnerable.
So the correct answer is, "Turn away a customer?"
Even tungsten or DU with its high density?
Not necessarily. The serials and stuff would be done on small ROM chips, meaning all the rest of the stuff can be mass-produced. That includes the label printer that doesn't have to actually read the ROM chips to learn the serial number (key word serial) to compute the PIN. IOW, using any method other than based on the easy-to-know-at-manufacture-time serial number will seriously slow down the manufacturing process.
But again, how else can it guarantee a genuinely-unique ID without using something like the Serial Number? ANY other source and you run the remote but still possible and highly-consequential risk of a collision. And anything sufficiently unique may as well BE a serial number for all intents and purposes.
But wouldn't the very act of doing so attract attention to themselves, allowing the spooks to take care of them?
Not if the pieces can be transmitted remotely over secure channels and the pieces only come together inside a black box unit. Penetrating black boxes is still an active security exercise, meaning extracting the key from a black box is still far from a given.
Why would it be a boon for Microsoft? Do they still develop Windows and Windows applications for POWER?
But once it's open, people can normally slip in or out as long as the door is open. No, what they demand is that the only way the fire door can open is by closing the way behind you first so that the ONLY direction one can go through the doorway is out. Normally this evokes images of airlocks, but you can also achieve this with the cylindrical doorways sometimes associated with darkrooms (to insure no light enters as people pass through). Imagine a weight-based mechanical latch so that once engaged, the door can only be spun to the outside and stays in that position until the door is emptied, upon which it can be spun inside again from within the building.
Better it go down due to a botched update rather than get pwned due to an overabundance of caution leading to the hax0rs getting through during the window of vulnerability. At least it can't be pwned while it's down.
Seems to me more like a CYA generalization. IOW, it's more an "Insert Sensitive Data Type Here". Name it, and apply it between the <>.