3632 posts • joined 10 Jun 2009
Re: This version is too complicated
But what if the troll pounces BEFORE the product gets to market or finds a manufacturer?
Re: watch this space ...
For anyone interested, the bold firm is a California company called FindTheBest. They were sued by a troll firm Lumen View Technology, over US Patent 8069073. FTB turned around andalleged that LVT is engaged in racketeering as a criminal organization (since LVT is a shell company), meaning it could be charged under RICO.
Thing is, this is not the first time a troll has been charged under RICO. Thing is, judges are reluctant to use RICO unless it's a more-traditional case of organized crime, so there's a tough stress test, which the last attempt didn't pass.
Re: Corporate lockdown.
"It cuts both ways. What about large patent owners with illegitimate patents? A small company could never fight for fair use if they accidentally used a illegitimate patent unintentionally. Little guys will always be on the defense taking a hammering from the big players, big players that can still choose their targets (ie. small players)."
But these guys run the risk of targeting someone who then hires a contingency lawyer (meaning eh client's not on the hook for losing) who wouldn't mind risking eating the costs because shooting down one of those illegitimate patents would mean excellent press and reputation (meaning more business). Plus groups like the EFF would likely back them up because they're for the little guys in the electronics world.
Re: Corporate lockdown.
"In any case, the "original patent owner" clause (if done right) should deal with it. Big "if" of course. IMHO it will be much better to limit the scope of the patents in the first place - no software, no business methods, no UI, etc. Only for real stuff that has a real "technical effect" (as defined in the patentability rules)."
Software is going to be patentable. Copyright cannot cover a clean-room translation (think the PC Clone BIOS), nor can it cover an algorithm that's then implemented in silicon (making it hardware instead). Instead, limit the scope by limiting the terms. All the problems have emerged in fast-moving industries, so simply shorten them to something like four years. Long enough to make something of it but not long enough that it's worth trolling over (your patent would expire too soon to run it through the courts, and any kind of restraint would be temporary at best).
And what if your open-source signature happens to cross with one of the Forum's signatures? That's the main reason for the standards: to prevent confusion.
Perhaps the best solution (provided they can obtain it) is to obtain a single Vendor ID and combine it with a single Product ID (with a class of 0xEF--Miscellaneous) and use them to indicate that the device will use a USB SUBsystem that can be used to support open-source hardware in its own way. Perhaps one of the already-open providers can supply one product ID--say 0xFFFF, and use that as a magic number to invoke a new USB driver system. Since it would be using an already-existent ID, what could the Forum do about it?
Re: lateral thinking..
The problem with sandboxing is that SOMETHING has to be OUTSIDE the sandbox to act as a guard (usually the process that created the sandbox in the first place, such as the Java runtime). That means a malicious process can take a shot in the dark, hook the outside process, and escape the sandbox. This is the same mentality behind the "Ring -1" attack (attempting to hijack a VM hypervisor from inside the VM): the hypervisor has to interact with the VM--attack through that.
Basically, no airgap is going to be 100% effective. You have to be able to communicate across the airgap or it's useless, and as Stuxnet showed, a very determined adversary can find a way to attack across the airgap.
Re: a solution is required
Funny that. The developer of "World of Goo" took an entirely different perspective on the same issue, and he was even able to quantify the level of piracy he had: somewhere around 90%, and this supposedly accounting for dynamic IPs and the like.
Re: No, thanks
But what about these tight data allowances we're seeing of ISPs? And with no trunk investment, these limits aren't likely to go up anytime soon. BluRay had some flawed implementations which are leaving some things open, although the use of BD+ (which is updateable) is slowing down the piracy rate for the new releases.
So this time, they're taking no chances. NO digital copy capability whatsoever, and given the extent of today's cryptoprocessors and busses, this time they have a fighting chance. Cryptoprocessors with keys in OTP XOM memory so they can't be read (and likely with suicide mechanisms if someone tries to decap it),, hardware-based chains of trust, and serialized discs using technique akin to the BluRay ROM-Mark. There ARE some chains of trust that have yet to be broken, this IN SPITE of lots of motivation to break them, so there DOES appear to be a right way of doing this.
Another thing they'll probably do is make the movies too large to move over the Internet. Imagine a 4K movie that ran at least 100GB of not 400GB. That'll be bigger by itself than most users' data allowances. And the only way to make them fit would be to reduce the quality so much it's not worth it anymore, which (like with exploiting the analogue gap) is possibly acceptable or at least less of a concern to the movie companies.
Re: No, thanks
But that was only the MUSIC industry. Music is easy to pass through the Interwebs. Even a near-audiophile-quality song of five minutes can be passed through modern pipes in seconds. Movies, OTOH, is are and will likely always be BIG. A one-hour clip of 1080p footage runs at least 2GB at any decent quality. Furthermore, the movie companies are much bigger and more stubborn than their music counterparts. Not only do they have more skin in the game (compare the average movie budget to that of the average album) but they also have more alternatives, many of which take precedence over the web (most of their revenue, for example, comes from the box office). They're the ones pushing for a locked-down 4K video standard, and they DO have the audacity (and the leverage) to keep PCs out of the loop entirely this time. They are insisting on purpose-built devices exclusively with complete, to-the-metal, and updateable chains of trust or they won't put their movies out for people to see. So in their view, either the web can play by their rules, or they can go back to the box office and wait for 4K to establish itself before really re-entering the home video market.
There's also the fact that the subsidized plans frequently offer value-added services, such as visual voicemail and Wi-Fi calling, that none of the prepaid carriers can offer (at least where I see it in the US. None of the unsubsidized GSM carriers I know support call forwarding that allows a third-party voicemail to work; some won't even support shortcodes).
Re: New Contract =/= New Customer
I'd be interested to see if shared or "family" plans are counted by the phone or by the contract (two phones, one contract servicing both of them). If it's the latter, then new devices probably wouldn't account for it since many people would roll their new devices into their existing contracts where they offer lower rates for extra devices vs. an independent plan.
Then you'll soon be expendable. Eventually, being able to reach the ankles and call out, "Hello Sailor" will become a job requirement. That's what happens with a race to the bottom. Eventually, someone desperate enough will step forward, leaving you and all the like-minded behind.
"If technology really were that invasive, if it really were that controlling, more people would be pressing that OFF button."
It's not just that. The work standard is basically REQUIRING it of workers. Put simply, if you can't answer the phone in the middle of the night, don't expect to have a cubicle in the morning: someone else is there with YOUR job, willing to undercut you for your position.
They go overboard with it because, by the 6th and 7th Amendments, they only get ONE chance at it, and since some of their evidence may be tossed, they need to be sure they still have enough to make the case stick. It's not so much "going overboard" as "overabundance of caution".
If it's anything like the one built into my Netgear router, it's a bridging (TAP mode) server. Which is useless for mobiles which can only work in tunnel (TUN mode). IIRC it's a basic limitation of Android 4+'s VPN client and I've yet to see a workaround for it, nor does my router have a good custom firmware available for it (yet--it's a new model).
Re: Eye for an eye?
I don't think so. This seems more like a mutual business agreement. Going with Gorilla Glass has been a boon to Samsung with their mobiles and TVs; their devices can take more abuse giving them more value. meanwhile, Corning appreciates Samsung's business since it lets them spread and improve the technology.
I wouldn't read this much further than just two partners taking a good thing and running with it.
Re: IP issues
"are they really that interested in seeing you living long after retirement age?"
Since a longer life means more time for treatment regimens, then yes they'd be interested in keeping their customers alive.
That said, the economics of repeat business being superior to one-time business means private enterprise can be counted on researching permanent solutions like cures and long-term vaccine regimens. This is one reason I don't like private enterprise controlling medicine: their motivations are against its best interests.
The problem is that many of these are ALREADY life-threatening. And what about people with compromised immune systems (transplant patients, HIV/AIDS patients, etc.)? On a more important front, antibiotics help to facilitate surgery, as the immune system is inherently compromised during a major surgical procedure (innards can be exposed to pathogens normally limited to the outside so they lack defence).
Maybe. Did the Herpes Simplex Virus exist in animals in a previous evolutionary form? We're pretty confident the Human Immunodeficiency Virus evolved from the Simian version, so it's not outside the realm of possibility for the first human herpes infections to have come from animals: most likely primates or simians.
Re: Kiss and Tell
Then ask yourself: if the migration was two-way, why didn't the Asian herpes strains COME BACK to Africa?
Re: Can't Google remove the apps from phones
It probably was until Amazon was stung with the "1984" scandal. Suddenly, people wondered: if the app stores can remove apps from my device, what's to say they could abuse it to, say, remove sideloaded apps?
Re: Need better power numbers for uptake
"To do that you need a minimum battery life of a shift. Sure, people could work around this issue by recharging during breaks, but being able to do a whole shift without a recharge is a significant psychological hurdle for any such tech."
And that's assuming your shift is EIGHT hours. What if you have a TEN-hour watch? Or TWELVE? Since you bring up the medical profession, I think some can go as high as 18 hours at a time (say for an 18-up/18-down rotation).
Re: pretty sneaky...
"Here's an open question. When Linux finally gets BTRFS properly implemented, will normal linux users be protected against this?"
If set up correctly and the malware doesn't get past the snapshot threshold, then a backtrack may be possible, though I don't know about about btrfs to learn if this is an exploited feature. Most of the work seems to be concentrated in the realm of snapshots, which are advantageous for VM hosts.
Re: A weakness?
That's assuming the malware connects directly instead of hijacking an existing program like a web browser that already has outgoing permission. And this would only work on a whitelist system that defaults to deny. This would likely only be in highly-restricted workstations. More common would be a blacklist system which would default to allow.
Re: Nuke the perps from orbit?
"If it was possible to identify a command and control server and take it down in seconds, a lot of this crime would get a lot more difficult.
Also, a simple point, computers need a clearly labelled physical button called something like "Disconnect from Network" which would stop all network activity without the need go go through any menus. The second someone thinks they've clicked on a bad link, being able to hit that button would stop a lot of infections."
1) Even if you could ID a C&C server, what if it turns out to be in a country hostile to you? That's why there are a lot of Chinese-, Russian-, and Eastern-Europe-based servers. They may not be as inclined to cooperate with you, and matters of state can keep you from applying pressure.
2) If it's that bad, PCs probably need something more drastic: a return of the Reset button. Forget disconnecting from the network. You'll probably need a full memory flush and more than likely a new IP address and set of rules. And that's assume the malware didn't manage to report intel back in the split second it was in your machine. Not so much nuking from orbit, but still on the level of "dump out and start over".
Re: Title is basically incorrect
Plus by hibernating like this, the malware has a chance of getting INTO the backup, tainting it so that trying to restore it could result in immediate re-infection.
Re: Im not doubting you Charles but...
I've seen software repositories and media servers keep mirrors that have random-sounding names in the first part of their domain name. I believe these are generated on the fly for certain sessions and then terminated afterward to prevent backdooring.
Because if Microsoft tried to do ANYTHING, someone would find a way around it. Think privilege escalation. And there's been a disturbing trend towards making malware capable of surviving even "nuking from orbit", such that even that isn't so sure anymore.
Until you find out they're clever enough to use IPs ALSO associated with legitimate sites. As for DGAs, they're ALSO used somewhat by some legit software houses, meaning blacklisting them, too.
I suspect the next step(s) for crypto malware are:
(1) hibernate first so as to increase the odds of getting INTO the backup, The idea being should one try to use a backup to restore the OS and files, it'll just wake up again.
(2) stick around after the ransom so as to hit the victim again (what business doesn't want a repeat customer).
(3) look for ways to invade the MBR, BIOS, and/or EFI to get around OS safeguards and try to gain nuke-resistant.
"There is a possibility that HFT may try to manipulate the market by artificially distorting one market to momentarily create a spread to exploit but that normally should be impossible because the trade will work against itself (i.e. making buying more expensive and selling cheaper). This can only work, in theory, if you have a leveraged position, say, in OTC market - but OTC markets are not suitable for HFT, so, there...
I have not seen many problems caused by "run-away" HFT algorithms so far. In fact, markets seem to shrug off occasional glitch much quicker and easier than in the old times. The day-traders are the ones that seem to be affected the most by extremely short-term volatility as they are forced to either set the stops wider, which increases the risk, or tolerate them being broken more often, which kills their efficiency."
Didn't we just have a "flash crash" recently? It's a sign of volatility, and the spike in volatility we saw can be scary.
The problem is that while the HFT program is trying to seek out these minute differences, so are many other HFT programs, ALL of them trying to be the one to cash in. It's like a little paper bag with only one sweet left in it when ten people happen upon it all at once. Everyone thrusts their hand into the bag at once because they all act at once. Similarly here, the HFT programs can all act at once, creating a spike. Meanwhile, the transactions take time to clear (because of the speed of light if nothing else), so there's a delay between actually making the transaction and getting the result. WITHIN that time period, any number of HFTs could be making the same move, adding to the mess like how fog hides the 20-car pileup and turns it into a 50-car one.
Re: @AC 19:39, "Which must mean that markets cannot be efficient."
Well, I will call this BS as BS as well. In addition, I will call anything that tries to call me BS is BS as well because I am calling MYSELF BS, and you can't call something BS if it's ALREADY BS, can you? (Joke ends).
But seriously, there's a point to this. While it is true that unregulated markets inevitably lead to corruption (the sharpest image in my mind is the American Guilded Age of the late 19th century), the problem is that, like the greedy investors, regulators are people, too. And unlike the investors, they're in a position of power. Which makes them MORE prone to corruption. IOW, you shift the focus of the corruption from the investor to the regulator. Sure, regulations are all fine and dandy when they first arist, but they're eventually tainted over the years. Look at what's happening with markets today. Everywhere you look, more holes than a wheel of Emmentaler. Because regulators get corrupted and insert the loopholes one at a time in a perverted form of "regulatory creep".
What your back and forth demonstrates is that BOTH sides can be corrupted by greed and that greed is basically going to try to ruin anything society. And the worst part is, greed is inherent to all of us. It's a survival instinct (Thugg wants to get everything he needs to survive, and if it means Ooga doesn't make it, even better). Community usually only works when there's a common threat (that's why wars tend to mobilize people--they present a common threat), but when the threat's over, we turn to the threat within.
I'm perhaps oversimplifying things a lot, but I think my thought process explains why you're both correct. In essense, we can't play fair because, deep down, we DON'T WANT to play fair. It's not the greedy investor or the greedy regulator but the greedy HUMAN. And that makes the whole issue of the rules a "hard" moral problem, because solving it also involves convincing OURSELVES not to cheat.
Re: What does automated trading add?
Two words: Flash Crash.
There was a swing in the market so alarming that anyone who would've noticed it would've set off alarm bells. Funny thing was, it was over so darn fast that no one really noticed it until AFTER THE FACT. Since it happened too fast for humans to even know it happened, that reduces it to algorithmic trading, and the speed of the activity basically leaves only HFTs as the possible reason.
An analysis later confirmed that what happened were a few HFT programs reacting to each other much like sharks in a feeding frenzy: one sells, another sees this and sells, a third sees them and sells, the first sees everyone else and keeps selling, etc. They reacted against each other, creating the "feedback loop" I mentioned, and since they're designed to be very fast, it all cascaded...and then rebounded, too quickly for anyone to notice while it was going on.
Re: So many things wrong with Android permissions...
The reason Android app permissions are all-or-nothing is because the developers DEMANDED it of Google. IOW, it was the ONLY way Google could convince developers to migrate. Otherwise, they would've stuck with Apple (who was top dog at the time so they HAD to bite the bullet), and Android would've gone nowhere.
So Android needed apps, the devs basically demanded control or they wouldn't provide the apps. What else could Google have done?
Re: Potential uses but only in controlled settings.
It's quite possible to ask for it in new homes and major renovations. I mainly wired my downstairs when the kitchen was being remodeled, as they tore the old inner wall down, allowing me to work around the studs (getting from the attic all the way to the exterior conduit would otherwise have been impossible due to twists, turns, and staples). It's when you have to deal with "in situ" situations that wires get tripped up.
Re: Potential uses but only in controlled settings.
But in both scenarios, you'd need to place the two ends of the link in ways that may not be so practical.
An office would be in a better position to use physical connections because most have access to a drop ceiling which alleviates the hardest part of the wiring process (a conduit pole can get the wires from ceiling to cubicle). Since a cubicle link would have to be put on the ceiling anyway, it would probably be easier (and perhaps more secure) to wire up.
As for the home, layouts can be more random, making the system less practical than a WiFi. Range is becoming less of an issue with more powerful access points.
Re: Sounds familiar
I don't know. There are some security benefits as noted with physical line of sight limitations. Plus IRDA suffered from bandwidth problems IIRC and faded because newer tech was both higher-speed and didn't require aiming. But some things are best done aimed.
Potential uses but only in controlled settings.
Given the line of sight limitations, I would have to think this would best be used in two ways: broadcast data (which might be better served with some kind of broadcast radio data band) and point-to-point connections where wires and radio are unsuitable. It could have a use in security applications where a controlled wire-free link across an air gap might be needed for temporary transmission of data. Depending on the receiver sensitivity, it might also be a cheap alternative to laser links that have been used between skyscrapers.
I wonder if the tech could be used as a successor to IRDA, capable of transmitting and receiving more information at a time than Bluetooth and barcodes while still in a confined setting.
Re: One Flaw..
- Records don't just disappear when a business closes up. More than likely SOMEONE still has them in case of investigations or lawsuits.
- Foreign receipts probably won't be trusted, especially for phones with American markings (I know you can get phones in Asia, but many times they're phones MEANT for Asia--or they're knock-offs. Either way, one can usually tell the difference. Ex: No Asian seller will sell a phone with T-Mobile branding--that's strictly Western).
- And the hand-written receipt can still be checked by contacting Bob Smith. Plus the receipt could be considered suspect, meaning the transaction will be tagged, kept for later, and if it's figured that Bob's fencing, he'll probably get a call.
Put it this way. They're demanding a paper trail, and a traceable one at that. It's the lack of traceability they'll be looking at.
Re: One Flaw..
But that receipt will still have a date/time stamp as well as a transaction identifier. Any store with an electronic journal can use them to run a search and check to see if the transaction matches or not. It's pretty much SOP for ANY store with such a system, which means switching stores simply lets THEM check.
Re: I won't hold my breath waiting for a difference.
But then the OTHER store can check. What stores these days don't keep an electronic journal? At the very least, they use it to cut down on returns fraud, plus it helps when police come calling concerning possible CC fraud (the stores will want to cooperate since that helps get them off the hook).
Re: Is it really that hard to ID a phone?
The problem with that is government relations. Consider if you think the Chinese would really care so much about a US blacklist.
Re: I won't hold my breath waiting for a difference.
You may be able to print fake receipts, but the stores can probably tell it's a fake through their receipt journals.
Re: Actually, I have to grit my teeth and admit that this politician's suggestion..........
You'd be surprised. Unless it's a photocopy of a genuine receipt (which is trickier than you think--most stores use thermal paper, and photocopies tend to leave telltale marks), the receipt would likely not match the transaction and/or date/tiime stamp (and most stores with computerized points of sale keep electronic journals that can be searched), meaning it would be pretty easy for the store to spot a fake receipt.
Re: Is this the future?
Tape may not be dead, bit it's been niched. It's now pretty much an enterprise device.
Personally, I wouldn't mind a consumer-grade version of this stuff. Given all the stuff the average user starts accumulating like a magpie, having the ability to take a cassette holding a few TB and putting it elsewhere for a rainy day. The tapes themselves aren't so bad price-wise, but the DRIVES...(shudders).
Yes, I know there are external hard drives, but I always worry about the controller hardware in them, not to mention I've had a few (mostly Seagates) show signs of giving out. But from what I can tell, the demand just isn't there and external drives fit a "good enough" niche.
Re: Can't hurt to have available!
While GIMP supports PSD files, it DOESN'T support Photoshop PLUGINS, and there's many a Photoshop workstation that has some plugin they use for special filters or whatnot.
It's the same problem with exchanging LO/OO files with MS Office: in addition to the inevitable formatting gaffes, complicated files will have scripts in them that don't translate well between products.
And since these products are the de facto standards of their respective industries...
Re: Doesn't sound very secure
I still don't see how a computer couldn't figure it out. It's just a matter of two levels of pattern recognition, and since the CAPTCHAs normally have to be made by computer in order to get out the desired level of randomness, patterns WILL emerge that a computer can exploit.
"Do these in reverse order" - Should be easy enough for a computer to recognize the word "reverse". Even if you tried a scrambled-number order combined with reverse and the occasional, "DO NOT DO THIS STEP" at the end or directional cues like "under" or "to the right", a system with enough training should be able to pick out all these gotchas. Language isn't a big stumbling block anymore as this is the first step towards decent machine translation (while while not perfect is still improving considerably over some years ago). Same for the pictures. It shouldn't be too difficult to tag a certain image (even if rotated or flipped) with "wet dog" and "happy cat".
Re: All that RED???
In this case, color is only used for uniqueness, not as a distinguishing trait. IOW, a colorblind person may something different, but it's still useable to them because the color doesn't HAVE to factor in.
Re: Read the fine print
And if you learn you basically can't change the people because the standard's too high a stake for human nature (and the inherent desire to control) to leave unaltered?
It's like when someone suddenly invents the Next Big Thing and suddenly realizes that it's SO valuable that people will KILL for it, meaning no one can be trusted to do things for the greater good.
- +Comment Anti-Facebook Ello: Here's why we're still in beta. SPAMGASM!
- NASA rover Curiosity drills HOLE in MARS 'GOLF COURSE'
- WHY did Sunday Mirror stoop to slurping selfies for smut sting?
- Business is back, baby! Hasta la VISTA, Win 8... Oh, yeah, Windows 9
- George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests