"This is why boot ROMs should be tiny and actually ROM, not flash."
And what happens when an actual ROM has an exploit in it? Good luck trying to fix it...
6224 posts • joined 10 Jun 2009
"This is why boot ROMs should be tiny and actually ROM, not flash."
And what happens when an actual ROM has an exploit in it? Good luck trying to fix it...
And remember, marketing is beholden to the clients, who demand ease of use before security. After all, who wants to go through three different dead bolts just to get into their house? And ease of use quickly eats into security, putting you at odds when both get demanded at once.
Thing is, anything that passes Congress has to go to the President's desk, and since the President and Congressional control are opposing parties, any rider runs the risk of being labeled poison and grounds for a veto, which the Republicans lack the muscle to override. And the Republicans know they LOST the last game of chicken they tried to play; that's why they're so reluctant to try now. Furthermore, Democrats in the Senate also possess the power to stall disagreeable legislation by employing the filibuster power. Since the Republicans only have a bare majority, it'll be hard for them to muster the 60 votes needed to invoke cloture and stop a filibuster if party lines galvanize.
Laws or not, telecom is a utility with big upfront costs. If the incumbents pull up stakes and take their infrastructure (which they legally own) with them, who's going to pony up to build it all back again without appealing to the reluctant taxpayer to foot the bill?
Title II or not, the government can't prevent a business from performing a voluntary liquidation, especially if it makes financial sense (which then goes to fiduciary duty; if the government presses, they can countersue and pit law vs. law in court).
And who cares if the bodies float downstream. They'll have been looted long before then.
"Under the IM protocol the authority is not "gleaning" any additional knowledge about you. It receives a request to confirm an assertion that some detail about you satisfies some constraint (eg that your age falls within a given range). It already has the records that guarantee that assertion."
It will know whose credential is being asked (Due to the need to look it up) AND who is doing the asking (Does the asker really need to know this?). That alone can be interesting evidence, especially piled up with other bits of information accumulated over time, and there's no way to be certain this information isn't kept in some way, shape, or form. It may be a breadcrumb, but gather enough of them and you end up with enough to fill a can.
Or maybe that's what the NSA WANT you to believe since they've probably been secretly compromising hardware chips since the 8008.
IIRC, the central valley part of California isn't exactly a desert. Plus rice needs water control no matter where you grow it.
(1) How do you get the desalinated water ashore in reasonable volumes to handle, say, a big metropolis like Los Angeles?
(2) What do you do with the concentrated brine left over from desalination? And note that sea water has more than salt in it, so you can't just sell it on the open market.
"The trick worked in Chernobyl too, apparently it killed thousands but Russia only reported some 60 or so."
You have some independent and unbiased evidence to that effect?
The article mentioned where most of it went: to the agricultural nexus in the heart of the state.
Someone hasn't seen "Airplane!"...
Different strokes for different folks. Some need the former, some the latter.
As I recall, Ada is both more memory-intensive and more processor-intensive, which are minuses for things like embedded systems (less memory and usually underpowered CPUs) and performance-critical applications where the overhead is something to be avoided.
And the moment you do that, someone's going to cheat the system and simply encrypt everything and wrap them in packages describing security fixes or other high-priority sequential stuff. Back to Square One...
"Again, access to the data network is unlimited. The advertising is not false."
It is TOO false. If contention can get so bad that I get dropped off, then I've LOST access to the data network. That's a problem for the provider and a hint they need to plunk down for more infrastructure. And I'm not confused. Unlimited access is actually standard for all data plans, which is why they charge overage or downgrade your connection instead of cut you off. The unlimited then MUST apply to the data cap as there is no other differentiator. Furthermore, without a qualifier in the plain English advertising they post, the Unlimited should be unlimited in all aspects not limited by physics.
"I'll give you a second to reflect on your life, if YouTube is your example of compromised capabilities."
Substitute YouTube for On-Demand Video from your favorite app. Handy for the road warrior, you know? I've given it my second, and I stand by my statement. It's not like I live my life on the stuff, but it's still quite a handy place to look for video clips and the like. Since I'm still alive, I must conclude that I actually DO have a life.
"Well, in that case every carrier should be advertising data speeds of zero. Because there are huge parts of the country with no cell coverage. Do try to think before you write."
Actually, I FULLY EXPECT AND WELCOME this. If there were a law that demanded this of any an all advertisements (define them as pleading a case before the public, subjecting them to Sixth Amendment restrictions on truth), I'd be pushing for it night and day. Again, don't advertise something you can't deliver. If they're forced to advertise zero bandwidth, that tells me they shouldn't be advertising, full stop.
Even "practically unlimited" has a clear deliniation. The ONLY limits that are allowed here should be physical: dictated by the limits of the towers and backhaul, not by any arbitrary system set up by the provider. And even then, serious and continuous contention should be a signal to add infrastructure in a timely manner.
"So you want your cell network all clogged up with people BitTorrenting and streaming Netflix because it's "unlimited" while you're trying to download driving directions or, I dunno, having a phone conversation?"
As the saying goes, "Give an inch, take a mile." Don't offer something you're not fully prepared to provide. If you can't truly offer unlimited and allow BitTorrents and the like, don't offer unlimited. By my book, any service that has to artificially limit bandwidth (as opposed to natural limits like contention and aerial bandwidth) is not unlimited and therefore false advertising in violation of federal laws.
Thing is, there's another line somewhere on the scale: the metric of how much it will take for them to go "Sod this" and pull out altogether. The thing you don't want is for the "Sod this" limit to be lower than the "OK, we'll play clean" limit.
How do you traffic shape an encrypted connection that can come from anywhere?
"Your response is exactly the sort of 'can't do' attitude exhibited by the people running these organizations. It's a failure of imagination, and a failure to have a vision of an improved method. Perhaps there's a failure of attention to detail. Perhaps it's a lack of hands on experience in the circumstances where such improvements would be valuable."
Or perhaps it's an overabundance of caution in a real world where great ideas can have unintended consequences. Such as lawsuits and Big Brother concerns...
"That's a relief for me because I always disable UPnP on my gateway/router and on any device that offers the bloody damn thing."
I just used it as an example, since it's a common setting on P2P programs to allow for ease of use. If Microsoft was hell-bent on this, they'll probably employ a middleman system like Skype and Live use to get around a double-NAT situation. And credits to milos it uses the same address(es) as legitimate web connections to known Microsoft and/or partner sites, meaning you can't block the middleman connections without blocking legitimate sites: again, collateral damage.
I don't know if it realistically can be regulated. At least BitTorrent clients let you pick the ports, but some also let you randomize it and use UPnP to open the port on the router. If Microsoft uses this technique and also ties it to the download port, I don't see how you can block one without blocking the other. And given the peer-to-peer nature of torrents, trying to figure which address(es) the torrent is using would be like a game of Whac-A-Mole.
"How come when you pick up a gadget and wake it up, it's very common that it will choose that point in time to start checking for, downloading,and installing updates?"
Because 9 times out of 10, when the human puts the thing down is also the time it goes to sleep, meaning most of the stuff needed to do updates is powered down. And most humans don't want their devices waking up on their own when they're not around. Not only are there privacy implications, but also power-related ones, especially if the device isn't plugged in often.
Not even if the update files are signed?
Depends on how well the updates are signed and/or verified before applying. At least BitTorrent uses hash checking to verify segments as they're downloaded.
There's another implication. Since the update files can come from practically anywhere, there's no practical way to block them at the firewall. So not only are home users required to accept updates but there's no practical way to block that feature upstream without collateral damage.
"Depends on the 'Linux' (or BSD) distribution you choose and how you install it."
Most Live distros pack a default browser such as Firefox or a variant thereof. I think most user-oriented installation routines also set a default browser and leave it to you to pick an alternative later on from whatever manager is at hand.
An isolated Windows machine precludes both ZFS and NAS4Free. Besides, in such a setup, doing it my way doesn't involve too much fiddling (I use FastCopy to to the bulk copying work) and has the added benefit of immediate access when they're needed without having to use a network.
There's also the consideration of bulk storage. Flash and post-Flash tech has the speed advantage, and in terms of reliability it varies somewhat, but when speed is less important than sheer capacity, spinning rust still wins. Especially as the size of the average "thing" continues to grow.
As for the PC itself, I expect it to shrink and niche but not disappear altogether. Workstations will always be needed to produce content, plus there are plenty of enthusiasts and amateurs who will need its versatility and/or raw localized power (media authoring and gaming are two big examples).
You can say the same thing about optical discs. Many aren't designed to last more than a few years. Trust me, I speak from experience. I copied all my opticals to external hard drives and still lost some of the data to optical bit rot. Yes, I know spinning rust can break, which is why I keep two copies of the data (the second on a different lot from the first) and rotate them periodically. The odds of a simultaneous double failure are extremely low. I also use parity archiving as a guard against gradual failure (raising the odds of reconstructing badly-read or -copied data).
In the US, the limit is about 4-500 feet. Above that is considered commercial airspace controlled by the government. That said, the FAA has authority over all aircraft regardless of height. And since UAVs are considered by them to be aircraft, this slips into a legal gray area: regulation of aircraft vs. protected expectations of privacy, both federally regulated.
Not unless it's a guarded rotor, in which case it'll deflect off the guard and continue flying.
Tresspass, certainly. Voyeurism would depend on its actions during the intrusion.
As for shooting down, that's something of a gray area. If one could bag, net, or otherwise capture the drone while it's over your property, one could at least argue confiscation and get off. Shooting it down will take more arguing before the judge since the circumstances can result in collateral damage, which is why most localities don't allow discharging within their limits.
For a low-flying Peeping Tom drone like in this incident, how about a decent-sized throwing net, say 2m diameter? Toss it up, bag the drone, pull it back to earth, and report to the police with the evidence, so to say, in hand?
From what I've read, it was only 3 meters, not 83, so almost point-blank (which I think is < 1m).
Birds are generally benign so don't constitute a threat (possible exceptions being a hawk that threatens your pet; if that happens, fending it off and then calling Animal Control would be considered reasonable).
As for airplanes, they're usually in the government-owned airspace above the space you own (private property extends upward to the edge of commercial airspace).
"As far as endangerment of his neighbours goes, I've always got the impression that on a clay-pigeon shoot, no-one's too bothered about who's the other side of the hedge at the end of the field, as if you're firing almost straight up, standard shot will have lost pretty much all of its kinetic energy by the time it hits the ground."
Is it the norm to actually have homes on the opposite side of shooting ranges over there?
Actually, a homeowner normally DOES possess air rights to the space immediately above their homes, up to a certain height where it's government-regulated airspace instead (where airplanes fly). I know this because my neighborhood signed an eminent domain settlement giving the Navy an easement allowing the jets of a nearby airbase to fly over our neighborhood in exchange for compensation. They wouldn't do this unless the homeowners actually owned the space over their houses.
Shot can't keep a ballistic trajectory (shotguns are smoothbore), which is the key reason bullets fired up are still deadly coming back down (because their spin from the rifling stabilizes their flight). They'll tumble instead and fall to the ground with about the force of a comparably-sized pebble dropped from the shot's apex (1-200 feet, I think). Meaning, at worst, it can be annoying but it shouldn't be lethal.
Still that 200GB SD represents the limit I think in terms of flash on SD. The dimensions of the card are now constraining what chips can go into it three-dimensionally. Thus 200GB instead of 256GB as it should be.
You can say the same thing of 3D Flash. It always takes time for production to ramp up. Thing is, this new tech appears to be lagging 3D Flash only be a few months. If it really is everything it claims to be, it has the potential to strangle 3D Flash in the cradle, before it can really break out into the mainstream.
"I'd heard that memristor from HP/Hynix was a done deal, simply waiting for market conditions to be right. Never sell your best if you can sell your old product line for a while longer...."
That's a fair strategy for evolutionary tech where the competition can choose to leapfrog you and go two steps ahead instead. Not so for revolutionary tech that can result in a paradigm shift, meaning your existing tech can be obsoleted cutting off your revenues. In the latter case, who dares wins since they gain the critical advantage of the first mover. If the market develops to be such that it can't support a lot of suppliers, you definitely don't want to be left behind.
Well then it's a lost cause since you'd have to apply this flat tax rate worldwide. But since many countries are in competition with others, tax havens emerge and since they're sovereign, there's little you can do directly to stop them being tax havens. So you gotta make it up somewhere.
As for the flat tax, one reason for a progressive tax code is to discourage the very rich hoarding their money away. Money that doesn't move doesn't get taxed since it's no longer income to someone. That's why some savvy wits borrow against assets instead of sell them: to dodge capital gains taxes.
"This is the 21st century and we're talking about mobile devices right? Why don't you just use the hardware-implemented codecs on the hardware (via the SDKs)? I can play real time video on my phone's browser, or from within an app, without having to get my hands dirty writing c++ codecs."
Because time marches on. Codecs get improvements and eventually get replaced with entirely new ones. Hardware H.264 can have trouble when handling bleeding-edge video files that push the codec to its limits. And they're absolutely worthless for the new wave of H.265 video.
"Most of Android is built in Java,not c++."
Except performance-intensive stuff IS native-coded. And multimedia stuff tends to fall into that category: especially anything involving video. And even my S4 (also a quad at nearly 2GHz per along with a good mobile GPU chip) has difficulty doing 1080p H.264 video with subtitles (not starting with H.265). A 10% hit can mean the difference between a decent enough playback and one too herky-jerky to be satisfactory. And most consumers think opposite to you. "Screw security; I just wanna get stuff done!" Meaning you're outvoted.
I think the S4 is still on the Lollipop list, so it could still be updated.
It's referring to the Multimedia Messaage System (MMS), which uses the Simple Message System (SMS) as a conduit to enable phone users to pass multimedia attachments around. Think of it like a form of e-mail attachment. The text is sent that contains information for the phone to know where to connect to download the actual file.
Where the problem lies is that Android, like many other smartphones, tries to go one step ahead of you so you don't get frustrated in waiting. They pick up the attachment ahead of time after it receives the text, sets it up for you to see, and THAT'S where the exploit lies.
"Some thought would be need to given to older hardware which is no longer able to support the latest version of an OS. Backporting will only work so for so long. Might have to introduce official restrictions on older hardware."
And then you'll be playing right into the paranoid's hand since they figure old hardware is the only way to prevent Big Brother from watching you.
Not to mention that would make the ISPs legally liable and culpable for the content. IOW, they can now be sued or even charged criminally for not policing their network if they exploit the capability.
ANOTHER Redpill? And there are those who said a Redpill was trickier to accomplish...