Re: Note to El Reg
In which case, they'd rather have no NFC payments AT ALL. Walmart's steadfastly refused to add it, and many places have DROPPED support even before Apple Pay was added.
5069 posts • joined 10 Jun 2009
In which case, they'd rather have no NFC payments AT ALL. Walmart's steadfastly refused to add it, and many places have DROPPED support even before Apple Pay was added.
They may be able to boil the operators but what about the EU? Boil a rock all you want, it's still a rock.
They'd have to get EU law changed first. That mandates a hardware sim switchable by the user so a phone can't be permanently carrier-locked.
How does it earn operators money when many plans are allotment or flat regarding messages?
Except where will all their customers come from once the proliteriat is sucked dry?
Maybe, but the question's still there. If workers are paid peanuts, how will they (who are also customers) be able to afford your goods?
"There is no economic gain to be derived by increasing the number of widgets produced. More widgets might not all sell. Their price might tank, and that will eat into profits. Maintaining the same production levels while cutting production costs to a minimum is guaranteed to increase profits."
Actually, there's a fatal flaw in this statement. It forgets to account for one key element: the consumers. In order to buy things, consumers need money, and that more often then now comes from employment. But if you shortchange workers, you end up with items out of their affordability range. IOW, you torpedo your own market. That's one reason henry Ford always paid generously: to make sure he had customers for his products.
If the G3 Screen is limited to Korean markets, it's likely the LTE in it is geared for the rather odd Korean frequencies.
"Redpill" comes from the Matrix universe. In the Matrix, most humans are lulled into believing the world they're in is real, but it's not. People who were scouted and took a "red pill" eventually were disconnected from the Matrix and exposed to the real world. Someone a few years ago proposed a malware which would transparently wrap the existing OS into a virtual machine which was then controlled by a hypervisor in the malware. Thus the reverse was also conceived: a malware that could detect the presence of a VM and, knowing this, found a way to break out into the hypervisor. Such a malware that could do that can be termed a "redpill," similar to the Matrix scenario.
Until the malware starts packing a redpill exploit...
Careful with the VM. Some malware's smart enough to detect this and use an exploit to redpill its way out to the metal. As for known, trusted sites, the problem is that the malware targets ad networks USED by known, trusted sites. That's the key to a drive-by attack; they target sideloads used by otherwise-popular sites. Ideally, they want to use an ad system that's part and parcel with some key part of the site, making it practically unavoidable.
Only if the ad is not of a domain that's required for the site to run. If the ad's domain happens to coincide with a part of the site that's required for operation (not unheard of), then you're caught between Scylla and Charybdis. The only way to get proper site operation is to open yourself up to that drive-by.
"Where it will get really interesting is when the solider is removed entirely, and a decent AI is left to control the drones and select or recognise the targets. That will trully reduce the cost of asymmetric warfare, and could be the beginning of the end for the cowardly brand of terrorism currently afflicting the world."
Then what happens when the terrorists get their hands on them?
"5) I'm not sure about this one, but probably millions of people, if the location of the Amazon distribution center nearest to me in Netherlands is any indication."
IINM, the testbed for the concept is going to be New York City. 10 million people alone plus whoever is within reach in the suburbs on Long Island and New Jersey. Not to mention a ground traffic problem that makes aerial courier a more-financially-tempting option.
The term was coined before the advent of electricity. The more proper term these days is "over-unity," which accounts for non-mechanical "perpetual" concepts.
"If someone's search history contains <insert comically-named skin flick here> then it would nice if that wasn't considered embarrassing so much as private and even more so if it wasn't considered perverted so much as normal."
Remember that the very concept of personal privacy is a relatively new thing: probably no older than about a century and a half for the ordinary joe. Basically, the smaller the community or the larger the reach of its people, the less one's privacy can be guaranteed. Privacy increased with the rise of cities that created a screen of other people and such, but with the increase of electronic communications, particularly those of an audio-visual nature, that privacy has dropped drastically. We're rapidly becoming the Global Village, and I don't mean that in a good way.
For the person whose history he or she submits. He's saying if he knows your search history, he can find skeletons in your closet.
Surprised a video ad from a seller of actual (physical) windows didn't get wiped and the company suing Microsoft for harming their business by wiping out their ad hits.
Even if they were past the prototype stages, VASMIR is not launch-capable, so you still need a way to get it up into orbit. Right now, the hope is to fit a VASMIR to the ISS, giving it an easier time with course corrections while putting the engine through some space trials.
Nice thought, but cosmic radiation is a whole other kettle of fish. They're the top end of the EM scale for a reason. We already know they've been able to penetrate the Earth's magnetosphere (which is already bigger than anything we'd probably be able to generate), atmosphere, AND a mountain.
Not gonna do much good. Cosmic rays are SO energetic they've been detected under a gol-dang mountain, with all of Earth's atmosphere in between.
I've never been partial to overpriced Bose equipment. I find less expensive alternatives. And while they won't completely cancel out background noise, they do make a nice difference in a noisy environment like inside a conveyance. I personally keep a pair for air travel.
Perhaps another reason is that identity theft is perceived as a fate worse than death. Shot to death, you're dead, game over. Identity is stolen, all that belongs to you is at risk, yet you're still alive to suffer all the consequences. Many would see living in helplessness as being worse than death.
The problem with the scenario is that, in spite of all the safeguards in place, a Trent is still needed. Thing is, as we've seen, Gene and Mallory have gotten smart and are now starting to target Trent in an attempt to subvert or impersonate Trent (think dodgy CAs). The bigger he is, the bigger the target is on his back.
But it's also essential to a safe Internet. Without Trent, how can Alice and Bob prove their identities if they've never met before?
Ever thought that it's both? That Microsoft is the cyber-squatter in question and that they did this so they can't be accused of breaking Internet conventions by internally routing an otherwise-fair-game domain (it's quite all right if they own it)?
"My phone is on carrier grade NAT when it is on the telco network. Everything I have done over phone (tether) works fine whether it is the likes of SSL or IPSec VPNs, skype, and everything else. No issues."
Sounds like you're MAKING the connections in this case, plus Skype has a Trent to help it. But what about if you have to operate a deamon behind a carrier-grade NAT. Even worse, what if both you and the target party are behind a NAT (or worse, carrier-grade NAT, meaning neither you nor your destination have a uniquely-addressable point to refer to. There's physically no way to achieve that without a third party (a Trent) that both of you can reach, which has safety implications of its own (Is Trent really Trent?).
I suspect there will always be debate on both sides of the Atlantic when it comes to pronunciation. The best way to note it is that British English is more traditional but rather inconsistent whereas American English is generally more structured but as result things change.
I came to realize this when I had to pause for a moment to realize what was being described in a "gaol" and why I didn't recognize the pronunciations of words like Cheswick and Worcestershire, among other things (I describe it best as a lot of contraction, so much that it can confuse Americans).
American, given Comcast has no UK presence. The merger is also of American firms.
Uptake's been a touch slow for two reasons:
1) Supported phones were pretty low at first. Due to card company recalcitrance, you not only needed the right phone but the right network, too, which kinda sucked. When the S4 came out, card companies allowed it because of the Secure Element, but Google managed to leverage more leeway bit by bit. When Android 4.4 came out and Host Card Emulation, the number of supported devices jumped since the implementation was now independent of network or the Secure Element. More or less, if a device had a compatible NFC unit and could run 4.4, it could now support Wallet (shame it can't be backported; there are more NFC-enabled Android devices you could support if you could).
2) Retailers have started getting a touch wary about contactless payments. Fears of data skimming and hacking have them wondering if they should be covering their butts. Combined with the slow uptake, some places that once accepted contactless are now dropping it.
"A genuine question; does anyone know if 'drive by' skimming is possible with credit/debit card based NFC? As in scammer with handheld NFC reader walks down a crowded street fishing for close proximity with a card in a wallet or handbag. Or is conventional skimming merely limited to lifting the data on the mag stripe for later use in a country that still uses them - i.e. the scammer isn't actually processing payments, so the same would apply to 'NFC skimming'?"
NFC's a bit more complicated than that. There has to be an exchange between the originator and the device. The originator has to send a signal that indicates it's a point of sale in order for a transaction to take place (if it's a tag type instead, something else happens). From what I understand, the card number used for this system is strictly for contactless and can't be used for other purposes. Furthermore, there's supposed to be some kind of nonce that's sent to the clearinghose to prevent replay attacks.
As a further safety measure, the NFC unit of most phones is inactive when the phone's asleep or locked, meaning the user has to wake up and/or unlock the phone for a transaction to take place.
"Don't forget that, as far as I'm aware, the US doesn't have chip and pin, so it's miles above what they have over there."
Not YET. Transition is in progress and will probably take about a year or two.
"Apple Pay uses a Secure Element to store the card details, not Host Card Emulation (which is, essentially, a software only version of Secure Element)."
Do we have confirmation of this? From past experience using the Galaxy S4 and so on, Secure Elements can be finicky and more trouble than they're worth (if the transaction chain breaks due to a reset or whatever, the Secure Element can't be reset easily). That's one reason Android 4.4 added Host Card Emulation so that it (1) wouldn't be necessary and (2) would be easier to fix should something go wrong. Since HCE is now the norm on Android, why would Apple stick to the SE?
If Apple Pay is using Host Card Emulation, then it shouldn't be an issue. Google Wallet for Android versions 4.4 and up uses Host Card Emulation and will work fine at any terminal set up to accept the contactless card systems of the big boys (Visa, MasterCard, Discover, and American Express all have their own names for it but they're essentially the same). A Secure Element is not required on the phone to use Host Card Emulation, reducing the hardware requirements, and this may have been what's tipped Apple over the edge regarding NFC support.
I will concur that the number of places that accept contactless payments shrank recently as some places saw it as either a fading fad or a liability. Walmart as I understand has been steadfastly against the idea because they want more control over payment data. Neither Walmart, K-Mart, nor Target support contactless. Best Buy does but only to a limited extent. 7-Eleven, Wawa, and Burger King have all withdrawn support. So basically, Your Mileage May Vary.
"Metalic Lithium contains both an oxidiser and an oxidant? Allowing it to release energy without using an external oxidiser like 'air'?"
Actually, yes. It is capable of producing what's called a self-oxidizing fire. Certain other metals like magnesium have the same properties, as does thermite by design. Plainly put, asphyxiants don't work on them which is why they can burn even in oxygen-poor environments like underwater or even in vacuum.
I would be more inclined to accept a SIM-less device if the switching mechanism was outside the control of the manufacturer. If what you say is true and the "soft SIM" is really a programmable SIM, then this might inspire third parties if they can ink MVNO deals with the primary carriers and so on.
I'll be worried when these phones start penetrating Faraday cages. If people are paranoid about always-listening phones, they'll throw them into Faraday bags at night.
"And clothes - people can use them to conceal weapons."
Forget clothes. At this stage, we'll have to ban the human body. Recall that a few years ago someone managed to hide and detonate a bomb concealed...let's just say where the sun don't shine.
Let's face it. We're almost to the point where one person can ruin the world. Which means no government will trust its citizens since just one could be the one that destroys them. The operative phrase is rapidly becoming, "Don't trust anyone."
Four words: Ink On A Page...
Because you can't trust the PIN pad not being switched out or otherwise tampered with?
"USB OTG and a memory stick?"
Not an option since using OTG blocks charging, and since using OTG puts additional load on the battery, this is one place where it's NICE to be plugged in, only you can't.
I also insist on removable batteries. Not only is it a safety feature in case the battery becomes faulty or a pull is needed to reset a device, but it allows for aftermarket upgrading if you don't care about bulk like I do.
Compared to an iPhone 6, especially one fully loaded, yes.
Binder is part of the base OS. It's the thing that handles what Android calls Intents. The Intents are IPC messages that say you want to do such and such. They're also what prompt you to pick a program to handle things like Market links, SMS messages, and so on unless you set a default. What the article is claiming is that something can hijack the intent chain so as to call up system-level functions and use them to hack the device.
Honest question: Can this hijack occur with just a URI or does it require some kind of app installation to perform?
PS. It may interest you to know that Binder is an inherited thing. It comes from OpenBinder which was in turn originally developed for BeOS (now that brings back memories).
Point is the camera can detect things not normally visible to the naked eye, and these camera CAN and DO capture infrared since they can see the infrared emitted from remote controls and the like. Removing the IR either takes a filter layer or software post-processing.
The point being that while one biometric can be fooled, if the system can simultaneously check for several different biometrics (check for a pulse, moving eyes in the right color, breath, voiceprinting, et al) as well as create dynamic tests that thwart preimaging (asking for a blink, an answer to a simple generated question, etc), then it should be possible to take "faking it" past the practical limit for most adversaries. And you might be able to deal with the gun-to-the-head scenario (which will exist regardless) with a duress sequence: one that not only alerts authorities but also releases traceable dummy data, making it seem you're letting them in.
That's one reason I suggested checking both for image and for infrared pulse (something phone cams can already do). Two simultaneous checks which when combined can be trickier to defeat. Since humans can't see infrared naturally, you can make it so that it's difficult to fake a face pulse, especially if it's taking a full infrared image that wouldn't be readily fooled by LEDs (which would emit hot spots). Combine this with a motion-based match (make the subject randomly wink or blink or open the mouth--this would stop the photograph--as well as check for the actual pulse to thwart steady-state infrared emitters) and you can get something that has a decent expectation of an actual, live face.
Pretty simple to fake an infrared face pulse while still fooling a selfie cam lock? Kindly demonstrate...
Those same cameras can also detect infrared, which is why camera heart rate monitors work (perhaps not too accurately, but interesting nonetheless). If the face checker also checks for a facial pulse (which a paper mask would likely obstruct), then it would be more difficult to fake.
"Europe is not so bad if you consider it a nation."
It's still considerably denser than the US. Key cities in Europe tend to be more evenly distributed. The geopolitical structure of Europe not only helps this but also affects the economics of wiring up, since each country only has to deal with its respective areas and don't necessarily have to agree with the neighbors.
I'd be very interested in an Internet distribution map of countries like Canada, China, and Russia (these are single countries comparable to the US in land mass). Based on what I've read so far, though, they too have their faults: particularly lopsidedness.
"Looking at that the other way around: I live is a city-(non)state far smaller than Illinois though with a goodly fraction of the same population. (It's called London). Why can't I have gigabit networking to my house for UD$20/month?"
Simple. You live in an OLD city. South Korea's infrastructure is pretty modern: its age measured in decades, while good old London has infrastructure dating back centuries (yes, some of it got bombed and subject to fires, but a lot of the stuff, especially underground, survived). And if there's one thing New York and London have in common, it's that it's hard putting up new infrastructure when old stuff's in the way.
Put simply. Infrastructure is much easier to install in a new city (or one forced to rebuild due to war or disaster) than in an old city.
As a number of exploits recently have shown, this trust issue is not limited to proprietary software, since we as humans lack the ability to be eternally vigilant in everything we do; otherwise, we'd never trust anyone and nothing would get done. Makes you wonder if you wake up tomorrow and realize you and everyone else in the world is essentially living under the Sword of Damocles.