3710 posts • joined 10 Jun 2009
Re: Policing users
So how do the ISP perform packet policing when their users increasingly use end-to-end encrypted channels like SSL? Or worse, encrypted-by-design networks like ToR, i2p, and freenet? How do you you DPI an encrypted packet?
You ever seen all these recent articles about malwares hiding in government installations for nearly a decade? The best malware stays silent and hidden, eavesdropping on network activity and then secretly sending off its results. If a malware sneaks onto the LastPass system, they can just listen for the credentials being passed online (and since it's at an endpoint, it's a point where it could avoid encrypted channels and hear a means of obtaining unencrypted credentials—either the user's master password or his master key).
Even as huge as the resources of US.gov are, there ARE physical limitations. Barring an exploit, a large collection of individually-salted credentials would take more time and energy than the human race can currently exploit. Further along, you run out mass and energy on the PLANET, and we're not even close to ready to exploit extra-planetary mass and energy resources.
Put it this way. As much as people believe there's a black helicopter for everyone, consider the cost of building one, then multiply by the number of people in the country, then factor in the available US budget, which IS finite and having some debt issues.
Not necessarily for the video part. In that regard, I think it's being done a bit inefficiently, though correct me if I'm mistaken. I'll admit I'm drifting from the topic at hand, but what I'm discussing seems more realistic AT THIS STAGE. Are TV video transmissions of a single quality or of a progressive quality such that the first bit of a frame produces a low resolution frame and then other parts refine it into a higher resolution over several stages like a progressive JPEG does? I would think for a more mobile world a progressive-quality stream would be more versatile without having to retransmit the same image multiple times, unless the overhead involved with progressive quality outstrips the costs of just transmitting the image multiple times.
Which is why I say virii with long incubations are worse, because for much of that time you can still be a transmitter. That had always been the danger of HIV and AIDS: the fact you can have it and not know it. It's been increased public awareness of that fact that has kept it under control by means of increased testing to catch it at early stages.
IMO, a nightmare virus would be something like a "time bomb": ticking away without your knowledge. It would be (a) airborne or otherwise overly easy to transmit, (b) highly lethal, but (c) with at least decent incubation. I consider us fortunate the closest we've come to a virus that ticks off all three criteria has been the 1918 pandemic, with its iffy (c) qualification.
As for an ebola vaccine, that's a longshot. Ebola is a retrovirus, a kind of RNA virus. RNA virii have always been hard ones to nail because, by their nature, RNA virii tend to mutate a lot. It's for this reason we can't nail a virus for the common cold (coronavirus is also an RNA virus).
I think it's an either/or case. Its unique shape that makes it so effective in human cells (thus it's called *H*IV) has the drawback of being poor at fending off the elements. Similarly to the ebola case. As mentioned, the mutation that allowed ebola to go airborne also made it less infectious, probably because a structure capable of surviving in air also makes it less capable of infection once back inside. The potential bug-a-boo is either (a) a virus that is SIMULTANEOUSLY highly infectious and airborne-capable or (b) a switch-hitter: one that can switch between airborne-ready and highly-infectious depending on the circumstances (various bacteria can switch-hit by hibernating as endospores—can a virus switch similarly?).
Re: At or below cost
"The MFN clause is vital to enable Apple (or anyone else) to know that if they invest in a business model that succeeds, the suppliers can't simply cut them off. Without the MFN clause, the iTunes store would have been shut down by the music publishers who thought the world belonged to them."
That's an interesting thought, but it begs the question: do the ebook publishers need Apple and its numerous iDevice users more than Apple needs the publishers to drive incremental business? Because if it's the former, then Apple's dictating terms by introducing a barrier of entry.: raising prices always runs the risk of alienating customers and causing them to defect...unless you get them ALL on board, in which case you have a captive market and cartel behaviour. If it's the latter, then Apple would be in no position to dictate terms to the publishers; if Apple isn't that critical, they can stick with Amazon and the Kindles and so on. They get their wholesale price no matter what Amazon does afterward, unless the fear is that Amazon will pressure the publishers to lower their wholesale prices under threat of boycott?
Re: Reading between the lines
Cinemas are physical locations and they employ this to create a captive market. The ticket may be cheap, but they'll scalp you at the concession stand and bar you from bringing your own food for reasons of sanitation (about the only time you're allowed is medical necessity—diabetic food, for example).
Re: NOT correct
Memory-SAFE...but what about memory-EFFICIENT? Can you compile a Sappeur program to run in a limited memory profile, say an embedded device? IOW, can you be BOTH memory-safe AND memory-efficient? What safeguards bounds and other things as such at runtime if there's no extra memory to manage it? That's the tradeoff I'm talking about. It's not always about performance efficiency.
Re: @ Charles
Mules are a way. They're not under the eye of the law, so they start the chain in a way that the law can't see. Laundering, shuffling the money multiple times, muddies the trail, and the shadow account helps to hide the money from people like taxmen. Another way is to extort/blackmail/glean financial details, which are then used to withdraw money, take a cash advance, or something else that's hard or impossible for a bank to fully reverse. If the transactions are done a little at a time (smurfing) it will be harder for the banks and law to spot before the point of no return.
The trick is to employ routes that avoid banks and other financial institutions as much as possible. Firms that want to maintain legitimacy keep within their purview as a show of security. The black market wants the opposite: to avoid them.
Re: Privacy isn't lost - it only got more expensive
"The options are simple. Do it right, or end up a dead cert for a breach. And stop giving up *before* the battle."
That's the problem. There is NO "do it right". That implies perfection in an imperfect world. As someone else has said, network security is an oxymoron: much like Digital Right Management. The INHERENT risk of making something available on a network is that the wrong person accesses it: either by breaking the defenses (brute force hacking) or by disguising as one of the trusted (phishing). It's like the front door: strong crooks break the door down, clever ones get an impression of your key. Not even the vaunted air gap is 100% effective, as Stuxnet showed.
In the final analysis, network assets should be a value/risk evaluation. How useful is the asset on a network vs. the risk of someone exposing it. Instead of trying to keep hardening the target, the targets themselves should be evaluated to see if they're worth the risk and taken off if not. If the system will fail eventually, the best one can do is to fail safe and minimize the damage.
Re: Privacy isn't lost - it only got more expensive
It is BOTH defeatist...AND realist. Network security is like crimefighting. You're never gonna stop ALL of it. It is the case of "you have to be lucky all the time, they only have to be lucky once" AND they outnumber you. It's just that with network security, ONE breach is usually enough.
So the challenge of network security is to prevent ANY breach (since only once is enough to basically ruin you). Only a perfect security solution can achieve that level of success.
However, man is imperfect. Therein lies the contradiction.
Re: There's a better way
You can't use Wikileaks as an example because it was striving to stay on the "legal" side of the coin. All their proceeds had to come from legitimate sources or they'd lose their legitimacy. Black hats have no such moral/legal restraint and can use any and all means to obtain money, including but not limited to money laundering, mules, shadow accounts, and investments in other illicit businesses.
Re: More than 13 is POSSIBLE just inadvisable according to WHo lore.
@Tom 13: Going back to "Trial of a Time Lord", I wish to clarify that scene. You're describing the Valeyard, which according to the Master was "an amalgamation" of the darkest aspects of the Doctor's nature. It's not so much an incarnation of the Doctor but rather some kind of offshoot (like the Doctor clone produced from the severed hand). Furthermore, the Master's description of the Valeyard's genesis was left very subtly vague: "somewhere between your 12th and final incarnations." Note there was no number given to the "final" incarnation. The regeneration to Twelve simply means the Valeyard's genesis could emerge at any time beyond that point, though I would think for the sake of canon continuity the question of his origins will be addressed sooner rather than later: if not in this incarnation then in the next one.
Nevertheless, the Who lore puts twelve regenerations as the measuring stick for Time Lords. But due credit to good writing with intentional vagueness. Going back to "Trial of a Time Lord", I recall the Master describing the Valeyard as having formed somewhere between the Doctor's 12th and final incarnation (a misleading hint—cheeky, but I like it). There is a lot of hints and so on (some from the Doctor himself) that the Doctor's incarnation limit is somewhere greater than 12. But given the lore, I would think they're going to start flirting with the thought more and more as time passes: perhaps increasingly dropping clues and tidbits. I'm pretty sure such tidbits will be a draw for any serious fan.
Re: New Dr.
I only get into Doctor Who recently but have begun to get more familiar with the inner plots and so on of one of the most intricate television series still to air.
To describe John Hurt as a previous "Doctor," and given the increased focus on the Doctor himself (and his past) during Matt Smith's time ("The Pandorica Opens" and "The Name of the Doctor", for starters), I would imagine Series 8 (which will now include the 11th official Regeneration) is going to start getting seriously edgy. I have to wonder if the Doctor won't just end up crossing his own timeline (again) but end up ENTANGLED in it (as in, given no choice but to crisscross it again and again). That would make for a plot where practically anything goes. Any bets?
I was thinking a better bulletproof vest.. If a layer the thickness of Saran Wrap would take the force of an elephant on a pencil point to penetrate, what about a thicker bunch of graphene layers. How well would it stand up to, say, a 30.06 (something I don't believe kevlar was designed to handle—IIRC stopping a rifle round usually calls for sacrificial ceramic in addition to the kevlar).
Re: But 666 is a wonderful number!!
Doesn't roll off the tongue as easily as caustic soda (which is still scientifically correct). There's also the use of the word "caustic" to indicate it's not something to treat lightly, which you don't get from the chemical designation (it's like asking someone not familiar with chemistry to distinguish between sodium hydroxide, sodium chloride, and sodium bicarbonate). It's also specific enough to distinguish it from its cousin caustic potash (potassium hydroxide) where both used to be lumped into the term lye.
As for the COSH indicator, it's not as bound to scientific terminology. They went with the KISS principle in the name of safety.
Re: Users already have fingerprints
"The real problem with this technology for ultra sensitive material, is if someone really wants access to it, they will take what they want to get it; an eye, a finger, something inside you, etc."
Depends. What you really want is a biometric that ONLY works when it's used, INTACT, on the original owner. That's why modern finger scanners don't go for the loops and whorls but rather at the blood vessel patterns which are unique even among monozygotic siblings. The best ones measure the FLOW as well as the PATTERN meaning a detached digit is worthless: no flow. As for the rubber hose route, perhaps a sufficiently dutiful keeper would somewhat damage the finger to the extent that it can't be used for reading anymore, though I suspect a panic finger would suffice as well (different finger triggers a wipe).
Re: But 666 is a wonderful number!!
Actually, in scientific terms, they make the distinction for the sake of precision. An acid reaction is termed corrosive while a base reaction is termed caustic. Either way, the reaction happening to your body is bad. That's why lye is now more properly known as caustic soda.
Re: But 666 is a wonderful number!!
Thought it was 665, across the street (and it was used in Max Payne). In other neighborhoods that step by 4 except in duplex townhouses, the neighbor would be either 662 or 670.
The problem was that the API for Gecko took some serious leaps in the interim. Look at the differences between Firefox 3 and 4, then 4 and 5, and now the modern ever-evolving browser. Camino's API hooks were rendered obsolete, and there wasn't enough desire to keep up, probably because there were more than enough alternatives on the loose, all of which were better able to keep up with the times.
Re: If Google loose patience with hardware manufacturers again
Actually, Tom got it right the first time. "Loose" as in "let them loose". He's proposing Google get some chip designs for hardware-accelerated VP9 and release them to all and sundry ("let them loose" or "turn them loose"). I suspect there are some hiccups in such a plan, but I believe that was the intention.
Re: VP9 may be in the same boat
Even if it means paying the royalties to MPEG-LA? Google offers VP9 with no royalties, and when the quantities rise, so does the cost in royalties. AND Google has the muscle to support the VP codecs in court (note how MPEG-LA couldn't take Google to court over VP8).
That's part of the ubiquity that gave H.264 the crown previously (and this ubiquity was spurred by the support of H.264 in the current-generatiobn optical discs). However, for H.265, no such consumer hardware exists yet, so Google still has a chance to get its foot in the door. As for the professionals, IIRC, they don't encode until they have to, to maximize the quality of their sources. And since they tend to use server farms to do the encoding, that encoding is likely done in software, which can change gears pretty easily.
Re: Bad timing last time?
Yes, and recall that Google was getting nVidia (who has their own SoCs—the Tegra line) among others in their ear. with VP8. It only fell through because, like I said, H.264 was already ubiquitous. Broadcom may be churning out H.265 chips (IIRC they're part of MPEG-LA). I will admit that Apple would be behind H.265 and can roll their own SoCs, and its iPhones still have weight, but there are plenty of others. What if Google counters Broadcom by getting other chip makers to bake VP9 into THEIR chips? We've heard little from Qualcomm (makes the Snapdragon line). Same with nVidia and the Tegras. Then there are the Chinese: wildcards in this fight. Patents I think would mean less to them than ubiquity.
Bad timing last time?
I don't think it was so much MPEG-LA's presence that allowed H.264 to win but more the idea that Google was simply late to the party. By the time VP8 came out, h.264 support was baked into too much hardware for Google to shake the tree. It's hard to beat H.264 when phone, vidcam, and other small hardware makers use chips with the codec baked in. This time, however, Google has a chance to disrupt H.265 before it can gain momentum: with VP9. Consider why MPEG-LA couldn't get a patent pool for VP8 rolling. While there are patents for them, Google probably owns the key ones since they got them along with On2. And Google's a big enough company that they would be willing to (1) take the fight to court and (2) challenge MPEG-LA's patents with its own, starting a patent war. And since Google isn't using the patents as a way to make money, any patent nullification would be neutral to Google if not beneficial (if an MPEG-LA patent is nullified).
This has been gathering my attention. I'm planning to migrate and it seems to be down to either Mint or Xubuntu (give XFCE props for maintaining a middle-of-the-road standing--not too flashy but still quite functional). Any thoughts on which is best or whether it's a case of "to each his own"?
Re: Permanent conflict? How so?
"Similarly, a killbot factory can't do a thing if the power's off and fuel supplies are disrupted. No need to target the manufacturing facilities themselves."
So what if the killbot plant is under a mountain with its own power supply (preferably a reactor so fuel isn't an issue for years)? If the ammo is also made on-site, then about the only weak link would be fuel for the craft, which could have potential ways to get around bombardment as well.
Re: Civilised war
Yes, from the original series: "A Taste of Armageddon".
No, the first word was right because it was a portmanteau of two insulting words: BOTH of which apply
Re: The reason it is not see-through
Don't the latest jets already have helmet-mounted displays (HMDs)? These would have similar issues to transparent Glass, wouldn't they?
My reason for not wearing a watch is a little more practical: they tend to sweat on my wrist.
Plus I would think a savvy robber would be on the lookout for the telltale bulge on the wrist of a long sleeve that indicates someone is wearing.
Re: @AC "People either wear glasses to see or glasses to reduce glare from the sun"
Whatever happened to photosensitive lenses like Transisions that shade when exposed to sunlight?
Re: not sure i see what Apple has to 'fear'
T-Mobile is a major carrier, one of the first to sell the S4, and it doesn't do contracts directly. They use hire-purchase (installments) to lower the sticker shock. Walmart also sells the T-Mobile version of the phone, and its phone plan is contract-free post-paid, so it sells all its phones at face value.
Aren't the genuine plans signed with a hash? AFAIK, not even the music companies have had much success poisoning file-sharing networks with files that have hashes matching those of the originals, and poison files with unique signatures can be quickly ratted out (eMule, for example, has a reputation system).
Re: EXPLODING PHONE?
METALLIC Lithium, yes. But most rechargeable batteries don't contain metallic lithium but rather a lithium compound (which means the lithium is already reacted and more stable in the presence of water).
Re: Destruction tests
*Had* to be destroyed? As in confidential data that had to go? Whatever happened to just removing the storage medium and dealing with it as appropriate (I've been partial to fire myself--even if you don't destroy the drive outright, the heat alters magnetism)? Just curious.
As for a test, it's best to find a source that performs a standardized test and describes, precisely, what's involved in each test. For the drop test, I would expect it to be performed from at least a 2m drop (say, a tall man drops the phone while holding it up to his face) and face-first (worst-case scenario, usually). Perhaps also a sit test involving the phone being tightly wrapped around a 30Kg round weight (simulating being stuck in the back pocket of skintight jeans) which is then set down on solid wooden bench such that the phone is between weight and wood (and then sitting on it).
Re: Water damage doesn't have to be permanent
Also depends on the water. Phone drops in fresh water, you have a chance. Drop it in the SEA, however, and you're basically screwed (not only is the salt in seawater an electrolyte, but the dissolved chemicals make cleaning it off afterward a pain; miss a spot and the minerals will deposit).
Re: cumulative effect
Simple. It's the way it hits that causes the cracks. Put simply, if the phone lands face-first, the glass is not likely to survive. Similarly, if sat on a sufficiently hard surface, you could probably stress the phone to the point of cracking. Most cracks I've seen, however, radiate from a point in the middle of the glass, indicating an sufficiently-hard direct impact. What struck the glass hard enough to make the impact crack, I can't say.
You wouldn't want reinforced concrete for a phone casing, anyway, as the most common material used for reinforcing concrete is steel (because it's relatively cheap and highly tensile). It or any other metal would play hobnob with wireless reception, I would think.
Re: Liquid cement......
The reason it's frequently called a glass is because the most commonly-used amorphous solid we use in our society happens to be common glass (which is a naturally amorphous solid).
Re: Air traffic safety
"I know the associated story has been debunked by Snopes but, still, I have to add:
"Thaw the chickens first"."
Because the MythBusters showed that hardened, frozen chickens DO tend to wreak more havoc than the soft, fleshy thawed birds. The story itself may have been debunked, but the idea turned out to be plausible.
Even the SERVICE jobs are being automated. Think self-checkouts, voice-recognition expert systems, and so on. Pretty soon, the phrase "There's just no place for you" is going to be alarmingly common.
Re: Xbox modding / rechipping, Gamer Profile hacking...
XBONE games are SERIALIZED. Special numbers could be set aside for "rental" discs. Also, it's possible to press custom versions of a game for use in rental machines.
As for trying to exploit the "rental" discs, remember we're talking BD discs with ROM Marks (where the serial #'s likely to be placed). Recorders can't duplicate the ROM Mark.
Also, Microsoft already allows all-Internet downloads of games on the 360. Expect this to continue in the XB1, making it almost exactly like the Steam model. Since you can now go all-virtual, it can also be more-thoroughly enforced as a subscription or service.
To use an old joke of the late 19th century: "Ticket to Chicago--used only once."
"The cinema ticket idea suggests the only work around I can think of (ignoring the fact you can sell on tickets), and that would be to sell games with time-restricted licenses."
Thing is, the ticket, like a game disc, is perfectly resellable (even Steam allows you to gift-wrap a game and pass it on by whatever means you desire) UNTIL it's used (when you pass the gate, open the package, activate the code). In all three cases, it's now marked expended and nonrefundable.
Re: Fracking needs to be fully controlled
Not without the specialized equipment and trained experts that went WITH THE OIL COMPANIES they won't.
- Geek's Guide to Britain Kingston's aviation empire: From industry firsts to Airfix heroes
- Analysis Happy 2nd birthday, Windows 8 and Surface: Anatomy of a disaster
- Review Vulture trails claw across Lenovo's touchy N20p Chromebook
- Adobe spies on readers: EVERY DRM page turn leaked to base over SSL
- Analysis The future health of the internet comes down to ONE simple question…