Re: This reminds me of the old cautionary joke
Then imagine the chagrin when the Ranger informs her he DOESN'T have the equipment, having been emasculated, AND that he's now adding false accusation to the charges.
4740 posts • joined 10 Jun 2009
Then imagine the chagrin when the Ranger informs her he DOESN'T have the equipment, having been emasculated, AND that he's now adding false accusation to the charges.
What the FCC can (and should) do is reclassify the physical-layer access from the subscriber to the ISP as telecommunications common carriage, so that people can choose ISPs, while leaving the Internet itself unregulated. The Court opinion made it pretty clear that this option -- the Computer II rules in effect prior to 2005 -- was well within the law, and the FCC could go back there if they gave justification. Of course politically they're afraid; AT&T and VZ have too many friends in Congress. So nothing will happen.
IIRC, the real real problem is that, according to the Telecommunications Act of 1996, the FCC lacks the authority to make that declaration. Common carrier designations were written directly into the Act with apparently no latitude for extension. Meaning the only authority able to make ISPs into common carriers is Congress, who would have to pass a new Telecommunications Act to redefine the term.
So Ars is saying to look at this as a matter of a trust via vertical integration, in which case precedent does exist for breaking up such: the historic US v. Paramount case of 1948 that broke up the studio-theater relationship, altering the Hollywood studio system as well. If things got nasty, perhaps one could take an integrated company like TWC or Comcast to court using the Paramount case as a basis. Just hypothesizing.
"Of course, some deviations from net neutrality may be inevitable. Torrent type protocols might end up being blocked except for whitelisted sites associated with academic institutions and the like, because of their association with piracy."
And what happens when mass-transfer traffic starts encrypting and obfuscating itself to hide itself from protocol sniffers?
Which leads me to suspect the main reason they don't do link caching these days boils down to two words: "It's complicated."
But with just two, it's pretty easy to assume a duopoly and go into cartel behaviour to squeeze out any upstarts. The rival ISP becomes 'the enemy of my enemy' vs. A firm like Netflix.
"Incidentally, for what it's worth, as you are an analogue person, analogue colour signal transmissions were also heavily compressed using PAL, Secam or NTSC due to the way colour was encoded into the video signal. It's one of the myths of analogue folk that somehow their preferred method of transmission somehow contains more information when, in practice it's the reverse. Just Try squeezing an HD analogue video stream into the bandwidth used by a digital HD stream..."
NTSC and PAL both work IIRC by emphasizing the luma quality over the chroma quality, and that's due to experiments that show we're more sensitive to luma detail than chroma detail. That's also why MPEG-based codecs also emphasize the luma over the chroma (thus YUV ratios like 4:2:2 and 4:2:0). To transmit 30 frames of raw 24-bit RGB video and 1 second og 16-bit 48kHz 2.0 Stereo audio, both uncompressed, requires, at a minimum, 249.6MB of storage and bandwidth. And that's PER SECOND. I would be curious to know, for the record, just how much digital information one could've crammed in the frequency allocations provided for one analog PAL or NTSC channel, to see whether or not it would've been enough to carry that much data at a time.
As for the analog insistence of audiophiles, I believe the issue is not so much bandwidth as it is tonal idisyncracies. Some people DO have a very sensitive ear, I understand. Has anyone conducted a scientifically-significant study to see if audiophiles really can tell the difference between a good analog audio setup and a good digital one.
"But, they shoud have carrte blanche. It is their network; their hardware; often it was their inventions. What we did in the past was just as inexcusable as what we are doing today. Your need is not a claim check on anyone else's blood, sweat and tears."
Tell that to the bus companies and restaurant and shop owners of the 1950's US South. The way they put it, it was "Our business, our rules," but when just about everyone in an area discriminates openly in what is essentially cartel behaviour, it's obvious they don't care about a certain percentage of clientele, profits be damned.
As I've said, when said business is a service open to the public, then some would say there comes a moral obligation to offer your service to EVERYONE in that public.
"The answer is you don't prioritize ANY type of packet. You prioritize identified packets based on how latency-sensitive their payload is. That's good traffic management in a nutshell."
That's still prioritization of a sort. I have to wonder if some applications wouldn't cheat on this kind of system and disguise their packets' latency sensitivity to fool QoS systems.
Last I checked, so do the telephone networks. Just because a resource is private doesn't meant the owner gets carte blanche, especially when the resource is providing a service rather than is directly a good.
But that introduces a slippery slope. If you prioritize ANY type of packet (a VoIP packet, like you say), what's to stop de-prioritizing a different type of packet (like a BitTorrent packet)? Furthermore, what if the ISP faces an encrypted or otherwise-obfuscated stream where identifying the purpose is difficult?
I don't see how. There can be more than 10,000 households for a given ZIP code, making it mathematically impossible for ZIP+4 to be accurate to that level unless additional information was entered such as a street number or a surname,
Possibly. They could be making scapegoats, or someone could have a grudge (both have been documented to happen). Put it this way. Many people don't trust the government with ANYTHING pertaining to us without a PUBLIC search warrant, period.
Except GSM voice comma are ALREADY encrypted, just not strong enough to beat Big Brother. Thing is, it may never be given BB is the aggressor in essentially a siege (which historically favors aggressors as time passes). Plus the realtime nature of voice comms limits the available computing power for encryption.
I don't think that's Nintendo's style. You have to realize they HAVE had their share of misses in recent history. The Virtual Boy was a real-life bust, and few can say the Nintendo 64 and GameCube were exactly shining moments. Given their business model, I think Nintendo stumbled because their Wii U was not different ENOUGH. The DS series and the Wii shook gaming up and gave them something immediately unique and identifiable, and I think that's why they worked in a market with two giants already in the playground. I suspect there will be some shakeups in Nintendo while they start brainstorming to find a way to regain the "uniqueness" factor that has become part of Nintendo's identity.
"I could be wrong on the details, but I believe abandoning a console because it didn't sell well and bringing a new one out quickly was one of the big nails in the coffin of SEGA. Gamers felt betrayed and changed brands, if Nintendo tried something similar I don't know how the casual market would react."
I think in this case you would be mistaken. The Dreamcast may have been the first console to come out in the sixth generation, but its timing didn't necessarily stink. Yes, they did release early, but the Saturn had already been around for nearly five years, about par for the course as far as consoles go, so gamers couldn't really whine about being shafted too soon. Dreamcast was something of a last gasp for Sega, and perhaps some of the things they did to get out the gate early (such as using CD-based instead of DVD-based media) probably came back to bite them, OTOH, Sony's entry into the gaming market, with its vast media tie-ins probably did Sega few favors. When Sony decided to wait and release the PS2 with a DVD drive, they triggered a shift in gaming expectations that Sega couldn't match, essentially turning Sony into the hammer in Sega's console coffin.
Would probably be construed as destruction of evidence. It would be analogous to keeping the password on flash paper and taking a quick match or lighter to it (or something of the like; flash paper is designed to ignite easily and burn quickly and cleanly) when threatened.
Well, for one thing, encrypted volumes tend to strictly follow certain randomness characteristics. TrueCrypt volumes, for example, would be distinctly nondescript when subject to a chi-square analysis. Can the same thing be said of pink noise?
Next question: Is it within the FCC's power to actually make that determination? Or is "common carrier" status defined by the Act itself, meaning the FCC couldn't call ISP's common carriers even if they wanted to because it would require an Act of Congress to do?
Ask yourself. Is the Internet specifically a telephone, telegraph, cable, or wireless form of communication? Most would say "none of the above", and last I checked, the Telecommunications Act of 1996 did not change this picture. Meaning the Internet is in a grey area: not specifically under the FCC's remit. What is supposed to be the FCC's procedure regarding a form of communication OTHER than those listed in its mandate?
"But that very act creates the normalizing forces that will destroy them unless they have government protection. Since they have an economic profit, it behooves another firm to move into their market and undercut their price. The only problem(s) is/are potential barriers to entry in the market. Usual barriers are the amount of capital or labor needed or government regulation; of the three only government regulation is nearly impossible to overcome unless you are the incumbent."
Explain natural or "de facto" monopolies, then. They can occur because the barrier of entry is inherently high. For example, utilities industries that require lots of eyesore infrastructure to operate, like an electric or sewage company. If a rival firm wanted to butt in, they'd have to install THEIR OWN infrastructure alongside theirs, creating a NIMBY situation that's pushed by the people, not the government. Here, the incentive to create competition is countered by the NIMBY disincentive.
Similarly, some resources (like spectrum) are physically limited (there's only so much spectrum to go around, they have fundamental limitations, and the maximum amount of raw data they can carry is fixed according to mathematical calculations) and have no practical alternatives (Know anything else nonphysical and undetectable to human senses that can work through solid walls over long distances?). These would need to be regulated or someone will eventually gain control of all of it. Here, the resource is practically irreplaceable, precluding any kind of disruptive force.
Lastly, even if neither scenario was in place, a monopoly could obtain enough power over the market to be able to weather a disruption or even coerce the acquisition of said disruption. That's why I use the poker example. Even in a "rebuy" tournament (where one can buy back into the game), you're still at a disadvantage against a chip leader with a huge chip count advantage over you. Even with several rebuys, the chip leader can still bully you around AND withstand a few all-in losses from you only to take it all back by winning one himself. IOW, the disruption would have to be an absolute game-changer or the monopoly still has a chance to withstand or absorb the competition.
I look at this this way. Capitalism is "Winner Economics": Economic Darwinism, in a sense.
It has a good side and a bad side. The good news is that high levels of competition forces firms to be lean and to woo customers. The bad news is that many firms can't keep up at this level and they start to fall away to winners, which will in turn look towards the remaining competition. IOW, it ultimately results in a few well-funded bullies who can squeeze the smaller players out and then fight amongst each other until there is "one firm to rule them all".
I think the closest analogue to how capitalism operates is an open poker tournament. Everyone buys in with the same amount of cash. Gradually, players fall away and the winners take their proceeds. Eventually, you end up with big chip holders who can bully the table around. And eventually, one player emerges as the winner.
Sure, you can sometimes disrupt the market if you're lucky (like undercutting the market or flopping quads), but if a firm is big enough, they can withstand such a disruption and wear you out (winning an all-in bet with quads doesn't mean much if you're at a 1-to-8 disadvantage against your opponent--you need several breaks to turn the tables, and odds are against you there).
"Anyway, your analogy doesn't hold up. A country's population isn't all composed of really stupid people -- only half of them are of less than average intelligence, and a significant percentage are going to be more intelligent than half of the people making up the government."
Except we're a representative government elected by majorities. And suppose MORE than half of the population (the majority) IS that stupid? History tells us enlightened individuals are few and far between while the average joe can't think too often between black and white. Meaning they're easily swayed by manipulative types. Now the stupid votes squelch the smart ones, creating what might be called a "tyranny of the stupid. Look at the increasing polarization of legislatures around the country.
Would such noise still exist in a Faraday cage?
Yes, I was actually able to understand the description to enough of a degree to understand what happened. Apparently, when groin met crossbar, he broke open an artery down there and it couldn't heal right resulting in an unusual form of blood ballooning. As I understand it, the procedure involved was meant to locate the problematic artery and then fix the break.
The trademark concerns his name and likeness. Also, using a parody as fair use only applies to copyright, not trademarks. You spoof a brand name at your own peril.
"I do not know what the situation is in Paris, but in NYC, in order to operate a taxi you need to have a "medallion" which is more or less a license to pick up passengers on the street. These medallions are fantastically expensive - up to $1 million. If taxi owners in Paris have anything similar, then Uber and friends are undermining the value of the single greatest asset that the taxi drivers will ever own."
Yes, I'm aware of the New York medallion. Thing is, most of them aren't owned by the drivers themselves, but by tycoons and corporate figures who see them as a steady source of revenue (IOW, an investment) and therefore worth the high prices. Because they're considered an investment, the prices would remain high EVEN IF they issue new medallions: more investors would simply appear to invest in them, making them inflexible. I think the number is kept low more for reasons of SPACE (consider the geography of Manhattan Island).
How is the situation in Paris? Do drivers own most of the medallions?
"They are only circumventing the heavily regulated system of taxis, they are not escaping the heavily regulated system of private hire vehicles. These are not unlicensed cabbies, they are fully licensed to pick up passengers at point a and transport them to point b for a charge."
If Uber cars are actually licensed "private hire" or "car service", then these are licensed vehicles, and I have less issue with them. Americans call a private hire a car service, and they have their own sets of regulations that legally distinguish them from taxi service.
"Have you *been* in a French cab?"
I was speaking in general terms about what customers expect of a taxi. If French taxi services are, as mentioned, exploiting an oligopoly, then as I've mentioned before, that is an abuse of regulation and a separate issue from the intention of regulations to enforce fair service.
We're going into another legal gray area here. The cabbies have a point. Cab licenses and permits help enforce standards of service. In general, cabs needs to be clean and well-maintained, drivers fit, properly licensed and trained, and fares assessed fairly and clearly posted. Service should be prompt, swift, and direct within reason and non-discriminatory.
Now, if the regulations raise other issues apart from the above, that's a matter to be argued on its own.
If Uber and the like provide an alternate means to obtain a ride, that is one thing. But should Uber be subject to the same regulations as those for traditional taxi services? The argument CAN be made in that regard, and a serious discussion needs to be made regarding how to proceed.
As for the cab companies themselves, I suppose rivalry prevents them pooling their resources, but I wonder if a few of the savvier companies have considered fighting fire with fire: using the Web and/or smartphones to provide an interactive portal for their services. One could use their smartphone location to page a cab. Perhaps inputting a destination can help in estimating a fare total, giving the customer time to get the appropriate cash if needed. Once the cab is selected, its location and current status can be pinged back to the prospective customer, letting them know with at least a little precision when to expect their ride. It would be a way to add value to the service and distinguish themselves from the Uber rides.
"The sad thing is that if you can infect a single PoS and then have it spread out... that's a major, major RED flag."
Because normally the POS units don't talk to each other. Instead, the POS images come from the back office, which in turn gets that from headquarters. To be able to infect EVERY Target POS in the country smacks of an alteration in the master image that goes to the store back offices and from there to the POS units. That implies a breach very high up the chain, perhaps even beyond Target's control (if Neiman Marcus was hit with the same breach). Furthermore, if the code was authenticated, it had to have been breached BEFORE authentication.
"Shockingly, yes, some POS terminals have direct access to the internet, I was told for firmware upgrades and diagnostics."
Savvy firms don't allow direct upgrades and instead test the upgrades, vet them, then roll them out at their schedule through the corporate intranet. Also consider some transctions were probably done with the POS's reader rather then the PIN Pad's. If they were sniffed as well, the exploit would need to be in the POS itself, as the PIN pad wouldn't have read that data.
I'd have to pay a visit, but I think Target uses NCR brand POS systems (if not, then it's probably IBM). But the PIN pads come from a different comapny (I don't think it's Ingenico, but I suspect it's the same comapny that supplies Best Buy).
"At least one back end system of necessity has internet access: the one that contacts the credit/debit card vendors to authorize the credit/debit transaction."
But that should be the ONLY link. Meaning you can treat it like a store-to-headquarters link. It need not be on a dedicated line, but if it's a well-defined connection, you can tightly restrict the connection with assistance from the data provider and the other end (limited access, VPN tunnels, encrypted connections, only accept outgoing initiation, etc.) to make it so that's the ONLY thing it can see.
I suspect Target and Neiman Marcus were targeted specifically because they were big retailers (as in, large gross receipts due to (the former) lots of customers or (the latter) high-ticket customers). But as you say these firms are no hayseeds, and the POS software usually undergoes vetting and testing prior to a rollout (which does not occur often--they usually only change the POS systems when they HAVE TO due to security or internal procedural updates), which means the exploit had to survive that kind of testing. Plus if the code was signed, it would need to have been altered BEFORE signing.
These along with the fact the data didn't appear to be detected en route leads me to believe the attack was very sophisticated: in fact so sophisticated as to preclude someone without intimate knowledge of the internal software and/or network. That's why I suspect an insider. I would need to know more about the respective POS systems, but for now, given that two different retailers were hit at the same time with the same MO, I hypothesize the exploit occurred at base POS code that would then be common to both retailers. So IOW, not an insider with the retailer but an insider with the POS manufacturer.
True, but most of them ALSO feature a specific procedure that requires scanning not one but a SERIES of barcodes to configure them the way you want. The Symbol scanner I own (which is similar to models seen in smaller stores) can be configured to refuse to scan certain types of barcodes so that you can limit exploit avenues.
As for exploiting the POS, that depends on the system. Among the different things you can set the barcode readers to do is to emulate a serial port rather than a keyboard, meaning the POS can distinguish between them and be much less likely to be exploited through this method.
Last I checked, Target POS systems don't have readily-accessible USB ports. Indeed, if it's like most POS systems I know, the software is loaded from the back office, which in turn gets it through a corporate intranet.
Something this sophisticated on hardware that normally doesn't see the Internet points me to an inside job. It may not be with Target in this case but with the designer of the base POS software Target and other firms were using. IOW, we're talking insider hacking from pretty high up the chain.
But you can beat the Ken Thompson by cross-compiling and comparing results. All you need is one known-good compiler (which can be hand-assembled) to check all the rest.
"What utter rubbish, how exactly do android use their stuff? in their pockets without taking them out?"
Two words: Bluetooth earpieces. They can talk without taking out their phones. And if more information is needed, we're starting to see smartwatches now (which would normally be strapped to the wrist and harder to remove unless you're willing to risk bloodying your booty).
Blacklists aren't synchronized between countries, meaning any blacklisted phone can just be fenced overseas.
Now, in a related thread, someone postulated that the thefts were incidental to general assaults: intended to deny the victim quick access to 911. I have to ask. How many of these crimes can be conclusively shown to be targeting the phone specifically and not as a denial of access against another crime?
I take it you don't live near Cornwall. Last I checked, people living there get more radiation on a daily basis than anyone's getting in California. And that radiation is literally coming out of the ground in Cornwall because of the granite sitting there. Indeed, any natural source of granite is going to have elevated radiation (Did you know granite can naturally contain trace amounts of uranium which can in turn decay into radon?). That includes Colorado and parts of New England.
Chernobyl was the result of mismanagement combined with a very risky experiment. Fukushima was victim of both mismanagement and a once-in-a-millennium disaster. TMI, OTOH, wasn't exactly a catastrophe. Indeed, the safety features built into American reactors worked as planned and contained the mess with only a brief release of radiation, and the no-mans-land is confined to the immediate vicinity of that reactor. And note, these were all OLD reactor designs. Has anyone seen a Gen III reactor go bad? And let's not forget there are Gen IV designs out there designed to fail gracefully (or simply be impossible to fail, period).
If the technology already exists, why isn't anyone (not even a private enterprise) independently developing it?
Anyway, the way the website is designed makes me wonder if this is a propaganda site. I'd be interested in some independent verification of the site, its goals, and its projects. Most of my research into the Keshe Foundation tells me it is of dubious trustworthiness.
IOW, I'll believe it when I actually see it working.
Despite centrally generated and despatched power being the potentially cleanest, safest, cheapest, most reliable solution we have for electricity.
EXCEPT that central power distribution has been proven to introduce single points of failure that result in failure cascades. Ask anyone who has lived in the Northeastern United States in the last half-century. They've had TWO failure cascades in that timeframe, NEITHER of which were precipitated by anything one would call catastrophic; they simply cascaded into that condition.
Critical mass is dependent on a number of things: mass, shape, purity, temperature, surroundings.
Applying heat makes the atoms absorb the heat. You learn in physics that when atoms get hot, they get more energetic and move around faster. In other words, heating radioactive metal makes it more active, reducing the critical mass.
What normally happens is that the POS units link to a back-office server for that store, which in turn is connected to the company headquarters or some midway point, depending on the scales involved. And it's headquarters that also tells the back-office machines who to contact on the corporate net in regards to credit card transactions and so on (if they don't route the transactions themselves, another possibility).
AFAIK, these all run on closed networks (most of the ones I've seen use Class 1 10.x.x.x private net addresses).
"Wish I could remember where I read the details, but the point of attack was the interface between two sets of exchanges. Both individual links were secure end to end, and they thought the transfer between the two was good as well. It sounded like the breach was both novel and clever. Although this is the first article I've seen confirming it was the POS system and not the back end db that was cracked. I was suspicious about that because of the too careful wording they were using to describe the breach and the ranged time period."
If the exploit was made in the POS system, then that smacks of an inside job of some sophistication. Based on what I know of modern retail POS systems, they're (a) trade secrets with tons of secret sauce, (b) rolled out in very controlled and restricted ways to minimize disruptions, and (c) deployed on a closed intranet.
Therefore, to get an exploit onto a modern POS system would involve (a) Tampering with a very secret program code (How many people have code access for the POS system?) (b) Slipping the exploit into a scheduled software rollout, passing any testing that would've occurred before then, and (c) Either bridge the intranet with the Internet or extract the siphoned details locally in some other manner.
I don't think any outsider could achieve a feat of the scale we're talking about.
I suspect PCI will have to look into reducing the trust level of the POS system as a result of this. Based on what I've read, the standards as they are mean the POS can obtain the card data unencrypted, and that may have to change. Newer equipment may mandate the use of encrypting magstripe readers and the use of PKI where not even the store knows the decryption key (IOW, only the payment processor would be able to receive the magstripe data). This may also be considered as Chip-and-PIN is considered for American rollout (because despite its increased security, it has been shown to have holes that can be exploited at the POS level as well).
I'm wondering about this, too, since IIRC PCI-DSS standards require end-to-end encryption using the clearinghouse's Triple-DES key, which not even the store is supposed to be able to decrypt.
Some apps are UNAVOIDABLY data-heavy due to the type of data they do. Media-heavy apps like Pandora, YouTube, and Skype will always be towards the top of the list simply because it takes serious data to pump sound and video.
Except toll-free numbers are provider-agnostic. If you're going to do this for wireless, allow ALL providers to bill, not just AT&T.
Last I checked, most cell phone plans treat any number within the country the same: including "toll-free" numbers because it's the AIRTIME you're paying for: not the call. Any US cellco worth its salt treats a call to Seattle the same a a call to Miami in terms of costs and so on, so "toll-free" numbers are rather moot here: a number is a number is a number for a cell phone.
Just curious. If fiber between datacenters isn't so expensive, why do I keep hearing about lots of "cold fiber"?
That's what I was thinking, based on PCI-DSS rules. From the PIN Pad, the card number should be encrypted by a key provided by the clearinghouse so that no one in between can intercept it. Unless Target is ITSELF a clearinghouse.