3696 posts • joined 10 Jun 2009
No, because this is more along the lines of cameras with no blind spots or "Police officers may be posing as employees." The traps are getting to the point that an outside is hard pressed to tell if it's a trap or not until you're beyond the point of no return, as with a bomb that's impossible to defuse (and it IS entirely possible to make a bomb with a one-way arming mechanism--think sacrificial braces or glass bulbs). Just because you know the trap's there doesn't mean there's much you can do about it.
Re: just sayin
Trouble with that idea is that intruders are like roaches and mice. They can usually slip under your notice until it's too late, staying under the radar and in the places no one bothers to look because bothering to look everywhere takes too much time and money and they'll just slip in after you leave. That's why we use roach bait and mouse traps...and honeypots in this case. If you can't find them, make them come to you.
A Turing Test for Honeypots?
So basically, creating a server that looks so much like a legit server that a hacker can't tell the difference between it and a real server?
Why do I keep thinking the Turing Test for some reason?
PS. I know it's not an exact analogue, but the basic idea is the same: a simulation of a real server that can't be distinguished from the real thing, only in this case used intentionally as a bait. Sort of like creating a highly-convincing drug dealer persona for a police sting.
Re: Is it just me…
Plus in the US, credit cards typically come with theft insurance standard (Visa frequently advertises this aspect on TV). If a card is ID'd to have been stolen, the issuer can usually flag any suspicious transactions, ring you up, send a new card, and you're not on the hook for the oddball. This is especially true for cheap transactions, where it's just cheaper for the credit card company to eat the occasional small costs rather than waste money in legal battles.
"A command economy doesn't need to account for left hand screws being different in different towns. That way lies madness. Instead a command economy says THIS is the screw for the people."
And then you hit the brick wall of reality: that one size DOES NOT fit all. Inevitably, you get complaints of a physical nature, such that "Live with it!" is answered with, "Why don't YOU come and try this?!" Dictating square pegs doesn't work when life gives you round holes.
Re: @ TedF
"That assumes no capitalism and probably more of a corrupt socialist paradise. Capitalism works due to a flow of money which requires people to spend. To spend there must be an income which capitalism dictates to be earned."
But when Capitalism reaches the end-stage, the ones who have it all don't NEED to hire out. They'll have everything they need ON HAND. You're talking about catering "For the Man who has Everything" (and I DO mean Everything). And if labor is required, they can either use a robot or just convince someone to do it for a crust of bread (or something else so ephemeral that it's gone before he even leaves).
"And it all boils down to one question: who decides? Does a government bureaucrat decide what is best for you are do you decide?"
But in most cases, it's NEITHER. Usually, you can only decide if you're PROVIDING. Otherwise, you don't have much say. If it's not the government dictating terms, then it's a private provider. And one of the goals of the provider is to remove your ability to choose so that you can't just "walk away". Think of the situation of a town with only one well. Because it's so valuable, SOMEONE'S always going to make a move on it AND will have the means to keep out everyone else. Who would you rather have in control of the well? Public or private interests?
Re: A reasonable compromise for socialists...
Utilities as I recall trend naturally toward monopolies because of the necessary evil of infrastructure. Allowing the market to compete here would mean multiples of pipelines, power rigs, and so on, which are considered eyesores. Not to mention for each redundant infrastructure, you reduce the RoI on each set, so the money stops adding up.
There's also the matter of medicine: an industry for which people don't always want money to be the determining factor. Plus certain medical circumstances prevent flexibility, meaning the market can become predatory.
So in other words "census" is self-plural, like "species"?
Re: The internet
Perhaps, but it was the state who gave the Internet the initial jumpstart with ARPAnet, much like modern space technology was pretty much jumpstarted by the state-run "space race". There are some places the market falters, and one of them is in what I'd like to call "industria incognita": novel industries where there is no prior data on which to draw possibilities. Basically, the market hates to take leaps of faith, and it's only by people willing to gamble or with the resources to safely take a change or two (like states) that we get any data on them at all.
As for efficiencies, perhaps there's another way to look at business strategies: forward planning. For example, does a business always strive for the immediate gain (what I'm seeing a lot today due to investor/voter pressure) or is a business willing to take a hit now (commit a "necessary evil") to secure revenue down the road? I suspect this latter is one big weakness of any elected government because it implies doing something necessary but unpopular such as raising taxes or cutting fundings to beneficial projects. Thus you see hemming, hawing, and can kicking because no one wants the blame for it. I recall that's at least one reason why Machiavelli favored an autocracy. Not saying he had it all right but rather he had a point.
Re: Nobody has yet asked the important question
15GB per HD movie? That's generous. HD net videos shouldn't do more than 2GB per on the top end (BD 1080p rips of 1GB/hr are considered generous, most are half that). And all the retro stuff can be crunched down even further due to the reduced resolution: say 10MB/min or about 600-800MB per. Meanwhile, all the PornTube stuff is even smaller: say 100MB for a decent size/quality clip. That could shrink the whole estimate back to the low end of the PB scale.
Re: Nobody has yet asked the important question
I don't think so. Just in official circles, what you can find on the Internet probably ranks at least in the tens of TB...and growing. No single drive on Earth has the capacity, and I suspect the amount of porn will keep growing with the drive sizes, making it rather a chase.
Re: Now you can lose 8TB of data in one shot instead of just 4!
"Spinning disk will die quickly once flash gets large enough."
The economics simply aren't there and won't be for the foreseeable future. Flash either cheaps out but loses longevity or sticks with longer-term chips that are an order of magnitude more expensive per TB. For bulk storage that must still be randomly-accessible, there's no substitute for spinning rust. Otherwise, said alternative would be in the consumer sphere as a backup medium (tape's currently enterprise-oriented and too expensive while opticals are too small a capacity relative to today's drive capacities--it would take around 20 dual-layer BD-R's to store the capacity of a 1TB hard drive and those discs will inevitably have longevity issues). Frankly, I would LOVE to see something other than spinning rust as a medium-term consumer archival medium, but I'm not seeing it.
Re: Closed source...
It's a cardinal rule of business. You're not a business if you're not making money. If they don't get you one way they'll get you another way.
Take printers. You can either have an expensive printer with decently-priced supplies or a cheap printer with expensive supplies. If you try to find a cheap printer AND cheap supplies, you'll find it won't last long.
High-quality, inexpensive, long-lasting — Pick any TWO.
Re: Trillion defined
Seems a touch inconsistent since I was expecting it to be 10^24 instead (if a million is 10^6 and a billion is 10^12). I would've thought 10^18 would've been described as a million billion instead of a trillion.
Re: Not surprising
"The lack of adequate review framework is a key fail. You have no idea about the quality of a piece of code until it's been tested and those tests have been reviewed by > 1 trustworthy third parties..."
But tell that to the bean counters...
Re: Not surprising
"Yup. Life was much nicer in the era of software supplied on ROM. If it came on EPROM, you knew to expect some quirks. But if it came on a ROM, well, a faulty ROM set could sink a company so there was none of this "push out what we have and fix whatever develops in the field later" idea."
Even then, the fact that everyone only had ONE chance to get it right didn't exempt rush jobs. In the business world, the coders have to compete with the other departments just like everyone else. Ask Atari back in the early 80's. It's particularly hard to to code a game when you have such a short timetable (with NO room to maneuver--it MUST be ready in time for the Christmas sales rush or it's not worth doing). Perhaps the RISK of going under beats the CERTAINTY of losing your business to the competition if you don't deliver.
Re: Once again...
Roll-your-own networks will likely be unable to beat government-sanctioned jammers. And US cell phones have a restricted number of frequencies it can use, so the government could well have the capability to jam ALL of them.
I think this Act prevents the exploit in this case as the bricking is, IIRC, designed to be one-way. Meaning once it's bricked, nothing can be recovered from it. It would basically have to be reflashed from scratch, which wipes out the user data. Who knows? Even this might be disabled, preventing it being cleaned out and fenced.
Re: @Eugene Crosser
That STILL doesn't prevent the phone being taken to a country where the blacklist isn't honored or kept up to date. The lists tend to differ from country to country, and countries may not talk to each other. With a bricking, once it's bricked, it's bricked everywhere, meaning it's tougher to fence a stolen phone.
"Real thieves can always carry a Faraday bag they can pick up at Amazon to drop the nicked mobile in and sell it off at their leisure in Tibet. Of course that will just mean that California will pass a law banning the possession of Faraday bags by civilians which will soon lead to bans on metal foil and ultimately the closest someone will be legally able to get will be 00 steel wool pads that are no more than 1/4 inch thick but I digress."
Then why aren't they doing it already with the iPhones that have Activation Lock?
Why don't the conspiracy theorist consider that the government can simply order the cell towers shut down? It's a simpler approach, can be achieved with a warrant, and has precedent, both in and out of western civilisation.
And before you go the "recording atrocities" angle, this law has no effect on dedicated cameras (of the video or still variety).
Re: Why use the military?
"Who do you think owns most of the US governments debt, and thereby picks up the US's bills?"
Its own citizens, if you care to check the actual books. Most bonds and treasury notes stay in the US. China does hold some US debt, but it's not a very sizable portion. It's one reason the US's sovereign debt isn't considered as dangerous as others: because most of it is held domestically.
It's not JUST the ownership that makes it the owner's copyright. It's the concept of AGENCY. A photographer acting in the employ of a company and using the company's equipment is essentially an agent of that company, so the copyright goes to the company.
The trick here is that it's a photo TRAP, meaning the photo was taken basically on a direction of the photographer (take the picture when an animal crosses this point). This makes it a human-directed picture and thus copyrightable.
In the monkey picture, as far as we know, the monkey took spontaneous photos without any human direction. Sort of like a dog knocking over a paint pot and the contents splatting on a canvas.
Re: NO REALISTIC
So what happened in the Middle Ages when most people were illiterate and STILL had to remember tons of usually-dissimilar things in their day-to-day lives?
My card's a mid HD6, so I guess I'm several gens out of the loop. Let's raise the bar, then. Same specs except at 4K resolution (4096 x 2160)?
So the Obligatory Question:
Can it play Crysis...at 1920x1080 at a minimum 60fps with all maximum details with, say, a Core i7 six-core CPU backing it up?
Re: No good any more
But what happens when said psychos run into even worse psychos, sucb a people willing to nuke a city or three just because they're in the way?
Re: I do not install anything asking for this permission
The problems with your idea are (1) if Android is gaining market share, they could employ captive-market tactics. Barring a mass exodus, Google can just wait it out. (2) Google ITSELF mines tons of data. Blocking consumer demographics access would be shooting themselves in the foot.
Re: I do not install anything asking for this permission
"The noble idea of app permissions is flawed by not being able to revoke them individually at install time or afterwards."
And remember, this was demanded of app devs before they would even start developing apps on Android. Otherwise, Apple would still be top dog. So now it's a tug of war. Since it's the devs who pay Google actual money to get their apps out there, they're the ones who have Google's ear. End customers can't really influence Google (one leaves, another takes his place) unless they trigger a mass-exodus, and even there, where would you go (Blackberry is foundering and Microsoft and Apple each have their own issues)? Plus, if faced with the prospect of user-customized permissions, devs could still balk and either make their app unusable without all the permissions or simply abandon Android and go back to Apple.
There's already a specific Android permission for this "Draw Over Other Apps". Thing is, like the article says, some apps need this functionality to interrupt user action. What's to stop this function being used for evil while at the same time being disguised as something plausible like an alarm clock?
Sounds to me like the most robust way to handle this (separate the desktop compositor into a black box task and let the apps request their graphical resources from that) has drawbacks of its own such as memory and CPU/GPU costs.
Re: Driving test?
I don't believe in common sense. Or rather, I think it's rather not so common because it seems to differ from place to place. In any event, this is something for the programmers and testers to deal with. In essence, they have to BUILD a machine common sense. Train the computer to note that if it cannot locate the road some distance ahead it should come to a stop before then. If animals (including humans) are on the side of the road, perhaps it should set itself up to take an evasive maneuver if necessary: slow down, edge away from them, etc. We generally learn about these things; we don't just remember actually learning them: probably because it was through observation. Similarly, we need to learn what various things are. We just need to develop analogues for the driving computers: ways to identify the various things it detects and the various procedures to use in these situations.
Kind of begs an intriguing question. Given that each type of driver (human and computer) has some form of failure mode (inattentive human, glitching computer), which should be the default more-reliable case in the event of conflicting input?
I think the point is that this was essentially a stress test. The odds of the thing coming through in one piece were pretty slim, actually. In terms of SpaceX's continuing research, this is more of a "Hmm..." moment. They pushed it and wanted to see if it would break. Well, it broke all right. They'll definitely be looking through the test data since they'll be expecting it to tell them where they'll need to adjust next.
I say there should be one big condition to the merger: that Comcast spin off NBC Universal. If they want to be the biggest end-user communications company in America, they'll have to do it as a DUMB pipe. No more favoritism, which means no more vertical integration.
Re: So, from another viewpoint...
Didn't a Caribbean island threaten to negate copyright one time in retaliation for some US-based insult? I'm trying to recall how the matter was settled.
BTW, did this test tell the difference between view-only access and controllable access? Sure, view-only access has its own foibles, but it's a lot harder to pwn a machine when you can't remote control it.
Re: It's hard for a reason
So what happens when you run smack into the fence separating security and usability? Because for security to be ubiquitous, it MUST be easy to use (and by that I mean easy enough for Stu Ped to get). Yet difficulty is a necessary evil for something to be practically secure (sort like having to fish for the keys to the front door).
So basically, the security problem is looking to be intractable because you're caught between needing a system a state-level adversary can't break in a heartbeat and needing a system easy enough to be used by people who have trouble remembering what they did yesterday.
Re: Business cards??
Because the keys are too big to put on even 2D barcodes (even I suspect the color barcodes once touted by Microsoft). Which means you have to store it somewhere, which means you have to trust both the place it's stored AND whatever means is used to transport it. And if your opponent's something of state level, I wouldn't even trust the fingerprint (since the state may secretly have the means to subvert things behind the scenes).
"Especially when considering there was no way to tie an online user to this data in a way to improve ad targetting,"
There's always a way to tie an online user. Cleartext metadata will suffice. Heck, didn't researchers show they can correlate identifiable information from an encrypted connection using timing attacks? Face it. Data mining is the specialty of companies like Google. These firms basically strive to ensure no privacy in this world.
Re: This already exists
And MY point is that Google lacks the motivation to bake in security. In fact, they're actively DEmotivated. Unless lots of people actively defect to Apple or Blackberry specifically because of security, then the money keeps coming into Google, especially if saps KEEP their phones insecure sources of personal information.
Microsoft was in an Apple-like position: owning the dominant desktop OS in the market, which meant devs had to play by Microsoft's rules or not at all. Android has only just edged iOS for dominant mobile OS and not by much, meaning Android devs could still take their app and go back to Apple.
Re: This already exists
But Xposed requires rooting. What's needed is a root-free solution and that will probably mean baking it into Android itself, and Google lacks the motivation (remember, their customers are the devs--they're the ones paying to get in the app store and giving Google the cut--not the consumers). Apple can get away with it ONLY because they're still the irresistible lure. And Blackberry is enterprise-oriented which changes the focus points.
Huge, huge flaw in Android design.
Actually, that was BY design. Remember that once upon a time, Android was behind Apple in the app market so they needed a way to convince app devs to jump on board. A permission system geared more to them was one way to convince them. And once you have that, the genie's basically out of the bottle since trying to curtail them NOW will break too many things: many with no alternatives.
If it's a specialized HUD, showing just car-related information, then I don't think they could consider it any more of a distraction than the speedo itself, which is standard equipment. If the plods nail you for that, I'd probably argue they're basically saying required equipment is a distraction, meaning cars are inherently unsafe.
As for the police doing their work, they can pull the same thing pilots and lorry drivers can: they're trained in what they do.
Re: So many things to consider.
"Pilots have lots and lots of training. They don't have other aircraft jumping out in front of them or traffic lights turning red suddenly as they fly along."
They might. Wingmates might break away to track a bogie they spotted and so on. Plus there's always the danger of incoming fire. One of the things drilled into pilots through history is to maintain situational awareness. Target fixation is a killer.
As for the HUD itself, it needs to be as concise as possible: able to convey the most information with the littlest amount of clutter. Pilot HUDs cram quite a bit along the edges of the display, keeping the center cleared for all-important targeting. In the case of the car, a driver's HUD should be as unobtrusive as possible UNTIL it needs to draw your attention to something immediate, and these signals should be discernible from peripheral vision. This means the indicators have to be distinct enough to be detected from the corner of the eye. Color can be used in this case. For example, a speedometer's number can be ignored through familiarization, but perhaps if it changed to yellow to indicate you're now crossing over the speed limit, it can be caught in the peripheral vision and be a useful caution message. Similarly, if the turnoff is coming up, perhaps part of the map can blink briefly as a hint to start looking around.
What gets me is why is the spectrum being SOLD? Such a precious and limited resource, you'd think the FCC would instead LEASE the spectrum and keep all the lessees bound to usage rules and the like: always holding the final call. Because once sold, it's extremely hard to buy it back should it be necessary.
In other words, they can fingerprint you by using the fundamental underpinnings of the Internet. It's like figuring out your activities by skimming your incoming and outgoing post (just the addresses, not the contents). The additional volume of e-traffic makes the profile more robust. And since the endpoints are already known, TOR is useless.
This is one heck of a side-channel attack because the only way to beat it is to mask the headers, and the only way to do that effectively is to introduce intentional inefficiencies into the Internet.
Re: This is why you *don't* want HTTPS
"/goes back to mumbling about the days when ftp was the primary interface used on the internet. My current ftp client is 150kB. That's a whole lot easier to audit than Chromium, Firefox and by a massive long-shot, IE. "Pretty" is causing massive security issues."
The issue the article describes, and one that FTP can fall into, as well as SMTP, POP3, NNTP, and just about ANY plaintext protocol, is that a malcontent can MITM the connection and alter the contents in transit. In FTP's case, the file transfers and directory listings can be poisoned. And it would be indistinguishable on your end, meaning you have no way to know you're not REALLY getting the stuff you asked for.
- Crawling from the Wreckage Want a more fuel efficient car? Then redesign it – here's how
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- Human spaceships dodge ALIEN BODY skimming Mars
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know