Compared to an iPhone 6, especially one fully loaded, yes.
3877 posts • joined 10 Jun 2009
Compared to an iPhone 6, especially one fully loaded, yes.
Point is the camera can detect things not normally visible to the naked eye, and these camera CAN and DO capture infrared since they can see the infrared emitted from remote controls and the like. Removing the IR either takes a filter layer or software post-processing.
The point being that while one biometric can be fooled, if the system can simultaneously check for several different biometrics (check for a pulse, moving eyes in the right color, breath, voiceprinting, et al) as well as create dynamic tests that thwart preimaging (asking for a blink, an answer to a simple generated question, etc), then it should be possible to take "faking it" past the practical limit for most adversaries. And you might be able to deal with the gun-to-the-head scenario (which will exist regardless) with a duress sequence: one that not only alerts authorities but also releases traceable dummy data, making it seem you're letting them in.
That's one reason I suggested checking both for image and for infrared pulse (something phone cams can already do). Two simultaneous checks which when combined can be trickier to defeat. Since humans can't see infrared naturally, you can make it so that it's difficult to fake a face pulse, especially if it's taking a full infrared image that wouldn't be readily fooled by LEDs (which would emit hot spots). Combine this with a motion-based match (make the subject randomly wink or blink or open the mouth--this would stop the photograph--as well as check for the actual pulse to thwart steady-state infrared emitters) and you can get something that has a decent expectation of an actual, live face.
Pretty simple to fake an infrared face pulse while still fooling a selfie cam lock? Kindly demonstrate...
Those same cameras can also detect infrared, which is why camera heart rate monitors work (perhaps not too accurately, but interesting nonetheless). If the face checker also checks for a facial pulse (which a paper mask would likely obstruct), then it would be more difficult to fake.
"Europe is not so bad if you consider it a nation."
It's still considerably denser than the US. Key cities in Europe tend to be more evenly distributed. The geopolitical structure of Europe not only helps this but also affects the economics of wiring up, since each country only has to deal with its respective areas and don't necessarily have to agree with the neighbors.
I'd be very interested in an Internet distribution map of countries like Canada, China, and Russia (these are single countries comparable to the US in land mass). Based on what I've read so far, though, they too have their faults: particularly lopsidedness.
"Looking at that the other way around: I live is a city-(non)state far smaller than Illinois though with a goodly fraction of the same population. (It's called London). Why can't I have gigabit networking to my house for UD$20/month?"
Simple. You live in an OLD city. South Korea's infrastructure is pretty modern: its age measured in decades, while good old London has infrastructure dating back centuries (yes, some of it got bombed and subject to fires, but a lot of the stuff, especially underground, survived). And if there's one thing New York and London have in common, it's that it's hard putting up new infrastructure when old stuff's in the way.
Put simply. Infrastructure is much easier to install in a new city (or one forced to rebuild due to war or disaster) than in an old city.
"Probably relevant: broadband in South Korea is way ahead of the rest of the world."
Probably also relevant: South Korea is SMALL, about the size of the US state of Illinois. Meanwhile, Japan's about the size of California. Geography matters when it comes to wiring up: the smaller, the easier. Not to mention the US has tons of rural area between its two coasts. Between that, the mountains, big rivers, etc. I'd call it a small miracle we can do high-speed links from coast to coast. Know any other nation comparable in size to the US that's doing better across the board?
As a number of exploits recently have shown, this trust issue is not limited to proprietary software, since we as humans lack the ability to be eternally vigilant in everything we do; otherwise, we'd never trust anyone and nothing would get done. Makes you wonder if you wake up tomorrow and realize you and everyone else in the world is essentially living under the Sword of Damocles.
It's probably also SSL/TLS encrypted and uses the same channels as the update system, meaning breaking the spyware also breaks your update system, leaving you open to malware attack.
Kinda like the only way to keep your home safe from intruders is to keep a vicious human-aggressive dog on the premises. Keeps the intruders away, yes, but also likely to bite you, and it's not like you have much in the way of alternatives. The ruffians are already notorious for kicking doors and bashing windows, and the ones that still resist, they torch.
Using them for everything won't work. The state has the resources to keep a quantum computer in a black project, store everything since the advent of the PC, and probably even be working on a way to break lattice and other post-quantum encryption. And you can't stop them OR convince them to stop since EVERY state and state leader behaves like Damocles: as if under perpetual existential threat. Under such an environment, NOTHING is taboo since the one that can destroy you can come from ANYWHERE at ANYTIME.
How does remote wipe work if the phone is kept in a Faraday bag and only removed when in a Faraday cage?
Maybe not Red Bull, but in the US there have been some cases where a caffeine/alcohol combination was at least partially to blame for a number of deaths: mostly from the consumption of Jagerbombs or those tall cans of alcohol+caffeine like Four Loko. They knew it was a factor because the conflicting buzzes meant the body couldn't warn the drinker they were overdoing it. Hard to deal with the Jagerbombs since they're mixed on site, but they basically told the Four Loko and the like to ease up on the caffeine so that drinkers can at least get some kind of warning buzz.
"Reg I was expecting better. Stop emulating the daily mail and consider presenting facts sometimes."
Hey, it pulled you to the article. Tabloid headlines are like that for a purpose: human nature draws us to extremes. It's called "sensationalism." The mundane "Red Bull Sued for False Advertising" simply wouldn't draw as many clicks.
It goes to the whole "Truth in Advertising" business. The thing is, what one would perceive as ridiculous, another would consider factual (like the time someone managed to amass enough Pepsi Points coupons to afford, according to the promotional ad, a Harrier jet—the case was thrown out, BTW). That's why I don't like ad laws as they are and would prefer them to be restricted to absolute truth, or as close to it as possible (I would equate it as a case before the public and subject to the same restrictions as a court witness: the truth, the whole truth, and nothing but the truth). For example, absolutely no hyperbole or unverifiable claims and all advertised effects listed in their most conservative. Preferably, all testimonials should be voluntary and unpaid, and though I cannot think of the exact means, some way should be made to force professional endorsements to have serious backing.
How well do dictionary attacks do against passphrases containing more than 2 words? Each one multiplies the potential complexity by the size of the dictionary. Six words and a million-word dictionary, assuming no semantics, results in (10^9)^6, or 10^54 possible phrases, and if even one of those words is intentionally misspelled...
If you have to go that far, why not just use a password keeper and let it generate completely random passwords for each site, taking into account each site's eccentricities? That way you only have to recall one passphrase to open this keep (which you can store locally) which you can make as long and convoluted as you please.
I recall it once termed "memory theater". The problem is that it's meant to recall things in a particular order. That's why you "walk through" your loci mnemonic. Trouble is that, in modern life, things are much more random. You may be asked to recall the 57th password you memorized one day and the 124th one the next, with the 89th demanded after dinner for good measure. So having to walk through your mnemonic to recall something out of order can be time-consuming and prone to mistakes.
Plus, consider the NUMBER of passwords we have to go through each day. I'm pretty sure these phrases run into the point where you have to wonder which mnemonic you used for which site. "Now did I use Mary Had a Little Lamb or Little Jack Horner? Or was it actually Simple Simon?" I'd like to see an effective mnemonic for remembering the credentials for hundreds of arbitrary websites.
Which would you rather have? The corrupt King Cobras or the relentless Army Ants? You're dead either way. Even if we tried to make our own mesh, that would take electricity, which means we're beholden to the power companies.
But cash CAN be stolen...or counterfeited...
"1) Fire the employees?
2) Reassign them to non-driving jobs?
3) Train them to drive better?
4) Put bigger bumpers on the vehicles?"
You can't do (1) because they're probably in positions of trust. Fire them and you run the very real risk of retaliatory sabotage, and their position of trust means they can leave secret backdoors in their wake. (2)'s out because they're not stupid. ANY kind of relegation may as well equate to a firing. And they may not be willing to undergo (3). So what happens when you're caught between Scylla and Charybdis: caught with an employee already in a position of trust but now found to not be trustworthy?
"Yes, I'm saying Schneier is wrong on this, and that puts me on the wrong side of a lot of people. But I feel he is. Can we make something 100% "secure"? Probably not. But we always need to try. And we can't take the totally full-a**ed attempts we've been making at something pathetically called "security" and say, "See? It doesn't work!"."
But what happens when the openings come from UP TOP? Plus how do we convince people to care when they'd rather put their effort into deflecting the damage, a la a professional slacker?
I'd hate to be the one to enforce a no-Apple policy when the board uses iPads...
"Can they publish a story about not being able to publish a story about not being able to publish a story about X, or is the law recursive?"
I think the law is rather all-encompassing. It prohibits MENTIONING that you can't mention the banned item, meaning any form of recursion is already covered because you have to mention that you can't mention the banned item in order to mention that you can't mention that you can't mention the banned item.
The requirement ALSO states it must be broad enough that no reasonable conclusion can be drawn from the range. IOW, your range is too specific. They're looking for something more like "between zero and ten million" on the grounds that the mere disclosure of that exact number can tip off criminals.
What if they compel you to lie and order you to "not adjust your 'If you're reading this...' in any way"?
But as Tim noted, security is computationally-intensive, and recall what the top of the line was in 1990: the 80486, about as big a leap FROM the 6502 as it is TO today's tech. And if this was top end, imagine what else was still in use. Now imagine always-on security in such a world...
As for secure communications, you hit a snag when you have the competing needs of secure communications and efficient communications. Efficiency necessarily leaves telltale trails that can be analyzed (so it's easy to trace something like a video stream since it's time-sensitive) while secure communications necessarily introduces false trails or "chaff" that cost bandwidth and in turn electricity (that's one reason why Freenet's so slow). Plus there's still the matter of subverting endpoints outside the secure network, a practically-intractable problem as long as computers are available to the public. Furthermore, the average user can't be trusted to be perfectly vigilant, which leaves plenty of other openings and instances of being locked out.
Bet the next step will be making alarms too inconvenient by finding ways to "invisibly" trip repeated false alarms all over the place. Alarms won't be able to do much when they cry wolf all the time.
Then how do you UPDATE them when exploits appear, which they ALWAYS will no matter which OS you use (remember, some of the nastiest bugs have been on UNIX-based systems)? Being forced to replace the hardware can be too costly, for example, and perhaps too labor-intensive depending on how it's built.
"I think I'd rather have no network connection and out of date AV signatures. One less way in for thieves."
Unfortunately, ATMs REQUIRE some form of callback access; otherwise, they can't link back to the banks to verify transactions. That's why ALL ATM's require at least a telephone line.
To a point, you are correct. However, the recipient's credentials can be sniffed since POP3 is normally a cleartext connection that requires a login. That's why most ISPs are adding in the STARTTLS extension which allows for transitioning to a secured connection before authentication occurs.
No, more like the flu. You can try to wipe it out but it adapts too quickly. You say UNIX and Win7 are pretty secure...until someone combines a toehold exploit with a privilege escalation and BOOM, you're dead meat again. The thing about this security business is you have to be lucky all the time, they only have to be lucky once. And they have millions of targets (and growing) to choose from.
Perhaps, but by most accounts that better describes a Trojan Horse (a malicious payload disguised as a legit program but not a legit program in and of itself). For it to be a virus, it has to piggyback on a legitimate third-party program or medium the way the flu does.
"So what other solutions are there? Altruistic approaches don't scale beyond small communities as they violate the basics of human nature, communism is far too prone to mismanagement and corruption. Labor-driven free-market economics may be an ultimately self-destructive approach, and require the unhealthy habits of consumerism to function in an age of automation, but it seems to be the only one we have."
What about the unspeakable admission that there are simply too many people for the system to maintain itself and that what's needed is some degree of population reduction?
"This stinking vile mess needs to be demolish ASAP and replaced by something simpler without gangster middlemens' 'help', based on genuine value."
We once did, but the middlemen are like roaches: they keep coming back. No matter how much you try to remove or outlaw them, they'll weasel their way back in. It's part of the human condition; somewhere along the line, someone's gonna cheat...AND get away with it.
"Once a way of producing cheap (relatively) safe energy is discovered, we really won't have any reasonable excuses for consumerism."
Not quite. We'll also need better ways to harness that energy. Converting it to compact and portable petrochemical fuel is a start, but what's needed beyond ubiquitous energy is, as another commenter put it, something approaching the Star Trek replicator: a means of converting energy into arbitrary forms of matter. Or perhaps a lesser stretch, through the use of energy, transforming ubiquitous but not-so-useful matter into not-so-ubiquitous but more-useful matter.
"So far as I can tell - and im in no way a communist, certainly left of center but no ones brother, comrade - the USSR collapsed due to corruption more than anything else, corruption of the founding ideas and global petty corruption on a day to day level."
But that corruption points to a fundamental human condition which makes the Utopia unachievable. Quite simply, humans are animals, and at our basest level, animals will seek to find a way to get a leg up on our fellow man. Why? The ones at the top get to spread the most genes; IOW, it's reproductive and survival instinct so ingrained as to be nigh impossible to root out. I think Karl Marx and Friedrich Engels underestimated our ability to control instinct. We'll band together against threat, as we should which is why you see tremendous organization in war, and threat is what led to the Bolshevik Revolution, not to mention the French and American Revolutions, but in peacetime, it's back to me vs. you at some level. And this conflict will reach across the spectrum, from sibling rivalry to neighborhood spats to community disagreements all the way up to backroom deals, backstabbing, wheeling and dealing at the highest levels of government.
"I agree completely with your article but the bit at the end is missing; the solution to the woes that you have pointed out."
Perhaps the lack of a solution points to the real problem behind the problem: the average human seems to lack that critical ability to think beyond tomorrow, either due to stress or due to gross stupidity. Either way, the point becomes, "Why worry about five years when we won't see past tomorrow?"
And that manifests in our growing inability to trust outsiders. It's rapidly becoming a race to full DTA mode. We can't trust private enterprise and the capitalistic model because there's disincentive to think long-term (as I noted earlier, no business can survive on a one-and-done). But the only other institute capable of a long-term solution, the state, isn't trusted either since its very existence (and the stability it provides) rapidly results in cronyism and corruption, undermining the very goals we seek from them. So if you can't trust others, you can't trust the state, and you lack the means to do it yourself, who's left?
"you are up against the light bulb principle too"
Hmm, interesting way to put it. West of the Atlantic, it tends to be known as the Vacuum Cleaner Principle, as we're familiar with Kirby and Electrolux vacuum cleaners that have been around for three generations or so, yet you don't see them still being sold today. It's always Hoover or Oreck or whatever. That's the thing about one-offs. Sure, you can steal the market by selling a one-off...but then you starve yourself out of the market because once you sell it, you never hear from the customer again.
Some things just don't work on a capitalistic incentive because the focus will always be on the short term: on repeat business. You need a different incentive to get long-term work done like permanent medical solutions (cures and permanent vaccines vs. treatment regimens).
And if the very act of getting that warrant tips the crooks off?
But how are we to distinguish if what the person perceives as difference is really difference and not placebo effect (here's a challenge: can the person tell between 'recognize speech" and "wreck a nice beach")? That's why you need multiple people, to average out any bias inherent to an individual.
"Well, all the broadcasters and their roadmaps at IBC involve HEVC. There is equipment available for them that can handle it, and the amount of that will increase quite substantially over the coming years. TV makers are already rolling out HEVC kit (yes, of variable quality in some cases), but it's coming."
OK, so HEVC does have a head start with content and hardware providers. That's significant since it means Google may be late to the party again unless they can steal a march on MPEG-LA (which is still possible, forcing the content providers to scramble), but it would mean Google convincing chip makers to implement VP9 in silicon in volume on both the encoding and decoding end. And hardware is not exactly Google's strong suit. Unlike companies like Apple, Google isn't well-known for dictating exacting hardware terms.
@Charlie Clark: Trouble is, while Android does dominate the mobile market, most of that market is towards the lower end of videos which are still the domain of AVC. Furthermore, a sizeable chunk of that market is still held by Apple, who would sooner see Hell freeze than support The Enemy with their codec because it's Bad For Business, and Apple still has significant pull with content providers. HEVC is going to be, at least at first, primarily used for high-resolution content where mobile data would struggle. This would leave high-speed home networks, which means the playback device will likely be the TV or an STB hooked to it. And the TV end of the market happens to be where HEVC is focusing right now, particularly with content providers and chipset makers.
That's the thing. HEVC isn't exactly an established standard yet unless you're saying a slew of HEVC encoding suites are already available to them. Now, granted, MPEG-LA isn't charging a mint for the use of the codec, but Google's offering VP9 gratis and offering a guaranteed line of devices it'll support. Those are two pretty good incentives right there.
And if the concrete evidence is in HOSTILE TERRITORY?
"Perhaps you haven't noticed that by simply making the haystack bigger they're not making it any easier to find the needle?"
Perhaps you haven't noticed that the size of the haystack isn't that big of an issue when you've got a magnet, an x-ray machine, or something else that lets you pick out the interesting stuff from all the chaff (that's what the computers are for).
As for the odds, that doesn't mean much either, because you're talking things like plane crashes and meteorite impacts. Sure, the odds are slim, but when they DO happen, they happen BIG (IOW, they're low-incidence but high-consequence). This isn't like your average law-enforcement deal where plods can just investigate things after the fact because after the face is just too damn late when the threat is existential.
You'll never convince the software makers to loosen their terms since many of them have captive markets with no honest competition, especially in the professional field. Let's face it. Except for the most basic of things, GIMP is no Photoshop, and I still haven't found anything that approaches the level of features in Premiere or After Effects. All the software maker has to do to (which many are transitioning anyway) is to render all of their transactions leases or subscriptions. At which point, all the buyer can do is accept the limits of the agreement or go without.
When the town only has one well (and practically no way to make another), do you dehydrate yourself to spite its owner?
"Wolesale indiscriminate collection of data on the citizens of a country by those who govern is completely different."
So is a world where a single man can potentially ruin civilisation if you're not careful. That's the thing about eternal vigilance. One bad apple can spoil the whole bunch. One determined nihilist with time, and resources can unleash pure hell (and with technology progressing as it is, one cannot discount the possibility of something like a rampant viral plague like avian flu). Know any other way to combat a lone-wolf existential threat?
"I was under the impression that the 'separation' by NAT routers was kinda a byproduct, and can easily be worked into a 6 only router* by just blocking anything coming in over the WAN interface by default, allowing port forwarding much the same as IPv4 + NAT, but just not requiring the IP address MAPPING, as in instead of "anything coming in on the WAN on port 80, map to port 6680 of 192.168.1.230" you'd simply say "Anything coming in on 3D8B:0004:773A:FB01:: port 80, route straight through" ?"
A byproduct, maybe, but a welcomed one, because local net addresses are just that: they're not meant to be exposed to the Internet, and most network stacks will interpret this as such. If not, some link in the chain is likely to realize, "Hey, this isn't a proper internet address" and reject the connection. IOW, odds are if you tried to use a local net address to connect to a LAN address behind a firewall, odds are the firewall won't even be aware of it.
Sometimes, the best defense is stealth, as in making it look as if your machine doesn't exist. Think of it like a hotel or hospital where the rooms can't be direct-dialed from the outside (room-to-room calling is unaffected) but have to go through the front desk first. The front desk is the NAT firewall in this case even if outgoing calls are being routed automatically. If you tried to direct-dial a room, odds are the number is invalid and the phone company will block you, not even reaching the front desk.
There's an IPv4 address space in IPv6, and there are ways to bridge between them. One concern has been firewall penetration, as NAT provided an additional layer of security by separating the address spaces naturally. Also, some businesses run OLD (Pre-IPv6) hardware they can't replace. A sudden changeover would isolate them.
"It's about time that the myth was busted over safety concerns. If there was *EVER* the possibility that a PED could have downed an aircraft, they would *NEVER* have been permitted on board. They would have been confiscated at security."
But unlike other things, the PED has several factors that make wholesale confiscation thorny.
1. They're ubiquitous, meaning most passengers have them. The wholesale confiscation of something most passengers have can be ornerous, especially when...
2. They're not easily replaced. People grumble about the liquids bit, but that's offset because one can usually just resupply at their destination. About the only people who have a problem are those with large quantity of prescription fluids. In which case, they'll have to go into checked luggage. But...
3. They're sensitive to temperature extremes AND contain Lithium. Since there's no guarantee a luggage hold will be climate-controlled, the PED might be exposed to damaging temperature extremes and such. Furthermore, lithium is a fire risk (prone to spontaneous combustion), which is why it's banned in luggage holds (at least in a carry-on it can be pulled out in an emergency).
4. They're considered an essential accessory to many: a link back to base. Meaning if they can't take the PED, they're not going. That puts a financial pressure on the airlines catching them between Scylla and Charybdis. If they cave, the PED might down the plane, but if they don't, the lack of passengers might torpedo the business.