Re: Your move, Roy
Easy. Piggyback on domains that normally have to get whitelisted to get things done. Now it's either bend over or break most of the Internet.
16605 publicly visible posts • joined 10 Jun 2009
IOW, soon all the tracking will move server-side (where it can't be blocked or even detected) via methods essential to the modern operation of the web (like client hashes meant to prevent things like CiTM attacks). Are we just taking the long way round to the Stateful Internet?
'penny wise, pound foolish' I say.
Then how come it works SO well that Chrome overtook Firefox, either because or in spite of the single menu button. Frankly, I don't see what all the fuss is about. An extra click or flick isn't gonna kill anyone, and I can use Waterfox just as easily after as before. Perhaps it's time to pick your battles. You've been clearly outvoted on the UI, move on to security.
No, it's the OEM's fault they forced Google's hand when Android started out. They wanted proprietary add-ons or they wouldn't sign on. It's only with Android the clear dominant OS that Google is able (starting with Nougat) to start taking back control of some of the core of the OS, but without the OEMs signing on, they never would've gotten off the ground in the first place against the iPhones.
But that's exactly what I meant by "counter". Forget remembering the password. How bad is it if you can't remember the mnemonic, such that you need a mnemonic for the mnemonic until it's turtles all the way down? Thus "Was it correcthorsebatterystaple or donkeyenginepaperclipwrong?" All four words with similar but incorrect counterparts (horse-donkey, battery-engine, staple-paperclip, correct-wrong) and in the wrong order. This ain't the Middle Ages when memory was basically your only lifeline and life wasn't as complicated as it was.
Thing is, you can MIS-recall your algorithm, and everything starts going wrong and you can't recall the right method you were using. I routinely have to deal with people with such bad recall they common words, sometimes their own name, yet need online access to reach their appointments, benefits, bills, etc. Makes me worry if their caregiver pops the cogs before them from stress...
To which the next question would be, "Then what do you use that can work even with CEOs with poor recall, can't be stolen or coerced, and can't be copied or imitated?" If even ONE of those gotchas remains, it WILL be exploited: for the lulz if nothing else.
"Then the people who pick good passwords get to keep them and the people who pick poor passwords have to come cap in hand to IT and ask for a new one."
Watch it. An executive probably won't go through that door with a cap but with a replacement, and probably a report of a reduced IT budget and a communique to his friends at other firms black-marking you.
Two questions here.
First, does a court of appeals actually possess the right to refuse to hear a case? I thought only SCOTUS had that right.
Second, was this the court in and of itself, not just three of the appellate judges (meaning it's essentially an en banc decision and cannot be reheard in the same court because it's already been "reheard")?
EVERY man has his price.
- Even more too many to cite.
If you can talk to a legislator, you can bribe or blackmail him, and there are ways around any law, such as hiring siblings and spouses as lobbyists (now go ahead and try to stop them talking to each other, especially if they have children).
"Then they cease to exist. (hint: turnover =/= profit)"
Hint: That's what lawyers and accountants are for. Ever heard of tax avoidance? If it costs less to hide their turnover than to pay the fine, they'll find a way to do it. Worse comes to worse, they'll cajolr the public into changing the laws.
So what happens when you NEED (not want, say for employment reasons) a spyphone just to stay a member of modern society? Do you TRY to go to the cabin in the mountains where the landsats can still see you? Or just bend over and realize you're simply outnumbered (as in everyone else wants to rape your data, and they only have to be lucky ONCE to pwn you for life)?
>"Leverage" is not a bleedin' verb.
https://www.dictionary.com/browse/leverage?s=t
verb (used with object), lev·er·aged, lev·er·ag·ing.
to use (a quality or advantage) to obtain a desired effect or result:
She was able to leverage her travel experience and her gift for languages to get a job as a translator.
So leverage IS a verb (a transitive verb, to be specific), and if I have to, I'll look up OED, too.
Because if you can't trust the CPU's RNG, you can't trust ANY RNG. There's no telling where it's been, certification or no, plus the CPU or mobo can undo any effort you make by tampering with the communications channels. The main reason you want a hardware RNG is because you need a high-throughput TRNG, such as running a key-generating server.
As for trusting the CPU's RNG, this is usually mitigated by employing multiple entropy sources so that the worst case is that a bad source adds no entropy. AFAIK, there's no practical way for the CPU to know enough about any alternate sources to actually negate entropy.
There's one place where the CPU and ONLY the CPU can be used: bootstrap. At that point, no other buses are open, including those you'd need to access another RNG. How does one propose to secure the bootstrap procedure without access to any other RNG?
"no - not every system has a need for it - my media server as example."
What makes you think a malcontent can't usurp your media server and use it as a springboard to other parts of your network...or even as part of a botnet to attack the greater Internet (in which case it doesn't matter if it has secrets or not, just oomph and access).
"Dear Peter, no UN member state¹ may, in the legitimate exercise of its sovereignty, discriminate against people by reason of their metaphysical / religious convictions, culture or ethnicity."
Says nothing about the places or people said people have visited.
You also forget India and Israel. If those two are low bars, then the bar must be pretty low EVERYWHERE.
And note, a lot of these are speaking from firsthand experience. My own firsthand experience tells be to be cautious no matter where you go.
"Better phones have two (or more) SIM-slots for that. ;-)"
You can't really rely on that going to the US as LTE Band III is taken (1.8GHz was already in use by the government before LTE was even a thing). The chief LTE Bands in the US are II (shared), IV (T-Mobile), XIII (Verizon) and XVII (AT&T). Now, I don't know about newer phones, but I always kept an unlocked Galaxy S5 on hand for international travel because it at least supported Band III, and I usually look for an inexpensive local phone just in case. Band issues are the main reason I don't get much truck for dual-SIMs (the phone still has to support the correct bands in any event, and some of the carriers like Sprint use the newer TDD-LTE rather than the more traditional FDD-LTE used by the above).
But since most drones like that are moving, trying to shake them to pieces with acoustic resonance runs afoul of the Doppler Effect. It would require constant shifting of the sonic frequency to counteract the Doppler Effect, and that's going to call for additional hardware like a RADAR or LIDAR speed gun.
So what's to stop a phone manufacturer (or a government) from locking you out of changing the eSIM? At least with a physical SIM, you can always pull it out, and there's nothing the manufacturer or any other malcontent can do to stop you other than physically detaining you (in which case you have bigger problems). That's why the move against anything built-in, and why I'm against things like sealed batteries and no SD slots: they remove flexibility and can introduce Planned Obsolescence.
"Now they're well known as ..well, a phone brand... so the more customers who can use their device the better."
But the best way to do that is to find a way to have universal LTE frequency support, supporting ALL FDD and TDD LTE Bands so that they can truly be used anywhere in the world, regardless of the operator and the frequencies used (case in point: it's tricky to buy a US phone that works well internationally or vice versa because the frequencies they use are often mutually exclusive, for reasons predating LTE). Then they won't need an eSIM or anything of the sort: just pop in a SIM, ANY SIM at all and it just works: first time every time. That's the kind of ease of use the late Steve Jobs would be crowing about.
"Yes it's logical. No it won't pass muster in (e.g.) sensitive American workplaces."
WHY won't it pass muster in American workplaces? I mean, people are so over-sensitive these days. The best way to defeat an epithet is to neuter it (or even better, turn it into a compliment, ie. "AND PROUD OF IT!"). I once heard a black comedian come up with a way to neuter the most common historical epithet directed at blacks: simply make an innocuous snack chip by that name. Then people will be using the name for that purpose so much the old meaning will fade into obscurity.
Anyway, according to the developers, this is because GIMP uses GTK+, which IS the standard I/O system if you're using GNOME IIRC and doesn't accommodate any other because of this. It's not just Windows users complaining. Those using other Linux desktops like KDE (which uses QT) complain, too, and have been given the WONTFIX.
Thing is, this isn't really an issue with GIMP but with GTK+.
"Or, install a free copy of Ubuntu or whichever distro you choose."
Ever wonder why Red Hat keeps getting business for its Enterprise solution instead of everyone just going to Fedora? There's more to running a business than just the software, after all. Sometimes, the support for the software is more important (and more expensive) than the software itself. There's something about that age-old question, "What price peace of mind?"
Aren't you concerned those devices will have GPS trackers and cameras? Meaning if it gets shot down, it'll be able to let the shipper know WHERE it went down...and send the police over there with THEIR shotguns? Last I checked, the plods don't take kindly to guns being fired willy-nilly (due to Disturbing the Peace issues and tragedies caused by falling bullets).
"More for infrastructure to comply or 4% of turnover for the rest of the firms existence?"
Ever heard of The Cost of Doing Business? If they can find a way to reduce their legal turnover (I don't think there's a fine in the world that can't be finagled--that's what lawyers are for, partially), they could just pay the fines so as to keep going.
"That's one of the reasons for not stopping at your car if there is a suspicious person hanging about close enough to accost you at gunpoint, or knifepoint - a piece of basic urban safety awareness."
Thing is, if they REALLY want you, they have ways of FORCING the car to stop like a pre-planned roadblock, a confirmed tactic of certain organized criminal organizations.