3465 posts • joined 10 Jun 2009
I'm curious to know how the exploit is defeating both ASLR and DEP. Is the code using a JIT Spray or something else?
The general rule of thumb is that the best countries with broadband are also typically the smallest and/or densest. The big thing retarding US broadband expansion is natural and unavoidable: geography. The US is a big country geographically with lots of rural space in the center. This skews the infrastructure costs upward and makes them less viable. To put it in perspective, consider how much it would probably cost to connect New York and Los Angeles (a very realistic prospect) with high-speed data. Miami to Seattle (longer and more convoluted) would be even worse. And let's not even start with trying to connect a place as remote as Hawaii.
Re: Some people regret the lost jobs of horse carriage maintenance.
It's not like you can choose between the two of them even now. If TWC is in your area, odds are none of the others are. Same goes for Comcast, Cox, whatever. And the reason for this is pretty simple: the communities don't like redundant infrastructure, which would be the inevitable result if two cable companies started overlapping. You'll note that the main competition for cable companies in a given area are the wireless and telephone companies, each of which use separate infrastructure.
In other areas, especially rural ones, the ROI to get to those communities wouldn't make it worthwhile unless the market was captive, and ALL the cable companies know it, so they can basically hold the towns and counties hostage with "all-or-nothing" offers. That's the natural way of utility companies and other industries where there is a high (in terms of money or undesirability) barrier of entry in the form of up-front infrastructure costs. These kinds of companies tend to form monopolies naturally.
This merger is less the AT&T-T-Mobile merger and more like the GTE-Bell Atlantic merger (which produced Verizon): more geographical and horizontal in nature. I'm just saying this isn't as similar as you think.
Re: Goose and Gander
Not if you as sender don't have a Google account, because you then have not signed up to their ToS (you cannot have a one-sided contract).
What he was trying to say was that anything that enters the Google ecosystem becomes subject to Google's infamous search scrutiny. IOW, if you send an e-mail to a gMail user, everything about it will be scrutinized, and even if you don't agree to use Google, they'll start building a profile on you, a la a Jigsaw attack. Merely interacting with anything pertaining to Google is all it takes. This isn't anything new; Facebook does it two by using the Like button as a sort of leech outside the Facebook ecosystem.
Re: Rendering on PC:s
"My first thought was Babylon 5, though they did have a special piece of hardware (Video Toaster). I'm sure there are plenty of other examples, though."
I personally like the series, but due to the technology, it is now easy to see when the CG was invoked (it reduces the resolution and is easy to notice in DVD releases). I personally would like to see the series upgraded to BluRay quality the way they're redoing Star Trek: The Next Generation, but I maintain skepticism over the possibility (mainly the availability of the original film footage).
Re: You'll never convince...
The next time someone tells you natural is good, dare them to eat a castor seed (the source of ricin).
Re: Not a Dos/DDos attack but
Have you seen ransomware in action? Most of them encrypt the contents of your device, making backups useless. At this early stage, if I were an Android ransomware writer, I'd at the least use a root exploit amd remove/disable any and all backup programs. Given time, I'd encrypt the pertinent bits of data like call logs, contacts, etc. and move from there.
Re: meet the Law of Unintended Consequences...
And what happens when crooks stash stolen phones in Faraday bags so they never hear the brick signals and then fence them overseas so they never hear the signals again?
Re: But who has control...?
It's probably kept by the manufacturer. Otherwise, bricking can't be done by law enforcement.
Re: "how painfully slow migrations from Windows XP to Windows 7 are proceeding"
Sometimes, it's the software. Software that came from the Windows 2000 era, perhaps, still works in Windows XP but breaks on Vista and up. It's custom-made, mission-critical, must-be-up-at-all-times software, and the developers behind it don't exist anymore, meaning it can't be recoded for 7. The only possibility is to code a new program from scratch, but the budget probably doesn't allow it. So some places are caught between a rock and a hard place, being forced to stay with XP with no migration route.
Re: You can have it all!
Don't you suffer from data crossover problems, then, since you may need data on the 7 drive but have to run it on the XP or Ubuntu drive? Or do you keep a separate tray for the data?
Re: Bad writing
I don't think that's logically sound as "not A" would mean "nothing at all" in this case. We have an A-or-B situation, plus the null option (neither A nor B; again this would be "do nothing"). In this case, there's no intersect: doing A (going hard now) precludes doing B (go slow and over time) and vice versa.
I'd be curious to think about people who have no choice. Software that directly handles hardware (VM-incompatible), breaks in later OS's, doesn't exist on Linux, can't work on WINE, and must see the network.
Re: Is it possible for "crypto currencies"
Messages have been in the block chain since early times. As for secret transmission, that's hampered by the need to share the block chain.
Re: Once upon a time....
And now you're contradicting yourself, because we're BOTH arguing about the handle wire. I have already acknowledged that the lock basically disconnects the handle wire from the latch. I'm saying you WANT this in an accident because you want to reduce the odds of the door opening DURING the accident (raising the risk of you being thrown out as it opens; a distinct possibility with older cars that had the belt affixed to the door instead of the post; basically put, you're better off IN the car during the accident, and let the frame absorb the energy). The reason being that if the accident involves the door deforming in some way (for example, a side collision), this deformity can cause the door handle wire to go taut, (much like something flying into a balloon string) and potentially engage the latch if it's still engaged because the door is unlocked.
Under the scenario your describe, it wouldn't matter if the door was locked or not. After the accident, one should be able to unlock the door, thus re-engaging the handle wire to the lock, and then try to open the door, unless (as you say) the door is physically wedged in place, meaning you're stuck either way. And if the accident is such that the latch itself physically fails, then as you say the state of the lock is irrelevant and the whole argument is moot: whatever happens happens regardless of the lock state.
And you notice how minimal the fighter HUD is. Pilots have to be TRAINED to understand the sparse information in order to make it useful. A car HUD would have to be at least as easy to use as the current spate of gauges and dials so that the average driver can interpret them correctly. But that can prevent the HUD from being minimalist enough to not interfere with normal forward viewing.
Re: Once upon a time....
The lock disengages the catch from the door handle's wire. If the handle wire gets pulled during the accident (distinct possibility if the door gets bent and it goes taut), it could engage the catch and open the door Here, it isn't just me. NHTSA follows this philosophy. In addition, it wants to prevent doors opening while rolling. Read up:
Re: Once upon a time....
The *lock* merely prevents the handle from opening the door. It thus makes the frame no stronger in an impact, but does prevent rescuers from getting to casualties.
Which can engage in the twisted metal of an accident. See my point? Plenty of people have had their unlocked doors open and then get thrown out and killed as a result.
Re: Once upon a time....
The locked door debate is a tradeoff. The thought behind it is that a locked door makes the door part of the car frame in the event of a crash, making the side sturdier and better able to absorb impact: meaning the passenger compartment is less likely to crumple and trap the passengers. Also, a locked door has the risk of coming open during the accident, and in the event of no seat belt or a failure of the belt, someone can get thrown out of the vehicle then: statistically much more likely to result in a fatality.
OTOH, I can spot the other side of the coin. Some people want the door to loosen and tend to open out in an accident since there's the risk otherwise of the door physically jamming into the frame and making it impossible to open: itself a fatality risk in the event of a fire or sinking.
Steering wheel may not be visible from the driver's POV so that's no guarantee? And gear shift? Automatic transmission anyone? It'll be identical for driver and passenger. And position is no guarantee since driver sides depend on the country.
Re: "I don't see the problem..."
If you can't drive while holding a conversation, how the hell are you able to drive at all?
Simple. You don't let conversations distract you. At least in-car passengers have environmental context and can adjust their own conversations to wait for less-dangerous situations.
I would say holding a phone is more distracting than actually talking, because your hand is off the wheel. and common sense means you stop talking if you need to do something and focus on that task.
Try telling that to the other side of the conversation, who doesn't have the context and may keep talking or insist on continuing even when you need to put it down. Plus there's the matter of sensory compartmentalization regarding a conversation, especially with someone not physically present with you. Our brains just don't multitask well; it's already been shown. It's not like one can pay attention to a movie while writing a non-pertinent letter at the same time. Driving while having a non-pertinent conversation (one that isn't about the actual driving) poses the same problem.
Basically put, handsfree is no panacea. Here's one from the Telegraph last year of a fatal accident with a handsfree device in use.
Re: "I don't see the problem..."
Yes, you may well be at an increased level of risk when you make handsfree phone calls, but you are at an incredibly high level of risk if you are looking at a screen.
Actually, the growing trend is to disallow any conversation while driving, even if handsfree. Research has shown that the conversation itself is the distracting factor, not the act of holding the phone.
I have to agree to some extent with the lawmakers. The apps as they are now are too easy of a distraction for drivers. If we wish to use Glass apps while driving, they need to be specifically designed for the task and only for the purpose of assisting a driver. So that would limit apps to things like Augmented Reality driving guidance that keeps a speedometer and direction guidance in a less-distracting way.
Re: HUD? - modern satnavs
For the BMW that would be a safety measure since keeping a car with sufficient fuel is a legal responsibility for drivers in Germany. It's actually a traffic offense to get stranded on the Autobahn by, say, running out of gas.
As for the idea of a HUD in general, consider the possibility of an AR driving HUD, projecting lane guidance or other things that blur the line between distraction and useful information.
Re: It's all shades of grey
"Obviously, the only way for the data to be completely anonymous is to contain no data at all."
Of course, because unique data, by definition, is identifiable in some way (otherwise it can't be distinguished and therefore cannot be unique). And as someone has mentioned before, collaboration of the data (which can even happen internally if a single company interacts with customers in different ways--no sharing required) can open the door for a jigsaw attack on data that is required for the company's services to function.
The takeaways I get from this are (1) one cannot interact with the world on a fully anonymous basis if the interaction must in some form be two-way, as one must be able to receive a reply, (2) if one is not fully anonymous, one will eventually be fully identified due to the natural courses of business and human nature (filling in the gaps), leading to (3) against a determined and resourceful adversary, anonymity of any sort is infeasible, as they only have to be lucky once.
Re: Damned Americana
I think the main justification for addressing the word "data" in the singular is because it can be considered a collective noun, much like how one can call a group or a set of things in the singular, though I recognize the rules can vary depending on location. For example, I'm quite aware that teams can frequently still be addressed in either the singular or the plural. In the end, I call it in the matter of context: singular if being addressed as a whole or collection, plural if being addressed as a multiple of datum.
And not be running the new Android Runtime. It's currently disabled and an option in 4.4, but the next version's expected to have this on by default, breaking the Xposed Framework needed to run XPrivacy.
Re: Root your droid then use a security app
I DON'T because governments will know whose arm to twist. If the security app comes from an unenforceable land or has a widespread community support, it would be much harder to squelch or tamper.
Re: This is why.... "Listening mode only"...
At some point, a rooted phone will become a RIGHT, and the sooner people wake up and tell the carriers to sod/screw/get off, the soone we collectively might be able to pressure google and the phone manufacturers to ease up on the lock-down.
Never happen. One of the parties that want the wide-open door is the government (in the generic, not the specific). They'll always want that access as a matter of course (governmental instinct), and any attempt to get them to sign anything otherwise just results in "ink on a page". After all, who can you turn to above them to keep them in line, given that the government is sovereign and, by definition, in control of its own destiny?
And before you ask why you don't hear the same thing about Apple phones? Bet you that's because they got an insider there years ago and twisted Apple's arm, allowing them to create a more sophisticated snaffer that can't be readily detected by spectrum analysis because it only transmits sideband.
BTW, to whoever mentioned the em-shielded bag, accelerometers and gyros don't need EM to work, so if it gets a fixed via radio (which it'll get at some point because you have to use the phone), then if it's shielded it can still keep track of itself for some time while in the bag, then when you take it out again it can correct for drift before sending.
Re: Obvious question. Do *devs* have to take *all* or nothing access to your data?
Rather, it's the devs forcing it on Google or they would never have migrated from the Apple store to begin with.
Searching for accounts sounds like a prerequisite for in-app purchases, which need an account on which to charge.
As for retrieving running apps, it's possible it could have a tie-in to a related or other app (perhaps partner apps or other apps from the same developer).
Trouble is, the Xposed framework needed for Xprivacy breaks on the new Android Runtime. Bet you it becomes standard next version. Also bet they find a way to block the permission blockers with under the hood changes, too.
Re: ACLU and EFF
And if users get control of the permission, what do you think will be among the first things turned off for adware apps (unless the app itself needs it for normal function)? Network access. This will probably start app devs packing some ads into their programs so they can't be blocked.
The point is, the app devs want the control, so you have a tug of war between the users who want control of their device and the devs who want control of their app, and Google's position will have them favoring the devs (they pay Google more both directly and through the ad network). Apple can dictate terms since the iDevice line is vertically integrated and has that mysterious "We Must Have It, Here's Our Life Savings" draw. Google lacks that level of control and can easily lose the plot if devs decide to defect.
Re: ACLU and EFF
The Devs will simply respond, 'OK, then. Back to the Apple store.'
How do you do that without breaking the permission model that convinced devs to come to Android in the first place? Break the model and fewer Deva may develop for Android. There are still plenty of apps only available in the Apple store.
Re: The browser
My last phone before I went Android was the N95 8GB. No touchscreen. It navigates pages and links Lynx-style using the D-pad, with a couple menus to help shortcut to the address bar and so on. Actually, for a while, it was still sturdy enough to handle the more-robust Opera Mobile.
That's what I've found to be my main draw to a smartphone: information on the go. I do not use my smartphone for social apps of any kind, but whenever I'm shopping around and come across something, I find it reassuring to be able to whip it out and pull up some quick but useful information on something. More than once, it's been able to help me shy away from something that looked good at the time but upon second opinion wasn't worth the trouble.
Re: @ Charles 9
It wasn't patented only because it COULDN'T be patented. Exception to the rule because it's inapplicable; edge case. A proper example would be one that COULD be patented but WASN'T.
And last I checked, yes, to say you don't want nonphysical patents means an examplar (and to be an exemplar, it usually has to be WORKING) is REQUIRED.
Re: Incentive to invent??
Yes, because the early inventions were geared to survival and genetic advantage. Both of those are moot in a modern society, so you need a different incentive.
Re: @ Charles 9
One's an exception to the rile. The difference engine was commissioned by the Crown, thus making the work property of the Crown and subject to different rules.
The other breaks the rule. The analytical engine was never commissioned at all and has never actually been constructed to completion. Thus there was nothing to patent.
So what about anything from a private party?
Re: @ Charles 9
If that was true we would still be banging rocks together instead of exchanging messages via t'internets. The fact is there are some powerful incentives that exist independently of patents, e.g.: survival in a hostile environment.
ONLY in a hostile environment. Take that away (by being in a modern civilization), and you need a new incentive. Money works, but that is too easy to lose if you're prone to copycats.
Getting paid to do a job is hardly news, believe it or not that happens without patents too...
Name one invention that was commissioned but not patented. Most of the things I referred were unique works subject to copyright, but you can't copyright a technique.
Re: You wouldn't have stop the caravan.
Sorry for the rant, it just pisses me off that we throw our soldiers (citizens) into war zones and actively undermine them by ignoring things paid for with millions and millions of lives. The recipes for successful war and successful business haven't changed in many millennia. War is pretty stupid, but if you're going to do it, go with what works and just do it. If you're a bit squeamish about the people dying in large quantities bit, maybe war isn't the path you should be on.
That's assuming you HAVE an alternative. If your opposition considers MAD a winning scenario AND loves to hide among noncombatants, how do you take them out without making new enemies along the way?
Re: Seems pretty pointless
Reach, perhaps? Suppose there isn't a friendly airfield nearby? And B-52s are too big to take off from carriers, which is why they're exclusive to the Air Force. Plus there's the matter of the fuel costs. Ground transport almost always uses less fuel than an airdrop.
Thus why I've stayed away from AT&T for a number of years now. T-Mobile's coverage may be subpar, but the price can't be beat. Even now they're offering the closest things to a no-strings-attached 3-way unlimited plan for $70 a month, no contract. And if you want to skimp in places, they offer various lower rates in exchange. No other big-name plan I know can match, and this comes with WiFi Calling and Visual Voicemail.
"T-Mobile has outstanding customer service, poor (but improving) coverage and are trying their damnedest to break up the pricing, including getting the other three to acknowledge PAYG. (yes, those prices above are with a contract)"
Actually, that's par for the course. Contract rates include the installments for the phone you bought. It's only recently that T-Mobile separated the two so you know how much went to the plan and how much went to the phone.
Show me a company with rates that high for a no-contract plan, and I'll show you a company with little time to live.
Re: oh woh is me...
Not in a primarily-capitalist country. Big companies are pretty much the natural result of unfettered capitalism. Buit since too many Americans are afraid of the "S" word, I wonder if they'd take a natural monopoly as the lesser evil.
What happens is that the fewer viable competitors you have in the market, the more likely these competitors will start to collaborate and engage in cartel behaviour so as to keep out potential market disruptors. This is especially true in an industry like this where all of a key infrastructure element (in this case, bandwidth) is already pretty much spoken for. The big boys may choose to act like an oligopoly so they can concentrate on each other and not have to worry about surprise challenges. Thing is, cartel behaviour can easily break down if one of the players breaks ranks, and the more players you have, the better odds someone will upset the apple cart.
Re: American beer rocks (Just not Bud, etc)
There's been a trend towards beers like IPA (which is by design heavily hopped) due to curiosity and demand, but it's definitely not like it was in the 80's. Thanks to relaxed brewing regulations, there are lots of microbreweries, and many of them like to experiment. For example, the state of Virginia boasts at least four microbreweries of note (O'Connor in Norfolk, the Alewerks in Williamsburg, Legend in Richmond, and Starr Hill in Charlottesville) and lots of small regional ones.
BTW, according to this map, even Utah has a few breweries in it like Zion Canyon and Epic.
Re: American beer?
WW2 grain rationing put a real crimp on those breweries that survived the Depression. It was around that point that Americans got used to thin beer out of necessity and are only recently growing out.
Re: Easy fixed
But what about kicking back and reading it with a tablet now, flicking the pages with your finger?
Re: I'm mining Litecoins as we speak...
I think that the thing most likely to kill BTC is its own success. Should it ever get to a position where World+Dog is buying their beer and gum using it then the blockchain may well be so silted up that the verification lag per transaction will become unacceptable for larger sums.
This more than anything else has been what's turned me off Bitcoin. Keeping up with the block chain was actually seriously eating into my network bandwidth.