17 posts • joined Thursday 8th September 2011 14:49 GMT
I think this says all that needs to be said on this.....
"Because our goal here, of course, is to meet the requirements, number one. But, also do so as inexpensively as possible, keeping in mind our goal. And our goal is, clearly, not to find a qualified and interested US worker."
Re: Coming to a wallet near you...
Credit cards get their money from two sources. The user who pays interest, fees, etc. The other half is the merchant. To accept credit cards you need to pay fees for your merchant account. Then you need to pay your monthly fee to your processor (this is why PayPal and Square are popular with craft fair folks as they don't charge you $15-$75 just to say you accept credit cards). Then when you accept a credit card you pay the base charge fee of 28¢ to $1 plus the 1.8% to 4% of the transaction amount.
Paypal/Google could create an immensely popular card by just making the merchants pay just enough to cover the cost the banks will charge them just to get the money to the merchant. Then give users low interest rates and reasonable fees. Of course the regulators will then act at the behest of the big banks and make sure that they have no end of troubles getting this all up and flying.
Nice solar array
Pity about all of the trees that were cut down for it.
Doing it in the first place in this day and age is
Unfortunately, it still happens with alarming frequency.
Re: Yes, it's about time, but…
Sure it is. Using it is still better than sending the data over the wire in plain text.
For DigiNotar to work, your victim would need to be using very old software. It's certificate as a root CA was revoked by pretty much everyone. As a cautionary tale for the whole CA system it is definitely a loud and clear example of what everyone knew was an issue. Unfortunately there is no panacea when it comes to security. You do what you can. The only true security is a one-time pad, but that is actually impossible to achieve in reality.
If you look at the mitmproxy tickets, you'd find out that Apple has pinned it's certificate (at least in iOS 6), which is exactly what should be done everywhere that it is possible. Since the certificate is not used over the wire, you'd need access to their device and the ability to change the certificate on it to your certificate.
So what's left? Well if you want to target specific sites that have mixed content (some SSL and some HTTP [preferably JS files, but CSS would also work]), you can proxy the traffic and inject your own JS code in the HTTP stream. SSL works by public/private keys to set up the connection. After that it is simple symmetric encryption. Your code would make repeated connections to the server with a block of text that you know. Known text attack is pretty simple for working out the symmetric key. If you've been caching the SSL packets, you can go back and decrypt that stream.
You've got good points, but just shouting the sky is falling on a forum is perhaps not the best thing to do. I mean, what if some PHB is reading the site and gets the idea that they can just stop using SSL on their services. ;)
It's better to point out that security is hard and SSL is not a panacea because it needs to be implemented correctly and carefully. When I was a SysAdmin, I used to tell my colleagues that if you wanted true security, you'd cut the cords off of your system, send it through an industrial wood chipper, embed that in a block of cement, and then drop that into the Marianas Trench. Then I'd be 99.999% sure you couldn't be hacked.
The process is tiresome
1. Install new update after it bugs me incessantly for several days in a row.
2. Tell it that I do not want the farking Ask.com toolbar for the 17th time.
3. Re-disable the plugin in my browser, again for the 17th time.
If I didn't need Eclipse and the Android SDK, this piece of trash would be banned from my systems. :P
In all, I rather expect it will bump Windows Phone to #4. I wouldn't actually take a money bet on that, but.... It has a much better interface due to its borrowing all of the good ideas from WebOS. It does have that Android compatibility layer and as a result will go to market with a much bigger app store. As stated in another comment Blackberry hardware is generally very good. There is still a fan base for Blackberry.
I haven't bothered to look at the new API. Hopefully folks writing native apps will get to deal with a much better API than the Charlie Foxtrot the old API had become.
I'll stop in a store to give one a try when they are released (just like I did with the Torch), but I'll stick with my Droid.
OAuth is problematic, especially 2.0. There is really nothing stopping me from asking you for your FB/Twitter/Dropbox credentials and storing them. At that point I can do the whole sign in, authorize, and obtain access token from my server without you ever knowing what permissions you just granted me. I can also get access to your account at any point until you change your password. Deauthorize the app and I just reauthorize myself.
I'm sorry there is something stopping me. I'm ethical and I take the ToS that I accepted seriously. There are a lot of people that would not worry about that if they could make a quick buck.
Obviously most tech savvy people are going to know that they should be on the Twitter page to login. Then you get people like my wife who won't do anything or call me in to see if it's legit. Then you get people like my brother in law who will just go ahead and log in (my sister banned him from her computer and I'm constantly pulling malware off of his computer). These are also the people who won't know how to check what permissions the app has or where to deauthorize it and will complain profusely when told to change their password.
Re: 8080, bloody Hell!
Actually the C128 had an MOS 8502 and a Zielog Z80. The C64 started out using the MOS 6510 and later used the 8500. Everything except the Z80 were 6502 compatible, but each had its own additional capabilities.
I prefer the more descriptive name of Dumfukistan.
A few months before they de-orbited it, I saw a simultaneous transit of Mir and the ISS. it was definitely a very cool thing.
I always remember this about my fellow citizens: I know what the stupidity of the average American is and that half of them are dumber than that.
Re: 2 Gig?
They need to use memory that is hardened against cosmic rays. Here on Earth we've got a magnetosphere to block them out and it still doesn't much matter if a bit gets flipped here or there on your phone. On spacecraft an SD card would probably get fried by the rads.
Little known actor/radio personality decides to be a director and uses a gimmick to get attention. The fund raising bit on his website is a hoot.
I'm not saying that it is a bad thing to use cameras, lenses, and filters to achieve an effect. I knew someone who did several short films using a Fisher Price Pixelvision camera because of the look of the final product. He also did quite a bit of post in After Effects.
Hell some real directors have overused filters. I wanted to walk out of Star Trek Generations because of the heavy handed use of colored lens filters. I seem to remember the director apologizing at a later date for that.
Simpler solution. Google can close all Italian offices and tell the employees to move to another country or lose their jobs.
Cruel? Heartless? Perhaps, but all countries need to learn that their laws end at their borders.
They didn't get rid of WebOS
They dropped and canceled the hardware. WebOS, the software portion, was transfered to another division. Without hardware, its limbo state is in essence the same as being dead outright. The difference is that they could revive it or license it to another company.
My Pre is getting replaced with a Thunderbolt here in the next few weeks. HP has no credibility. Any HP branded WebOS device will not have a chance. HTC would be one of the companies who they could license it to and it might work. It would be a very slim chance with Android and iOS out there. I'd lay higher odds on WP7 or 8 at this point.
Yes you are missing something
Amazon is not a California business or corporation. Amazon has no physical location in California.
Why should Amazon be subject to California's laws?
If I owned a shop in North Carolina and you walk in to buy something I am required to collect the sales tax. I as the business do NOT pay the sales tax, you do. The purchaser is paying it and they are the ones required to pay it, but the state requires that I act as their agent in collecting it from you. That's fine. I'm in their jurisdiction and beholden to their laws.
If you order it from California, I am not their agent, nor in their jurisdiction. Legally I am not subject to their laws, but you are. You still legally owe what they say you owe. If they passed a law saying anyone sending a letter owes us a dime, should I send a dime to the CA state every time I send a CA resident a letter? Hell, no.
This is just CA and the other states pulling these shenanigans trying to get illegal laws enforced because they know their residents won't be honest.
In fact let's flip the idea. What if NC passes a law saying I must collect sales tax from anyone making a purchase regardless of where they are. Would you be fine with paying NC a sales tax for an online purchase if you lived in France?
NC has no Amazon affiliates because of NC pulling this shit. I know two people who were making $10k+ a year as affiliates and paying income tax on that. Now NC has not sales tax and no income tax on any of those purchases? Bravo to the folks in Raleigh.
- Analysis Who is the mystery sixth member of LulzSec?
- Analysis Hey, Teflon Ballmer. Look, isn't it time? You know, time to quit?
- Tablet? Laptop? HP does the splits with Tegra-based SlateBook x2
- NASA signs off on sampling mission to Earth-threatening asteroid
- Climate scientists agree: Humans cause global warming