Not much of a vuln, but it can result in a MiTM attack. Wonder what kind of firmware would an attacker want to load a Sphero BB8 with?
3100 posts • joined 12 Oct 2007
Not much of a vuln, but it can result in a MiTM attack. Wonder what kind of firmware would an attacker want to load a Sphero BB8 with?
Maybe not 90% but over here in Mexico City, even the low income proles have some kind of smartphone these days. Cheap Android handsets go for 1000 MXN, which is somewhere around a month's worth of minimum wage.
Wouldn't be surprised if this were also the case in Brazil.
You are severely underestimating the power of Whatsapp in the Latin American countries. Over here, it is pretty much the one true IM application across all smartphones. I'd also expect a similar outcry if the (already unpopular) Mexican government were to block Whatsapp over here.
Yes. To solder LED just type
To unsolder it,
no solder led
Which is why he wasn't convicted by the new law, but previous ones related to hacking.
Nobody got convicted by the new law, unless they were still doing revenge porn by the time the law passed.
Imagine how much better the world would become if Zuckerberg, Gates, Andreessen and all of these other socialist losers disappeared.
He's a right winger. That explains a lot. Only a right winger would think revenge porn is a good business model.
I'm betting the companies that settled did so because they know this is probably going to be the last patent troll case for some time now.
BUT... What if it did this for a new service to send you an ambulance if it noticed you had been in a crash (detected by g sensors) but it had to go through your car manufacturer and not direct to the emergency service to ensure it wasnt being spoofed or for verification of the alert before wasting the ambulances time.
It's called OnStar, and not only is it opt-in only, it's a paid service.
Your version probably still has the older "diagnostic tracking service" named version of that "feature".
Windows Application Network Kernel Experience Recollection Service would be a far better name for that service, wouldn't it?
This is not ZDNet, El Reg is most definitely not a pro-MSFT site. There are a few MSFT shills, but a majority of the commenters, or staff, they do not make at all.
Well, there's the thing that there are always a lot of "a.c." comments with decidedly pro-MSFT defense arguments, which is a clear sign of corporate shillings.
How many users are actually interested in switching out Siri for Cortana? If you are going to use a voice-activated AI, you might as well use the one already baked into the OS. I don't see Google offering OK Google on iOS and WinPhone.
And here I thought it was one of those AACS keys that are doing the rounds through the 'net.
Google, Amazon and Dropbox all offer unlimited paid storage. If the 75TB users move to the other providers they'll probably have to scale back or implement more expensive tiers.
They should do it if they can't deal with the load. I wouldn't be surprised if either of those services were to have a 100TB user, it is pretty much bound to happen. Hell, it has happened even outside the tech world; American Airlines once gave away a $250,000 AAirpass that would give you free flights for the rest of your life. Guess what happened there?
"pretty much nobody uses OneDrive anymore."
You know, comments like these need to be backed up with some sort of factoids.
I did a survey a year ago, when checking out cloud storage options for one of our clients. Nobody used OneDrive, or SkyDrive ... or even knew that Microsoft had a cloud storage offering at all.
I thought that was what Google does with its annual service purges.
Google usually does that to their free stuff. Microsoft, however, does it with their paid stuff as well, and even to mainstream products. Just ask anyone who was involved in the Windows Mobile/Windows CE ecosystem.
I'm also amused at that. Ed Bott is an outright MS shill, down to being one of the few ones who actually defended Windows 8's GUI. If he's mad at MSFT, it's quite telling.
Good riddance. Yet another reason not to trust Microsoft on any of their offerings. Sure, offering "unlimited" data storage is a stupid, unsustainable thing, but scaling it back to 5GB when Google offers 15GB seems to be Microsoft yet again missing the boat. Hotmail remained at 2MB while Yahoo went 250MB, then Gmail offering 1GB and such ... by the time MS started offering measly 200MB accounts, most of its userbase had already jumped ship.
Maybe this time MS just doesn't care, as pretty much nobody uses OneDrive anymore. I did use it, but mostly back when MS was still trying to compete in the social media stuff with MSN Spaces. It is precisely because of MSN Spaces' death that I haven't considered MSFT's "cloud" stuff at all. MS has a bad habit of killing off stuff at random, or rolling back benefits.
It isn't at all like updating completely different branches. It would be understandable if it were XP or the Win9x branches, which were actually too different to the current Windows releases.
Even Apple manages to release security updates to older releases, IIRC Mountain Lion (from 2012) is still getting updates. Oh scratch that, the latest security update is only for Mavericks and later. But still, Apple is perfectly OK with supporting at least two versions backwards ... which in the MS world, would be Win7 & 8.x, so there's that.
And I'm guessing that businesses are going to avoid Windows 10 thanks to the "mandatory updates" feature. It's just a matter of time before an update bricks the OS, and no sane businesses want to suffer that.
That would be Castellano.
It always amuses me that the Spanish language is known as Spanish everywhere but the actual country where the language was born.
So it seems the Iran deal is indeed working. Just don't tell Republicans that. They're too busy bashing Obama.
The article says it had a bullet in the chamber, so yes, it seems it was cocked. Probably not the smartest thing to do, but then, she was probably under the influence of the other stuff she was hiding.
Good is the solution that ate up Blackberry's market share in previous years. With this move, they just got it back. Not really surprised.
A lot of server-side web stuff is running it. Its just that the client-side isn't that hot anymore. Oracle's gobbling up of Sun and the subsequent asshat lawsuits may have a lot to do with that.
In much the same way that drink driving != possession of an offensive weapon (to the letter of the law), but both could potentially result in many years in prison if someone dies through your actions. And "big media" call that manslaughter.
Except your analogy breaks down, as both cases have the same effect in the sense that someone's life is endangered by both actions.
Actual theft has a direct and immediate negative effect on the owner who has been deprived of his stolen object. Copyright infringement may or may not have a negative effect on the author, distributor, or brick&mortar store that sells the infringed work.
Looks like the MPAA is having a Goebbels moment where they're now believing their own lies, and forgetting what the law really says.
Is this a revival of the stupid lawsuits from the '00s, where single moms get slammed with six-figure fines? Oh yeah, bring it on. If there's something we really need in this world, is more bad *AA publicity.
Being honest, AES was standardized in 2001. It has been FIPS 140-2 validated for at least 10 years, maybe even since 2001 as well. Any device built in this century could and should support AES, or at the very least 3DES (though I'd disable that shit cipher as well server-side).
RC4-only devices would be those from the 20th century.
I'm betting it wasn't even the "Impact Team" the one blackmailing people. Anyone who grabbed the AM dump could have done it. Of course, anyone paying would be simply stupid as the info is already out there and thus, available to everyone. The "epic dump" was released on August 16; anyone paying after that date (or asking for blackmail money) is just wasting their time ... or their money.
The hackers seemed to pretty much have root/superuser/admin access to the entire AM IT infrastructure, and "the database" mentioned there is a live/running one. So, it's pretty safe to say encrypting the data at rest wouldn't have stopped them gaining access to it, since they could access it via the running application.
If the encryption had been made at the application level (that is, it is decrypted by the application itself, but stored encrypted in the DB), it wouldn't have been in cleartext in those dumps. Because they were made with mysqldump.
Please give some examples of any such cases?
Jammie Thomas. It's in the link on my previous comment. Notice that 24 songs are worth $222k USD according to the MPAA/RIAA. So you might download 5 songs, but the Recording Industry Ass of America will find a way to turn them into something worth over 1000 USD anyway.
And remind me, why is this a reason for treating online copyright infringement any differently than offline (physical) copyright infringement, which is the actual point at issue?
Because online copyright infringement is mostly not done for profit. Copyright infringement, and in fact the whole concept of "copyright" was built upon the idea that you would own the rights to sell copies of stuff you created for a limited time (the "limited time" has been subverted by every single copyright extension where the term is "life + something" as opposed to "a fixed length of time"), and it was made to avoid someone else making a profit off the original creator's work. For a limited time. Once those works fell into the public domain, anyone would be able to copy 'em and make a profit.
Most of what passes as copyright infringement these days has the whole "profit" part cut away, which is why it wasn't even considered before the DMCA and similar laws. Yes, it does hit content creators, but the "1 illegal copy == 1 lost sale" rule gets kinda murky there. Sometimes, that illegal copy causes the "pirating" party to actually buy a legit copy later down the road. Yet the RIAA/MPAA trade bodies still want to slam these kind of infringment cases under the same case as actual copyright infringment cases (i.e. the ones made for profit). Which ends up causing really stupid things, like that single mother getting $222k fines for 24 songs. A far milder option would be to simply ask the person who has the illegal copies to "go legit", that is, actually purchase the stuff at normal prices, not magic inflated prices. Then maybe, MAYBE you'll get some goodwill back from the people you alienated in the first place.
Yes. If one person downloads a movie and another sells millions of dollars of pirated software, you don't want the law to allow no differentiation between how you treat both of them.
Yet most "copyright infringement" laws have been modified to have the opposite effect. 20 years ago, sharing music wasn't copyright infringement because nobody was profiting from that. A couple of draconian laws later, single moms get slammed with six-figure fines and tractor owners might face jail time if they try to tinker with their tractors.
Suppose someone stole the physical money without assaulting you, would you want someone to be treated less severely because they used a computer to do it?
That's exactly how the law works today. Theft + assault is dealt with more severely than simple theft. Breaking and entering a residence when the owner isn't at home is a lesser crime than breaking and entering when the owner is home.
We spend half our time complaining about how the law and patent system applies a double-standard just because something was "done with a computer". Well now the law is catching up.
Um... we spend half our time complaining that companies are getting patents for stuff that shouldn't even be patentable, like software. The law is just getting worse.
This is expected behavior when trying to write to page 0 ... from userspace. The way I understood this vuln, the NULL pointer makes it way down to kernelspace calls, and there is where the writing occurs.
I'm still miffed that Spaniards were so stupid as to let the PP win the past general election. That's like Germans re-voting the Nazi Party back in.
Every single device connected to the net should have its own publicly routeable IP address. NAT was a hackjob implemented to alleviate the IPv4 address shortage ... but instead, network engineers saw that as "extra security" and took that at face value.
Of course, NAT "security" is bollocks, and this hack proves it if the devices are connected to a NATted network. The faster we migrate to NATless IPv6, the faster we get all the security theater mentality away from IP addresses.
Zimbra don't seem quite there for my needs yet, though looks interesting for those that have an open-minded IT crowd.
Zimbra has ... served us well. The payware version even d0es calendar syncing IIRC.
Actually, they were far better on "doing a secure smartphone OS" business, even though Symbian was the one that actually did their flagship OS. It was the iToys becoming popular that sent most smartphone OSes off the rails.
Nokia smartphones were able to last more than 24 hours on a single charge. That's an impossible feat with "modern" smartphones...
The guy responsible for said axing is no longer CEO at Nokia. I'm guessing this is going to be less of an issue these days; in fact, Nokia might actually embrace Sailfish this time 'round.
The main reason we're all sticking to RHEL 6.x is systemd. You can say it, El Reg. It's no secret.
>China has a number of ambitions train projects in the pipeline, including a 270mph maglev from Shanghai airport to the city
"In the pipeline"? That Maglev has been up and running for over 10 years!
And it isn't even Chinese tech, it's German tech. Of course, the Chinese in all their pirating glory "invented" some knockoff tech that was suspiciously similar to Transrapid's one. Searching for "Zhui Feng" will spit out "pirated from German tech" as its first hits.
"That is just the way of doing business for them in Mexico, for anybody. I would have been surprised if they did not."
Nah, for what I've read, China has far worse corruption problems than Mexico. As bad as some corruption scandals may be, contracts actually have legal binding and deals don't require becoming spunk-brothers with contractors.
Yeah, same reason why we're wary of the Chinese HSR project in Mexico. Even more so when it was discovered that the company had bribed the Mexican President's wife.
Man, I'd love to know what ISP lets you download 2+ TB of data. Comcast limits me to around 250 GB/month before they start to complain.
Any other ISP, I'd think. Especially ISPs outside the US.
Well, my current uptime is 6 hours 27 seconds and according to OSX's Activity Monitor, I've already written 8GBs. And that's w/o counting hibernation er.... "safe sleep" which might write up to 16GB every time my Mac "sleeps".
So no TB/day worries, but I might actually hit 1TB/mo at this rate.
Playing games does not write at all (maybe swap, but that's an indicator of an under-RAM system more than a drive problem).
Only if you're playing shit social games.
Every single game ever saves something to disk. Especially the newer "Call of Halo" genre games that insist in autosaving after every action.
And high HDD/SSD write amounts are credible. My monthly disk write stats may be near the 1TB mark if you were to base 'em on my current uptime (6 hours, 7.51 GB written). I got to agree with Trevor_Pott here, especially as my coworker has already killed an SSD, it lasted him ~14 months.
A fitting end for the thing that killed Nokia's smartphone platform.
Merge QNX and its userland with Microsoft's phone OS and its user land?
No please, no. That's kinda like buying a Picasso and then letting our 4 year old paint all over it, then let your cat use it as a kitty litterbox.
I hope Nokia shareholders give a vote of thanks to Elop for getting them $$$Bs for something that is now judged to be worthless.
Not quite so much, it is actually thanks to Elop that something is now worthless. Even if Nokia had stayed on Symbian, they would still be better than the "MS phone division" these days. Everyone know WinPhone was dead since it was announced.
Solaris 10 allows you to add a "token" to your IPv6 config, which will be used during SLAAC. So you set up:
ifconfig e1000p0 inet6 token ::b00b:babe:cafe/64
and you'll get that addy even if you are using SLAAC. :)