Thanks for the correction on HTTPS, I didn't realize the SSL setup came before the GET.
Not sure if DNSSEC will help, because the ISP will be providing most people's DNS service. Hopefully DNSSEC doesn't make caching go away...
7554 posts • joined 12 Feb 2011
Thanks for the correction on HTTPS, I didn't realize the SSL setup came before the GET.
Not sure if DNSSEC will help, because the ISP will be providing most people's DNS service. Hopefully DNSSEC doesn't make caching go away...
No they see the actual HTTPS connection to the server, not just the DNS lookup, and usually they see the actual page.
Just look in your address bar when you are visiting a site with HTTPS. Sometimes you see a garbled URL, but for instance at El Reg you are browsing HTTPS but the URL of the articles you are reading is clearly visible, so they can learn something about you based on which articles you've chosen to click on, and which you haven't.
They won't see the actual page content, but if the pages are titled like Reg articles everything you need to know about the subject of the article is included. They won't see what I'm posting, but whether I post with my real name or a fake one they could connect the times I posted (because my HTTPS 'POST' has "post" and "reply" in the URL!) to when comments by 'DougS' or 'amanfrommars1' appear in comment sections, which a crawler could then read. I don't think they actually have the ability to do all that yet, but the possibility certainly exists.
Now multiply that by the millions of forums people post to, talking politics, asking questions about sensitive medical or financial issues, and you can see how much data the ISP could potentially get, if they had smart enough software.
There does need to be a "comprehensive and uniform framework to protect Americans' online privacy", and congress should pass it. But good luck getting a pro-business republican congress to pass consumer friendly legislation. Even the democrats didn't do much on that when they were in power, since they are just as sold out to corporate lobbyists even though they give lip service to protecting consumers from big business.
Wheeler was right that ISPs are in a unique position since they see ALL your traffic, i.e. what sites you visit, what products you look up on Amazon, and so forth, but Google sees even more since they not only see most people's online traffic thanks to Chrome, they also get access to many people's email, phones, and real-time location information.
Europe is decades ahead of the US in consumer protection, and I don't see that changing unless the democratic party has a "tea party" like revolution to change the soul of the party like the republicans are undergoing. There are signs of that from the anti-Trump movement, just like the Tea Party was born from an anti-Obama / Obamacare movement. We'll have to wait and see if that translates into more Russ Feingold type legislators and fewer Nancy Pelosi types.
I think we already passed the point where SSDs make more sense than hard drives in laptops about five years ago, personally.
The question wasn't whether replacing the single hard drive in a PC or laptop makes sense, but whether ALL hard drives would go away just because of the speed advantage. All those hard drives at Facebook, Amazon and Apple storing cold data won't be replaced by SSDs until they are cheaper per bit, because no one cares if it takes a few seconds spinup delay to open that photo from 2007 that no one has looked at in eight years.
Sure, they are faster (especially for random access) but that only matters where performance is a criteria. If it is storing less used data, or for backups, you generally don't care much about performance and thus won't pay to increase it. There is a ton of storage sold for these purposes, increasing every year.
Power consumption matters, but the few watts required to keep rust spinning doesn't pay for much (about $20 total over a five year lifetime at 10 cents / kwh) and if you can let them spin down even that advantage is lost.
Reliability is a wash, both typically die due to controller failure which is equally likely between the two.
So no, hard drives won't die until SSDs can match them on price per bit, period.
I remember when news of that came out I posted here, wondering who is actually going to pay that much since you'd have to be able to make a lot of money off it and news of any successful monetization of exploits on Android, let alone iOS, has been non-existent. The exploits we've seen so far - mostly in China - do stupid stuff like sending premium rate texts or downloading apps, hardly a route to a quick repayment of $1.5 million plus profit.
If the US government is a customer, however, that explains it. Unlimited budget means they can price it arbitrarily high. The more secure Apple makes iOS, the more difficult such exploits will be to find, the higher bounty Zerodium would be willing to pay - knowing the US government would fork over because they gotta have something to spy on foreign leaders phones and elements the administration deems subversive, like NYT journalists.
Obviously it isn't the same, because if iPhone 7s were catching fire at the same rate as Note 7s, there would be thousands of incidents now and Apple would have been forced to do a full recall for the same reason Samsung did.
There will always be a small percentage of devices using lithium batteries that go up, whether they are phones, laptops or whatever. iPhones have always caught fire in small numbers, just as previous model Notes and Galaxys did. The GS8 will undoubtedly have a few catching fire no matter how carefully Samsung checks (and they will be plastered all over the press because of the Note 7 attention, unfortunately for Samsung)
What happened with the Note 7 was different than those, because of the vastly higher rate of problems it had.
The Note 7 quickly reached triple digit number of burning phones within weeks of release, when only a couple million had shipped. Apple sold 78 million iPhones in Q4, and are probably over 100 million now, at least half of which will be 7s.
Not sure where you get the idea "all the evidence" is that the iPhone 7 is randomly blowing up without any prompting. It isn't as if there are even a double digit number of cases, and you don't know what people might have done to their phone that could have caused problems. Devices with lithium batteries have always randomly blown up in small numbers, whether they are in phones, laptops, or other devices. If Boeing has had battery packs that caught fire when they can easily afford to pay far more for better QC it is obviously something we just have to live with until those new lithium battery formulations make it out of research and to the market.
Also, your diagnosis of the Note 7's problem disagrees with Samsung's conclusion. I think I'll believe them rather than a random AC. Pretty sure if they could solve the problem by sending people a couple free chargers and telling them to only use official Samsung chargers they would have done that instead of two full recalls!
I would think it would more likely have this due to mechanical stress from being sat on or dropped than simply water. Mechanical stress is the reason why hoverboards caught fire in such numbers - you're standing on it on after all! If we all stood on our phones for 10 minutes a day, they'd burn up way more often than they do... Exposure to water happens all the time with phones, I find it hard to believe that could cause it to burn up, unless there was already some sort of mechanical damage or manufacturing defect first.
The only reason I can think of for Amazon to refuse this is if they actually record AND STORE everything it hears 24x7, and save it indefinitely. If they're really doing that, I can see why they wouldn't make to make that known by producing this evidence.
If they are doing what you would think is reasonable, and tossing anything it hears that isn't intended for it, then Amazon could say "sorry coppers, we aren't selling an always-on spy device so we don't have the data you're requesting!"
It is one thing to SUSPECT that companies like Amazon and Google are saving everything a device like this hears forever, quite another to have it essentially CONFIRMED! Hopefully this case will get lawmakers in a tizzy on both sides - the ones who want unlimited police powers will want laws that force Amazon to comply, those who don't will try to instead fix the problem by requiring companies that make devices that act as a 24x7 bug note it prominently on the packaging!
Maybe this would be a place for cooperation - make a law that says if you sell an always-on recording device that you must give up the data if presented with a legal search warrant, AND you must prominently label the device with a notice that it saves everything it hears. Let's see how the Amazon/Google business model for these assistants holds up with that labeling forced on them!
Which private companies publically name responsible people for screwups in a press release? Even when I've seen people fired for big screwups, it isn't acknowledged internally that was the reason - even when everyone knows it was. Even if they didn't have to worry about getting sued (which we all know is the reason they tend to be tight lipped about the reasons for firing people) they wouldn't be putting out a press release about it.
So why should "public sector" employers be named publicly? Whether they are fired, demoted or given a raise as a result of their screwup certainly doesn't need to be made public.
That would reduce the vulnerable population quite significantly, since most machines don't have IPv6 routed to them even if it is left enabled.
Sure, they have 5.8 GHz antennas for wifi, but are they able to use that to connect to a cellular network via LTE? I don't understand why US Cellular is in such a rush? Maybe they plan to use it for hotspots only?
So is Samsung giving the sFinger to people who pay the same price for a Note?
This would be a good reason to use some odd finger, like your left ring finger, to unlock your phone. They might want you to present your thumbs and index fingers, but it would be unlikely they'd make everyone try all ten fingers.
Though if you are thinking about it down to this level it would seem to be much easier to just use a password. The problem is that unless you want to type in your password every time you pick up your phone (i.e. no grace period if you just put it down 30 seconds ago) you're going to be typing it all the damn time.
I keep saying Apple should provide something that works like the old unlock did - have a user settable timeout after which a password is required. But instead of leaving it unlocked if it has been locked for less than the timeout, simply require Touch ID due to the timeout. That timeout currently defaults to 48 hours, with no way to change it.
IMHO if you are a criminal and the police are about to arrest you, hold down the home and sleep/wake button simultaneously for a few seconds and it'll force reset the phone. When it comes back up it will require a passcode. The trick will be not having the cops think you are going for a gun and shooting you, of course...
Neither of them understand an adversarial press is a necessary part of a free society. If a tech company wants exclusively good things said about them, well that's what advertising is for!
I guess they wish the press was there to provide free advertising so they wouldn't have to spend money on it.
If a US airline was operating that flight they'd still only serve a snack.
What stops them is that the drone "phones home" as it goes about its business, and probably has some sort of camera for liability reasons, so it'll be easy to prove you stole it. One capable of lifting 10 lbs and flying 30 minutes costs well over $1000, so stealing it would be a felony.
To answer your question in another way: the same thing that stops you from stealing the UPS van left running with the keys in it while the driver is at someone's door.
They'd have to have some sort of radar or night vision, because in parts of the northern US it gets dark by 5pm, and UPS delivers well past that time during the holidays.
They will use this for packages that don't require a signature. The drivers will typically put down the package, knock / ring the bell, and leave without waiting for anyone to answer. It is just a "courtesy knock" in case you are home so the package doesn't sit out there. The drone can quickly land, release the bottom of the cage, and fly off leaving the package behind, it won't need help. It won't knock, but they aren't exactly quiet so I think you'd hear it if you are home, and if not I suppose it could text you.
With the drone you'd have some potential options to reduce the chances of a stolen package, i.e. just like you can specify preferred delivery locations now (i.e. side door) you could specify having it leave the package on your deck in back where thieves driving around looking for packages to steal won't see them (unless they see the drone leave it there, but still would be more likely to steal an easier target)
The other objections to drone deliveries still apply, but needing someone to be home isn't one of those.
All those comparisons that showed iOS ahead of Android were comparing only app related revenue - i.e. what you pay the app store / play store for apps, plus the ad revenue coming directly from those apps. That's what influences developers, they could care less which platform is more lucrative for ads coming over the web.
It is hardly surprising that Android results in more web ad revenue than iOS, since there are five or six Android phones sold for each iPhone, so there's a lot more browsing coming from Android. Mobile web has been getting a larger and larger share of the overall online advertising budget, since people are less likely to use ad blockers on mobile and they are less effective. I guess that money is now enough to cancel out iOS' advantage in app revenue.
Let's illustrate the point with some made up numbers. Let's say Apple does business in three countries, the US, Ireland and country X. They make $3000 in the US, $2000 in (or funneled through) Ireland and $1000 in country X. They pay 40% in the US, 1% in Ireland and 20% in country X.
Their tax bill for last year would then be $3000 * 40% + $2000 * 1% + $1000 * 20% = $1420. They'd carry a future tax liability of $2000 * (40% - 1%) + $1000 * (40% - 20%) = $980 on their books for when they bring that income from Ireland and country X back into the US.
If the EU made Apple pay 10% instead of 1% to Ireland, they would pay an extra $180, for a total of $1600. However, their future tax liability would DROP by that exact same $180! In the long run their tax liability would be the same.
There's one catch - they could be collecting interest on that $180 while it sits overseas. In fact they do, they invest those huge overseas cash holdings. They're in super conservative investments though, and Apple earns an average of about 1% on that cash. Which in this example would be $1.80/yr.
Of course, the EU isn't trying to make Apple pay an extra $180, but an extra $13 billion, upon which they currently earn around $130 million a year. Most of us would go to court to hold onto $130 million per year in income, even Bill Gates. If they lose, they're only out the cost of their lawyers, and they probably have most of those guys sitting around or on retainer anyway. Wouldn't you rather have them fighting the EU than sue Samsung again? Especially if you voted for Brexit, and hate the EU anyway :)
Sounds like you want the EU to change their laws, which make it easy for companies to move profits from high tax to low tax EU countries. Apple is far from alone in doing this, even companies based in the EU do it.
I wonder if it will still be possible to bullshit your way through the essay questions on the final, or if you will have to actually provide good answers? Would be a tough course if the latter!
Just because it is contained within a rack or row instead of having tentacles across the whole data center doesn't mean it isn't a SAN. It is more a matter for storage admins as demand for them dims, but arrays, SAN switches and HBAs will still be in demand because those are still used in this Brave New World.
The audience for software that does what SAP does is too small, and the scope of what it does too large for it to be a viable open source project.
Who is going to invest the hundreds of millions it would require to get to the point where you can sign up your first customers, just so you can undercut SAP's pricing and hope they don't figure out a way to respond with some targeted discounts that kill your chances of stealing their customers?
On the one hand, you have Android, which is a security hole masquerading as an operating system for the 90% or so of Android users who see one or two (if that) updates and then get abandoned by the OEM. On the other hand you have automakers, who know as much about writing secure software as they do about 17th century Russian history. Combine the two and they might as well just add a "hack me now" button that posts all the relevant info about your car to the dark web to save hackers five minutes.
Well, 5% of any company's employees are in that company's bottom 5%...
The problem is in assuming they are equally distributed amongst managers, and that the company's worst employees not contributing anything useful. The former is obviously false, the latter is 100% true based on my having consulted with/for HP on several occasions and finding a lot of deadwood they could easily be rid of. Unfortunately when you do cost-cutting layoffs you typically lose more of the good employees who can easily find another job, so the more of those untargeted layoffs you do the greater the percentage of deadwood. That was easy to see in HP from 1999 to 2012 (when I last worked with them)
I always said based on my experience you don't have an 80/20 rule in IT. You have more of a 10/80/10 rule. 10% of the employees do 80% of the work, 80% of the employees do 40% of the work, and 10% of the employees do -20% of the work. It is the ones who make more work for others you want to be rid of. Whether rank and yank is the best way, I don't know, but I do believe that you must have some method for getting rid of those people.
The trick is identifying them - as an outsider, I could do it, but as an insider it would be a lot harder due to friendships protecting the worthless, and bad managers trying to take advantage of that system to get rid of good performers who they dislike, are threatened by, or because they have to get rid of someone and don't want to get rid of their fishing buddy who constantly breaks stuff.
With "leadership" like that, of course it will be totally dysfunctional.
No one goes running outside to see an airplane, but they still show up at airshows to see rare planes or stunts. People will still show up to watch rocket launches in person, but they won't be news.
There are rockets launching every month from Kourou, wherever the Russian launches go from and other places. They never get press unless they blow up, and sometimes not even then. The only reason Musk is is because they're landing the rockets, which is new for now.
Once they have the bugs worked out of the software, landing the rockets is a solved problem and landing the rockets won't garner a mention on the news any longer as they'll be just like any other launch as far as the public is concerned.
It was reported on Nov. 16, after November's patch Tuesday. I don't know what their internal testing cycles look like, but assuming they have an internal patch Tuesday "dogfood" cycle a month ahead of public release, it would have to be found/fixed VERY quickly to make the patch set being tested in December and released in January. If there's any complexity at all, it falls to testing in January and release in February. If testing uncovers problems, then it slips beyond the 90 day window.
Not that I like to defend Microsoft, but I think 90 days is pretty short for making a bug public. Of course Google doesn't care, Android's patching system is so broken it doesn't make any difference if someone finding an Android bug released details the same day or waited a year, most of their userbase won't ever see a patch, and even among those who do a minority actually apply them.
There is no legal standard of what constitutes "craft beer" in the US. Anheuser Busch could call Bud Light a craft beer, and nothing would stop them (except the laughter)
Sorry, but you're 100% wrong. Apple publishes the figures with their quarterly report every three months, so if you bothered to look it up and see how much more they make selling phones than they do from selling services you wouldn't look foolish. In fact they make more PROFIT from selling phones than they make REVENUE from services!
Apple's services revenue is growing, but it won't ever grow enough to outpace their profits from selling phones, unless their phones sales take a massive dive.
Depends on where you make your money. Obviously Apple wants to be in the position they are, and Google wants Android to be in the position it is. All the Android OEMs are the ones who are caught in the middle, competing with each other to the point they all lose money except Samsung, but not getting any of the after sales revenue that Google does.
Not true. Most of the Android phones sold in China don't have any of the Googly bits, just the open source stuff. If you are worried that the open source parts of Android are US, then maybe we should all be worried that Finland is taking over the software world thanks to Linus Torvalds :)
Apple outsold Samsung two years ago, with the iPhone 6 launch. Possibly they might be able to do it again this fall with the iPhone 8, but there are a lot of variables (will they be production limited, will Samsung continue to lose low end share in China & India) In the end beating Samsung by a bit for just one quarter makes nice headlines, but it is meaningless. Samsung easily outsells Apple for the full year.
As for the idea that a more expensive iPhone won't sell, don't be ridiculous. First of all, if there's a new "Pro" grade above Plus, it will be $100 more if Apple follows their typical pattern. Add $200 for the top end storage and it'll be over $1000, but only $100 more than a high end Plus. Apple sold millions of 6, 6s and 7 Pluses at the top memory config for $949, so I doubt an extra $100 will put people off (unless you believe the $1000 barrier is psychologically important) assuming the Pro is enough of a step up.
That's been obvious for a few years now. Microsoft did a 'start over' in mobile that orphaned old devices one too many times, plus pissed off their partners by buying Nokia and making their own devices (sort of like Google is doing with Pixel, but it is easier to get away with once you already have 80% of the market instead of only 2%)
All their phones are high end, whereas Samsung also sells low and mid priced phones. I haven't seen figures for smartphone profits for a few years, last time it was something like Apple making 90%, Samsung making 20%, and everyone else collectively losing money.
Most modern filesystems on flash use TRIM, which erases the blocks as they're deleted, instead of allowing the FTL to manage it and erase them on an as needed basis.
Why do you think that if the messages hit flash they can be read? When you erase flash the contents are gone, you can't recover it.
I think the possibility of exploits against Confide's servers is a much bigger problem. Maybe Russia doesn't need to bother since they already own Trump, but China would want to read it and they have access all kinds of 0-day exploits and ability to take advantage of weaknesses in how encryption is programmed, plus more than enough money to buy off a critical employee or two if they are somehow secure enough that they need the help.
The presidential records act was amended in 2014 to include instant messages among the protected classes of documents that must be preserved. I hope all republicans wanting to put Hillary in jail for using a private email server will feel the same about administration officials using an instant message app with the defining feature that it leaves no paper trail.
But somehow I bet they'll believe it if Pence says he's been assured that no classified information or official business is being conducted using Confide....I'm sure they're only using it to decide where to order lunch :P
Exploiting a random Android user is pretty pointless. What's the gain that you can't get other methods?
Exploiting a particular Android phone, like say an orange president who insists on using his personal phone for tweets and carries it with him everywhere, is a different story entirely. That's easily worth the investment to use one of these bugs to develop a silent exploit that lets you e.g. activate the microphone so you can listen in to conversations taking place near it.
Not only are republicans the party of Lincoln (who WON the civil war and didn't inherit the racists from the southern democrats until LBJ signed the civil rights act in 1964) but trying to apply something that happened literally a century and a half ago to today's politicians is ludicrous - politicians have and have always had a time horizon that never stretches further than the next election.
The issue of backdoored encryption seems to cross party boundaries, there are democrats on each side and republicans on each side. More republicans on the pro backdoor side than democrats, but only because they are the traditional "law and order" party that tends to defer to the wishes of law enforcement. The real battle is convincing law enforcement that the idea is stupid, once they accept that, even an executive order happy orange president won't be able to enact such a terrible idea.
If your house is made of wood, hanging the 10 kwh lithium battery on the outside wall isn't going to prevent it from burning down if Samsung SDI made the batteries.
Or to put it yet another way, being type #2 isn't the guarantee of failure it normally is if you are ALSO type #1.
4228 byte sectors = 8x sectors of 528 bytes. Standard fare for enterprise drives, to provide an extra layer of error correction.
Dunno about the "reversed PCI slot", guess I never heard of that one, but are you trying to claim BSD is a 'standard'? You must be joking. Apple just used it as a layer in their software, just like many companies use Linux in theirs. If you want to look for a modern example of embrace and extend, look at Google's use of Java in Android.
I don't think a lot of Trump voters really truly believed he had a solution for getting jobs back like they used to have. I think they liked him because they hadn't heard anyone speak to their problems for a long time. The republican party hasn't cared about working class economic issues for ages, except to pay lip service with "trickle down", and the democrats stopped caring about them after getting creamed repeatedly in the 80s and decided being too liberal was the cause and went to a good ol boy southern democrat named Bill.
I don't think his voters expect Trump to do anything about it so much as they KNEW Hillary wouldn't - her early position in favor of TPP gave Trump these voters on a silver platter. They figured even if Trump didn't actually make their lives better he'd shake things up and piss off the establishment. I think Trump might actually be permanently reversing the republican party direction on free trade - it will be pretty hard for a republican to run as a free trader for fear of Trump giving him the Twitter treatment and handing victory to his primary opponent.
Until Bill Clinton came along and promoted and signed NAFTA over the objections of many traditional democrats, they were the party of trade protectionism, and the republicans were free trade. In not much moer than a generation, they look to switch sides with each other. Almost like when the southern racists that had been with the democrats for a century abandoned them en masse for the republicans after LBJ signed the civil rights act.
If you ask Trump and many of his followers, if it is from any "mainstream" media, it is biased and therefore can't be trusted. Recently I've noticed some of my more conservative friends lumping Fox News into that category. I guess Breitbart is the only "unbiased" source in their mind. If a known purveyor of fake news is seen as the only legitimate outlet for real news, there's not really much chance of a fake news detection bot becoming generally accepted as an arbiter of fake news. Especially when an orange tinpot dictator need only speak out against it and tens of millions of his followers will accept that statement as gospel.
I think maybe you have to simply write off the people on the extremes. The ones who will only trust a source if it agrees with their preconceived biases will never accept an impartial arbiter, even if (especially if) if disagrees with those preconceived biases. It is like trying to talk sense into anti-vaxxers, or people who believe diet soda makers are knowingly poisoning the population, or who think the Moon landings were faked.
The real problem with fake news isn't at the extremes - these people can't have their minds changed no matter what proof is provided. Where it is damaging is in the mainstream middle, where maybe someone who was going to vote for Clinton sees a friend share a story about her being indicted the weekend before the election, and stays home. There will be so many scandals swirling around Trump and his administration by 2020, it will be open season on fake news about Trump in the next election so I think that side will bear the worst of the fake news next time around.