Posts by Charles 9 16605 publicly visible posts • joined 10 Jun 2009
The trick here is that it's a photo TRAP, meaning the photo was taken basically on a direction of the photographer (take the picture when an animal crosses this point). This makes it a human-directed picture and thus copyrightable.
In the monkey picture, as far as we know, the monkey took spontaneous photos without any human direction. Sort of like a dog knocking over a paint pot and the contents splatting on a canvas.
The problems with your idea are (1) if Android is gaining market share, they could employ captive-market tactics. Barring a mass exodus, Google can just wait it out. (2) Google ITSELF mines tons of data. Blocking consumer demographics access would be shooting themselves in the foot.
"The noble idea of app permissions is flawed by not being able to revoke them individually at install time or afterwards."
And remember, this was demanded of app devs before they would even start developing apps on Android. Otherwise, Apple would still be top dog. So now it's a tug of war. Since it's the devs who pay Google actual money to get their apps out there, they're the ones who have Google's ear. End customers can't really influence Google (one leaves, another takes his place) unless they trigger a mass-exodus, and even there, where would you go (Blackberry is foundering and Microsoft and Apple each have their own issues)? Plus, if faced with the prospect of user-customized permissions, devs could still balk and either make their app unusable without all the permissions or simply abandon Android and go back to Apple.
There's already a specific Android permission for this "Draw Over Other Apps". Thing is, like the article says, some apps need this functionality to interrupt user action. What's to stop this function being used for evil while at the same time being disguised as something plausible like an alarm clock?
Sounds to me like the most robust way to handle this (separate the desktop compositor into a black box task and let the apps request their graphical resources from that) has drawbacks of its own such as memory and CPU/GPU costs.
I don't believe in common sense. Or rather, I think it's rather not so common because it seems to differ from place to place. In any event, this is something for the programmers and testers to deal with. In essence, they have to BUILD a machine common sense. Train the computer to note that if it cannot locate the road some distance ahead it should come to a stop before then. If animals (including humans) are on the side of the road, perhaps it should set itself up to take an evasive maneuver if necessary: slow down, edge away from them, etc. We generally learn about these things; we don't just remember actually learning them: probably because it was through observation. Similarly, we need to learn what various things are. We just need to develop analogues for the driving computers: ways to identify the various things it detects and the various procedures to use in these situations.
I think the point is that this was essentially a stress test. The odds of the thing coming through in one piece were pretty slim, actually. In terms of SpaceX's continuing research, this is more of a "Hmm..." moment. They pushed it and wanted to see if it would break. Well, it broke all right. They'll definitely be looking through the test data since they'll be expecting it to tell them where they'll need to adjust next.
So what happens when you run smack into the fence separating security and usability? Because for security to be ubiquitous, it MUST be easy to use (and by that I mean easy enough for Stu Ped to get). Yet difficulty is a necessary evil for something to be practically secure (sort like having to fish for the keys to the front door).
So basically, the security problem is looking to be intractable because you're caught between needing a system a state-level adversary can't break in a heartbeat and needing a system easy enough to be used by people who have trouble remembering what they did yesterday.
Because the keys are too big to put on even 2D barcodes (even I suspect the color barcodes once touted by Microsoft). Which means you have to store it somewhere, which means you have to trust both the place it's stored AND whatever means is used to transport it. And if your opponent's something of state level, I wouldn't even trust the fingerprint (since the state may secretly have the means to subvert things behind the scenes).
I *tried* to put a certificate into a qr code. It doesn't work, at least not for 2048 bit certificates.
That's odd. 2048 bits should take up only 256 bytes, well within the QR Code limit of 2,953 bytes under ISO 8859-1 encoding. Even if you have to convert it to a text-compatible format, you should still be well within the limit, even counting necessary overhead.
"Especially when considering there was no way to tie an online user to this data in a way to improve ad targetting,"
There's always a way to tie an online user. Cleartext metadata will suffice. Heck, didn't researchers show they can correlate identifiable information from an encrypted connection using timing attacks? Face it. Data mining is the specialty of companies like Google. These firms basically strive to ensure no privacy in this world.
And MY point is that Google lacks the motivation to bake in security. In fact, they're actively DEmotivated. Unless lots of people actively defect to Apple or Blackberry specifically because of security, then the money keeps coming into Google, especially if saps KEEP their phones insecure sources of personal information.
Microsoft was in an Apple-like position: owning the dominant desktop OS in the market, which meant devs had to play by Microsoft's rules or not at all. Android has only just edged iOS for dominant mobile OS and not by much, meaning Android devs could still take their app and go back to Apple.
But Xposed requires rooting. What's needed is a root-free solution and that will probably mean baking it into Android itself, and Google lacks the motivation (remember, their customers are the devs--they're the ones paying to get in the app store and giving Google the cut--not the consumers). Apple can get away with it ONLY because they're still the irresistible lure. And Blackberry is enterprise-oriented which changes the focus points.
Huge, huge flaw in Android design.
Actually, that was BY design. Remember that once upon a time, Android was behind Apple in the app market so they needed a way to convince app devs to jump on board. A permission system geared more to them was one way to convince them. And once you have that, the genie's basically out of the bottle since trying to curtail them NOW will break too many things: many with no alternatives.
If it's a specialized HUD, showing just car-related information, then I don't think they could consider it any more of a distraction than the speedo itself, which is standard equipment. If the plods nail you for that, I'd probably argue they're basically saying required equipment is a distraction, meaning cars are inherently unsafe.
As for the police doing their work, they can pull the same thing pilots and lorry drivers can: they're trained in what they do.
"Pilots have lots and lots of training. They don't have other aircraft jumping out in front of them or traffic lights turning red suddenly as they fly along."
They might. Wingmates might break away to track a bogie they spotted and so on. Plus there's always the danger of incoming fire. One of the things drilled into pilots through history is to maintain situational awareness. Target fixation is a killer.
As for the HUD itself, it needs to be as concise as possible: able to convey the most information with the littlest amount of clutter. Pilot HUDs cram quite a bit along the edges of the display, keeping the center cleared for all-important targeting. In the case of the car, a driver's HUD should be as unobtrusive as possible UNTIL it needs to draw your attention to something immediate, and these signals should be discernible from peripheral vision. This means the indicators have to be distinct enough to be detected from the corner of the eye. Color can be used in this case. For example, a speedometer's number can be ignored through familiarization, but perhaps if it changed to yellow to indicate you're now crossing over the speed limit, it can be caught in the peripheral vision and be a useful caution message. Similarly, if the turnoff is coming up, perhaps part of the map can blink briefly as a hint to start looking around.
What gets me is why is the spectrum being SOLD? Such a precious and limited resource, you'd think the FCC would instead LEASE the spectrum and keep all the lessees bound to usage rules and the like: always holding the final call. Because once sold, it's extremely hard to buy it back should it be necessary.
In other words, they can fingerprint you by using the fundamental underpinnings of the Internet. It's like figuring out your activities by skimming your incoming and outgoing post (just the addresses, not the contents). The additional volume of e-traffic makes the profile more robust. And since the endpoints are already known, TOR is useless.
This is one heck of a side-channel attack because the only way to beat it is to mask the headers, and the only way to do that effectively is to introduce intentional inefficiencies into the Internet.
"/goes back to mumbling about the days when ftp was the primary interface used on the internet. My current ftp client is 150kB. That's a whole lot easier to audit than Chromium, Firefox and by a massive long-shot, IE. "Pretty" is causing massive security issues."
The issue the article describes, and one that FTP can fall into, as well as SMTP, POP3, NNTP, and just about ANY plaintext protocol, is that a malcontent can MITM the connection and alter the contents in transit. In FTP's case, the file transfers and directory listings can be poisoned. And it would be indistinguishable on your end, meaning you have no way to know you're not REALLY getting the stuff you asked for.
"Will the FA employ Drones to spot all those malcontented Glassholes?"
Forget them. They already make "live shades" that woud've made Spider Jerusalem jealous. 4 GB+, can do video (many at 720p30), MicroSD, Bluetooth-capable, AND they look completely like ordinary glasses. Add a pair of prescription lenses and you have a perfect disguise that no one can force you to take off (since the prescription renders the glasses medically necessary).
One, they can send numerous zombies to simultaneously try the same account, creating a race condition. Two, many brute-force efforts come AFTER they purloin the shadow files (analogue: they take the still-closed safe with them) at which point they can crack at it at their leisure.
"Just built two Ubuntu 12.04 (actually newer than win 7) computers and are already on about EOL it. How are you supposed to keep up?"
Just built as in a few months ago? Why didn't you go for 14.04 which is also an LTS release meaning you're good for three years at least?
Despite them being two small holes, there's actually quite a bit of acoustics that goes into your ear. Consider the vibration of your skull as well as the reflections of sound waves down the ear canal. Ever considered how we're able to aurally perceive that something is behind us rather than in front of us, given the two sources can be an equal distance to the ears? Plus, as the article notes, we can also figure out if the sound is above us.
But that takes time you don't have. Last I checked, we don't have image processing ICs capable of running in the Terahertz range yet, and this may well requires something operating in petahertz to be able to process images in realtime in trillionths of a second. Anything less than realtime and you have to deal with storage and transfer bandwidth between the camera and storage AND the storage and the processor.
They ALREADY counter panic codes with frog marches. They won't let you go until you get the actual cash out of the machine. If you use a panic code, things are liable to get ugly. This also has the advantage that the mugger stays out of the ATM's ever-present eye. I frankly don't know how this can be countered without some unwanted side effect (I was thinking a booth that can only fit one, but what if it jams and locks you in, or you're too fat to fit?).
Just curious. I notice some of the GPUs experience a 1:4 performance penalty when going from single- to double-precision, but many (bot notably not all) of the AMD GPUs manage to reduce the penalty to 1:2. Can anyone explain how they do this and why it isn't consistent across the board (unlike nVidia, whose GPUs seem to be consistently 1:4)?
The issue applies to BOTH wired and wireless, though wireless gets hit with this problem harder than wired due to the physical limits of spectrum. The problem is that customers are expecting completely unlimited Internet access, no strings attached, but accounting and physics make fulfilling that exact demand infeasible. So what do you do when the customer expects nothing less while it's impossible for you or anyone else to deliver anything close?
I think part of the problem is that "guaranteed minimum" speeds would probably looked at with a sneer. IOW, they'd be trusted less than the "unlimited" claims. Let's face it; customers at this point are jaded. It's making the marketing department rather nervous, as they're running out of ways to entice the customers since the same-old stops working after a while. Meanwhile, accounting pushed back by reminding them that the uplinks costs are metered. I see it like this: how do you make a satisfactory sweet dish for a person who has no sweet spot in their tastebuds?
And why hasn't this been challenged on the basis of false advertising (and I'm of the opinion that ANY advertisement should contain nothing but the truth, the WHOLE truth, and NOTHING BUT the truth)?
Put this way, since trunk Internet access is always metered, it would be considered fiscally unsound, and therefore unreasonable, to offer consumer Internet service that is actually unlimited (since in the long run that would be a money sink). Therefore, advertising unlimited Internet of any kind should be considered illegal false advertising.
Perhaps, though if you're gonna crash such a party, you'd hope to bring something a little more surprising (you know, a "this changes everything" surprise). The read numbers are good but the write rates...plus there's the question of longevity, which is another issue with Flash RAM, especially with longer times and higher activities.
True or not, it's not unheard of, and I'm pretty sure I've heard of a laser being used to detect vibration at some point in the not-too-distant past. If they did, they didn't use a mirror but the glass itself, much like how a shotgun microphone focuses on the acoustic vibrations of the flat window panes.
But here I thought they were trying to recreate the real sounds off old silent cinema (no chance at only 24fps). Silly me...
Tactile feedback on a remote-controlled device like that is going to feel pretty awkward, given that, at the least, feedback is going to go through a minimum 6-minute lag (the closest Earth can come to Mars is some bit over 54 million kilometers). As the saying goes, sometimes, the only way to do things right is to get up close and personal.
"2. Transparent caching of Netflix content would be easy to achieve without compromising the content creators' intellectual property. All that is necessary is for the content to be encrypted, with the key sent to the player via a separate secure channel. Then, the cache itself could not be used for piracy. The player, of course, still could -- but this would be true with or without caching."
Hollywood does not believe this to be secure. Even if the content is encrypted with a common key, in order for the content to be transcypted to the subscriber's key, the key must be delivered to the machine at some point. The fear of Hollywood is that someone (an insider, a hacker) can intercept the key inside the machine at some point, because it has to be decrypted at that specific point, allowing for man-in-the-middle piracy. For them, nothing less than end-to-end encryption will suffice, because if the stuff is pirated at the source, the law can concentrate on Netflix, while if it happens at the receiving end, they know where to look as well. This becomes a lot harder with a man in the middle.
The point of the cache network-wise is so that more than one person can access the same content without having to download it twice. This falls apart in the Netflix model because EACH user has a different encryption key, so the same copy delivered to two different users looks different during transit: resulting in a cache miss. And the content owners insist on it being this way end-to-end. They don't want the content transiting in ANY kind of "common" format: even a common encrypted format because, at some point, the content has to be transcrypted to the user's key, and it's there that a man in the middle can pirate the content. So in the end, because of the content owners, caches are useless for the purpose of significantly reducing common traffic because, essentially, NONE of the traffic is common at all, as they ALL pass with different encryption keys.
"All geek analogies should be based on cars! It's the law!"
NOT when it's a bulk transport analogy. Cars don't fit that analogy as they're not considered a bulk transport vehicle, so it HAS to be lorries. That's law, too. Even the Net Neut debate uses lorries in its diagrams."
That's not what's stopping a skateboard maker from doing that. Apple does it now to some degree; it just suffers from "if man can make it, man can make it again" and "patents aren't enforceable across borders". Sometimes, standard screws are just a ton cheaper to use. Other times, it's demanded of the customer. Take the skateboard again. Above a certain level of skill, skateboarders start customizing their boards, which means they will be demanding parts that can be swapped out easily or they won't be buying.
Static stereoscopes are nothing new. I once viewed a topographical photograph using an old-fashioned stereoscope. Both implements were in the neighborhood of 50 years old. Stereo photography still exists, but it's more of a a specialty field since you need both the stereo camera and some form of stereoscope. TVs are not well-suited for this because of the flicker (which would still exist for still photography).
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
