Posts by Henry Wertz 1 3141 publicly visible posts • joined 12 Jun 2009
" So...they are being fined for not being precog enough?"
To me, it sounds like USIS was fined for vetting people they did not do a complete background check on. Of course the feds will use this opportunity to imply there was dirt to be dug up on Snowden, but ultimately (whether these background checks would have affected anything or not) they are being fined for not doing what they were being paid to do.
The other competition for this (besides other PCs) is the ARM TV sticks. I got one like a year or two ago for $80, and it's down to closer to $50 now. The one I got shipped with a slimmed down Ubuntu -- I found the slimming unneccessary and installed the regular (non-Unity) desktop, that ran fine too. This isn't like the ARM version of Windows where technically it's Windows based running on it but none of the usual software -- very few Linux software is x86-specific*, even looking through the software catalog to install more software, you wouldn't know this was an ARM if someone didn't tell you.
*For that matter, qemu-x86_64 is supposed to allow running 32-bit or 64-bit x86 Linux binaries on (in this case) ARM Linux, although you then need to have 64-bit or 32-bit x86 libraries installed somewhere (Just like 64-bit x86 Windows and Linux need 32-bit libraries to run 32-bit apps.)
As OP says, it's some kind of temperance movement kind of thing. To be honest, if tobacco had never been discovered, perhaps everyone would have been better off. But, it has been discovered, plenty of people enjoy and/or are addicted to it. I'm a libertarian, in my view if they aren't harming anyone else (by blowing smoke right in their face) then it's none of my business to tell them what to do. But others just want to be able to tell everyone else what to do, and if they can't do it directly, they seem satisfied by just increasing restrictions year-after-year to get what they want.
In the US, the anti-smoking movement began with attempts to just say they wanted to stop people smoking. This was pretty unsuccessful; the number of smokers dropped as people became aware of the health risks, but nowhere near zero. It moved on to claiming the goal was to reduce second hand smoke, but the goal really has been a long-term goal of banning all smoking. So, first the reasonable moves were made of making sure airflow was good enough that non-smoking areas didn't just get big ol' clouds of smoke from the smoking areas, and that people didn't smoke right next to the entrance/exit. Fair enough. It didn't take long for this to expand to "no smoking at all indoors" and extensive outdoor areas where smoking is banned, still with the claim it's due to second-hand smoke when in these conditions, it's actually not.
If you see the ban on snus, it shows an extension of this -- it's not smoked (no second-hand smoke); unlike chewing tobacco, no spitting. And due to how it's processed, it has much lower carcinogen levels than other smoked or chewed tobaccos. But, it's banned in most of the EU, and there are pushes to ban it elsewhere.
Vaping, I think restrictions on it make it clear what the real motives of these people are.
I guess it's a fair question... the warrant canary hasn't been updated. I'd guess it's due to funding but....
On the one hand, you would HOPE that if they are in the process of closing up shop due to lack of funds, SOMEONE would be able to say "The warrant canary died of natural causes, we're simply closing up shop".
On the other hand, I HAVE seen and heard of those businesses where, instead of wrapping up the business in an orderly fashion when it becomes clear they aren't going to pull through (or attempting a restructure if possible), they'll just run the accounts right to zero, no recovery plan, but assure the (now unpaid) employees that things'll work out if they stick with it. Needless to say in those circumstances, people tend to just walk off the job and things are NOT wrapped up in an orderly fashion. I would fully expect the warrant canary person to just walk off without so much as a post in these types of circumstances.
"Why didn't someone just set up a hotspot to broadcast deauthentication frames for the official wifi?"
This. I would view this behavior as offensive behavior that violates wifi standards, and attempt to disable the malfunctioning equipment. First, I would try to crash out just the deauth software alone. Barring that, I would try to crash their access points in their entirety. As a last resort, time for the scorched earth policy, they cannot possibly complain about the same tactic being used against them as they are using against everyone else, so I'd feel free to deauth their access points until such a time as they quit deauth'ing everyone else.
To the conference company: No you don't have any vigorous legal arguments, the FCC rules are very clear that your devices must accept interference from others AND must not unnecessarily interfere with others. Sending forged packets to disable other's use of the wifi spectrum is clearly interference. End of discussion. You should have known better, but good on you for not trying to waste your and the court's time pursuing whatever nonsense legal argument you think you had. And thank goodness the FCC is getting some teeth about this kind of nonsense 8-)
It's also impressive to have the mission actually get to Mars successfully, particularly on a first try.
For whatever reason, the failure rate of missions to Mars has been extraordinarily high, to the point that "alien conspiracists" just assume the craft are being disabled. I don't assume that, but nevertheless... Venus has harsh orbital conditions (very strong sunlight), and a crushingly high-pressure, hot enough to melt lead, acidic atmosphere, and even so (after the 1960s when failure rate was almost 100%), late 1960s to present the failure rate of missions (including landers!) is only like 10%. Mars? Also near-100% failure in the early-to-mid 1960s, but late-1960s-to-present mission failure rate is still nearly 50%. So kudos on a successful mission!
There are cellphone apps that will try to collect data and generate a map. There are pros and cons compared to a computer-generated map. The pros, the areas I was in the coverage maps was accurate, and one of them has a speed map in addition to just signal strength. Cons: If no-one has been there it's not mapped. Some cities appear to have blanket mapping, but you zoom out much and probably 10% of any given carrier's coverage has actually been mapped by anyone.
One big problem with modelling is cell breathing. This is the tendency for the site's coverage to reduce under load.
GSM (2G) does not suffer from cell breathing, you either have free timeslots or you don't.
CDMA (as used here in the states) and WCDMA both suffer from cell breathing. For any user on the channel, every other users traffic adds to the noise floor they have to deal with. The devices then have to transmit at slightly more power to be heard over the noise, which makes the noise floor ramp up more. As this noise floor ramps up, users at the edge of the site coverage are no longer able to use the site at all, it's coverage shrinks. This cell shrinkage does affect the signal strength shown on the phone, bad cell shrinkage can mean 2 bars of service overnight and "no service" at peak times.
LTE doesn't have actual cell breathing, but can have a similar effect depending on how the site is tuned. LTE uses "resource blocks" (slices of the LTE spectrum and timeslots) to send data to your phone. If you get a clean signal you get highest data rate in each resource block, if not the amount of data you get in each resource block is lower. This is where site tuning kicks in, once a site hits full load it can be tuned entirely for speed, for range, or in between. A site tuned entirely for range will try to give every user a minimum mbps, this helps make sure speeds don't crap out until the signal is quite weak, but means when you are near a cell site, you might be getting considerably lower speeds than you would on a site tuned for capacity because distant users are using up many resource blocks. A site tuned just for capacity (maximizing site mbps), will give resource blocks to the closest users. If the site hits capacity, nearby users get the best possible speeds but distant users will then get few or no resource blocks (it'd still show the same signal strength but not get any data.) A policy in between would give you some kind of intermediate behavior.
The software I wrote recently makes a SOAP call and displays the response. For a few known errors, it shows a reasonable error message. For unknown errors i was inspired by the Amiga, it shows "Guru meditation error:" (and whatever error response the SOAP call returned.)
I liked the "xv" picture viewer's error handling. So, in a typical program you try to save to a full disk, or print to a non-existant printer, and it'll pop up a message like "The file failed to save" with an "OK" button. In xv, with any error message the "OK" button says "That sucks!" 8-)
First, I thought GPS information included altitude, do these generally use GPS altitude or the one out of a database? I see three main potential sources of error here. First, in case of strong GPS signal, does an app use GPS location as-is or assume you're following a road or path? With an accuracy of a few feet, every time the biker went around around a parked car or someone along the bike path or anything, a system using GPS location would record a few extra feet compared to one assuming you're going dead straight along the road or path. Second, GPS filtering. I've seen those devices where the GPS location does just seem to jitter around a bit (well especially some phones). It can be totally stationary, claim a foot or two accuracy, but jump around 5 or 10 feet. The app's handling of this kind of thing could be important, I assume apps all handle this to avoid false movement. But if it overfilters, it could subtract some legitimate movement and reduce the measured distance. Third, weak GPS handling. Does the app try to use these 100 foot accuracy fixes and filter them to estimate location? Dead reckoning until the GPS gets better? Use a road and path database even if it doesn't for stronger GPS? Can it use the accelerometer?
Second... cheating by putting the GPS car? Really? How rugged are these GPSes? I'd just shoot if off the front with a slingshot, and pick it up Mad Max style when I catch up to it. I'd be getting 90MPH speeds in no time hahaha. For a quick sprint, launch the GPS with a trebuchet 8-).
"And you can bet on even bigger numbers to come, as first generation flatscreen adopters prepare to re-enter the market, as part of the traditional (replacement) cycle of life."
They might wait! The *early* early adopters bought panels that supported composite, VGA, and DVI, then got the royal screw job when "they" decided for rights restriction purposes that most HD devices would only actually output HD via HDMI. They then had to buy quite expensive adapters to use the panel properly. I've heard of plenty of these people deciding "Hell no I'm not buying a 4K panel just to be screwed again", they plan to wait quite a while to make sure HDMI 2.2 is REALLY all they need, that they won't just decide in 6 months "Well, actually you need HDMI 3" or something.
I'd take the $39 million. It's plenty to retire on anyway, and a good way to avoid people losing their homes (or, since mobile homes are after all mobile, having to move it to another mobile home park.)
And as a practical matter, who is going to fill these $40,000 a year jobs if there's no affordable housing in the area for them to live in?
Blurry screen? Try messing with Cleartype. It's supposed to do some kind of sub-pixel font rendering with the individual R, G, B, elements in the LCD to increase readability, but for some people it just makes it blurry. There's some option or two in there to fiddle with, and it can be turned off. The bigger that 1920x1080 screen is the lower the DPI. I'd assume the lower DPI screen, the more likely the Cleartype will just make things look blurry instead of more readable.
There's three ways this usually happens.
Dodgy sites, you have dodgy ad brokers that'll just put up whatever ad. You know the ones I'm talking about, they'll usually have incredible numbers of popups and popunders too.
Sites that are not dodgy will deal with some reputable ad brokers, but they may deal with some other ad brokers, those may deal with some, usually when these get a dodgy ad slipped in it's 4 or 5 layers deep down that chain. Typically the ad brokers stop doing business with the offending broker (and one "further up the chain" may stop doing business with the one that passed the ad to them, and so on.)
Third method, tampered javascript. The javascript served by one of the ad brokers to do the actual ad brokering is tampered with, the ad broker's ads are clean but the tampered javascript loads dodgy content instead of (or in addition to) loading the legit ad.
"Have they even started the process to get a reconsidered amount yet?"
Yeah, they (per the article) already got it cut from over $1 billion to $550 million.
Too bad Samsung didn't get better lawyers.
Samsung's lawyers kept making procedural errors, Apple's lawyers would raise an objection, and the judge would agree and render some piece of info Samsung wanted to admit inadmissable. It happened so often I did begin to wonder if the judge wasn't an Apple fanboi... but, I think it's just as likely he's a strict stickler to procedure over letting all information be admitted (which is probably just as well, otherwise if Apple had lost they would have just pointed to the procedural irregularity and gotten a mistrial or something anyway.)
I recall one point, one of the VERY phones Apple showed in a photo showing Samsung phones were copying the rounded corner of Apples, Samsung pointed out that very phone had already been on the market over 6 months before the IPhone even shipped. But, they did it too late, after the discovery phase, so the judge invalidated it.
"and if its in Vista you can be pretty sure its in XP too,
and if its in XP you can be pretty sure its in W2K too,
and if its in W2K you can be pretty sure its in NT4 too."
I really am not sure about that. Vista is pretty bloated compared to XP, XP is bloated compared to 2000, and 2000 is bloated compared to NT4. Quite a few of those vulnerabilities, the entire subsystem they are exploiting probably doesn't even exist in NT4. Not to say I recommend this "use NT4 because it's too old to be vulnerable" strategy.
No comment on people still running 2003, or whatever. I won't judge, I mean, 95-era on through about XP (so a good 7 or 8 years), Microsoft seemed to almost encourage very sloppy programming. There were all sorts of monstrosities from this era that would just be this inseperable wad of maybe some actual executable code, and Visual Basic for Applications scripts, and DCOM, and ActiveX, and it'd do some bits in Office 95 or 98, and on and on. You did have people on Slashdot and probably on here saying these had better be rewritten from basically day 1, but the day's finally come where they'll probably find they cannot get it to run in Windows 2012... so they'll have to keep running 2003 forever or finally rewrite their junk.
"No doubt that this has been patented, even though it's the same technology used in those line audio to cassette tape adaptors we all had in our cars before in-car CD players became the norm ten years ago."
I have one in the car now actually. It has a tape deck/CD combo, and needless to say I don't have either tapes or CDs sitting around in the car. The tape adapter works fine with he headphone jack on the phone. My parent's car is in the "no man's land", new enough to no longer have a tape deck (CD only) but too old to have bluetooth.
Anyway, I don't plan to buy stuff through the phone. But, I think this is clever. It doesn't require stores to get new hardware, doesn't have the excessive range of RFID, and is still contactless (I honestly don't know how big a problem reader wear actually is on card readers, but it's still good to reduce potential problems.)
"Isn't the issue that he made freely available the tool to exploit the problem, rather than informing Facebook privately and letting them fix the bug in advance? That's what security researchers do usually, isn't it?"
Depends on the company. Companies that try to hide the existence of bugs, claim bugs are features, and put off indefinitely fixing bugs, do not get this courtesy.
That is the problem, Facebook did not even consider this a security bug or leak. This "bug" was probably fully documented to "trusted third parties" to be able to get this info.
I wouldn't be surprised if this behavior wasn't in the fine print, but A) People don't read the fine print, and then are utterly shocked when behavior is revealed that was explicitly covered by the fine print. B) Others assume that the fine print is a "cover your ass" and covers every POSSIBLE activity, and naively assume this stuff is not actually being done. And facebook was clearly fine with that.
I agree with not working on projects I know will be insecure.
As for regulation, I think different industry standards would solve companies seemingly lax attitudes to security. If insurance companies began to change the business insurance so the business had to follow secure practices if they expected data loss to be covered... and if the credit card companies actually enforced PCI DSS security.. then this kind of thing would happen far less often than it does now.
"So anyone who calls Snowden a hero or a whistle blower has it wrong. Sorry, but what exactly did he blow the whistle on?"
Illegal NSA spying programs. Nobody really needed to know the EXACT specifics of the NSA spying programs, but the fact of the matter is the NSA et. al. (instead of simply saying "no comment" or "it's classified"), would flat-out LIE about the scope of their spying capabilities, and about the scope of future plans. Some programs, nobody knew about publicly before the Snowden files. Some programs, there was public info already but many dismissed it as pure paranoia due to the scope of it until the Snowden files confirmed it. Snowden explicitly said this, perhaps you got your news off TV only if you never heard about it.
" Compare and contrast his actions with Ellsberg. Ellsberg had access to the information. Snowden didn't. So Ellsberg didn't break the law(s) by stealing the information. He didn't have to."
So, what then do you think the point is of having whistleblower protection laws? Whistleblowers almost always have violated corporate security, ignored company NDAs and confidentiality clauses, and often times broken laws that prohibit leaking out proprietary corporate information, when they whistleblow against companies. I seriously don't see the difference here. If you want to claim Snowden didn't whistleblow, come up with a different argument, the argument "it's not whistleblowing if you break the rules" is basically nonsense.
I think the reason you see the poll results you do, is due to distorted news coverage in the US. The TV "news" coverage mentioned Snowden pilfering files, going to Russia, and lots of coverage of various talking heads saying he "needs to be brought back to the US and brought to justice" or some such. No mention that he went to Russia as a last resort, no mention of the NSA's illegal spying programs to provide context as to why Snowden did what he did, and no quote from Snowden or any supporters (just plenty of quotes from government talking heads.) Furthermore, while there have been plenty of revelations and confirmations based on the Snowden files, the old media has scrupulously made sure to not mention any of these.
If I only got information from the old media, I suppose I'd favor taking Snowden back and putting him on trial too, since the coverage has been SO slanted, both of Snowden himself and of the illegal NSA programs* themselves.
*When some NSA lawyer made a nonsense circular argument claiming their illegal programs are legal (they seriously had a lawyer argue "These programs are legal because I say they are", with no point of law pointed to to support the claim), the old media made sure to cover "NSA programs are legal" rather than covering the fact this nonsense argument was IMMEDIATELY debunked.
I'll just point out, any time someone talks about "appropriate balance", this means they want to take away your rights. I'm perfectly willing to take the odd chance that the occasional crim walks, if the alternative is to live in a totalitarian police state. I will not give up my encryption, and neither should you.
"“the good old Germanic tradition of 'brains off and just follow orders'.”"
Works the same here. I've heard of *TWO* cases here where a room full of computers got the air conditioning removed at the university, then stuff started melting. The people performing the work orders are so used to getting work orders that are totally daft, they are not going to question them, and to be honest I don't expect them to question them. The blame is fully with whoever was daft enough to issue a work order, without asking whoever "owns" the room why the A/C is there. Of course, in both cases here it was "Oh, this A/C isn't even venting outside so it's wasting electricity", with no regards to the equipment inside some closet. In one case, they NEVER got whoever to authorize reinstalling the A/C, so the $10,000s of hardware just sat there turned off!
"(ironic that NT & UNIX & OS/2 etc could use a 1995 Pentium Pro properly but Win95 went slower on it)."
Not ironic at all. Intel assumed by the time the Pentium Pro shipped that contemporary OSes would be 32-bit (recall the PPro was under development for years before it shipped). So they made sure it ran 32-bit code very quickly, they made sure it *could* run 16-bit code but didn't worry about the speed of it. NT, UNIX, and OS/2 were full 32-bit OSes, Windows 95 was a shell over 16-bit DOS so it ran like crap on it. Intel was a bit pissed at Microsoft at the time for continuing to ship DOS shells instead of NT-based Windows exclusively. The Pentium2 actually ran 32-bit code *slower* than a Pentium Pro, it was just reworked to speed up 16-bit code.
""If you don't sympathize with the CSO of Oracle you have never had someone give you a Nessus report and tell you to fix everything in it," said Jerry Gamblin."
This just tells me to not hire Jerry Gamblin for anything important. A) I've run Nessus against my infrastructure (admittedly long long ago), and the report was short, fixing everything on it was no big deal. Because I took security seriously to begin with. B) I don't like having a system that works but it shoddy. Therefore, I don't dread a report where I should fix evertything on it, I welcome it, because it makes the system better. The "stick your head in the sand" technique of just not wanting to know what is wrong is not the right way to go, especially if you're on the open internet, others WILL know and thoroughly pwn your setup if you try this for long.
Regarding this CSO's mad rant.... bzzt, unless *I* checked the box or signed the contract agreeing to your licensing agreement, I didn't agree to any licensing agreement!
So the assumption here seems to be the ONLY choices are 1) Stay with 2003, 2) Buy 2012, 3) Cloud, and the lack of sales means people are staying with 2003. What if the choice is "none of the above?", they are moving things to Linux or (god forbid) OSX Server or the like? If they are continuing to run the same software they ran on 2003, then (if the software runs) 2012 may be the way to go. If they are replacing the whole enchilada, there's 0 reason to stick with Windows.
" Will someone...
... tell me again why I want to think for one millionth of one thousandth of one billionth of a femto second about actually _installing_ this?"
I stuck it in a virtual machine, I suppose for entertainment purposes and as a cautionary tale. If it blows up I can just roll it back.
In the US, after one of the recent heads of the FCC got pissed about people constantly calling him and the FTC (who were *originally* supposed to enforce the Do Not Call list) doing nothing about it... he found each and every FCC rule on the books he could fine people for and had the FCC start going after them. Also pretty ineffective.
But, Congress also passed a law saying *individuals* are allowed to go after these fuckers for like $500-$1,500 per call(depending on circumstances.) The FCC and FTC both still operate on some assumption that companies are at least trying to play by the rules and are almost totally stymied by shell companies. Individuals can do this however they'd like, though, people online fighting telemarketers will typically wait few weeks for payment, then have a judge put a lien against the responsible parties stuff (which the judge DOES say yes to.. and the responsible party is the actually responsible owner, not some valueless shell company, it's easy in the US to argue some shell company with a single owner, that the owner is actually responsible.) Then if they still don't pay up, send in martials, thugs, or repo men to take their stuff. Obviously if you claim a nice car is worth $1 a judge will have harsh words, but YOU get to decide how much the stuff is worth, not the telemarketer! Apparently many are so surprised at being sued that they simply pay up though. In one case, the person decided to seize all of their illegal autodialers as payment, when the FCC and FTC fine illegal telemarketers they are daft enough to not demand seizure of illegal equipment!
Well, barring multiple networks, etc, at least you would hope there was battery backup. But the point could be moot, it really wouldn't matter if North Korea's Internet was down due to power failure if the client PCs or whatever that would access it have also lost power.
What they said --^ . It may well be true that the actually Opera-based Opera browser would have been too hard for the few developers to bring up to date. But, it certainly didn't bode well when they switched Opera to basically being a skin. Why would I spend anything to buy a skin?
I think the BIG value of the Opera sale may be all these in-the-field browsers using the Opera proxy. Not that I favor this, but the mini version of Opera runs EVERYTHING through an Opera-operated proxy server, I could fully see someone buying to data mine this, and insert ads.
Well, here in Iowa (middle of US), highway 151 used to be 1 lane each way with those passing lanes up hills. These lanes are something like 30 miles apart. Luckily it's now 2 lanes each way the whole way (with 3 lanes for a few hills), because (having driven in a lot of the US), Iowans are probably the rudest drivers in the country when it comes to this kind of thing.
What was supposed to happen was a right lane would appear for slower traffic, and the slow traffic should follow the HUUUGE "slower traffic use right lane" sign, drive in that right lane, and merge back in at the end.
What ACTUALLY would happen is, about 10% of the time there'd be no traffic at all, no problem. About 40% of the time, there'd be traffic but everyone behaved themselves -- slower traffic moved right, faster traffic (if there was any) went by on the left. (This is what I do, even if there's no traffic I move right if I'm not actually passing somebody.) Again, no problem. About 30% of the time, some asshole that HAD been going about 10MPH *under* the speed limit would stay in the left lane and speed up to about 10MPH *over* the speed limit, to try to prevent anyone passing them, then slow back down to 10MPH under once the slow lane is done. Needless to say I'd have none of that and just blast past them on the right side. About 10% of the time, you'd have a left-lane-driver *plus* a right-lane-pacer that'd drive along in the right lane at 1 car length + 1 inch behind the left lane car. Needless to say, since they are then an uncivilized road obstruction I had no qualms just squeezing that 1 inch in front of them and then taking off for a proper pass. The last 10% of the time, the right-lane-driver will go JUST fast enough so they use the ENTIRE passing area to just barely squeeze by the left lane car, making sure nobody else has room to pass. It's never a lack of horsepower, they'll just be cruising along in top gear and making no effort to pass in a timely manner *or* drop back so people can go around, oblivious to other cars (and even semis -- lorries to you) tailgating them, flashing lights, and honking at them.
Like I say, luckily this road's been widened to 2 lanes each way (with a few areas having a 3rd lane "slow lane"), so this simply isn't a problem on 151 any more.
"I have no idea why commercial camera solutions can't record to a NAS and you just log onto your NAS to see the pictures taken." What Kevin McMurtie said. They do exist.
In addition to the Axis cameras, I got some Foscams a few years back and they also supported writing frames to FTP at least. These are also Linux-based. The Foscams are like 1/4 the cost of an Axis, I got mine years back for like $60-80. But, I did get what I paid for -- lower specs, and (most problematically to me) if the power was dirty *THEY'D LOCK UP AND THE WATCHDOG TIMER WOULD FAIL TO REBOOT THEM!!!*. I ended up getting surge protectors and of course cheap camera + surge supressor still cost way less than a more expensive camera, the Foscams were like $60-80 a pop.
Boy is she incompetent. How do people take the likes of Fiorna and Trump at all seriously?
And second, is anybody going to call her out on the contradicition?
"I do not believe that we need to wholesale destroy every American citizen's privacy in order to go after those that we know are suspect or are – are already a problem," then like a minute later calling for wholesale destruction of every American citizen's privacy (well, not every one, I'm sure a few use no online services.)
I'm the one voting libertarian -- the Republicans and Democrats are both anti-privacy, anti-freedom, favoring large, intrusive and unaffordable government, and just quibble over minor details (while both falsely claming they are the polar opposite of the "other" party.) Both falsely claim they want to cut spending then falsely blame the "other" party for increased spending. In reality, both main parties want to cut SOMETHING, but then it comes out they want to cut that spending to spend EVEN MORE on something else.
Don't get me wrong, the libertarian call for something like cutting 8 or 9 departments entirely within 4 years is too far too fast, I would rely on checks and balances to slow them down to a more reasonable pace. But they seem to be the only party calling for spending cuts at all. And, the main 2 parties have shown their anti-privacy record.. they'll either speak out FOR anti-privacy measures, or speak out against them but then vote for the very bill they just spoke out against. The few libertarians in congress or senate have regularly actually consistently voted AGAINST anti-privacy and anti-freedom laws.
"Zero sympathy here either. People doing half a job on the cheap causing issues for themselves, or the poor sod who takes over in in the future."
Zero sympathy for running Windows. But the expectation that one should have to vigilantly check all updates, because the vendor may decided to treat a MAJOR OS UPGRADE as equivalent to an update, is ridiculous. Nobody should expect this, and I've never heard of any other vendor doing this. Ubuntu and any other Linux OS I know of that allows upgrades from major version to major version, will tell you when a newer OS is available, but it doesn't just start updating it, and makes it clear it's not the same as the regular updates. OSX, same. I don't object to informing that an update to Win10 is available, but autoselecting this update is pure madness on Microsoft's part.
There's a whole industry of various devices here in the US at least. I'm not sure how large an industry but at the prices they charge I'm sure it's very profitable.
Some devices will claim to do whatever and turn out to have nothing at all in there (they're either an empty box or have a few electronic bits but they aren't actually hooked up to the mains or inductively coupled to it or anything.)
A few technically do what they claim -- not the effects, those are pure "pseudo-science" (I hesitate to raise most descriptions to the level of pseudo-science so I put it in quotes.) But, for example, if it claims to make a magnetic field, it'll turn out to have a magnet or electromagnet in it (along with an LED or two that will light up when it's plugged in to "tell you it's working".) You could of course just buy a magnet for like 1% the cost.
Don't get me wrong, I assume they're effective for the people that buy them. Some studies have shown the vast majority of people sensitive to wifi, "cell phone radiation", and so on, it's pure placebo effect (being effected by something because you think it's effective.) If they've convinced themselves all these things are affecting them, then I suppose the placebo effect from some random device will counteract the first placebo effect pretty well.
@"Time For a Major Rethink" AC:
My life's not affected at all levels by software exploits. No Windows at home, and my bank etc. are competent so they don't get randomly hacked at regular intervals. The level of product liability you are expecting is excessive, and in a system like this, you would simply end up with no software being written at all. I sure as hell wouldn't write anything if I expected unlimited liability for it. At best, you'd end up with a situation like airplanes -- due to the extremely high costs of certifying any new design, you've got single-engine models still being sold that use 1930's era engine technology and a 1930's era carburetor... newer engines with fuel injection will drop right in, and have been shown to be more powerful, more fuel efficient, AND more reliable, but the certification costs are too high.
Anyway... unfortunately, I find it difficult that the plaintiffs will be able to show harm. The flaws didn't affect them, the flaws have been fixed, and the previous existence of these flaws, good look showing that'll harm the sale price. I seriously doubt this case will get anyhwere.
That said, these flaws were flat-out stupid -- leaving ports open is stupid, and it's particularly stupid to allow the entertainment system direct access to the engine management bus. It's actually common practice among car co.s to either keep them completely segregated -- i.e. no wire between them whatsoever -- or, to filter allowed commands to "read check engine light codes" and "reset check engine light" (if they want to sell the "hit the Onstar button and have them give a vague diagnosis of why your check engine light came on" thing.)
In a typical safety recall, as long as the car company was cooperative, the fines are minimal, beacuse the actual cost of doing the recall is already pretty high (having to replace some physical component on each and every car after all.) I do hope Chrysler gets a nice fine here. Since the costs of a software update are low, they may otherwise see minimal affect on the balance sheet and so not actually learn their lesson that security must be taken more seriously.
Why should anybody be? Seriously, if someone came by and claimed "You're violating this secret agreement or law", I'd tell them to take a hike and come back when they have valid charges.
I think this is high time, these countries where "whoever" signed onto a secret agreement that nobody else can look at.. when it comes time where "whoever" expects their parliaments to "implement" the agreement... it's time for their parliaments to just say "the public can't even see this agreement? So, why should I even pay attention to it?" I mean, nobody can even point to this country and say "Hey, you violated clause 12 of the agreement", since the agreement is secret anyway. Just flat-out ignore it.
Of course, this is all based on the work DeBeers did to lock "Conflict diamonds" off the market. The concept was/is the same -- the assumption is these conflict diamonds come from mines where the money goes right to warlords and such. The reality is, DeBeers really didn't care where the money was going, they cared where it wasn't going -- these diamonds were being sold outside of DeBeers distribution system, and DeBeers big fear is that a large outside source of diamonds affects the supply and therefore lowers prices.
So, really, the affect of this was not thought through to begin with, since the true goal was not to help the people in these countries in any way. I think those pushing for "conflict minerals" legislation just assumed the conflict diamonds thing was so successful, so let's do it for minerals (without looking at what the effect of the conflict diamonds legislation was either.)
"you avoid the hardware compatibility hell of installing Linux on diverse desktops and laptops, whose manufacturers care less than nothing about Linux compatibility. "
There is no hardware compatibility hell. I'm serious, you can find plenty of stories of people running into problems with some computer or other, and it makes it sound like hardware support is an utter basket case. But you're ONLY seeing the reports of people who have something not work out of the box.
The reality is, you're FAR more likely with Linux to be able to just pop in the install CD (or USB), install it, click "alternative hardware drivers" thing IF it shows up (mostly this installs nvidia's or ATI's provided video drivers instead of the default free & open source ones), and you are done, then I've ever seen with a Windows install.
The Windows install, you'll be able to get to work too, assuming your hardware isn't too new or too old for your WIndows version, but you're almost guaranteed to have to download extra drivers instead of having them included and possibly fiddle with things.
All that said, I'd heartily recommend ditching Windows for their desktops and going to a nice Linux distro, Microsoft probably is a large part of their costs after Oracle, but, if they have all these Windows-specific apps I could see not doing it. And I certainly wouldn't bother to rip-and-replace just to do it, I'm all for transitioning things over in an orderly manner in a case like that.
"Because of SUID, the *nix security model is not a security boundary. A security boundary guarantees that every access is checked against an access policy or permission set. By design, the *nix model is that if you are root you bypass all security checks."
True
"It is a deliberate hole, drilled in the model out of necessity since the model is otherwise not capable of expression necessary permissions in modern environments."
Well, modern unixes do have numerous groups for things like audio, scanner (if you have a scanner connected), and so on, members of a group can access a resource and otherwise you can't. This allows more granular access than "user" or "root", but nevertheless it's true root is used quite a bit.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
