Also, I don't see "humanities and other general education" not being required as a bonus or a great thing. For starters, societies need thinking people with a round education, not just people who know how to turn levers and knobs.
I agree. I was just offering a possible explanation for how Indian universities "trim" a year off a bachelor's degree program.
For comparison, the ECE degree program I was in required 32 credits of "humanities and other general education" and a total of 132 credits to graduate. My daughter is in the EEE program at the same university. The general education requirement is still 32 credits. But, total credits has been increased to 144. This is to accommodate additional technical requirements that many tech companies are looking for. Fortunately, she qualified for AP credits, so her credit load is only 16 instead of 18 (her scholarship will only pay for 8 semesters of classes (and 2 semesters of internships)).
A coworker of mine is from India - green card, permanent resident, married to a US citizen. She told me her credit load per semester was 18 and that "humanities and other general education" were not required. Also that foreign languages were a high school requirement.
She also said her education was fully government paid (and that the admissions requirements are far higher than for US universities).
You are NOT running linux under windows. There is no such thing. Even Canonical admits that.
In this case, Linux, itself, is not being run. So, should not be called "Linux on Windows" or any variation of "Linux".
However, CoLinux wraps a Linux kernel in a Windows driver so Linux runs directly on the CPU, along side Windows, with no virtualization. This is a "headless" and diskless Linux, requiring an Xserver running under Windows and a fileserver on Windows. Also, the project is very limited and has little activity.
Wait 3 minutes in case the person had just stepped away for a bit.
At the Walmart stores I've done pick-ups at, there were call buttons at the pickup desks. I didn't have to go looking for anyone, though I still had to wait several minutes.
the guy comes out still chewing (apparently finishing what he was eating was more important than a waiting customer).
According to some one I know who works for Walmart, there are strict rules about employees taking their breaks on time and for the exact time scheduled. He claimed employees have been fired for returning early from breaks.
So this likely means the store manager either didn't assign an alternate or the alternate was assigned to cover more than 1 position, so was stuck with other customers.
Something I have observed at many stores - not just Walmart - is an increasing tendency to schedule too few staff for the work load.
It's totally legal to hire a PI and "stalk" someone.
Because PIs are licensed to do so. And they have to be otherwise uninvolved with the case. An unlicensed person or a PI who is determined to be personally involved is subject to prosecution for stalking.
For example Firefox used to have a plugins.enumerable_names preference so you could control whether or not a website could figure out which addons and extensions are installed (a big source of fingerprinting data). But they removed the preference last year and now every website gets to sniff your plugins again.
That's called "Kissing the hand that feeds you." Mozilla received a lot of money from Yahoo. And Google before that.
My tablet replaced a "netbook". I use a bluetooth keyboard with it, so it's basically a touch screen netbook. Like the netbook, it fills a useful niche between phone and laptop. Light weight, more portable than the laptop and still has a large enough screen to be comfortable.
My "smart" phone replaced a flip phone. while the screen is much larger than the flip phone's screen, the phone is still only useful for voice calls, text messaging and shopping lists. Also, the smart phone is awkward to use for voice calls without a headset. And it's too fragile to simply slip into my pocket; I need a protective case for it.
Over all, I'm happy with my 3 year old tablet. It's still serving me well and I plan to keep it until it dies.
I'm shocked at the idea that rent-a-goons get as much as $35/hr. It's more like minimum wage.
It's the agency that gets paid the $25-$35 per hour. The actual guards are paid min wage.
Part of the rest of the $25-$35 goes to employer paid payroll taxes. Another portion might go to employee benefits (but all the security guards I know work less than 30 hours per week, so don't receive benefits). Another portion of it goes to liability insurance (which is a big reason that the vast majority of guards are not allowed to be armed (though some are, anyway)).
By limiting the functionality of their robots to setting off alarms and recording activity, Knightscope reduces their insurance costs.
While these robots might not be as effect as human guards, they are more cost effective. If nothing else, they could enable a single human guard to cover the jobs of several, so any would be thief could still find himself facing an unpredictable human.
The answer to your question REALLY is- it is NOT legal. Not to allow the car to drive itself without your hands on the wheel.
Operating a vehicle - on public roads - hands-off is illegal. In fact, some drivers have been ticketed for taking their hands off the steering wheel while stopped at traffic light. From what I've heard, the traffic court judges have upheld this. Don't know if there has been any attempt to appeal, let alone successfully.
The testing Google and others do on public roads (technically) requires some kind of special permission.
Tesla's so-called auto-pilot is supposed to be "merely" a driver assist system. Anyone using it as an actual auto-pilot really is violating the law. As for what liability Tesla has, the courts will ultimately determine that. Of course, a ruling from the NTSB will strongly influence that.
This case seems, to me, to not be a good case. A human driver in full control may have not been able to avoid the collision. One could argue that the "auto-pilot" should have been able to, but, again, the system is supposedly "just" a driver assist system. This will likely be a very messy case.
And, unfortunately, Tesla is now in a "damned if you do, damned if you don't" situation. Even if the NTSB rules the car was not at fault, an order to disable the system would be construed as an implicit admission that the car was at fault. And even if not ordered to do so, Tesla not disabling the system could be construed as arrogance. Either of which would hurt Tesla.
Specific to this story, all of their PERSONAL online activity turned over to some agency with the power to utterly destroy them.
Too late. Already happening. Yes, there is a lot of debate. But that's only for show. Along with some token actions to make it look like they are protecting the rights and freedoms of the people.
The "serious" audio industry used neither on modern equipment.
Serious audio is keeping up with the demands for more easily portable equipment.
A friend of mine has a Soundcraft portable mixer that has those 6.35mm connectors (and XLR connectors). And even some of Soundcraft's studio grade mixers still have 6.35mm connectors (again, along with XLR connectors).
Another friend of mine, who is a professional DJ, has a DJ audio dongle for his (10.1 inch) Nexus tablet. It has 6.35mm and 3.5mm connectors.
I have a Tascam mini digital recorder that has 3.5mm connectors for analog audio I/O. Easier to handle than a smartphone or small tablet. Better audio than even a pro-grade mic plugged into the headset jack. (Of course, an audio dongle and a pro-grade mic might be better quality, but would be even harder to handle than mic plus phone/tablet.)
"I wish my phone's screen wouldn't break so easily."
My girlfriend's mom got an iPhone 6, within 2 months, the screen had cracked under "gentler" circumstances than she treated her previous iPhone. Apple did replace it. By then, a new screen protector was available - made of the same type of glass. She got one of those, thus making her slimmer iPhone 6 as thick as her previous iPhone.
Seems the business getting the better part of the deal was the protector vendor. And Apple wants to go even thinner?
Before FireFox had profiles, there was the MultiFox add-on. I used it. I liked it. It was easy to use. Unfortunately, Mozilla made a change that made it impossible for MultiFox to work, claiming the functionality was more properly implemented inside FireFox than as an add-on.
Unfortunately, it's taken far too long for Mozilla to do it.
It might not take off among hobbyists, but MISRA-C is very popular among developers of safety critical applications.
I would not say "popular", but we do use it.
Actually, "MISRA C" is not a language specification, rather it is a set of "best practices". The document states that the rules there in are guidelines and that it is expected that real projects will need to "violate" 1 or more guidelines to achieve practical, understandable and maintainable code. And that when such "violations" are made, they be documented and properly justified.
Unfortunately, some mangers insist on strict adherence to the MISRA rules. This leads to awkwardly structured and overly complex code as the developers work around the limitations imposed.
In a situation with sane management, we are able to maintain a reasonable balance and produce good, understandable and maintainable code.
Isn't it a contradiction in terms, "privacy in a public space"?
Back when "no reasonable expectation of privacy in public" was first put forth, one could expect to be seen when in public, but, when talking quietly or whispering, would not expect to be heard by anyone more than several centimeters away. Even now, most people expect to not be heard from a distance, People expect that use of the advanced surveillance technology to be restricted to specific targets under a warrant. (If a private citizen used such equipment to spy on some one, they could be prosecuted for unlawful surveillance - even when the target was in a public place.)
By keeping the locations of the cameras secret, the FBI (and others) is creating ambiguity in an attempt to encourage people to assume the cameras are everywhere. This would then be used to argue that "a reasonable person should expect to be covertly recorded", thus lowering the threshold of "reasonable expectation."
I remember a court case, several years ago, where some one was prosecuted for "indecent exposure" in a public park. The area the girl was in was surrounded by dense trees and bushes, so was not visible from outside the area. Except that there was a hidden security camera.
Authorities, after reviewing the tape, later, were able to identify the girl and get an arrest warrant issued. At the arraignment hearing, the girl's lawyer pointed out that the area she was in was completely secluded, so no one could have seen her except for the hidden camera. The lawyer then cited an earlier case where a woman on private property with a privacy fence had been successfully convicted because she was visible from the upper floor of a nearby apartment building that the woman could have seen.
The judge agreed that the girl had a reasonable expectation of privacy at the location where she was, then dismissed the charge. But, because the case was not appealed, there's no precedent.
Nevertheless, the same logic that applied to the hidden camera could be applied to use of binoculars and/or other telescopic and remote viewing/listening devices.
Whether a particular judge would accept that is a different question.
As I recall, a city in north central US tried to do this a few years ago because the existing ISP refused to upgrade their last mile infrastructure. The ISP sued the city claiming it would be "unfair competition" for the city to own the last mile infrastructure.
Also, a friend of mine in a different city joined a local co-op that was building its own last mile infrastructure. When they approached ISPs to offer service to its members over their infrastructure, all the ISPs responded that they would only do so if the co-op gave its infrastructure to the ISP. In return for being given ownership of the infrastructure, the ISP would apply a discount to the monthly bills of the members for as long as they had continuous service with the ISP. Also, the discount was not transferable. If the member moved, he could not take the discount with him, not could the new home owner take over the original member's service.
Most people have enough writing skill to write messages and/or email (or even letter via postal mail), but very very few have the aptitude needed to be a professional writer.
Similarly, you can teach programming to a lot of people, but very very few will have the aptitude to become real software developers.
I'm all for teaching kids programming. Probably will find a few more who do have the aptitude than would come forward on their own.
Just don't expect a new "army" of software developers. We already teach kids writing, but very very few ever become real writers. No different for software developers.
I stopped using FireFox regularly when Mozilla's attempts to make it more user friendly also took away much of the configuration controls I used.
Making something dumber is not the right way to make something more user friendly. It's lazy and not actually more friendly - not even to "the average, browse-the-web-and-send-messages/pictures person".
The research mentioned in the OP does not mention anything beyond capturing the RSA or ElGamal keys. However, in normal use, these keys are used to create "session keys" (also known as "message keys"). From http://www.pgpi.org/doc/pgpint... (PGP is the forerunner of GPG, which was designed to inter-operate with PGP)
PGP then creates a session key, which is a one-time-only secret key. This key is a random number generated from the random movements of your mouse and the keystrokes you type. This session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is encrypted, the session key is then encrypted to the recipient's public key. This public key-encrypted session key is transmitted along with the ciphertext to the recipient.
From the same page
A digital certificate consists of three things: A public key. Certificate information. ("Identity" information about the user, such as name, user ID, and so on.) One or more digital signatures.
Also, the page describes PGP Certificates as including
The certificate holder's public key — the public portion of your key pair, together with the algorithm of the key: RSA, DH (Diffie-Hellman), or DSA (Digital Signature Algorithm).
There is no description of a procedure for deriving any kind of intermediate key from the public key in the certificate.
So, the 4096 bit keys discussed in the OP might be the public keys contained in the certificates. In which case, these 4096 bit keys might be in use for months or years.
I hope there actually are intermediate keys being generated. If not, a disruptive redesign of the encryption tools we use will be needed. However, any existing encrypted files would still be subject to the analysis by the described attacks, so the "blinding" mentioned in the research would still be needed. Also, it does not mention anything about changes to how the keys are actually used.
Also, the OP (and headline) fails to mention that the research also discusses other methods, including a person, with a concealed device, merely resting their hand on the computer for a few seconds. I suspect this infers that blinding the analysis is even more important.
Slashdot Mirror
Also, I don't see "humanities and other general education" not being required as a bonus or a great thing. For starters, societies need thinking people with a round education, not just people who know how to turn levers and knobs.
I agree. I was just offering a possible explanation for how Indian universities "trim" a year off a bachelor's degree program.
For comparison, the ECE degree program I was in required 32 credits of "humanities and other general education" and a total of 132 credits to graduate. My daughter is in the EEE program at the same university. The general education requirement is still 32 credits. But, total credits has been increased to 144. This is to accommodate additional technical requirements that many tech companies are looking for. Fortunately, she qualified for AP credits, so her credit load is only 16 instead of 18 (her scholarship will only pay for 8 semesters of classes (and 2 semesters of internships)).
A coworker of mine is from India - green card, permanent resident, married to a US citizen. She told me her credit load per semester was 18 and that "humanities and other general education" were not required. Also that foreign languages were a high school requirement.
She also said her education was fully government paid (and that the admissions requirements are far higher than for US universities).
You are NOT running linux under windows. There is no such thing. Even Canonical admits that.
In this case, Linux, itself, is not being run. So, should not be called "Linux on Windows" or any variation of "Linux".
However, CoLinux wraps a Linux kernel in a Windows driver so Linux runs directly on the CPU, along side Windows, with no virtualization. This is a "headless" and diskless Linux, requiring an Xserver running under Windows and a fileserver on Windows. Also, the project is very limited and has little activity.
Wait 3 minutes in case the person had just stepped away for a bit.
At the Walmart stores I've done pick-ups at, there were call buttons at the pickup desks. I didn't have to go looking for anyone, though I still had to wait several minutes.
the guy comes out still chewing (apparently finishing what he was eating was more important than a waiting customer).
According to some one I know who works for Walmart, there are strict rules about employees taking their breaks on time and for the exact time scheduled. He claimed employees have been fired for returning early from breaks.
So this likely means the store manager either didn't assign an alternate or the alternate was assigned to cover more than 1 position, so was stuck with other customers.
Something I have observed at many stores - not just Walmart - is an increasing tendency to schedule too few staff for the work load.
It's totally legal to hire a PI and "stalk" someone.
Because PIs are licensed to do so. And they have to be otherwise uninvolved with the case. An unlicensed person or a PI who is determined to be personally involved is subject to prosecution for stalking.
For example Firefox used to have a plugins.enumerable_names preference so you could control whether or not a website could figure out which addons and extensions are installed (a big source of fingerprinting data). But they removed the preference last year and now every website gets to sniff your plugins again.
That's called "Kissing the hand that feeds you." Mozilla received a lot of money from Yahoo. And Google before that.
The market penalized the companies, NOT the people running those companies.
Those people had their "golden parachutes" ready so they could bail themselves out of the companies, letting the companies collapse on to the workers.
But, can you trust the password manager? A bug (or back door) in it could expose all your passwords.
And how good is the encryption protecting your passwords?
My tablet replaced a "netbook". I use a bluetooth keyboard with it, so it's basically a touch screen netbook. Like the netbook, it fills a useful niche between phone and laptop. Light weight, more portable than the laptop and still has a large enough screen to be comfortable.
My "smart" phone replaced a flip phone. while the screen is much larger than the flip phone's screen, the phone is still only useful for voice calls, text messaging and shopping lists. Also, the smart phone is awkward to use for voice calls without a headset. And it's too fragile to simply slip into my pocket; I need a protective case for it.
Over all, I'm happy with my 3 year old tablet. It's still serving me well and I plan to keep it until it dies.
I'm shocked at the idea that rent-a-goons get as much as $35/hr. It's more like minimum wage.
It's the agency that gets paid the $25-$35 per hour. The actual guards are paid min wage.
Part of the rest of the $25-$35 goes to employer paid payroll taxes. Another portion might go to employee benefits (but all the security guards I know work less than 30 hours per week, so don't receive benefits). Another portion of it goes to liability insurance (which is a big reason that the vast majority of guards are not allowed to be armed (though some are, anyway)).
By limiting the functionality of their robots to setting off alarms and recording activity, Knightscope reduces their insurance costs.
While these robots might not be as effect as human guards, they are more cost effective. If nothing else, they could enable a single human guard to cover the jobs of several, so any would be thief could still find himself facing an unpredictable human.
The answer to your question REALLY is- it is NOT legal. Not to allow the car to drive itself without your hands on the wheel.
Operating a vehicle - on public roads - hands-off is illegal. In fact, some drivers have been ticketed for taking their hands off the steering wheel while stopped at traffic light. From what I've heard, the traffic court judges have upheld this. Don't know if there has been any attempt to appeal, let alone successfully.
The testing Google and others do on public roads (technically) requires some kind of special permission.
Tesla's so-called auto-pilot is supposed to be "merely" a driver assist system. Anyone using it as an actual auto-pilot really is violating the law. As for what liability Tesla has, the courts will ultimately determine that. Of course, a ruling from the NTSB will strongly influence that.
This case seems, to me, to not be a good case. A human driver in full control may have not been able to avoid the collision. One could argue that the "auto-pilot" should have been able to, but, again, the system is supposedly "just" a driver assist system. This will likely be a very messy case.
And, unfortunately, Tesla is now in a "damned if you do, damned if you don't" situation. Even if the NTSB rules the car was not at fault, an order to disable the system would be construed as an implicit admission that the car was at fault. And even if not ordered to do so, Tesla not disabling the system could be construed as arrogance. Either of which would hurt Tesla.
Specific to this story, all of their PERSONAL online activity turned over to some agency with the power to utterly destroy them.
Too late. Already happening. Yes, there is a lot of debate. But that's only for show. Along with some token actions to make it look like they are protecting the rights and freedoms of the people.
The "serious" audio industry used neither on modern equipment.
Serious audio is keeping up with the demands for more easily portable equipment.
A friend of mine has a Soundcraft portable mixer that has those 6.35mm connectors (and XLR connectors). And even some of Soundcraft's studio grade mixers still have 6.35mm connectors (again, along with XLR connectors).
Another friend of mine, who is a professional DJ, has a DJ audio dongle for his (10.1 inch) Nexus tablet. It has 6.35mm and 3.5mm connectors.
I have a Tascam mini digital recorder that has 3.5mm connectors for analog audio I/O. Easier to handle than a smartphone or small tablet. Better audio than even a pro-grade mic plugged into the headset jack. (Of course, an audio dongle and a pro-grade mic might be better quality, but would be even harder to handle than mic plus phone/tablet.)
"I wish my phone's screen wouldn't break so easily."
My girlfriend's mom got an iPhone 6, within 2 months, the screen had cracked under "gentler" circumstances than she treated her previous iPhone. Apple did replace it. By then, a new screen protector was available - made of the same type of glass. She got one of those, thus making her slimmer iPhone 6 as thick as her previous iPhone.
Seems the business getting the better part of the deal was the protector vendor. And Apple wants to go even thinner?
Before FireFox had profiles, there was the MultiFox add-on. I used it. I liked it. It was easy to use. Unfortunately, Mozilla made a change that made it impossible for MultiFox to work, claiming the functionality was more properly implemented inside FireFox than as an add-on.
Unfortunately, it's taken far too long for Mozilla to do it.
It might not take off among hobbyists, but MISRA-C is very popular among developers of safety critical applications.
I would not say "popular", but we do use it.
Actually, "MISRA C" is not a language specification, rather it is a set of "best practices". The document states that the rules there in are guidelines and that it is expected that real projects will need to "violate" 1 or more guidelines to achieve practical, understandable and maintainable code. And that when such "violations" are made, they be documented and properly justified.
Unfortunately, some mangers insist on strict adherence to the MISRA rules. This leads to awkwardly structured and overly complex code as the developers work around the limitations imposed.
In a situation with sane management, we are able to maintain a reasonable balance and produce good, understandable and maintainable code.
Isn't it a contradiction in terms, "privacy in a public space"?
Back when "no reasonable expectation of privacy in public" was first put forth, one could expect to be seen when in public, but, when talking quietly or whispering, would not expect to be heard by anyone more than several centimeters away. Even now, most people expect to not be heard from a distance, People expect that use of the advanced surveillance technology to be restricted to specific targets under a warrant. (If a private citizen used such equipment to spy on some one, they could be prosecuted for unlawful surveillance - even when the target was in a public place.)
By keeping the locations of the cameras secret, the FBI (and others) is creating ambiguity in an attempt to encourage people to assume the cameras are everywhere. This would then be used to argue that "a reasonable person should expect to be covertly recorded", thus lowering the threshold of "reasonable expectation."
I remember a court case, several years ago, where some one was prosecuted for "indecent exposure" in a public park. The area the girl was in was surrounded by dense trees and bushes, so was not visible from outside the area. Except that there was a hidden security camera.
Authorities, after reviewing the tape, later, were able to identify the girl and get an arrest warrant issued. At the arraignment hearing, the girl's lawyer pointed out that the area she was in was completely secluded, so no one could have seen her except for the hidden camera. The lawyer then cited an earlier case where a woman on private property with a privacy fence had been successfully convicted because she was visible from the upper floor of a nearby apartment building that the woman could have seen.
The judge agreed that the girl had a reasonable expectation of privacy at the location where she was, then dismissed the charge. But, because the case was not appealed, there's no precedent.
Nevertheless, the same logic that applied to the hidden camera could be applied to use of binoculars and/or other telescopic and remote viewing/listening devices.
Whether a particular judge would accept that is a different question.
As I recall, a city in north central US tried to do this a few years ago because the existing ISP refused to upgrade their last mile infrastructure. The ISP sued the city claiming it would be "unfair competition" for the city to own the last mile infrastructure.
Also, a friend of mine in a different city joined a local co-op that was building its own last mile infrastructure. When they approached ISPs to offer service to its members over their infrastructure, all the ISPs responded that they would only do so if the co-op gave its infrastructure to the ISP. In return for being given ownership of the infrastructure, the ISP would apply a discount to the monthly bills of the members for as long as they had continuous service with the ISP. Also, the discount was not transferable. If the member moved, he could not take the discount with him, not could the new home owner take over the original member's service.
Until these documents Wikileaks claims to possess are released, we don't know what they actually prove.
Wikileaks needs to release those documents now so there is time to evaluate them before the Dem Party Convention.
I recall a case where the courts ruled that, even with a very credible threat, the police are not obligated to provide protection.
Most people have enough writing skill to write messages and/or email (or even letter via postal mail), but very very few have the aptitude needed to be a professional writer.
Similarly, you can teach programming to a lot of people, but very very few will have the aptitude to become real software developers.
I'm all for teaching kids programming. Probably will find a few more who do have the aptitude than would come forward on their own.
Just don't expect a new "army" of software developers. We already teach kids writing, but very very few ever become real writers. No different for software developers.
Firefox is losing users left and right.
I stopped using FireFox regularly when Mozilla's attempts to make it more user friendly also took away much of the configuration controls I used.
Making something dumber is not the right way to make something more user friendly. It's lazy and not actually more friendly - not even to "the average, browse-the-web-and-send-messages/pictures person".
The research mentioned in the OP does not mention anything beyond capturing the RSA or ElGamal keys. However, in normal use, these keys are used to create "session keys" (also known as "message keys"). From http://www.pgpi.org/doc/pgpint... (PGP is the forerunner of GPG, which was designed to inter-operate with PGP)
PGP then creates a session key, which is a one-time-only secret key. This key is a random number generated from the random movements of your mouse and the keystrokes you type. This session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is encrypted, the session key is then encrypted to the recipient's public key. This public key-encrypted session key is transmitted along with the ciphertext to the recipient.
From the same page
A digital certificate consists of three things: A public key. Certificate information. ("Identity" information about the user, such as name, user ID, and so on.) One or more digital signatures.
Also, the page describes PGP Certificates as including
The certificate holder's public key — the public portion of your key pair, together with the algorithm of the key: RSA, DH (Diffie-Hellman), or DSA (Digital Signature Algorithm).
There is no description of a procedure for deriving any kind of intermediate key from the public key in the certificate.
So, the 4096 bit keys discussed in the OP might be the public keys contained in the certificates. In which case, these 4096 bit keys might be in use for months or years.
I hope there actually are intermediate keys being generated. If not, a disruptive redesign of the encryption tools we use will be needed. However, any existing encrypted files would still be subject to the analysis by the described attacks, so the "blinding" mentioned in the research would still be needed. Also, it does not mention anything about changes to how the keys are actually used.
Also, the OP (and headline) fails to mention that the research also discusses other methods, including a person, with a concealed device, merely resting their hand on the computer for a few seconds. I suspect this infers that blinding the analysis is even more important.
Never had the Turtle, but I did learn Logo on the Apple II, as well as BASIC, Pascal, C and 6502 assembly. All self taught. It was fun.