It's not a selling point because I for one expect proper security to be standard. My computers update themselves (my Win10 box is doing this fully automatic; my Mint box notifies me when there are updates and then it's just a few clicks to get it done). My current light bulbs, fridge and toaster are secure already and can not be turned into zombies, any newer such devices I simply expect the same even if those are connecting to the Internet.
When I hear about brands getting hacked and turned into zombies, otoh, that brand would be off my potential buying list for Internet-connecting things. That is, in case I'd want my fridge to connect to the Internet in the first place.
I was also surprised by seeing 31% claiming to update their devices "as soon as updates are available". That's an incredibly high number.
First of all: the user has to actively keep track of the availability of updates, somehow. The only possibly updateable device in my home, my router, I never updated the firmware of. It's about a year old. I don't know if there are updates, last time (a week or two) ago I logged in to the device it didn't notify me of there being any updates. To find updates (and know if any are available in the first place) I'll first have to figure out the manufacturer and model number of the thing, then start googling for latest firmware, see if it's newer than whatever is on my device, and then learn how it can be installed. Sounds like too much work to me, and I'm quite into those things. My wife simply wouldn't be able to do this even if she'd care enough to think about it. And yes, I consider myself pretty much a normal consumer. The thing does its job, and as long as it does so, I'm barely thinking about the mere presence of that tiny black box in a dark corner next to the stairs.
For me, my fridge, TV and light bulbs are not connected. I don't see the advantage of most of them to even be connected. Security is an aspect, having to update them occasionally (manually; including having to manually check for the presence of updates) is a pain and simply won't happen.
Sweating works quite well for us because we don't have significant body hair. Most animals have a fur coat, sweating is for them a very bad idea. It would be interesting to know whether we lost our hair first, or started to sweat first. I expect the first.
There are anyway not that many mammals other than us without fur, and the few that are naked like to live in or near the water, like water buffalo, rhinos and whales.
OTOH it may help with at least the first penetration, not requiring foreplay or so just to get hard, but always ready to jump on the opportunity. With the bone in it you always have a boner, so to say.
One billion user accounts - that's more than Facebook has. If that's one billion unique users, that'd be one out of seven people on this planet with a Yahoo account.
First there was news of a hack of half a billion accounts, now one billion. Most of these will be inactive (including mine - been years since I logged in to Yahoo, or even visited the site). Many of them just have to be throwaway accounts created by spammers or so.
The Metro UI is actually not completely terrible on a touchscreen device
That totally wants me to go and get one! Oh well, maybe I would if I didn't know about any actually well designed and properly working touch screen interfaces.
If they can't say "Tea, Earl Grey" and poof it's there then screw that.
Considering even the Nutrimatic Drinks Dispenser on board the Heart of Gold had a really hard time with this, I think you're really asking for too much here.
Even better: those services can make basically any shape, even those that can't be done by 3D printing. My plastic prototypes are made by CNC instead - I just e-mail the CAD design, and the factory sends it back to me within a few days.
The cost of having those made would've bought me a MakerBot by now. On the other hand a MakerBot 3D printer can't print the size (barely 30 cm in one direction) nor the shape (hanging in the air - would need support structures when 3D printing) I need...
Ignoring your time delay, the cost of those parts was two times $50 for a grand total of $100. The printer itself costs about $1000. That's a whole lot of replacement parts to be printed to make it worth the investment - not even counting the time and money spent scanning and refining the model so it can be printed out in the first place. Oh, and I'm ignoring the part where the 3D printed part has to be strong and heat resistant enough, which may or may not be an issue for the part you try to replicate. For many parts this will be an issue.
This should nicely sum up why 3D printing is not the revolution it claimed to be.
I was personally more thinking about my mobile phone. Not having to charge it every single day, and/or carrying bulky and heavy external batteries would be awesome.
The sad part is that the election organisers accept this.
How hard can it be to add a printer to the voting machine, which basically spits out a marked ballot paper, which the voter places in a ballot box? Best of both worlds. Electronic voting - have the machine count the votes for you, instant results when the station closes. Paper voting - when the station is closed simply count the total number of ballot papers, verify it matches the number of votes the machine has. Should be the same number. The paper ballots allow for a recount, if necessary, e.g. if the totals don't match or if there's a suspected problem with the machine (maybe do a handful of recounts in randomly selected stations to verify the machine's results).
Indeed. It's not that easy to spot fakes - especially the well done ones that rely on exaggeration and other half-truths.
Unsourced photos? Well, they can just make up a source. How can we easily see it's true or not? Same for all details given in a story.
Not everyone can spend an hour looking up details on every story they read. Usually we just have to put faith in the news outlet, faith in the reporters that write the story, and trust them that it is true and correct.
Sure it's going wrong now and then but overall I'm quite positive code saves lives. For every aircraft that crashes there are probably hundreds if not thousands of crashes that did not happen because of all the pilot aids. For all car crash that did happen, there are hundreds if not thousands that did not happen thanks to all those driver aids - including Tesla's autopilot. Software makes hospitals more efficient, helps to diagnose diseases and develop medication faster, may help doing a quick cross check on known side effects by combining medication, etc. X-rays come in faster, nearly real time. That all saves lives. That it is not perfect doesn't mean it's not effective, the few lives lost to software errors are nothing compared to the lives saved thanks to software.
I'd rather have the manufacturer do a decent job in building their software, so that updates aren't necessary. If they think the update option should be there, there should also be a factory reset option to recover from any problems with that.
Both TFS and TFA are really light on technical details - can anyone shed some light on where the drone comes in play? And also the vulnerability itself - a default password or something more obscure?
Another question would be of course why would those lights even have the ability to install new software in the first place. Is it really that hard to do software right, that no updates are needed for something as simple as a lamp?
I suppose that "irreversible" bit will work for any device that does not have a factory reset and allows for remote installation of firmware, thereby removing the factory default firmware and the ability to receive updates. It's quite simple to make it irreversible (easier than making it reversible) as all you do is not adding code to accept firmware updates.
DeBeer's behavior parallels other established interests we have read about recently such as taxi "cartels" trying to suppress upstarts Uber & Lyft, or hotel "cartels" trying to suppress VRBO & Airbnb. Jump ahead 50 years. I would wager that taxis, hotels, and natural diamonds will have lost their stranglehold to the likes of Uber, Airbnb, and synthetic diamonds. Adapt or die.
Yeah, sounds great - for the diamonds part, where a single worldwide monopoly may be replaced by numerous small, fiercely competing companies.
For the others you mention - replacing a great number of local monopolies (with highly regulated minimum standards) by a single worldwide monopoly (with no standards nor regulation) is not what I have in mind as improvement.
I'm sure you can do that in a different way: just use a few IE6-only commands that make the pop-up appear on IE6 but not on any other browsers. No need to check the UA for that.
A while back there was a story on/. where you could check how unique your browser signature is. I was unique in the then-set of about 15,000 - mostly due to my Linux/Firefox user agent combination. That one was unique.
With the web being "standard" and all, I wonder what the use of such user agents is in the first place!
What surprised me most from TFS is that it puts GPS in the mix. By nature, GPS is a passive technology: you can not track something using GPS without the device itself cooperating. To be able to track a phone using its own GPS receiver you must have a way for that phone itself to switch on the GPS receiver and relay this information to who-ever wants to know it. Normally the only way to do this is to hack into someone's phone: install some malware that relays the info, or break into someones anti-theft account or so.
This in contrast to normal mobile location data, as obtained by triangulating a phone using the network's transmitters. That's the network figuring out where a specific device is, no access to the device needed. This only requires cooperation from the network much easier to obtain using warrants (and of course without the subject knowing they're under surveillance), and is much more in line with the rest of the info cited: being able to get info on phone calls and text messages.
But anyway, sure, all phones can be followed to a certain degree of accuracy. Switching off your phone is the only way to prevent this. Giving it to a friend all the time beats the purpose of having one in the first place.
Closed source crypto: those that have seen the code are restricted by NDAs and usually on the payroll of whoever developed and deploys the encryption. These people have various reasons not to speak out on any potential issues, including back doors. You'll have to wait for a Snowden or Mannings to step up and reveal any issues.
Open source crypto: everyone, including "the enemy" and others with vested interests to break it and reveal exploits can see and analyse the code. They are not bound by NDAs, often live and work under various jurisdictions which means they can not all be gagged by laws.
The main reason we can trust closed-source crypto is that it is in the interest of the developing/deploying company that it actually works. Apple has lots to lose if it turns out their crypto is weak and contains easily exploitable back doors or bugs. It will probably not bankrupt them, but it'd be a really serious blow to the credibility of the company - and it'd take years if not decades for the general public to put their trust in Apple again.
This is why I do trust Apple (and other companies) to have really strong encryption that actually works and has no back doors, even though I'd strongly prefer them to open source it so third parties can confirm this is the case.
warning that failure to read/understand properly before clicking OK may result in personal legal liabilities)
Which, considering I'm one of the 95% of the world's population that doesn't live in the country all such warnings are written (i.e. the USA), has no meaning to me. Then there are the many, many people that don't understand English well enough or don't understand computing well enough to even stand a chance of understanding such long, long pieces of legalese.
Also blame the engineers who didn't put in some interlocks, e.g. no requests from outside the LAN until the default password has been changed or simply force the user to change the password the first time they log in.
That's the problem. Not end users not changing default passwords - many may not even know that it can or should be changed, and why should they? They're not security managers or IT engineers or so. Having users change the password on first login before they can do anything else, that's the only reasonable way to go. Maybe also add a list of the 1,000 most common passwords out there, and reject all those, make them come up with something a bit more unique, or hackers would still easily get access to the first 10-20% of devices by just using those common passwords.
It's probably the difference between something you have, and something you know. The first is covered by the search warrant (the right to search and look at everything - including the fingerprint), the second not (you're not required to give information, e.g. on where to find things - and the password).
Slashdot Mirror
It's not a selling point because I for one expect proper security to be standard. My computers update themselves (my Win10 box is doing this fully automatic; my Mint box notifies me when there are updates and then it's just a few clicks to get it done). My current light bulbs, fridge and toaster are secure already and can not be turned into zombies, any newer such devices I simply expect the same even if those are connecting to the Internet.
When I hear about brands getting hacked and turned into zombies, otoh, that brand would be off my potential buying list for Internet-connecting things. That is, in case I'd want my fridge to connect to the Internet in the first place.
I was also surprised by seeing 31% claiming to update their devices "as soon as updates are available". That's an incredibly high number.
First of all: the user has to actively keep track of the availability of updates, somehow. The only possibly updateable device in my home, my router, I never updated the firmware of. It's about a year old. I don't know if there are updates, last time (a week or two) ago I logged in to the device it didn't notify me of there being any updates. To find updates (and know if any are available in the first place) I'll first have to figure out the manufacturer and model number of the thing, then start googling for latest firmware, see if it's newer than whatever is on my device, and then learn how it can be installed. Sounds like too much work to me, and I'm quite into those things. My wife simply wouldn't be able to do this even if she'd care enough to think about it. And yes, I consider myself pretty much a normal consumer. The thing does its job, and as long as it does so, I'm barely thinking about the mere presence of that tiny black box in a dark corner next to the stairs.
For me, my fridge, TV and light bulbs are not connected. I don't see the advantage of most of them to even be connected. Security is an aspect, having to update them occasionally (manually; including having to manually check for the presence of updates) is a pain and simply won't happen.
No other animal can sweat like we do
Horses can sweat pretty seriously, too.
Sweating works quite well for us because we don't have significant body hair. Most animals have a fur coat, sweating is for them a very bad idea. It would be interesting to know whether we lost our hair first, or started to sweat first. I expect the first.
There are anyway not that many mammals other than us without fur, and the few that are naked like to live in or near the water, like water buffalo, rhinos and whales.
OTOH it may help with at least the first penetration, not requiring foreplay or so just to get hard, but always ready to jump on the opportunity. With the bone in it you always have a boner, so to say.
One billion user accounts - that's more than Facebook has. If that's one billion unique users, that'd be one out of seven people on this planet with a Yahoo account.
First there was news of a hack of half a billion accounts, now one billion. Most of these will be inactive (including mine - been years since I logged in to Yahoo, or even visited the site). Many of them just have to be throwaway accounts created by spammers or so.
The Metro UI is actually not completely terrible on a touchscreen device
That totally wants me to go and get one! Oh well, maybe I would if I didn't know about any actually well designed and properly working touch screen interfaces.
If they can't say "Tea, Earl Grey" and poof it's there then screw that.
Considering even the Nutrimatic Drinks Dispenser on board the Heart of Gold had a really hard time with this, I think you're really asking for too much here.
Even better: those services can make basically any shape, even those that can't be done by 3D printing. My plastic prototypes are made by CNC instead - I just e-mail the CAD design, and the factory sends it back to me within a few days.
The cost of having those made would've bought me a MakerBot by now. On the other hand a MakerBot 3D printer can't print the size (barely 30 cm in one direction) nor the shape (hanging in the air - would need support structures when 3D printing) I need...
Ignoring your time delay, the cost of those parts was two times $50 for a grand total of $100. The printer itself costs about $1000. That's a whole lot of replacement parts to be printed to make it worth the investment - not even counting the time and money spent scanning and refining the model so it can be printed out in the first place. Oh, and I'm ignoring the part where the 3D printed part has to be strong and heat resistant enough, which may or may not be an issue for the part you try to replicate. For many parts this will be an issue.
This should nicely sum up why 3D printing is not the revolution it claimed to be.
I was personally more thinking about my mobile phone. Not having to charge it every single day, and/or carrying bulky and heavy external batteries would be awesome.
The sad part is that the election organisers accept this.
How hard can it be to add a printer to the voting machine, which basically spits out a marked ballot paper, which the voter places in a ballot box? Best of both worlds. Electronic voting - have the machine count the votes for you, instant results when the station closes. Paper voting - when the station is closed simply count the total number of ballot papers, verify it matches the number of votes the machine has. Should be the same number. The paper ballots allow for a recount, if necessary, e.g. if the totals don't match or if there's a suspected problem with the machine (maybe do a handful of recounts in randomly selected stations to verify the machine's results).
Indeed. It's not that easy to spot fakes - especially the well done ones that rely on exaggeration and other half-truths.
Unsourced photos? Well, they can just make up a source. How can we easily see it's true or not? Same for all details given in a story.
Not everyone can spend an hour looking up details on every story they read. Usually we just have to put faith in the news outlet, faith in the reporters that write the story, and trust them that it is true and correct.
Sure it's going wrong now and then but overall I'm quite positive code saves lives. For every aircraft that crashes there are probably hundreds if not thousands of crashes that did not happen because of all the pilot aids. For all car crash that did happen, there are hundreds if not thousands that did not happen thanks to all those driver aids - including Tesla's autopilot. Software makes hospitals more efficient, helps to diagnose diseases and develop medication faster, may help doing a quick cross check on known side effects by combining medication, etc. X-rays come in faster, nearly real time. That all saves lives. That it is not perfect doesn't mean it's not effective, the few lives lost to software errors are nothing compared to the lives saved thanks to software.
I'd rather have the manufacturer do a decent job in building their software, so that updates aren't necessary. If they think the update option should be there, there should also be a factory reset option to recover from any problems with that.
Both TFS and TFA are really light on technical details - can anyone shed some light on where the drone comes in play? And also the vulnerability itself - a default password or something more obscure?
Another question would be of course why would those lights even have the ability to install new software in the first place. Is it really that hard to do software right, that no updates are needed for something as simple as a lamp?
I suppose that "irreversible" bit will work for any device that does not have a factory reset and allows for remote installation of firmware, thereby removing the factory default firmware and the ability to receive updates. It's quite simple to make it irreversible (easier than making it reversible) as all you do is not adding code to accept firmware updates.
DeBeer's behavior parallels other established interests we have read about recently such as taxi "cartels" trying to suppress upstarts Uber & Lyft, or hotel "cartels" trying to suppress VRBO & Airbnb. Jump ahead 50 years. I would wager that taxis, hotels, and natural diamonds will have lost their stranglehold to the likes of Uber, Airbnb, and synthetic diamonds. Adapt or die.
Yeah, sounds great - for the diamonds part, where a single worldwide monopoly may be replaced by numerous small, fiercely competing companies.
For the others you mention - replacing a great number of local monopolies (with highly regulated minimum standards) by a single worldwide monopoly (with no standards nor regulation) is not what I have in mind as improvement.
I'm sure you can do that in a different way: just use a few IE6-only commands that make the pop-up appear on IE6 but not on any other browsers. No need to check the UA for that.
I know all that, but those technologies don't use the GPS from the phone. TFS explicitly mentioned using the phone's built in GPS chip.
NOt just them.
A while back there was a story on /. where you could check how unique your browser signature is. I was unique in the then-set of about 15,000 - mostly due to my Linux/Firefox user agent combination. That one was unique.
With the web being "standard" and all, I wonder what the use of such user agents is in the first place!
What surprised me most from TFS is that it puts GPS in the mix. By nature, GPS is a passive technology: you can not track something using GPS without the device itself cooperating. To be able to track a phone using its own GPS receiver you must have a way for that phone itself to switch on the GPS receiver and relay this information to who-ever wants to know it. Normally the only way to do this is to hack into someone's phone: install some malware that relays the info, or break into someones anti-theft account or so.
This in contrast to normal mobile location data, as obtained by triangulating a phone using the network's transmitters. That's the network figuring out where a specific device is, no access to the device needed. This only requires cooperation from the network much easier to obtain using warrants (and of course without the subject knowing they're under surveillance), and is much more in line with the rest of the info cited: being able to get info on phone calls and text messages.
But anyway, sure, all phones can be followed to a certain degree of accuracy. Switching off your phone is the only way to prevent this. Giving it to a friend all the time beats the purpose of having one in the first place.
More importantly:
Closed source crypto: those that have seen the code are restricted by NDAs and usually on the payroll of whoever developed and deploys the encryption. These people have various reasons not to speak out on any potential issues, including back doors. You'll have to wait for a Snowden or Mannings to step up and reveal any issues.
Open source crypto: everyone, including "the enemy" and others with vested interests to break it and reveal exploits can see and analyse the code. They are not bound by NDAs, often live and work under various jurisdictions which means they can not all be gagged by laws.
The main reason we can trust closed-source crypto is that it is in the interest of the developing/deploying company that it actually works. Apple has lots to lose if it turns out their crypto is weak and contains easily exploitable back doors or bugs. It will probably not bankrupt them, but it'd be a really serious blow to the credibility of the company - and it'd take years if not decades for the general public to put their trust in Apple again.
This is why I do trust Apple (and other companies) to have really strong encryption that actually works and has no back doors, even though I'd strongly prefer them to open source it so third parties can confirm this is the case.
warning that failure to read/understand properly before clicking OK may result in personal legal liabilities)
Which, considering I'm one of the 95% of the world's population that doesn't live in the country all such warnings are written (i.e. the USA), has no meaning to me. Then there are the many, many people that don't understand English well enough or don't understand computing well enough to even stand a chance of understanding such long, long pieces of legalese.
Also blame the engineers who didn't put in some interlocks, e.g. no requests from outside the LAN until the default password has been changed or simply force the user to change the password the first time they log in.
That's the problem. Not end users not changing default passwords - many may not even know that it can or should be changed, and why should they? They're not security managers or IT engineers or so. Having users change the password on first login before they can do anything else, that's the only reasonable way to go. Maybe also add a list of the 1,000 most common passwords out there, and reject all those, make them come up with something a bit more unique, or hackers would still easily get access to the first 10-20% of devices by just using those common passwords.
It's probably the difference between something you have, and something you know. The first is covered by the search warrant (the right to search and look at everything - including the fingerprint), the second not (you're not required to give information, e.g. on where to find things - and the password).