"I continue to believe in Best Buy and its future..." Schulze said in a statement. followed immediately by "Schulze also said he was exploring options for his 20.1 percent stake in the company." and an accompanying article from here
Looks like he's getting out as much as possible now.
If I wanted artificial restrictions, I'd go lock myself in a dark room for a few hours. If I wanted an auction, I'd go browse eBay. I don't want those, though. I want a visual interactive story, so I'm going to play a video game.
Having been in the beta since November or so, all I can tell you is that you're visiting the wrong websites. I've bought 0 items at an auction house, and sold just as many. Maybe this means I won't end up with the top 10% of gear, but that's fine by me.
The story is there, the gameplay is there. Tristram is once again in trouble. Decard Cain is still old. The button mash fast "sweet got a rare" fun is still present.
If you're convinced you won't buy it, or have a moral obligation not to due to the DRM, fine. I found it to be a nice continuation of the series and will be plopping down my $.
Shielding is titanium, as lead wouldn't survive liftoff "too soft to withstand the vibrations of launch" and other materials were "were too difficult to work with".
Cables between electronics are shielded in copper or stainless braid, and smaller electronics sections have their own shields.
The copy/paste/autolink behavior is not the privacy concern. I didn't read anyone here saying that it was.
The privacy concern is (from the summary): sends what you copy to Tynt's webservers...
So I, as a user of a random webpage, copy something for later pasting. That info, and my IP address, is sent to a third-party, theoretically for the purpose of appending a URL to the end of the text. Is that data also used for something else? Most likely. What company wouldn't try to make use of data it receives?
Since the same append functionality can be done trivially with some JS without contacting a home server, we immediately hop on the privacy horn.
Copy/paste, some formatting, no tables. Extra carriage returns (sorry)... "Implementing the gadgets" section stripped off...
Abstract A secure voting machine design must withstand new attacks devised throughout its multi-decade service lifetime. In this paper, we give a case study of the longterm security of a voting machine, the Sequoia AVC Advantage, whose design dates back to the early 80s. The AVC Advantage was designed with promising security features: its software is stored entirely in read-only memory and the hardware refuses to execute instructions fetched from RAM. Nevertheless, we demonstrate that an attacker can induce the AVC Advantage to misbehave in arbitrary ways--including changing the outcome of an election--by means of a memory cartridge containing a specially-formatted payload. Our attack makes essential use of a recently-invented exploitation technique called return-oriented programming, adapted here to the Z80 processor. In return-oriented programming, short snippets of benign code already present in the system are combined to yield malicious behavior. Our results demonstrate the relevance of recent ideas from systems security to voting machine research, and vice versa. We had no access either to source code or documentation beyond that available on Sequoia's web site. We have created a complete vote-stealing demonstration exploit and verified that it works correctly on the actual hardware.
1 Introduction A secure voting machine design must withstand not only the attacks known when it is created but also those invented through the design's service lifetime. Because the development, certification, and procurement cycle for voting machines is unusually slow, the service lifetime can be twenty or thirty years. It is unrealistic to hope that any design, however good, will remain secure for so long.1 In this paper, we give a case study of the long-term security of a voting machine, the Sequoia AVC Advantage. The hardware design of the AVC Advantage dates back to the early 80s; recent variants, whose hardware differs mainly in featuring a daughterboard enabling audio voting for the blind [3], are still used in New Jersey, Louisiana, and elsewhere. We study the 5.00D version The AVC Advantage voting machine we studied. (which does not include the daughterboard) in machines decommissioned by Buncombe County, North Carolina, and purchased by Andrew Appel through a government auction site [2]. The AVC Advantage appears, in some respects, to offer better security features than many of the other directrecording electronic (DRE) voting machines that have been studied in recent years. The hardware and software were custom-designed and are specialized for use in a DRE. The entire machine firmware (for version 5.00D) fits on three 64kB EPROMs. The interface to voters lacks the touchscreen and memory card reader common in more recent designs. The software appears to contain fewer memory errors, such as buffer overflows, than some competing systems. Most interestingly, the AVC Advantage motherboard contains circuitry disallowing instruction fetches from RAM, making the AVC Advantage a true Harvard-architecture machine.2 Nevertheless, we demonstrate that the AVC Advantage can be induced to undertake arbitrary, attackerchosen behavior by means of a memory cartridge containing a specially-formatted payload. An attacker who has access to the machine the night before an election can use our techniques to affect the outcome of an election by replacing the election program with another whose visible behavior is nearly indistinguishable from the legitimate program but that adds, removes, or changes votes as the attacker wishes. Unlike those attacks described 1 in the (contemporaneous, independent) study by Appel et al. [3, 4] that allow arbitrary computation to be induced, our attack
So, the individual pixels of the panel have a transition from b->w or w->b of x milliseconds, but the sum of those pixels (e.g. the entire screen image) has a transition time of x*5?
Err?
It seems to me that the screen processing takes a fixed amount of time (~50ms), then that processing tells the pixels to change, which takes (~5ms)... Thus the total response is 55. Does the fact that they're overdriving the pixels to get their response time down affect the screen processing? This seems to be the assertion of the article but it doesn't make much sense to me.
It's a one seater. The driver/pilot position is open to the elements. It has no cargo carrying capacity (as far as I could tell.) Max speed 55mph, 2 hours of flight per tank. Skids only (no wheels), so you can't park it in a ramp/underground garage, so can't fly it to the city...
Cool toy? H3ll yeah. If I ever win the lottery (unlikely, as I don't play it) I'll be all over one of these. Replacement for a car? Bah.
then in the future we could do away with racks of PLCs and make field equipment control itself.
This has been around (for industrial control applications) since 1994.
http://www.fieldbus.org/
Basically, the devices have all of the PLC functions (PID control, math blocks, logical operations) and once configured, there is no need for an external control system (except for external monitoring.)
For every knowledgeable enthusiast, there are many more misinformed or incorrect speculators whose opinions usually spring from personal preference or a need to hear themselves talk.
Sounds like just about every discussion board I've ever read.
Where's the +1 (Ironic) mod when you need it?
(And I should get double bonus points for recursive irony...)
From TFA, "Internationally, the game will take a few more days to make it to the store shelves. The UK will probably get it first, on or about August 6th. Everywhere else will probably be Friday, August 13th (que Twilight Zone Theme) or close to that date, with just a few exceptions (e.g. Russia and Poland). This isn't because we don't have love for you folks outside the U.S., but the localization and manufacturing process takes a bit longer outside the U.S. where we will have JVC run 24/7 to get the units built. I guess the European manufacturers prefer to give their employees nights and weekends off. Go figure! "
could be that the products have to be tested against US standards for EMI, etc. It is my understanding that we have more restrictive standards for these types of devices than other countries... (While they have more restrictive ones for industrial control equipment (CENELEC, BASEFA, etc...))
or redesigned so they are compatible with a different electricity distribution system. In the general case this is probably true, however in this particular instance the EMP-100 is recharged via USB...
Googled up some info on these players, as I4U seems to be dead.
The EPM-100 has 512M flash, a very small 3-line display, and is about the size of a thumbdrive. I found it selling for $220.
The JM200 has 256M flash (unknown if upgradeable via cards), includes a FM tuner, and looks downright funky. It doesn't seem to be available for purchase yet.
Were licensing fees prohibitive for mass-scale introduction of RFID tags, personal privacy would be safer.
What would the patent holder have gained by making them prohibitive? Had his patent not expired, the only difference is he would have been richer. I'm sure the technology would still have been used... (Unless this guy is truly altruistic.)
Let me know when it's available as a pocket watch..
Oddly enough, the writer got sick of wearing it on his wrist "... is more repelling to women than a wet spot on the front of your pants..." and carried around attached to a lanyard in his pocket.
Slashdot Mirror
"I continue to believe in Best Buy and its future..." Schulze said in a statement.
followed immediately by "Schulze also said he was exploring options for his 20.1 percent stake in the company." and an accompanying article from here
Looks like he's getting out as much as possible now.
Hurray for Microcenter?
Now all I hear about is DRM and auctions.
If I wanted artificial restrictions, I'd go lock myself in a dark room for a few hours. If I wanted an auction, I'd go browse eBay. I don't want those, though. I want a visual interactive story, so I'm going to play a video game.
Having been in the beta since November or so, all I can tell you is that you're visiting the wrong websites. I've bought 0 items at an auction house, and sold just as many. Maybe this means I won't end up with the top 10% of gear, but that's fine by me.
The story is there, the gameplay is there. Tristram is once again in trouble. Decard Cain is still old. The button mash fast "sweet got a rare" fun is still present.
If you're convinced you won't buy it, or have a moral obligation not to due to the DRM, fine. I found it to be a nice continuation of the series and will be plopping down my $.
The mission site is here: http://www.nasa.gov/mission_pages/juno/spacecraft/index.html Includes pictures and better information, including Monday's press release, (which happens to be the source of the ft^3 m^3 units in the linked article): http://www.nasa.gov/mission_pages/juno/news/juno20100712.html
Shielding is titanium, as lead wouldn't survive liftoff "too soft to withstand the vibrations of launch" and other materials were "were too difficult to work with".
Cables between electronics are shielded in copper or stainless braid, and smaller electronics sections have their own shields.
The copy/paste/autolink behavior is not the privacy concern. I didn't read anyone here saying that it was.
The privacy concern is (from the summary): sends what you copy to Tynt's webservers...
So I, as a user of a random webpage, copy something for later pasting. That info, and my IP address, is sent to a third-party, theoretically for the purpose of appending a URL to the end of the text. Is that data also used for something else? Most likely. What company wouldn't try to make use of data it receives?
Since the same append functionality can be done trivially with some JS without contacting a home server, we immediately hop on the privacy horn.
The teams actual site has more pics and videos, including St. Peter's Basilica, Trevi Fountain, and info on Venice.
http://grail.cs.washington.edu/rome/
Copy/paste, some formatting, no tables. Extra carriage returns (sorry)... "Implementing the gadgets" section stripped off...
Abstract
A secure voting machine design must withstand new attacks
devised throughout its multi-decade service lifetime.
In this paper, we give a case study of the longterm
security of a voting machine, the Sequoia AVC
Advantage, whose design dates back to the early 80s.
The AVC Advantage was designed with promising security
features: its software is stored entirely in read-only
memory and the hardware refuses to execute instructions
fetched from RAM. Nevertheless, we demonstrate that an
attacker can induce the AVC Advantage to misbehave
in arbitrary ways--including changing the outcome of
an election--by means of a memory cartridge containing
a specially-formatted payload. Our attack makes essential
use of a recently-invented exploitation technique
called return-oriented programming, adapted here to the
Z80 processor. In return-oriented programming, short
snippets of benign code already present in the system
are combined to yield malicious behavior. Our results
demonstrate the relevance of recent ideas from systems
security to voting machine research, and vice versa. We
had no access either to source code or documentation beyond
that available on Sequoia's web site. We have created
a complete vote-stealing demonstration exploit and
verified that it works correctly on the actual hardware.
1 Introduction
A secure voting machine design must withstand not only
the attacks known when it is created but also those invented
through the design's service lifetime. Because
the development, certification, and procurement cycle for
voting machines is unusually slow, the service lifetime
can be twenty or thirty years. It is unrealistic to hope
that any design, however good, will remain secure for so
long.1
In this paper, we give a case study of the long-term
security of a voting machine, the Sequoia AVC Advantage.
The hardware design of the AVC Advantage dates
back to the early 80s; recent variants, whose hardware
differs mainly in featuring a daughterboard enabling audio
voting for the blind [3], are still used in New Jersey,
Louisiana, and elsewhere. We study the 5.00D version
The AVC Advantage voting machine we studied.
(which does not include the daughterboard) in machines
decommissioned by Buncombe County, North Carolina,
and purchased by Andrew Appel through a government
auction site [2].
The AVC Advantage appears, in some respects, to offer
better security features than many of the other directrecording
electronic (DRE) voting machines that have
been studied in recent years. The hardware and software
were custom-designed and are specialized for use in a
DRE. The entire machine firmware (for version 5.00D)
fits on three 64kB EPROMs. The interface to voters
lacks the touchscreen and memory card reader common
in more recent designs. The software appears to contain
fewer memory errors, such as buffer overflows, than
some competing systems. Most interestingly, the AVC
Advantage motherboard contains circuitry disallowing
instruction fetches from RAM, making the AVC Advantage
a true Harvard-architecture machine.2
Nevertheless, we demonstrate that the AVC Advantage
can be induced to undertake arbitrary, attackerchosen
behavior by means of a memory cartridge containing
a specially-formatted payload. An attacker who
has access to the machine the night before an election can
use our techniques to affect the outcome of an election by
replacing the election program with another whose visible
behavior is nearly indistinguishable from the legitimate
program but that adds, removes, or changes votes
as the attacker wishes. Unlike those attacks described
1
in the (contemporaneous, independent) study by Appel
et al. [3, 4] that allow arbitrary computation to be induced,
our attack
So, the individual pixels of the panel have a transition from b->w or w->b of x milliseconds, but the sum of those pixels (e.g. the entire screen image) has a transition time of x*5?
Err?
It seems to me that the screen processing takes a fixed amount of time (~50ms), then that processing tells the pixels to change, which takes (~5ms)... Thus the total response is 55. Does the fact that they're overdriving the pixels to get their response time down affect the screen processing? This seems to be the assertion of the article but it doesn't make much sense to me.
It's too bad that no one seems to have mod points, 'cause this is hilarious.
That's why I play it safe and never read any linked article. ;)
The above comment relates to the vehicle they showed on 60 minutes last night, which is oddly not the same as the one mentioned in the ./ story links.
My bad.
About this "car".
It's a one seater.
The driver/pilot position is open to the elements.
It has no cargo carrying capacity (as far as I could tell.)
Max speed 55mph, 2 hours of flight per tank.
Skids only (no wheels), so you can't park it in a ramp/underground garage, so can't fly it to the city...
Cool toy? H3ll yeah. If I ever win the lottery (unlikely, as I don't play it) I'll be all over one of these. Replacement for a car? Bah.
then in the future we could do away with racks of PLCs and make field equipment control itself.
This has been around (for industrial control applications) since 1994.
http://www.fieldbus.org/
Basically, the devices have all of the PLC functions (PID control, math blocks, logical operations) and once configured, there is no need for an external control system (except for external monitoring.)
Technology can be applied for either good or evil.
Who'd have thunk?
For every knowledgeable enthusiast, there are many more misinformed or incorrect speculators whose opinions usually spring from personal preference or a need to hear themselves talk.
Sounds like just about every discussion board I've ever read.
Where's the +1 (Ironic) mod when you need it?
(And I should get double bonus points for recursive irony...)
hchange votes with a 5 line vbs script
;)
Maybe we could use the same thing here for story submissions...
Not without some kind of sauce or dressing. Plain 1's and 0's taste like cardboard.
I've always likened it to k(n)ibbles and bits...
Parent has such an ironic subject line...
From TFA,
"Internationally, the game will take a few more days to make it to the store shelves. The UK will probably get it first, on or about August 6th. Everywhere else will probably be Friday, August 13th (que Twilight Zone Theme) or close to that date, with just a few exceptions (e.g. Russia and Poland). This isn't because we don't have love for you folks outside the U.S., but the localization and manufacturing process takes a bit longer outside the U.S. where we will have JVC run 24/7 to get the units built. I guess the European manufacturers prefer to give their employees nights and weekends off. Go figure! "
could be that the products have to be tested against US standards for EMI, etc.
It is my understanding that we have more restrictive standards for these types of devices than other countries... (While they have more restrictive ones for industrial control equipment (CENELEC, BASEFA, etc...))
or redesigned so they are compatible with a different electricity distribution system.
In the general case this is probably true, however in this particular instance the EMP-100 is recharged via USB...
Googled up some info on these players, as I4U seems to be dead.
The EPM-100 has 512M flash, a very small 3-line display, and is about the size of a thumbdrive. I found it selling for $220.
The JM200 has 256M flash (unknown if upgradeable via cards), includes a FM tuner, and looks downright funky. It doesn't seem to be available for purchase yet.
"CERT's subsequent recommendation ... resulted in a large spike in downloads of the Mozilla Organization's Mozilla and Firefox web browsers."
I hate to ask, but didn't the CERT recommendation happen right around the same time as release of 0.9.1?
Without sources I can't refute or support the Wired's article, but it provides no support of it's conclusion itself...
Were licensing fees prohibitive for mass-scale introduction of RFID tags, personal privacy would be safer.
What would the patent holder have gained by making them prohibitive? Had his patent not expired, the only difference is he would have been richer. I'm sure the technology would still have been used... (Unless this guy is truly altruistic.)
If I saw someone wearing that thing, I couldn't help but say: Go Go Power Rangers It looks just like their wristband gadgets
;)
Just one question... How do you know that?
Let me know when it's available as a pocket watch..
Oddly enough, the writer got sick of wearing it on his wrist "... is more repelling to women than a wet spot on the front of your pants..." and carried around attached to a lanyard in his pocket.
Anyone else find it amusing that the link to more info about rats is to the NY times?
Found an old press release from '01 on NEC's web site documenting the discovery of this battery technology.
With this latest (today's) press release it sounds like they're finally ready for product.