Disney's parks are chock-full of the latest feats of engineering. In fact, that was pretty much the original plan for EPCOT - a self-contained community for trying out upcoming technology. Sadly capitalism got in the way of that plan, but I digress...
Disney loves to not just brag about their latest feats, but they'll also happily show off their existing mechanisms. Each park has a behind-the-scenes tour that covers most of the major engineering, and the general workings of practically everything are shown off in disney's many publications (in the guise of boastful advertisements). They don't like getting into details, and they really don't like revealing anything that might aid copyright infringement (like releasing pictures of ride track design or concept art), but most of their mechanical magic is common knowledge.
...And a degraded catalyst or wrong thermostat can cause you to emit extra pollutants before you get checked again, so no, you aren't going to be allowed to just ignore it.
A more interesting question is when will Mastercard/Visa start blocking EFF? I seem to recall that they did that once against Wikileaks after a few passionate speeches by senators.
Probably never. While WikiLeaks was quite happy to ignore US law in its "protests", the EFF has danced happily within the realm of legality for its muckraking. Sure, they annoy politicians, but they do so while staying within the law. They're a champion of freedom that everybody can publicly support... and if one politician ever attacks them, his opponent will enjoy the boost in public support.
The fourth amendment's applicability is only certain in the minds of privacy advocates. Legally, the fourth amendment is generally held to mean that the government can't disrupt your life with its searches or target someone specifically without a good enough reason to convince a judge. The NSA's sniffing is legally comparable to a police dragnet checking door-to-door for a suspect - it infringes privacy, but the impact on any particular person's life isn't unreasonable.
On the other hand, the first amendment is a much easier fight. The leaked information shows fairly well that the snooping (or at least its analysis) was targeted before any crime was committed. That means that the NSA's prejudiced against particular groups, and that's within spitting distance of a first-amendment violation.
After showing that some instances violate the first amendment, it's also an easier fight to argue that any wide-spread persistent snooping program is too easily also a violation. It's a similar tactic to the argument that no separate racially-segregated schools can be equal. Then once the first amendment has been invoked to protect people's metadata as free speech, then the fourth can be brought in to argue that any snooping of metadata must be approved by a warrant beforehand.
That also puts privacy in a much stronger place in the long run. By going after the first amendment protection, it can be argued that any aspect of a person's social life is a protected expression (within the limits usually invoked, like prohibiting murder as a form of protest), so that prohibits the government from seeking something the public knows (like a vehicle's whereabouts).
If successful, it could reconcile the public's love of sharing information with the hatred of the government learning that information.
He told the populace that their government was corrupt and spying on them and violating their constitutional and human rights...
...and he did so in the most reckless way possible. Not a good quality for President.
He dumped secrets into the pubic domain en masse, with no concern or consideration for the ramifications of such a release. It doesn't take much secret information to corroborate his story and alert the public, and still give the government enough room to let the bureaucracy fight it out. By dumping so much unnecessary secret infomation, the whole government is victimized, so it embarks on a self-righteous manhunt against an evil terrorist traitor.
Perhaps you missed a major part of the international view of America, then. We're the Joneses, the greener grass, the guy in the next suburb who has more money who has tons of money and makes a point of showing everybody exactly how much less they're worth than he is. Everybody hates us, but everybody wants to have what we have.
There's always been one major differentiating factor, though, that gets in the way of that desire. We've always been led by rich white men. Now we're run by a well-off black man, but that's a significant change in international perception. Obama taking office literally puts a new face on America. To the non-Western countries of the world, we are now an ideal again that they can hold up on a pedestal and identify with enough to work toward copying.
Sure, we're violent, partisan, and tend to do nasty things to whomever we want. Our pedestal has some cracks. To much of the rest of the world, though, these things are absolutely normal. In 2009, Ghana had elections, and I saw people burning effigies of their opponents. They see an argumentative Congress or domestic spying is par for the political course.
So Obama comes into office, and stirs up public demand for accountability, democracy, and a higher standard of living. Never mind that he doesn't fulfill those promises, but what's important is that other people can look at America and see goals that they can attain themselves. A little more unrest, a few more protests, and a bit more economic collapse, and the people of the developing world are pissed-off and empowered enough to rebuild their own governments. Cue Occupy Everything, the Arab Spring, etc... To keep with the earlier metaphors, the rich asshole funded a new school building.
Now, I don't think Obama's personally responsible for those developments enough to merit a Nobel Prize for pairing some undelivered promises with a new skin color. However, I did have the opportunity to see what Obama meant to the rest of the world. Deserved or not, he became a symbol of a brighter future. Yes, it's sad that the rest of the world seems to have surpassed us while trying to become us, but that shouldn't diminish the fact that the people of the world have a bigger voice than ever before.
It turns out that rich guy in the next suburb had all his wealth on credit, and now he's bankrupt. He still pushed through that school, though...
You jest, but that's a decent example. It's a hostile world, and every little thing, no matter how trivial, can be used against you, in unexpected ways. If you're aiming to kill a sysadmin, perhaps VLC is just the right tool for the job. Perhaps the bus hit was planned, and the attacker just needed a way to get the admin out in the open.
One of my personal favorite exploits involved using a core dump to drop a file into cron.d. The kernel, being ever so helpful, would put the dump into whatever working directory the crashing program was running in. Cron, being ever so helpful, would run all the files in cron.d, and being ever so helpful, would ignore all the badly-malformed data in those files. Put them together, and suddenly any user who can run a program can schedule commands to be run as root.
As your example shows with ample hyperbole, even a clean termination may be part of a larger plan. Perhaps VLC terminating triggers a watchdog that is differently-exploitable. Perhaps VLC is interfering with another exploit the attacker wants to use. Perhaps something else altogether... what matters is that all such attack vectors can be blocked by fixing this unexpected behavior.
The existence of other vulnerabilities is no reason to excuse this one. If that hypothetical ad display runs VLC, but its content is screened using Media Player, a crafted file may work fine and have approved content when checked, but crashes the display in production. This is a good argument for having identical testing and production systems, but that's not always how reality works out.
Imagine a situation where audio or video playback is considered a service, like the given example of a Times Square ad display. Disrupt that playback, and you have denial of service, period.
More examples I can think of offhand:
Theatre sound effects
Streaming media servers
Internet radio
Public information displays
Conference and sales presentations
I'm not saying it's necessarily an important service that's disrupted, or that the fix will take a long time, but it's still a DoS.
despite dire warnings from Secunia that it could be exploitable, it most certainly is not.
That depends entirely on what "exploit" means. If VLC is a core part of a media service, calling anything named "terminate" sounds like a recipe for a simple DoS. I don't think VLC is overpriced enough to serve in any critical roles (like, perhaps, a giant Times Square display), but it could easily be the magic under a layer of consultants' bills.
The easy assumption is that any time a program does something that wouldn't be expected, it's exploitable to cause some kind of annoyance. Whether that alone is enough to warrant a fix is a different matter.
The original comment implied that regulatory uncertainty is detrimental to the economy, which is generally true. When investors don't know what to expect from regulators, they tend to hold their money in less-risky investments, which don't move as much money around the economy as much as other investments.
Enry pointed out that it's pretty certain that January 1st, 2015 is politically likely to be the final date, but OakDragon reminds us that within one week (being the time it took for the due date to change), long-term corporate plans for implementing the required changes may have changed wildly.
Personally, I'm more inclined to agree with OakDragon. I currently work in the mad world of finance, and I've seen the research our investment managers do into each company they consider. Now, at least the last week's research needs to be rechecked, because companies' plans have likely changed to push the new law's expenses into the future. That means that until the research is done (again), we're probably holding more money in cash, leading to that aforementioned economic impact.
Not really. The shareholders always have grounds to sue management... you can sue for practically no reason, and just get laughed out of court faster. Implementing government mandates ahead of schedule is an investment at an opportune time, not mismanagement of funds. Yes, the shareholders can still sue, but they could also sue for having the wrong color of carpet in the lobby, with a similar chance of winning.
The 4th what? Surely you don't mean the 4th amendment? After all, that amendment protects against unreasonable searches, which is completely unrelated to the issue at hand.
The Fourth Amendment's protection of "papers" has never applied to the external surface of mail. The outside of mail must be read by the USPS for the service to function, so when you drop a letter in the mailbox, you're implicitly giving the USPS permission to read the visible surface. To my knowledge, there has never been a law preventing the USPS (or any other courier, for that matter) from reading anything visible from the outside. If the surface of mail is particularly confidential, it's not "unreasonable" to expect the mailer to put it in a plain outer envelope.
...Because it's not like your side of the story could possibly be corroborated by receipts, packing slips, or even the actual product.
Surveillance itself isn't inherently bad, but it's an all-or-nothing deal. Once the investigators know you've been receiving packages from $ENEMY, they need to also know that those packages were unrelated to $PLOT or $TARGET, so it's obvious you're just another mundane person.
Pedanticaly, is it the vibration that is "sound" or is it the experience of the listener receiving vibrations that is "sound"? Those "sound waves", without being experienced, are simply vibrations, but is that enough to consider the entire event "making a sound"? As an audio technician, my (crappy) equipment picks up electronic noise on occasion, so it "hears sound" that isn't actually there. Similarly, can a person actually hear an auditory hallucination, which is the experience without the associated vibrations?
Looks like the same old garb to me. Dictators, monarchs, and bureaucrats have always promoted themselves as making better decisions for the good of their people. The key lies in the definition of "better". Tyrants adopt a policy that benefits themselves most, when what's needed is a policy that benefits everyone.
The existence of faults in a government does not mean it's worse than letting each person make indepentently bad decisions.
From an historical perspective: Covered wagon travel has become quite inexpensive, and costs a few bucks for a team of oxen, so it's not surprising to see a more expensive means of travel appear. A steam locomotive is a cash cow, with related costs adding up $15-30 USD.
Of course stem cell transplants are expensive now, but having a clear road ahead for AIDS treatment opens the door to future optimization and improvement. As the technique matures, it will become routine enough that the cutting-edge treatments you read about on Slashdot will indeed continue to be expensive replacements for current technologies, and those technologies will themselves become cheaper as they mature. Of course, as the cures mature and become part of every doctor's toolbox, the general public, including yourself, will cease to pay any attention to their dropping costs or minor improvements.
which one has a private jumbo jet for its executives:
I'm going to guess "any one that thinks it's worth having". While it's fun to mock companies for having an expensive private jet, it might actually be worth having if the executives need to be physically present in several places quickly, without the delays of security or the risk of missing flights. There are no hubs, layovers, or transfers, and while on board the executive can stay in constant contact with the company without distraction.
It's the "worst description of polarization ever" because it's apparently not polarization:
The orbital angular momentum of light (OAM) is the component of angular momentum of a light beam that is dependent on the field spatial distribution, and not on the polarization.
...But we do apparently need to be told what Hadoop is, or Drupal, or Ruby on Rails, or even SSH. There's always somebody complaining about too much simplification, and always somebody complaining about too little. Perhaps we could just learn to infer and ignore as appropriate for our level of prior knowledge?
It's meaningful when reasonable petitions get support, making a clear statement for politicians to look at. A politician who wants to make a point can say "This many people signed the petition about this issue. Perhaps we should discuss it." and not have to worry too much about the methodology being attacked by other politicians. By design, representatives represent the views of their constituents, and change.org provides a way to cut through lobbyists' biased displays and present actual popular opinion to politicians.
This petition does not count as "reasonable", however. It's going through federal channels to interfere in a state's courts. That's something SCOTUS doesn't like doing, so I highly doubt the President will. For better political effect, a letter campaign to the governor's office would be prudent, appealing to Texas' long history as a haven of personal freedom. The change.org petition is just a publicity stunt that can have minimal legal weight.
You're absolutely factually correct, but since this is a story about Apple, patents, and law, we Slashdotters will spend the rest of this discussion raging about prior art, litigation, and monopolies.
Slashdot Mirror
Ding ding ding! We have a winner!
Disney's parks are chock-full of the latest feats of engineering. In fact, that was pretty much the original plan for EPCOT - a self-contained community for trying out upcoming technology. Sadly capitalism got in the way of that plan, but I digress...
Disney loves to not just brag about their latest feats, but they'll also happily show off their existing mechanisms. Each park has a behind-the-scenes tour that covers most of the major engineering, and the general workings of practically everything are shown off in disney's many publications (in the guise of boastful advertisements). They don't like getting into details, and they really don't like revealing anything that might aid copyright infringement (like releasing pictures of ride track design or concept art), but most of their mechanical magic is common knowledge.
...And a degraded catalyst or wrong thermostat can cause you to emit extra pollutants before you get checked again, so no, you aren't going to be allowed to just ignore it.
A more interesting question is when will Mastercard/Visa start blocking EFF? I seem to recall that they did that once against Wikileaks after a few passionate speeches by senators.
Probably never. While WikiLeaks was quite happy to ignore US law in its "protests", the EFF has danced happily within the realm of legality for its muckraking. Sure, they annoy politicians, but they do so while staying within the law. They're a champion of freedom that everybody can publicly support... and if one politician ever attacks them, his opponent will enjoy the boost in public support.
The fourth amendment's applicability is only certain in the minds of privacy advocates. Legally, the fourth amendment is generally held to mean that the government can't disrupt your life with its searches or target someone specifically without a good enough reason to convince a judge. The NSA's sniffing is legally comparable to a police dragnet checking door-to-door for a suspect - it infringes privacy, but the impact on any particular person's life isn't unreasonable.
On the other hand, the first amendment is a much easier fight. The leaked information shows fairly well that the snooping (or at least its analysis) was targeted before any crime was committed. That means that the NSA's prejudiced against particular groups, and that's within spitting distance of a first-amendment violation.
After showing that some instances violate the first amendment, it's also an easier fight to argue that any wide-spread persistent snooping program is too easily also a violation. It's a similar tactic to the argument that no separate racially-segregated schools can be equal. Then once the first amendment has been invoked to protect people's metadata as free speech, then the fourth can be brought in to argue that any snooping of metadata must be approved by a warrant beforehand.
That also puts privacy in a much stronger place in the long run. By going after the first amendment protection, it can be argued that any aspect of a person's social life is a protected expression (within the limits usually invoked, like prohibiting murder as a form of protest), so that prohibits the government from seeking something the public knows (like a vehicle's whereabouts).
If successful, it could reconcile the public's love of sharing information with the hatred of the government learning that information.
He told the populace that their government was corrupt and spying on them and violating their constitutional and human rights...
...and he did so in the most reckless way possible. Not a good quality for President.
He dumped secrets into the pubic domain en masse, with no concern or consideration for the ramifications of such a release. It doesn't take much secret information to corroborate his story and alert the public, and still give the government enough room to let the bureaucracy fight it out. By dumping so much unnecessary secret infomation, the whole government is victimized, so it embarks on a self-righteous manhunt against an evil terrorist traitor.
Perhaps you missed a major part of the international view of America, then. We're the Joneses, the greener grass, the guy in the next suburb who has more money who has tons of money and makes a point of showing everybody exactly how much less they're worth than he is. Everybody hates us, but everybody wants to have what we have.
There's always been one major differentiating factor, though, that gets in the way of that desire. We've always been led by rich white men. Now we're run by a well-off black man, but that's a significant change in international perception. Obama taking office literally puts a new face on America. To the non-Western countries of the world, we are now an ideal again that they can hold up on a pedestal and identify with enough to work toward copying.
Sure, we're violent, partisan, and tend to do nasty things to whomever we want. Our pedestal has some cracks. To much of the rest of the world, though, these things are absolutely normal. In 2009, Ghana had elections, and I saw people burning effigies of their opponents. They see an argumentative Congress or domestic spying is par for the political course.
So Obama comes into office, and stirs up public demand for accountability, democracy, and a higher standard of living. Never mind that he doesn't fulfill those promises, but what's important is that other people can look at America and see goals that they can attain themselves. A little more unrest, a few more protests, and a bit more economic collapse, and the people of the developing world are pissed-off and empowered enough to rebuild their own governments. Cue Occupy Everything, the Arab Spring, etc... To keep with the earlier metaphors, the rich asshole funded a new school building.
Now, I don't think Obama's personally responsible for those developments enough to merit a Nobel Prize for pairing some undelivered promises with a new skin color. However, I did have the opportunity to see what Obama meant to the rest of the world. Deserved or not, he became a symbol of a brighter future. Yes, it's sad that the rest of the world seems to have surpassed us while trying to become us, but that shouldn't diminish the fact that the people of the world have a bigger voice than ever before.
It turns out that rich guy in the next suburb had all his wealth on credit, and now he's bankrupt. He still pushed through that school, though...
Google for "Cron core dump vulnerability": http://www.securiteam.com/exploits/5OP0C0UJ5Y.html
You jest, but that's a decent example. It's a hostile world, and every little thing, no matter how trivial, can be used against you, in unexpected ways. If you're aiming to kill a sysadmin, perhaps VLC is just the right tool for the job. Perhaps the bus hit was planned, and the attacker just needed a way to get the admin out in the open.
One of my personal favorite exploits involved using a core dump to drop a file into cron.d. The kernel, being ever so helpful, would put the dump into whatever working directory the crashing program was running in. Cron, being ever so helpful, would run all the files in cron.d, and being ever so helpful, would ignore all the badly-malformed data in those files. Put them together, and suddenly any user who can run a program can schedule commands to be run as root.
As your example shows with ample hyperbole, even a clean termination may be part of a larger plan. Perhaps VLC terminating triggers a watchdog that is differently-exploitable. Perhaps VLC is interfering with another exploit the attacker wants to use. Perhaps something else altogether... what matters is that all such attack vectors can be blocked by fixing this unexpected behavior.
The existence of other vulnerabilities is no reason to excuse this one. If that hypothetical ad display runs VLC, but its content is screened using Media Player, a crafted file may work fine and have approved content when checked, but crashes the display in production. This is a good argument for having identical testing and production systems, but that's not always how reality works out.
Imagine a situation where audio or video playback is considered a service, like the given example of a Times Square ad display. Disrupt that playback, and you have denial of service, period.
More examples I can think of offhand:
I'm not saying it's necessarily an important service that's disrupted, or that the fix will take a long time, but it's still a DoS.
despite dire warnings from Secunia that it could be exploitable, it most certainly is not.
That depends entirely on what "exploit" means. If VLC is a core part of a media service, calling anything named "terminate" sounds like a recipe for a simple DoS. I don't think VLC is overpriced enough to serve in any critical roles (like, perhaps, a giant Times Square display), but it could easily be the magic under a layer of consultants' bills.
The easy assumption is that any time a program does something that wouldn't be expected, it's exploitable to cause some kind of annoyance. Whether that alone is enough to warrant a fix is a different matter.
The original comment implied that regulatory uncertainty is detrimental to the economy, which is generally true. When investors don't know what to expect from regulators, they tend to hold their money in less-risky investments, which don't move as much money around the economy as much as other investments.
Enry pointed out that it's pretty certain that January 1st, 2015 is politically likely to be the final date, but OakDragon reminds us that within one week (being the time it took for the due date to change), long-term corporate plans for implementing the required changes may have changed wildly.
Personally, I'm more inclined to agree with OakDragon. I currently work in the mad world of finance, and I've seen the research our investment managers do into each company they consider. Now, at least the last week's research needs to be rechecked, because companies' plans have likely changed to push the new law's expenses into the future. That means that until the research is done (again), we're probably holding more money in cash, leading to that aforementioned economic impact.
Not really. The shareholders always have grounds to sue management... you can sue for practically no reason, and just get laughed out of court faster. Implementing government mandates ahead of schedule is an investment at an opportune time, not mismanagement of funds. Yes, the shareholders can still sue, but they could also sue for having the wrong color of carpet in the lobby, with a similar chance of winning.
The 4th what? Surely you don't mean the 4th amendment? After all, that amendment protects against unreasonable searches, which is completely unrelated to the issue at hand.
The Fourth Amendment's protection of "papers" has never applied to the external surface of mail. The outside of mail must be read by the USPS for the service to function, so when you drop a letter in the mailbox, you're implicitly giving the USPS permission to read the visible surface. To my knowledge, there has never been a law preventing the USPS (or any other courier, for that matter) from reading anything visible from the outside. If the surface of mail is particularly confidential, it's not "unreasonable" to expect the mailer to put it in a plain outer envelope.
...Because it's not like your side of the story could possibly be corroborated by receipts, packing slips, or even the actual product.
Surveillance itself isn't inherently bad, but it's an all-or-nothing deal. Once the investigators know you've been receiving packages from $ENEMY, they need to also know that those packages were unrelated to $PLOT or $TARGET, so it's obvious you're just another mundane person.
How? Which piece of legislation forbids the USPS from logging what it handles?
Pedanticaly, is it the vibration that is "sound" or is it the experience of the listener receiving vibrations that is "sound"? Those "sound waves", without being experienced, are simply vibrations, but is that enough to consider the entire event "making a sound"? As an audio technician, my (crappy) equipment picks up electronic noise on occasion, so it "hears sound" that isn't actually there. Similarly, can a person actually hear an auditory hallucination, which is the experience without the associated vibrations?
Looks like the same old garb to me. Dictators, monarchs, and bureaucrats have always promoted themselves as making better decisions for the good of their people. The key lies in the definition of "better". Tyrants adopt a policy that benefits themselves most, when what's needed is a policy that benefits everyone.
The existence of faults in a government does not mean it's worse than letting each person make indepentently bad decisions.
Yes it should, because people are utterly terrible at weighing risks for themselves.
From an historical perspective: Covered wagon travel has become quite inexpensive, and costs a few bucks for a team of oxen, so it's not surprising to see a more expensive means of travel appear. A steam locomotive is a cash cow, with related costs adding up $15-30 USD.
Of course stem cell transplants are expensive now, but having a clear road ahead for AIDS treatment opens the door to future optimization and improvement. As the technique matures, it will become routine enough that the cutting-edge treatments you read about on Slashdot will indeed continue to be expensive replacements for current technologies, and those technologies will themselves become cheaper as they mature. Of course, as the cures mature and become part of every doctor's toolbox, the general public, including yourself, will cease to pay any attention to their dropping costs or minor improvements.
which one has a private jumbo jet for its executives:
I'm going to guess "any one that thinks it's worth having". While it's fun to mock companies for having an expensive private jet, it might actually be worth having if the executives need to be physically present in several places quickly, without the delays of security or the risk of missing flights. There are no hubs, layovers, or transfers, and while on board the executive can stay in constant contact with the company without distraction.
It's the "worst description of polarization ever" because it's apparently not polarization:
The orbital angular momentum of light (OAM) is the component of angular momentum of a light beam that is dependent on the field spatial distribution, and not on the polarization.
...But we do apparently need to be told what Hadoop is, or Drupal, or Ruby on Rails, or even SSH. There's always somebody complaining about too much simplification, and always somebody complaining about too little. Perhaps we could just learn to infer and ignore as appropriate for our level of prior knowledge?
It's meaningful when reasonable petitions get support, making a clear statement for politicians to look at. A politician who wants to make a point can say "This many people signed the petition about this issue. Perhaps we should discuss it." and not have to worry too much about the methodology being attacked by other politicians. By design, representatives represent the views of their constituents, and change.org provides a way to cut through lobbyists' biased displays and present actual popular opinion to politicians.
This petition does not count as "reasonable", however. It's going through federal channels to interfere in a state's courts. That's something SCOTUS doesn't like doing, so I highly doubt the President will. For better political effect, a letter campaign to the governor's office would be prudent, appealing to Texas' long history as a haven of personal freedom. The change.org petition is just a publicity stunt that can have minimal legal weight.
You're absolutely factually correct, but since this is a story about Apple, patents, and law, we Slashdotters will spend the rest of this discussion raging about prior art, litigation, and monopolies.