Is that thanks to Sony vs Betamax, it's legal to record OTA TV with a DVR.
Not really. I'll cast aside the fact that Betamax is from Sony, and move on to the real point: At least in the US, we all owe a debt to Mr. Fred Rogers, who testified before Congress that some kids couldn't watch Mr. Roger's Neighborhood because it was aired at times the kids couldn't see it. A VCR let parents record Mr. Roger's Neighborhood, and those kids could watch his show.
The eventual SCOTUS decision in 1983 included a quote from Mr. Rogers's testimony:
Some public stations, as well as commercial stations, program the "Neighborhood" at hours when some children cannot use it... I have always felt that with the advent of all of this new technology that allows people to tape the "Neighborhood" off-the-air, and I'm speaking for the "Neighborhood" because that's what I produce, that they then become much more active in the programming of their family's television life. Very frankly, I am opposed to people being programmed by others. My whole approach in broadcasting has always been "You are an important person just the way you are. You can make healthy decisions." Maybe I'm going on too long, but I just feel that anything that allows a person to be more active in the control of his or her life, in a healthy way, is important.
More to the point: TFA's author is name-dropping, pure and simple.
Just because somebody stated something in a particular context doesn't make it their universal opinion. But, you know, anything Apple is click-baity, so throw it in and watch those hits roll in!
It's especially rich that the guy moans how Steve Jobs ruined his Android application. Apparently, if it weren't for Steve Jobs dictating the direction of Android, we wouldn't have this problem...
My experience has long been that demanding a specific "fix" (in this case a "refresh") is counter-productive.
It's a lot like a person who has intense gut pain, and they go to the doctor to demand opioids.
True, opioids do make the pain go away, but it doesn't actually solve their ruptured appendix, and the doctor knows it is going to take a lot more than a few cents worth of oxycodone to resolve the problem.
A refresh button may make the pain go away temporarily, but it doesn't fix the problem.
More than anything, the article reeks of a guy who is complaining about a shitty software package, and then thinks that the thing he wants will actually fix the problem.
It's like having a parent who's child needs surgery to remove his appendix, but goes to the doctor demanding opioids, because he knows opioids will make the pain go away.
I guess JS coders are rediscovering multiuser issues.
Well, when you get your degree and and the only work you've ever done is single-user, single process, single thread, on an OS whose primary interface accommodates a single user...
Then taking a sample set of a couple poorly-coded apps and deciding it represents everything...
And finally blaming a guy for pointing out how things should work as the reason the app is coded poorly.
Yeah... sounds like the guy is trying to blame his problems on the wrong people. He'd go far in Politics.
A lot of it comes down to arrogance, competitiveness, and aggression, as well as a a certain level of intelligence, and low aversion to risk.
I see countless numbers of people who have all of the same characteristics at the local homeless shelter too. (Believe me, the majority aren't stupid, lazy, passive. Most drug abuse starts from a low aversion to risk, for that matter.)
A low aversion to risk nearly always goes very badly unless -- like Steve Jobs, Mark Zuckerburg, or Richard Branson, you come from a family wealthy enough and forgiving enough to absorb the losses from your risk taking.
The guys at the homeless shelter, on the other hand, are the guys who took a chance and didn't have anything to fall back on -- and lost everything.
The survivorship bias perpetuates the myth - it's far less glamorous to learn from the mistakes of "loser's" than it is to idolize the "winners".
Here in the US, banks charge $10 for a wire transfer,
For a "wire transfer", perhaps (I recall doing that for the down payment on my mortgage) , but an ACH transaction is generally free.
That's not to say that ACH isn't without issues, but the big issue in the US is cultural, rather than technological.
A government-backed payment system would give the IRS a way to monitor payments, and makes it a lot easier to prosecute people with apparently untaxed income. Gotta keep those guys with accounts in the Cayman islands happy.
I couldn't care less if they piss off a pack of SJWs with the name, I'm just disgusted that they could get funding for such trivial shit.
I'd say this is just misdirection: They're trying to deflect criticism of their awful idea by saying "people are manufacturing controversy over our name".
You have no evidence to back up your claim. It is entirely possible that the overall accident rate will increase because people will start to rely on autonomous driving systems in situations where they are not safe or use them in ways that are unsafe
Thus far, autonomous driving has had far fewer collisions per mile driven than human drivers. Tesla's AutoSteer reduced collisions by over 40%. It's a staggering improvement in overall safety.
Humans don't handle the corner cases autonomous systems struggle with very well either. The fact that the Tesla driver had 10 seconds to "notice" something was amiss doesn't mean much.
Even when we're "paying close attention", our brains will often ignore really important details. We even pay for the privilege when Magicians exploit it, because we respect the skill involved.
I have a lot of respect for DJB. And he's pointed out theoretical attacks, and a few points where it's easy to make implementation mistakes when developing crypto code. The thing with theoretical attacks is that they seldom are practical. Most of the issues he brings up are pitfalls specific to the algorithms, and good implementations don't fall into them.
DJB also found weaknesses in AES; that doesn't mean it's likely to ever have a practical break. DJB is a researcher, and is always looking for better solutions. If we ever get around to replacing ECDSA, his research will be a valuable resource -- assuming that Quantum computing is the reason we're replacing ECDSA.
Implementation issues don't necessitate that ECDSA is weak; ECDSA is at the heart of most modern TLS certificates, including many of Google's, as well as being central to BitCoin.
U2F is a wrapper around OpenPGP in one direction. It could have easily been a wrapper around OpenPGP in its entire, but it's not.
I'm unable to find anything regarding OpenPGP in the FIDO U2F specifications Everything points to it being a cryptographic authentication. The communication protocol is utterly unlike OpenPGP.
All the way down to the hardware level, including open-source U2F token designs. (The link can do U2F, but has zero OpenPGP capability)
As far as I've been able to research (and I'm implementing FIDO U2F for my employer), U2F is entirely separate from OpenPGP.
If you have anything that says otherwise, I'd appreciate it.
As long as 99.9% of the settlement goes to those who were affected I can get behind this. Unfortunately I know that a huge chunk will go to the lawyers.
Given that Equifax has a market cap of ~$17 Billion, it's hard to imagine that any settlement would approach the $70 billion the law firm is seeking.
Any competent board would just close down the company. If you're going to take out junk bonds to fund a company, it might as well be a new one without the baggage.
The U2F devices use RSA (up to 2048-bit on some devices, 4096 on bigger ones) or known-weak ECDSA (curve 256 and curve 384).
What weakness in ECDSA? Are you confusing it with Dual_EC_DRBG pseudorandom numbers?
There have been weaknesses due to bugs in a couple of implementations of ECDSA, but overall, I've seen nothing to suggest it isn't more solid than RSA.
Most-egregiously, however, the standards don't specify decryption. The standards specify digital signing, yet they don't specify the acceptance of a block of data encrypted with the public key and the return of a decrypted block of data.
That's because U2F is a one-way authentication standard. It authenticates you to the service.
Yubi's more expensive/featureful devices add a built-in OpenPGP Smartcard -- which is an entirely different standard. The OpenPGP ecosystem has never been accused of being user-friendly or flexible.
“Don’t put all your eggs in one basket” is all wrong. I tell you “put all your eggs in one basket, and then watch that basket.” Look round you and take notice; men who do that do not often fail. It is easy to watch and carry the one basket. It is trying to carry too many baskets that breaks most eggs in this country.
And true enough, but somehow to me one President striking a previous President's executive order doesn't rise to the level of "overreaching". That is, this specific case is not executive overreach.
No real concern there. I'm just pointing out that by vacating the previous President's order (rather than legislating or. Using the courts), it's a tacit way of assuring the same can happen in the future.
I ignored your talk of how much it costs to deport someone as a "yeah but" moving goalpost. It costs a lot of money to try someone for assault and put them in jail, too, but I don't think we should stop doing that.
I'm not saying it shouldn't be done because it's expensive. I am saying that it's hypocritical for Congress to demand better enforcement while providing no new resources. It's as if a city council who demands that an unfunded law enforcement should improve "because we said so."
Much like criminal law enforcement, if you have a surge in crime, you're going to need a surge in law enforcement funding. I'm OK with that, but apparently Congress isn't.
Look, I explicitly avoided even mentioning DACA, and you shoot out ten paragraphs as if I'm a huge supporter. I'm not.
I'm not a fan of the way Congress (any congress) passes bills that cost billions of dollars per year — and then refuses to pay for it.
Immigration is one facet to the problem: deporting immigrants is expensive. By US law, they have a right to a hearing. Even if they are cleared to be deported, it costs time and money to transport them (not unlike any other government detainee).
When Congress failed to pass an updated budget from 2011-2015, it left funding at 2010 levels; unfortunately during that time, the drug war in Mexico and Ecuador drove a surge of refugees to the US: more people to deport, and no additional money to do it. The funding problem is the fault of Congress - they couldn't pass a budget to fully fund enforcement.
The way to overturn DACA would require the courts to overturn it (which hasn't happened in six years), an act of congress (overriding a presidential veto), or a new president to vacate it. So far, it's looking like option #3.
Considering the number of executive orders President Trump signed in his first few weeks of office, as well as Congress not explicitly legislating away the ability to create a different far reaching executive order, I'm increasingly convinced overreaching executive orders will continue for the forseeable future.
Ah yes, fiction, where the facts never get in the way of a good story.
A virus that kills only "Africans" is a fantasy. There is no "African" ethnicity; there are thousands, often Europeans are closer genetically to African ethnicities than between two different African ethnicities.
Actually it is our problem: We have obligations to our own deportation laws. We've signed treaties which add obligations. There are obligations under international law that have to be met.
As of 2016, there's a cost of ~$10,000 per person deported, which is another taxpayer obligation.
We don't get to walk away from any of those obligations. They are our problems.
Not everything needs a bilateral treaty. As the GP stated "the requirement that the destination country agree to accept the deported person" -- every nation can deny entry to anyone, and is actually done quite often. There are a lot of guys in Guantanamo who have been cleared of any crime, but have no country willing to accept them, including their country of birth.
The UN states that there are over 10 million people who are denied a nationality. There's literally nowhere to deport them to.
The US doesn't generally deport refugees who are likely to suffer death or torture in their home country, regardless of how they got here.
Literally, the list goes on seemingly forever. By US law, it's not as simple as "deporting them."
Even when it does deport somebody, the US has its own laws for how deportees are to be treated -- generally similar to a domestic criminal. Deportation isn't cheap: ICE spent 3.2 billion dollars in 2016, with an average cost of over $10,000 per person deported.
So not only is it not as simple as "deporting them", it's also quite expensive.
The Act was designed to improve border control by imposing criminal penalties for racketeering, alien smuggling and the use or creation of fraudulent immigration-related documents and increasing interior enforcement by agencies charged with monitoring visa applications and visa abusers.
So in other words, the law was supposed to "impose criminal penalties" for a host of things which were already illegal, and requiring more spending by more agencies, while providing very little additional funding?
That definitely sounds like Congress waving its hands.
Even with illegal immigration, there are laws that have to be followed before anyone is deported, and each deportation conducted by ICE cost taxpayers an average of $10,854 in fiscal 2016.
The agency literally runs out of money deporting people. Effectively, there a limited number of "tickets" out of country, and the Executive gets to decide how to prioritize the passengers.
A big problem there is the Republicans seem completely unwilling to engage in bipartisanship -- in fact, the threat of bipartisanship was used by Mitch McConnell to try to get Republicans to fall in line.
I'm not saying the Democrats are any better, but it definitely seems the Republicans idea of bipartisanship is demanding Democratic capitulation, rather than any sort of compromise on their part.
Slashdot Mirror
Is that thanks to Sony vs Betamax, it's legal to record OTA TV with a DVR.
Not really. I'll cast aside the fact that Betamax is from Sony, and move on to the real point: At least in the US, we all owe a debt to Mr. Fred Rogers, who testified before Congress that some kids couldn't watch Mr. Roger's Neighborhood because it was aired at times the kids couldn't see it. A VCR let parents record Mr. Roger's Neighborhood, and those kids could watch his show.
The eventual SCOTUS decision in 1983 included a quote from Mr. Rogers's testimony:
Some public stations, as well as commercial stations, program the "Neighborhood" at hours when some children cannot use it ... I have always felt that with the advent of all of this new technology that allows people to tape the "Neighborhood" off-the-air, and I'm speaking for the "Neighborhood" because that's what I produce, that they then become much more active in the programming of their family's television life. Very frankly, I am opposed to people being programmed by others. My whole approach in broadcasting has always been "You are an important person just the way you are. You can make healthy decisions." Maybe I'm going on too long, but I just feel that anything that allows a person to be more active in the control of his or her life, in a healthy way, is important.
More to the point: TFA's author is name-dropping, pure and simple.
Just because somebody stated something in a particular context doesn't make it their universal opinion. But, you know, anything Apple is click-baity, so throw it in and watch those hits roll in!
It's especially rich that the guy moans how Steve Jobs ruined his Android application. Apparently, if it weren't for Steve Jobs dictating the direction of Android, we wouldn't have this problem...
My experience has long been that demanding a specific "fix" (in this case a "refresh") is counter-productive.
It's a lot like a person who has intense gut pain, and they go to the doctor to demand opioids.
True, opioids do make the pain go away, but it doesn't actually solve their ruptured appendix, and the doctor knows it is going to take a lot more than a few cents worth of oxycodone to resolve the problem.
A refresh button may make the pain go away temporarily, but it doesn't fix the problem.
More than anything, the article reeks of a guy who is complaining about a shitty software package, and then thinks that the thing he wants will actually fix the problem.
It's like having a parent who's child needs surgery to remove his appendix, but goes to the doctor demanding opioids, because he knows opioids will make the pain go away.
I guess JS coders are rediscovering multiuser issues.
Well, when you get your degree and and the only work you've ever done is single-user, single process, single thread, on an OS whose primary interface accommodates a single user...
Then taking a sample set of a couple poorly-coded apps and deciding it represents everything...
And finally blaming a guy for pointing out how things should work as the reason the app is coded poorly.
Yeah... sounds like the guy is trying to blame his problems on the wrong people. He'd go far in Politics.
Thanks for the link! I'm not finished with it, but I already like the story.
A lot of it comes down to arrogance, competitiveness, and aggression, as well as a a certain level of intelligence, and low aversion to risk.
I see countless numbers of people who have all of the same characteristics at the local homeless shelter too. (Believe me, the majority aren't stupid, lazy, passive. Most drug abuse starts from a low aversion to risk, for that matter.)
A low aversion to risk nearly always goes very badly unless -- like Steve Jobs, Mark Zuckerburg, or Richard Branson, you come from a family wealthy enough and forgiving enough to absorb the losses from your risk taking.
The guys at the homeless shelter, on the other hand, are the guys who took a chance and didn't have anything to fall back on -- and lost everything.
The survivorship bias perpetuates the myth - it's far less glamorous to learn from the mistakes of "loser's" than it is to idolize the "winners".
Here in the US, banks charge $10 for a wire transfer,
For a "wire transfer", perhaps (I recall doing that for the down payment on my mortgage) , but an ACH transaction is generally free.
That's not to say that ACH isn't without issues, but the big issue in the US is cultural, rather than technological.
A government-backed payment system would give the IRS a way to monitor payments, and makes it a lot easier to prosecute people with apparently untaxed income. Gotta keep those guys with accounts in the Cayman islands happy.
I couldn't care less if they piss off a pack of SJWs with the name, I'm just disgusted that they could get funding for such trivial shit.
I'd say this is just misdirection: They're trying to deflect criticism of their awful idea by saying "people are manufacturing controversy over our name".
You have no evidence to back up your claim. It is entirely possible that the overall accident rate will increase because people will start to rely on autonomous
driving systems in situations where they are not safe or use them in ways that are unsafe
This isn't Nature or some other scientific journal. Demanding evidence that's easily found with your search engine of choice is often considered impolite.
Thus far, autonomous driving has had far fewer collisions per mile driven than human drivers. Tesla's AutoSteer reduced collisions by over 40%. It's a staggering improvement in overall safety.
Humans don't handle the corner cases autonomous systems struggle with very well either. The fact that the Tesla driver had 10 seconds to "notice" something was amiss doesn't mean much.
Even when we're "paying close attention", our brains will often ignore really important details. We even pay for the privilege when Magicians exploit it, because we respect the skill involved.
Then again... TFA is by Nicole Nguyen... so...
I'd +5 informative you if I could.
Why is /. letting authors post their own clickbait?
I have a lot of respect for DJB. And he's pointed out theoretical attacks, and a few points where it's easy to make implementation mistakes when developing crypto code. The thing with theoretical attacks is that they seldom are practical. Most of the issues he brings up are pitfalls specific to the algorithms, and good implementations don't fall into them.
DJB also found weaknesses in AES; that doesn't mean it's likely to ever have a practical break. DJB is a researcher, and is always looking for better solutions. If we ever get around to replacing ECDSA, his research will be a valuable resource -- assuming that Quantum computing is the reason we're replacing ECDSA.
Implementation issues don't necessitate that ECDSA is weak; ECDSA is at the heart of most modern TLS certificates, including many of Google's, as well as being central to BitCoin.
U2F is a wrapper around OpenPGP in one direction. It could have easily been a wrapper around OpenPGP in its entire, but it's not.
I'm unable to find anything regarding OpenPGP in the FIDO U2F specifications Everything points to it being a cryptographic authentication. The communication protocol is utterly unlike OpenPGP.
All the way down to the hardware level, including open-source U2F token designs. (The link can do U2F, but has zero OpenPGP capability)
As far as I've been able to research (and I'm implementing FIDO U2F for my employer), U2F is entirely separate from OpenPGP.
If you have anything that says otherwise, I'd appreciate it.
As long as 99.9% of the settlement goes to those who were affected I can get behind this. Unfortunately I know that a huge chunk will go to the lawyers.
Given that Equifax has a market cap of ~$17 Billion, it's hard to imagine that any settlement would approach the $70 billion the law firm is seeking.
Any competent board would just close down the company. If you're going to take out junk bonds to fund a company, it might as well be a new one without the baggage.
The U2F devices use RSA (up to 2048-bit on some devices, 4096 on bigger ones) or known-weak ECDSA (curve 256 and curve 384).
What weakness in ECDSA? Are you confusing it with Dual_EC_DRBG pseudorandom numbers?
There have been weaknesses due to bugs in a couple of implementations of ECDSA, but overall, I've seen nothing to suggest it isn't more solid than RSA.
Most-egregiously, however, the standards don't specify decryption. The standards specify digital signing, yet they don't specify the acceptance of a block of data encrypted with the public key and the return of a decrypted block of data.
That's because U2F is a one-way authentication standard. It authenticates you to the service.
Yubi's more expensive/featureful devices add a built-in OpenPGP Smartcard -- which is an entirely different standard. The OpenPGP ecosystem has never been accused of being user-friendly or flexible.
Reminds me of a quote from Andrew Carnegie:
“Don’t put all your eggs in one basket” is all wrong. I tell you “put all your eggs in one basket, and then watch that basket.” Look round you and take notice; men who do that do not often fail. It is easy to watch and carry the one basket. It is trying to carry too many baskets that breaks most eggs in this country.
And true enough, but somehow to me one President striking a previous President's executive order doesn't rise to the level of "overreaching". That is, this specific case is not executive overreach.
No real concern there. I'm just pointing out that by vacating the previous President's order (rather than legislating or. Using the courts), it's a tacit way of assuring the same can happen in the future.
I ignored your talk of how much it costs to deport someone as a "yeah but" moving goalpost. It costs a lot of money to try someone for assault and put them in jail, too, but I don't think we should stop doing that.
I'm not saying it shouldn't be done because it's expensive. I am saying that it's hypocritical for Congress to demand better enforcement while providing no new resources. It's as if a city council who demands that an unfunded law enforcement should improve "because we said so."
Much like criminal law enforcement, if you have a surge in crime, you're going to need a surge in law enforcement funding. I'm OK with that, but apparently Congress isn't.
Look, I explicitly avoided even mentioning DACA, and you shoot out ten paragraphs as if I'm a huge supporter. I'm not.
I'm not a fan of the way Congress (any congress) passes bills that cost billions of dollars per year — and then refuses to pay for it.
Immigration is one facet to the problem: deporting immigrants is expensive. By US law, they have a right to a hearing. Even if they are cleared to be deported, it costs time and money to transport them (not unlike any other government detainee).
When Congress failed to pass an updated budget from 2011-2015, it left funding at 2010 levels; unfortunately during that time, the drug war in Mexico and Ecuador drove a surge of refugees to the US: more people to deport, and no additional money to do it. The funding problem is the fault of Congress - they couldn't pass a budget to fully fund enforcement.
The way to overturn DACA would require the courts to overturn it (which hasn't happened in six years), an act of congress (overriding a presidential veto), or a new president to vacate it. So far, it's looking like option #3.
Considering the number of executive orders President Trump signed in his first few weeks of office, as well as Congress not explicitly legislating away the ability to create a different far reaching executive order, I'm increasingly convinced overreaching executive orders will continue for the forseeable future.
Ah yes, fiction, where the facts never get in the way of a good story.
A virus that kills only "Africans" is a fantasy. There is no "African" ethnicity; there are thousands, often Europeans are closer genetically to African ethnicities than between two different African ethnicities.
Fuck'em...its not our problem.
Actually it is our problem: We have obligations to our own deportation laws. We've signed treaties which add obligations. There are obligations under international law that have to be met.
As of 2016, there's a cost of ~$10,000 per person deported, which is another taxpayer obligation.
We don't get to walk away from any of those obligations. They are our problems.
Not everything needs a bilateral treaty. As the GP stated "the requirement that the destination country agree to accept the deported person" -- every nation can deny entry to anyone, and is actually done quite often. There are a lot of guys in Guantanamo who have been cleared of any crime, but have no country willing to accept them, including their country of birth.
The UN states that there are over 10 million people who are denied a nationality. There's literally nowhere to deport them to.
The US doesn't generally deport refugees who are likely to suffer death or torture in their home country, regardless of how they got here.
Literally, the list goes on seemingly forever. By US law, it's not as simple as "deporting them."
Even when it does deport somebody, the US has its own laws for how deportees are to be treated -- generally similar to a domestic criminal. Deportation isn't cheap: ICE spent 3.2 billion dollars in 2016, with an average cost of over $10,000 per person deported.
So not only is it not as simple as "deporting them", it's also quite expensive.
The Act was designed to improve border control by imposing criminal penalties for racketeering, alien smuggling and the use or creation of fraudulent immigration-related documents and increasing interior enforcement by agencies charged with monitoring visa applications and visa abusers.
So in other words, the law was supposed to "impose criminal penalties" for a host of things which were already illegal, and requiring more spending by more agencies, while providing very little additional funding?
That definitely sounds like Congress waving its hands.
Even with illegal immigration, there are laws that have to be followed before anyone is deported, and each deportation conducted by ICE cost taxpayers an average of $10,854 in fiscal 2016.
The agency literally runs out of money deporting people. Effectively, there a limited number of "tickets" out of country, and the Executive gets to decide how to prioritize the passengers.
Nah, my view is more along the lines of:
Extremes to the right and left of any political dispute are always wrong.
— Dwight Eisenhower
A big problem there is the Republicans seem completely unwilling to engage in bipartisanship -- in fact, the threat of bipartisanship was used by Mitch McConnell to try to get Republicans to fall in line.
I'm not saying the Democrats are any better, but it definitely seems the Republicans idea of bipartisanship is demanding Democratic capitulation, rather than any sort of compromise on their part.
If we wanted, we could invade Africa, one country at a time, kill all the warlords, take away all the guns and provide all the necessary items.
Obligatory Monty Python It actually illustrates the point pretty well -- the benefits are beside the point to many.
It's almost like we have people who are shocked - SHOCKED - that intelligence agencies keep secrets, and have good reasons to continue to do so.