If so, the money they get from the SLAPP-back lawsuits could fill the Pirate Party's campaign coffers for the next century. This is a very stupid move for any large group of companies to pull. If BPI has even a mote of legal sense, they need to fire their lawyers now, pull out of the suit, and offer a settlement in exchange for the Pirate Party not countersuing.
Technologically speaking, that's pretty much solved, too. The only shortage is money to build the transatlantic superconducting power infrastructure and put solar panels on every rooftop on the planet.
I kinda have my doubts that a buffer overflow on the CC decoder will really let you inject a bunch of code though. More likely the CC will wig out and display a black screen or just cause the TV to freeze.
Far more likely. But if you can make it crash, you can usually corrupt memory and cause arbitrary code execution if you work at it long enough. I mean, there are exceptions (the most common exception being many NULL pointer dereference bugs), but it is true more often than not. Unless, of course, the CC decoding is being done in hardware, but I doubt anybody does that anymore now that NTSC is ancient history.
IMO, it's not really a problem. As the amount of drinking water available starts to get moderately scarce, water districts will raise their rates to avoid the need for forced rationing. At that point, it will be financially viable to create clean drinking water in other ways. The market will react to this by building additional desalination plants and pumping stations, and there will be enough water to meet demand. After all, more than two-thirds of the planet is covered by water.
But the reason for using fields is so that the effective frame rate perceived is 60 frames per second, just at half the vertical resolution. Each field contains a different image than the field before it. So we're used to relatively fast frame rates. If people find 48 FPS distracting, the reason is probably either a psychological "uncanny valley" thing—because it feels almost like TV but not quite—or perhaps it just happens to be a magic speed that makes people uncomfortable for some reason. It certainly isn't because 48 FPS is faster than we're used to. It isn't. It's faster than we're used to seeing in theaters, but it's slower than we're used to seeing in our homes.
For that matter, even in theaters, 24 FPS isn't projected at 24 FPS; they project each frame twice so that it is above your flicker fusion threshold. The only difference with true 48 FPS is that you see different content every 48th of a second instead of seeing the same content twice in a row, which means that it is closer to what you see when you watch traditional NTSC TV (but still a lower perceived frame rate than NTSC video).
A 1500 watt generator won't suddenly explode or start turning backwards or fail spectacularly if you only connect a 500 watt load to it.
Actually, some of them will (though admittedly not generators as small as 1500W).
Generators either have governors or they don't. Small generators like you buy for your house do, precisely because they know people will need them to provide a highly variable load. Large generators don't. Some of them may use dummy loads to burn off the excess power, but for the most part, if there isn't enough load to balance out the water/steam flow (or whatever is turning the turbine), the generators trip, because otherwise they would spin up to speeds that could actually damage them.
Without sufficient load, AC generators also wouldn't produce power at the right frequency, because their frequency is proportional to the speed of the turbine, and the load partially determines the speed of the turbine, which means that when you connected them back to the grid suddenly, they would be massively out of sync, and things would go very, very wrong.:-)
But this problem does not apply to solar panels (or any other system where the AC power is generated by an inverter).
What other frequencies? I'm talking about data embedded in the channel you are watching.
When your TV decodes a digital bitstream for a particular channel, that data stream contains many unrelated pieces of data multiplexed together. A single ATSC stream for channel 7, for example, might contain video streams for subchannels 7.1 and 7.2 (each of which contains closed-captioning data), three audio-only streams, a stream containing guide data about upcoming programming, etc.
So what happens when somebody captures that channel off-air, modifies the signal to include code that attacks a buffer overflow in the closed-captioning decoder or the guide data decoder of a particular brand of TV, then connects the output of a moderately high-gain transmitter up to the cable TV line and transmits a modified version of the stream? Their signal is stronger, so it wins. Every TV in the neighborhood decodes that modified digital bitstream. Every TV with that particular vulnerability is now running arbitrary code provided by the attacker.
If that TV has an Internet connection, it then makes a connection out to a command-and-control server somewhere, and is now fully under the attacker's control. And if that TV has a camera attached, the attacker has the ability to watch or record whatever is happening in front of the TV (the striptease for your girlfriend/boyfriend, the confidential communication with your lawyer about the divorce, the dead mule who overdosed on cocaine at your bachelor party...).
If you're just using it for control purposes, it is possible to do so in a way that is relatively safe. Use two separate computers—one containing the DSP hardware and access to the camera, providing as its output only a series of control messages containing gesture events, and a second one that is the actual Internet-connected brain. Make sure the camera-connected device accepts only signed firmware updates.
If the Internet-connected device needs access to the camera, though, you're pretty much at the mercy of the device vendor's ability to write secure code. There's no way around it, because a device cannot both have access to the camera and not have access to it at the same time. The best you can do is provide a physical switch that physically disables the camera and microphone, or provide the camera and microphone as a USB-attached peripheral that the user can unplug at will.
Which they will hopelessly break in a firmware update six months later and then will never get around to fixing before they EOL the product.
TV and Blu-Ray player vendors are truly at the bottom of the barrel when it comes to writing software. To be fair, they always have been, but it just didn't matter as much when devices were dumb as dirt.
In the near future you will not be able to get a television that DOES NOT have a camera and/or microphone in it.
Nothing a little epoxy, wire cutters, and/or a Dremel can't solve.
Or if you don't want to lower the resale value, insist on buying a TV with an external microphone jack that is hardware-switched. Plug in a dummy plug. Attach electric tape over the camera.
Just like they got rid of webcams built into computers when it was found those could be hacked. Oh, wait...
Computers generally have a light associated with the webcam that cannot be disabled through software or firmware. And computers tend to be used actively. TVs tend to be used passively, so a light might not be enough to get your attention. Also, webcams on computers are at least moderately useful. Webcams on TVs are not, unless you want to be tethered to a single room while using video chat or something.
I read it that way initially and nearly wrote off the comment, but then I thought about it further. TVs could contain cable modems, but it isn't necessary. They're decoding digital data streams all day. Half the buffer overflow exploits I've seen in the past few years have involved image/video decompression, usually in the area of embedded tag parsing or some other similarly esoteric bit of functionality. Within a DVB bitstream, you have lots of side channels for things like program listings, CC data, etc. Any code that works with any of those pieces of data could contain bugs. And then some portion of your TV is 0wn3d.
Although the notion that such backdoors are intentional seems a little paranoid, the GP actually makes a good point about TVs being complex digital devices with no real firewall between them and potentially malicious data streams. The fact that there's no middleman for the malicious data—anybody anywhere on your local loop could potentially overpower the legitimate data and provide malicious data in its place—is just the icing on the cake.
That said, attacking smart TVs over the Internet (after exploiting bugs in the firewall) is probably a more straightforward attack approach. Network-attached smart TVs with cameras and any sort of network connectivity are pretty much a porno video waiting to happen. Anybody who says otherwise is kidding him/herself.
That was my thought as well. This is somewhat plausible for 24-bit recordings, but that isn't exactly something you see a lot of in the real world (outside of studios). Most recordings are 16-bit. The digital noise floor for 16-bit digital recordings is audible. If you have a 60 Hz hum that is loud enough to really be detected, that is also audible.
I suppose if the bottom bit is not dithered, you might—might—be able to apply some sort of statistical analysis to the data over time and arrive at a probability that the 60 Hz hum is likely not discontinuous, but being able to reproducibly detect individual waves with enough accuracy to use it as a time stamp sounds more like CSI physics than reality.
I could, however, believe that you might be able to decode WWV/WWVB from the signal, given a large enough set of samples, 192 kHz sampling rate, and no low-pass filtering. Of course, that isn't commonly seen even *in* recording studios....
Not trolling, just cynical. To better explain my logic, I'm going to break down the market by segment.
A sizable chunk of the PC market is bought by individuals. I suspect that exactly none of them care about AD except for the folks who are sysadmins for their day job. Therefore, this will have essentially no effect on those sales.
The majority of the remainder are PCs purchased by businesses. Within that market segment, the vast majority are for use by an individual. These are purchased by businesses to get a job done. The job requires Windows, so they buy Windows. If the Linux servers can't support AD, the people making the purchasing decisions tell the IT folks, "Find a way," and the Windows boxes get purchased anyway. Thus, the availability of Linux-based AD servers is unlikely to result in additional purchases of these machines, either.
That leaves the tiny fraction of a percent of computers that are being purchased to serve as domain controllers. Within that narrow space, for all but the largest and/or most tech-savvy organizations, most of them buy a Windows Server box, because they have a single IT person who already has to support Windows, so why bother adding a second OS into the mix?
By the time you ignore all the purchases that are absolutely guaranteed to be unaffected by this, you're down to probably tens of thousands of machines worldwide that are purchased for use as domain controllers... out of somewhere on the order of 140 million computers sold. So yeah, the computer market as a whole doesn't care. And although the business IT market cares a bit, it doesn't care enough to dump Microsoft on the desktop, hence their caring doesn't actually matter all that much.
Just as long as you don't have to create a table, add any sort of triggers, or do anything interesting like automatic time stamping on modification/creation, choosing a random n entries out of the matches without shipping the entire huge set over a slow network, etc., then yes. As soon as you have to do something even slightly nontrivial, the difference between SQL dialects becomes the tenth circle of hell.
Go into Frys (or local Geek store). Look at all the NAS boxes on the shelf. That's all Samba. Every one.
In much the same way that every Apple TV is an OS X workstation, yes.... Given the complexity involved in even simple contact syncing between AD and other systems, I'd expect that the portions of Samba those NAS servers don't use are probably bigger than the portions they do use. And although there's a market-enforced requirement that they not break basic SMB file sharing, the market as a whole couldn't care less about Linux boxes running as AD domain controllers.
First problem: If you're age 27, you have to assume that Social Security will not exist. Can you cover your costs until you are 90 or 100 without it?
Second problem: Your car will not last until you are 92. Factor in a new vehicle every 10 years. Amortized, that's about three grand a year today, four grand a year for the next one, five for the one after that....
Third problem: Past rates of inflation are no guarantee of future rates. The historical rule of thumb was to count on your cost of living doubling every ten years. If you're banking on less than that, you're taking a big risk. You're banking on only an eighth of that rate. Yes, maybe the interest rates will go up to compensate for faster rates of inflation, but that isn't a guarantee.
Fourth problem: Health insurance is notably absent, as is the cost of healthcare in general. That's at least another two grand per year, and rising rapidly. And add long-term care insurance to that, too. And spending only two grand per year usually means a high-deductible plan, which means you could get hit with another thousand bucks or more in out-of-pocket expenses if you have a bad year. This also assumes you have no ongoing medical costs.
Fifth problem: Are you going to cook every meal yourself? Because if you eat out regularly, seven bucks a day won't cut it. It isn't even close. And if you don't eat out, there went a fair amount of your newfound free time.
Sixth problem: You aren't factoring in the cost of having free time. I'm assuming you aren't just going to sit there and stare out at the sky all day. Pretty much anything else you do is going to raise your costs considerably, whether we're talking about electricity for running a TV/computer, gasoline for driving somewhere, or whatever.
A solar panel produces 8-10 watts per square foot. A smartphone while charging (with the screen off) typically draws no more than 500 mA at 5VDC, or about 2.5 watts. Some support faster charging at up to an amp. Either way, it requires nowhere near your entire surface area; with traditional PV cells, a typical adult could produce that much power with just one sleeve in full sun, give or take.
How that translates to flexible PV threads is anybody's guess.
You mean those rich, rich assholes with millions of dollars in debt, private aircraft, golden yachts, helipads installed at their twelfth and thirty-eighth vacation homes in foreign countries, and $6 million salaries don't spend their money? Why don't they retire if they have enough money to pay their debts and keep funding their expenses for the forseeable twelve lifetimes? If I had half a million, right now, I'd retire and still be rich when I died.
Most rich individuals (folks with over a couple million in net worth) don't have mountains of debt; they have that net worth precisely because they saved it or invested it rather than spending it. Yes, there are some rich people who take on huge debts, but that simply isn't the norm. If a rich person takes on a debt, it is usually because they are making more money off of their investments than the cost of the loan, not because they couldn't do something without taking on that debt. The exceptions usually don't stay rich for very long (e.g. lottery winners).
Also, unless you're pretty old (like 85), you probably can't retire on half a million. If you are in your thirties, you'd need about 1.5–3 million dollars if you wanted to safely retire today, assuming typical middle-class levels of expense. If you are in your sixties, you'd probably need about a million dollars. Interpolate as needed.
And selling stock is a pain in the ass--you can't do it at any conveniently strategic time without publicly declaring why you think it's a good idea to sell first (insider trading laws).
This is why most executives cash out large chunks of shares on a regular schedule, typically two years after they vest, then invest that money into companies that they don't work for. That said, not everybody follow that strategy.
If so, the money they get from the SLAPP-back lawsuits could fill the Pirate Party's campaign coffers for the next century. This is a very stupid move for any large group of companies to pull. If BPI has even a mote of legal sense, they need to fire their lawyers now, pull out of the suit, and offer a settlement in exchange for the Pirate Party not countersuing.
Technologically speaking, that's pretty much solved, too. The only shortage is money to build the transatlantic superconducting power infrastructure and put solar panels on every rooftop on the planet.
Far more likely. But if you can make it crash, you can usually corrupt memory and cause arbitrary code execution if you work at it long enough. I mean, there are exceptions (the most common exception being many NULL pointer dereference bugs), but it is true more often than not. Unless, of course, the CC decoding is being done in hardware, but I doubt anybody does that anymore now that NTSC is ancient history.
Cell phone.
But what about deaths of straight people?
IMO, it's not really a problem. As the amount of drinking water available starts to get moderately scarce, water districts will raise their rates to avoid the need for forced rationing. At that point, it will be financially viable to create clean drinking water in other ways. The market will react to this by building additional desalination plants and pumping stations, and there will be enough water to meet demand. After all, more than two-thirds of the planet is covered by water.
But the reason for using fields is so that the effective frame rate perceived is 60 frames per second, just at half the vertical resolution. Each field contains a different image than the field before it. So we're used to relatively fast frame rates. If people find 48 FPS distracting, the reason is probably either a psychological "uncanny valley" thing—because it feels almost like TV but not quite—or perhaps it just happens to be a magic speed that makes people uncomfortable for some reason. It certainly isn't because 48 FPS is faster than we're used to. It isn't. It's faster than we're used to seeing in theaters, but it's slower than we're used to seeing in our homes.
For that matter, even in theaters, 24 FPS isn't projected at 24 FPS; they project each frame twice so that it is above your flicker fusion threshold. The only difference with true 48 FPS is that you see different content every 48th of a second instead of seeing the same content twice in a row, which means that it is closer to what you see when you watch traditional NTSC TV (but still a lower perceived frame rate than NTSC video).
Actually, some of them will (though admittedly not generators as small as 1500W).
Generators either have governors or they don't. Small generators like you buy for your house do, precisely because they know people will need them to provide a highly variable load. Large generators don't. Some of them may use dummy loads to burn off the excess power, but for the most part, if there isn't enough load to balance out the water/steam flow (or whatever is turning the turbine), the generators trip, because otherwise they would spin up to speeds that could actually damage them.
Without sufficient load, AC generators also wouldn't produce power at the right frequency, because their frequency is proportional to the speed of the turbine, and the load partially determines the speed of the turbine, which means that when you connected them back to the grid suddenly, they would be massively out of sync, and things would go very, very wrong. :-)
But this problem does not apply to solar panels (or any other system where the AC power is generated by an inverter).
What other frequencies? I'm talking about data embedded in the channel you are watching.
When your TV decodes a digital bitstream for a particular channel, that data stream contains many unrelated pieces of data multiplexed together. A single ATSC stream for channel 7, for example, might contain video streams for subchannels 7.1 and 7.2 (each of which contains closed-captioning data), three audio-only streams, a stream containing guide data about upcoming programming, etc.
So what happens when somebody captures that channel off-air, modifies the signal to include code that attacks a buffer overflow in the closed-captioning decoder or the guide data decoder of a particular brand of TV, then connects the output of a moderately high-gain transmitter up to the cable TV line and transmits a modified version of the stream? Their signal is stronger, so it wins. Every TV in the neighborhood decodes that modified digital bitstream. Every TV with that particular vulnerability is now running arbitrary code provided by the attacker.
If that TV has an Internet connection, it then makes a connection out to a command-and-control server somewhere, and is now fully under the attacker's control. And if that TV has a camera attached, the attacker has the ability to watch or record whatever is happening in front of the TV (the striptease for your girlfriend/boyfriend, the confidential communication with your lawyer about the divorce, the dead mule who overdosed on cocaine at your bachelor party...).
If you're just using it for control purposes, it is possible to do so in a way that is relatively safe. Use two separate computers—one containing the DSP hardware and access to the camera, providing as its output only a series of control messages containing gesture events, and a second one that is the actual Internet-connected brain. Make sure the camera-connected device accepts only signed firmware updates.
If the Internet-connected device needs access to the camera, though, you're pretty much at the mercy of the device vendor's ability to write secure code. There's no way around it, because a device cannot both have access to the camera and not have access to it at the same time. The best you can do is provide a physical switch that physically disables the camera and microphone, or provide the camera and microphone as a USB-attached peripheral that the user can unplug at will.
Which they will hopelessly break in a firmware update six months later and then will never get around to fixing before they EOL the product.
TV and Blu-Ray player vendors are truly at the bottom of the barrel when it comes to writing software. To be fair, they always have been, but it just didn't matter as much when devices were dumb as dirt.
Nothing a little epoxy, wire cutters, and/or a Dremel can't solve.
Or if you don't want to lower the resale value, insist on buying a TV with an external microphone jack that is hardware-switched. Plug in a dummy plug. Attach electric tape over the camera.
Computers generally have a light associated with the webcam that cannot be disabled through software or firmware. And computers tend to be used actively. TVs tend to be used passively, so a light might not be enough to get your attention. Also, webcams on computers are at least moderately useful. Webcams on TVs are not, unless you want to be tethered to a single room while using video chat or something.
You can probably turn the overscan off....
I read it that way initially and nearly wrote off the comment, but then I thought about it further. TVs could contain cable modems, but it isn't necessary. They're decoding digital data streams all day. Half the buffer overflow exploits I've seen in the past few years have involved image/video decompression, usually in the area of embedded tag parsing or some other similarly esoteric bit of functionality. Within a DVB bitstream, you have lots of side channels for things like program listings, CC data, etc. Any code that works with any of those pieces of data could contain bugs. And then some portion of your TV is 0wn3d.
Although the notion that such backdoors are intentional seems a little paranoid, the GP actually makes a good point about TVs being complex digital devices with no real firewall between them and potentially malicious data streams. The fact that there's no middleman for the malicious data—anybody anywhere on your local loop could potentially overpower the legitimate data and provide malicious data in its place—is just the icing on the cake.
That said, attacking smart TVs over the Internet (after exploiting bugs in the firewall) is probably a more straightforward attack approach. Network-attached smart TVs with cameras and any sort of network connectivity are pretty much a porno video waiting to happen. Anybody who says otherwise is kidding him/herself.
Why? 640 KB should be enough for anybody.
That was my thought as well. This is somewhat plausible for 24-bit recordings, but that isn't exactly something you see a lot of in the real world (outside of studios). Most recordings are 16-bit. The digital noise floor for 16-bit digital recordings is audible. If you have a 60 Hz hum that is loud enough to really be detected, that is also audible.
I suppose if the bottom bit is not dithered, you might—might—be able to apply some sort of statistical analysis to the data over time and arrive at a probability that the 60 Hz hum is likely not discontinuous, but being able to reproducibly detect individual waves with enough accuracy to use it as a time stamp sounds more like CSI physics than reality.
I could, however, believe that you might be able to decode WWV/WWVB from the signal, given a large enough set of samples, 192 kHz sampling rate, and no low-pass filtering. Of course, that isn't commonly seen even *in* recording studios....
Academic?
Not trolling, just cynical. To better explain my logic, I'm going to break down the market by segment.
A sizable chunk of the PC market is bought by individuals. I suspect that exactly none of them care about AD except for the folks who are sysadmins for their day job. Therefore, this will have essentially no effect on those sales.
The majority of the remainder are PCs purchased by businesses. Within that market segment, the vast majority are for use by an individual. These are purchased by businesses to get a job done. The job requires Windows, so they buy Windows. If the Linux servers can't support AD, the people making the purchasing decisions tell the IT folks, "Find a way," and the Windows boxes get purchased anyway. Thus, the availability of Linux-based AD servers is unlikely to result in additional purchases of these machines, either.
That leaves the tiny fraction of a percent of computers that are being purchased to serve as domain controllers. Within that narrow space, for all but the largest and/or most tech-savvy organizations, most of them buy a Windows Server box, because they have a single IT person who already has to support Windows, so why bother adding a second OS into the mix?
By the time you ignore all the purchases that are absolutely guaranteed to be unaffected by this, you're down to probably tens of thousands of machines worldwide that are purchased for use as domain controllers... out of somewhere on the order of 140 million computers sold. So yeah, the computer market as a whole doesn't care. And although the business IT market cares a bit, it doesn't care enough to dump Microsoft on the desktop, hence their caring doesn't actually matter all that much.
Just as long as you don't have to create a table, add any sort of triggers, or do anything interesting like automatic time stamping on modification/creation, choosing a random n entries out of the matches without shipping the entire huge set over a slow network, etc., then yes. As soon as you have to do something even slightly nontrivial, the difference between SQL dialects becomes the tenth circle of hell.
In much the same way that every Apple TV is an OS X workstation, yes.... Given the complexity involved in even simple contact syncing between AD and other systems, I'd expect that the portions of Samba those NAS servers don't use are probably bigger than the portions they do use. And although there's a market-enforced requirement that they not break basic SMB file sharing, the market as a whole couldn't care less about Linux boxes running as AD domain controllers.
FTFY.
I see several problems with your numbers:
First problem: If you're age 27, you have to assume that Social Security will not exist. Can you cover your costs until you are 90 or 100 without it?
Second problem: Your car will not last until you are 92. Factor in a new vehicle every 10 years. Amortized, that's about three grand a year today, four grand a year for the next one, five for the one after that....
Third problem: Past rates of inflation are no guarantee of future rates. The historical rule of thumb was to count on your cost of living doubling every ten years. If you're banking on less than that, you're taking a big risk. You're banking on only an eighth of that rate. Yes, maybe the interest rates will go up to compensate for faster rates of inflation, but that isn't a guarantee.
Fourth problem: Health insurance is notably absent, as is the cost of healthcare in general. That's at least another two grand per year, and rising rapidly. And add long-term care insurance to that, too. And spending only two grand per year usually means a high-deductible plan, which means you could get hit with another thousand bucks or more in out-of-pocket expenses if you have a bad year. This also assumes you have no ongoing medical costs.
Fifth problem: Are you going to cook every meal yourself? Because if you eat out regularly, seven bucks a day won't cut it. It isn't even close. And if you don't eat out, there went a fair amount of your newfound free time.
Sixth problem: You aren't factoring in the cost of having free time. I'm assuming you aren't just going to sit there and stare out at the sky all day. Pretty much anything else you do is going to raise your costs considerably, whether we're talking about electricity for running a TV/computer, gasoline for driving somewhere, or whatever.
Your math is off by orders of magnitude.
A solar panel produces 8-10 watts per square foot. A smartphone while charging (with the screen off) typically draws no more than 500 mA at 5VDC, or about 2.5 watts. Some support faster charging at up to an amp. Either way, it requires nowhere near your entire surface area; with traditional PV cells, a typical adult could produce that much power with just one sleeve in full sun, give or take.
How that translates to flexible PV threads is anybody's guess.
Most rich individuals (folks with over a couple million in net worth) don't have mountains of debt; they have that net worth precisely because they saved it or invested it rather than spending it. Yes, there are some rich people who take on huge debts, but that simply isn't the norm. If a rich person takes on a debt, it is usually because they are making more money off of their investments than the cost of the loan, not because they couldn't do something without taking on that debt. The exceptions usually don't stay rich for very long (e.g. lottery winners).
Also, unless you're pretty old (like 85), you probably can't retire on half a million. If you are in your thirties, you'd need about 1.5–3 million dollars if you wanted to safely retire today, assuming typical middle-class levels of expense. If you are in your sixties, you'd probably need about a million dollars. Interpolate as needed.
This is why most executives cash out large chunks of shares on a regular schedule, typically two years after they vest, then invest that money into companies that they don't work for. That said, not everybody follow that strategy.