DRM is more than just encryption. Otherwise they wouldn't have invented new acronyms. DRM is a means to ensure that you can only decrypt under certain conditions; only in approved locations, only at approved times, only if content has not been revoked, only if used on approved equipment, only with permission from the mother ship, etc.
I think it is highly unlikely to have wide spread use of driverless cars by then. We're at the extreme infancy of the whole concept. Demos from google should not be misinterpreted to mean that the technology is here.
As well, you stay on the job until you get a new job. If you have a replacement job already then quit the current one and take it. But if you don't have that job then it's stupid to quit and lose the income.
What's the actual point of it all? Why is "keep yourself on task" considered to be something worthwhile? My life is more enjoyable when I'm not 100% focused on one single task. Maybe the company wants me on task, but Slashdot is not asking "how do you keep your slaves busy?" but is instead asking us about how we voluntarily work against our own self interests.
Every crypto is roll your own at some point in its life...
So first off, you can't easily use other people's code. Ie, Linux has an awesome crypto library, let's say hypothetically. That is then useless on many systems. Maybe there's not enough RAM for something that assume's in a PC, or it's GPL and thus can't be linked into a system that doesn't use shared libraries, and similar problems like that. Open SSL ends up with problems and scares away the bosses from using it. So you turn to a proprietary third party library. But you have no way of knowing if their huge fee is going to provide actual security or if it's just marketing hype. It really is a sticky problem. Even for something as simple as AES it's a chore to find an open implementation that's actively being maintained and that works with your system; and when you do one of your expensive security consultant mandates that you stop using AES for being too old and not cool enough.
For example, our existing security system, by itself and with no application, operating system, or networking protocols, is nearly too large to fit in some of our projects, and is excessively too large for some of our partner systems.
Only one elliptic curve method using a set of parameters that may be been chosen by the NSA is at risk. Elliptic curve in itself is still secure as far as I know.
I've switched to duckduckgo as the default search engine, because with google the search results felt so targeted that it was creepy. Even when I log out from google, I can see that it sorts the possible completions of what I type differently from duckduckgo. Ie, google is showing names of computer games high up on the list, and I don't think it's because there are lots of computer game players in my office.
For me on Google+, it is utterly inundated by far right posts in the "what's hot" section. Ie, the ones that call Boehner a traitor because he allowed a bill to get to Obama. A few far left wing ones as well but not as many. No centrist positions at all. This has been going on since the last election - prior to that I never saw any political posts on G+.
So for me, there's no bubble, it's nearly the opposite of a bubble since I keep seeing crap I don't want to see. Now that could be good if we saw a range of political views of the sort to help one make a more informed opinion. But instead it's conspiracy theories and name calling.
So what's worse, the Facebook bubble or the boxing match?
A kernel always reinvents things. New file systems, new paging algorithms, new memory management. Maybe in applications you don't reinvent the wheel, but in low level code you do that often.
Well, I don't have one of these devices or the manual, but when I started my first comment my assumption was that these were entirely stand alone devices. They look just like padlocks. Apparently the keys can be updated, where all the logic is, but they're not always connected to the internet. Thus the company still has to notify all customers, the customers have to get new keys (though anyone using such a secure type of lock is used to key management), and so forth.
Plus of course, that 30 days includes time to fix the problems. That's a very short time to evaluate the problems, come up with solutions, test the solutions thoroughly, and roll them out. Though I presume after a couple weeks when the complete stranger's report of flaws is verified that they can move into panic mode and speed it up. If the flaws are as bad as the blogger is alleging then it sounds like redesign is needed rather than quick and dirty hacks.
I've had a bug where a regulatory officer was sitting in my cube and describing how urgent the bug was. Just being in that sort of situation slows you down, you spend extra time testing, you spend half the day in meetings, you get extra code reviews, documents get filed, etc.
Someone I know has a fast way to compute CRCs without tables that use only a single loop. The method seems broken to some people who want to see the traditional nested loops, and they insist that the code must be wrong and so it should be rewritten to be larger and slower. They probably think it's an "ugly hack". But when you do the math it all works out.
Yup, they are trying to make portable code which is also efficient, and that's hard to do as pragmatics keep tripping you up. With a lot of other languages, the portability is generally easier because there are no compiler differences, no machine differences, no limited subsets available for smaller machines, or the community generally never worries about portability.
But that's mostly a C implementation of unrolling, something that would be perfectly normal in assembler code. But then there are the programmers who in their effort to banish all forms of Fortran style spaghetti code reject anything that can't be easily reworked with IFs and WHILEs. It probably also horrifies some programmers who think it's premature optimization (if it's not yet the end of the world then it's too soon).
I think the key difference here is that when someone uses C they want efficient code to some extent. Small, or fast, or both. In other languages the culture is often "do it in the method approved by the sacred elders", and so ugly hacks may be forbidden and the slow/bulky method is preferred, according to the mantra "do not reinvent the wheel because thou are not as wise as the wheel builder". Or the presence of an ugly hack implies that the novice must clearly have been prematurely optimizing, for as the wise men say tomorrow is too soon to optimize.
For example in Python the claim is that there's almost always only one way to do something, which either means ugly hacks are not possible, or else there's a lack of imagination amongst the programmers.
The higher level a language is, the more it seems that the goal is to get stuff done fast rather than efficient or elegant.
Finally, I have actually seen cases where code is labeled an "ugly hack" when it really wasn't a hack at all but rather not as tiny or or elegant as the author wanted.
But the researcher is not an employee. Just because this random stranger, self proclaimed "researcher", finds some flaws does not create any obligation whatsoever to respond to this guy. The blogger is issuing dire threats, even if he doesn't see it that way. The only reason they company cares about him is because of the threat he represents and the damage that could result to their financials and customer base. Sure, it's smart to negotiate with those threatening harm, but failing to do so does not absolve the person pulling the trigger.
This is basically extortion. Telling a victim to meet your demands otherwise harm results. The law does not forgive the harm that is done if the victim fails to comply with the demands.
The company sees an extremely dangerous threat, so it of course responds with threats of their own. Self defense. You point a gun at someone you should not be surprised if someone points a gun back the other way. I suspect the blogger sees himself as a white hat wearer, and is baffled that the company he is threatening doesn't feel the same way.
Is it such a device? The picture seems to show a normal padlock type of device with some electronics inside. There's no sign of an internet port or radio. The company has no possible way to upgrade this remoately, and no time was given for them to recall all the devices before the bomb goes off in 30 days.
Sure, some people may claim it's the company's own fault for having a security flaw in the first place, since of course perfection is easy to comply with. Others may claim it's their own fault for creating such a standalone device in the first place, which sounds pretty farfetched even for die hard IoT believers. But even if these people are correct it does not justify threats and extortion.
For me, I chose a Linux distribution over BSD at the time, because the BSD distribution required me to have a whole lot more floppies to install it on. Linux allowed having a smaller installation, with more optional features, so that I could have a bare bones system and only needed a small set of floppies (that I copied to at work then carried home).
Also BSD at the time still kept the goofy disklabel disk partitioning scheme ("a" is always root, "b" is always swap, "c" is always the entire disk, etc). This was really confusing to many users, especially when combined with a PC that uses MBR scheme.
The philosophy was different too. BSD was all about keeping BSD as is, only put it on the PC. Linux didn't worry about throwing out some ideas and using different ones.
I don't think the license mattered that much at the start, because the majority of users for either one were in the university or at home.
DRM is more than just encryption. Otherwise they wouldn't have invented new acronyms. DRM is a means to ensure that you can only decrypt under certain conditions; only in approved locations, only at approved times, only if content has not been revoked, only if used on approved equipment, only with permission from the mother ship, etc.
I think it is highly unlikely to have wide spread use of driverless cars by then. We're at the extreme infancy of the whole concept. Demos from google should not be misinterpreted to mean that the technology is here.
As well, you stay on the job until you get a new job. If you have a replacement job already then quit the current one and take it. But if you don't have that job then it's stupid to quit and lose the income.
What's the actual point of it all? Why is "keep yourself on task" considered to be something worthwhile? My life is more enjoyable when I'm not 100% focused on one single task. Maybe the company wants me on task, but Slashdot is not asking "how do you keep your slaves busy?" but is instead asking us about how we voluntarily work against our own self interests.
4am, time to milk the spiders in the dark.
Did they run out of enough real jobs that they had to invent "developer evangelist"?
Every crypto is roll your own at some point in its life...
So first off, you can't easily use other people's code. Ie, Linux has an awesome crypto library, let's say hypothetically. That is then useless on many systems. Maybe there's not enough RAM for something that assume's in a PC, or it's GPL and thus can't be linked into a system that doesn't use shared libraries, and similar problems like that. Open SSL ends up with problems and scares away the bosses from using it. So you turn to a proprietary third party library. But you have no way of knowing if their huge fee is going to provide actual security or if it's just marketing hype. It really is a sticky problem. Even for something as simple as AES it's a chore to find an open implementation that's actively being maintained and that works with your system; and when you do one of your expensive security consultant mandates that you stop using AES for being too old and not cool enough.
For example, our existing security system, by itself and with no application, operating system, or networking protocols, is nearly too large to fit in some of our projects, and is excessively too large for some of our partner systems.
Only one elliptic curve method using a set of parameters that may be been chosen by the NSA is at risk. Elliptic curve in itself is still secure as far as I know.
I've switched to duckduckgo as the default search engine, because with google the search results felt so targeted that it was creepy. Even when I log out from google, I can see that it sorts the possible completions of what I type differently from duckduckgo. Ie, google is showing names of computer games high up on the list, and I don't think it's because there are lots of computer game players in my office.
Google does some tracking even if you're not logged in.
For me on Google+, it is utterly inundated by far right posts in the "what's hot" section. Ie, the ones that call Boehner a traitor because he allowed a bill to get to Obama. A few far left wing ones as well but not as many. No centrist positions at all. This has been going on since the last election - prior to that I never saw any political posts on G+.
So for me, there's no bubble, it's nearly the opposite of a bubble since I keep seeing crap I don't want to see. Now that could be good if we saw a range of political views of the sort to help one make a more informed opinion. But instead it's conspiracy theories and name calling.
So what's worse, the Facebook bubble or the boxing match?
Don't you need eThletes to be an eSport?
A kernel always reinvents things. New file systems, new paging algorithms, new memory management. Maybe in applications you don't reinvent the wheel, but in low level code you do that often.
Well, I don't have one of these devices or the manual, but when I started my first comment my assumption was that these were entirely stand alone devices. They look just like padlocks. Apparently the keys can be updated, where all the logic is, but they're not always connected to the internet. Thus the company still has to notify all customers, the customers have to get new keys (though anyone using such a secure type of lock is used to key management), and so forth.
Plus of course, that 30 days includes time to fix the problems. That's a very short time to evaluate the problems, come up with solutions, test the solutions thoroughly, and roll them out. Though I presume after a couple weeks when the complete stranger's report of flaws is verified that they can move into panic mode and speed it up. If the flaws are as bad as the blogger is alleging then it sounds like redesign is needed rather than quick and dirty hacks.
I've had a bug where a regulatory officer was sitting in my cube and describing how urgent the bug was. Just being in that sort of situation slows you down, you spend extra time testing, you spend half the day in meetings, you get extra code reviews, documents get filed, etc.
Don't confuse this with being too stupid to understand how it works.
Someone I know has a fast way to compute CRCs without tables that use only a single loop. The method seems broken to some people who want to see the traditional nested loops, and they insist that the code must be wrong and so it should be rewritten to be larger and slower. They probably think it's an "ugly hack". But when you do the math it all works out.
Yup, they are trying to make portable code which is also efficient, and that's hard to do as pragmatics keep tripping you up. With a lot of other languages, the portability is generally easier because there are no compiler differences, no machine differences, no limited subsets available for smaller machines, or the community generally never worries about portability.
Nonsense, it distracted me from my humdrum existence for a few minutes.
But that's mostly a C implementation of unrolling, something that would be perfectly normal in assembler code. But then there are the programmers who in their effort to banish all forms of Fortran style spaghetti code reject anything that can't be easily reworked with IFs and WHILEs. It probably also horrifies some programmers who think it's premature optimization (if it's not yet the end of the world then it's too soon).
I think the key difference here is that when someone uses C they want efficient code to some extent. Small, or fast, or both. In other languages the culture is often "do it in the method approved by the sacred elders", and so ugly hacks may be forbidden and the slow/bulky method is preferred, according to the mantra "do not reinvent the wheel because thou are not as wise as the wheel builder". Or the presence of an ugly hack implies that the novice must clearly have been prematurely optimizing, for as the wise men say tomorrow is too soon to optimize.
For example in Python the claim is that there's almost always only one way to do something, which either means ugly hacks are not possible, or else there's a lack of imagination amongst the programmers.
The higher level a language is, the more it seems that the goal is to get stuff done fast rather than efficient or elegant.
Finally, I have actually seen cases where code is labeled an "ugly hack" when it really wasn't a hack at all but rather not as tiny or or elegant as the author wanted.
True, but I don't think x86_64 is obsolete just yet...
But the researcher is not an employee. Just because this random stranger, self proclaimed "researcher", finds some flaws does not create any obligation whatsoever to respond to this guy. The blogger is issuing dire threats, even if he doesn't see it that way. The only reason they company cares about him is because of the threat he represents and the damage that could result to their financials and customer base. Sure, it's smart to negotiate with those threatening harm, but failing to do so does not absolve the person pulling the trigger.
This is basically extortion. Telling a victim to meet your demands otherwise harm results. The law does not forgive the harm that is done if the victim fails to comply with the demands.
The company sees an extremely dangerous threat, so it of course responds with threats of their own. Self defense. You point a gun at someone you should not be surprised if someone points a gun back the other way. I suspect the blogger sees himself as a white hat wearer, and is baffled that the company he is threatening doesn't feel the same way.
Is it such a device? The picture seems to show a normal padlock type of device with some electronics inside. There's no sign of an internet port or radio. The company has no possible way to upgrade this remoately, and no time was given for them to recall all the devices before the bomb goes off in 30 days.
Sure, some people may claim it's the company's own fault for having a security flaw in the first place, since of course perfection is easy to comply with. Others may claim it's their own fault for creating such a standalone device in the first place, which sounds pretty farfetched even for die hard IoT believers. But even if these people are correct it does not justify threats and extortion.
Then the responsible thing to do is to vote no if a legislator has not had time to review and evaluate a bill.
For me, I chose a Linux distribution over BSD at the time, because the BSD distribution required me to have a whole lot more floppies to install it on. Linux allowed having a smaller installation, with more optional features, so that I could have a bare bones system and only needed a small set of floppies (that I copied to at work then carried home).
Also BSD at the time still kept the goofy disklabel disk partitioning scheme ("a" is always root, "b" is always swap, "c" is always the entire disk, etc). This was really confusing to many users, especially when combined with a PC that uses MBR scheme.
The philosophy was different too. BSD was all about keeping BSD as is, only put it on the PC. Linux didn't worry about throwing out some ideas and using different ones.
I don't think the license mattered that much at the start, because the majority of users for either one were in the university or at home.