Especially if you are dealing with solar-derived DC, which is going to be (reasonably) steady. For some purposes, it doesn't matter that much whether or not the voltage actually crosses zero; but the ripple is essential if you want the magnetics to work correctly. If you have to go to the trouble of switching the DC to get that working, odds are that it's time for a pure DC design.
There are good reasons to be skeptical of complexity(such as basically all software); but at least for motors small enough that solid state switching isn't heroically expensive and/or practically disposable, 'complex' and 'digital' also mean 'has convenient ways to monitor and control the motor's activity in some detail'. Simple is good; but when the complexity is in solid-state parts you get a serious discount and sometimes some cool features.
Certainly possible; but probably only efficient or sufficiently cheap for some items.
My (admittedly limited) understanding is that motors are one of the parts where you can get a relatively refined and mature design for almost any remotely normal flavor of electrical input; but the design of the motor is going to reflect your choice, and work either inefficiently or not at all from some other input. Since AC units are basically all motor(some fans, a compressor, maybe a pump), that is a problem.
Some devices just don't care very much(resistive heating works for basically anything except voltages too much lower than the system was designed for); and others(pretty much all modern electronics) always use DC internally, so you can re-use almost the entire design; but need to choose the correct PSU. Some hardware makes swapping one after the fact really obnoxious; but at very least it's an easy thing to choose at assembly time.
Did he have anything against DC period, or just take the position that it wasn't so hot for transmission systems, especially since high efficiency DC-DC converters weren't exactly off the shelf items at the time?
Can someone explain why the program handling interaction with assorted media files would be so closely linked to the rest of the system working? I understand that parsing the ghastly mess of different standard and pseudo-standard formats out there, as poorly or even maliciously interpreted by various 3rd parties, is a difficult and dangerous task; so I'm not surprised by the fact that there is a bug in the media component; but if it is known to do such a dangerous job why isn't it compartmentalized more aggressively? Why does losing the mediaserver process make a mess of the phone, rather than just causing it to mark the file that killed it as tainted, restart the process, and carry on?
The article named the phone as the Motorola C123. Apparently that model has an atypically well-understood baseband, which is probably why it was picked; but that handset is dumb as a rock except by comparison to the utter antiques from the age of analog cellular or something. I don't even think it has one of the teeny little JREs that phones used to have.
I think that it works both ways: the campaign gets face time and spending money from assorted big names in tech because of the hope that it will make programmers cheaper; but it gets buy-in from educators and parents and politicians looking for feel-good photo ops because of the hope that somehow every kid can be a well paid knowledge worker.
Compare to H1-Bs. Those are similarly favored as a way to drive labor costs down; but are more or less politically toxic; so they have none of the popular chatter. The major tech employers are in favor of both; but only one has the buzz in the other direction as well.
These 'zOMG, everyone should STEM up and become an app entrepreneur!!!' stories aren't really about the desirability of everyone having a career in software development. They are more a reflection of the fact that plucky optimists looking for what kids should do to be successful when they grow up are...not exactly...swimming in options. Yes, they are also letting the fascination with shiny trendy things distort their perception of the options, hence the fascination with who will make the next Social Twitfriend app, rather than who will write unbelievably dull line of business stuff; but in broader strokes they aren't pushing this because it's a good idea, they are pushing it because it's an idea, and they don't have another one.
The pronouncement that 'software is eating the world' may have been a bit hyperbolic; but it sure isn't doing the life chances of people without advanced qualifications any favors. "Everyone writing apps" sounds slightly better than "Everyone selling each other securitized bullshit", so it gets more face time.
SMS-based approaches are certainly better than passwords alone; but I have a few areas of dislike for them:
They require an active cell link and a live phone, so are bad news if you are trying to log in in the bowels of some structure, with a phone that has a dead battery, or while travelling outside your non-ridiculously-priced service area. It also tends not to be a problem in practice; but SMS is 'best-effort', so if the system is being flaky then that's just too bad. Essentially, it isn't a 'second factor' at all; but a secondary channel that is assumed not to be compromised.
Then there is the matter of the site needing your phone number. For some applications, that doesn't matter: your bank already knows way more than that about you, say. For others, I'm not so enthusiastic about providing a relatively persistent, and spammable, identifier(also fairly robustly tied to me by payment data, unless I get a burner specifically for dealing with auth issues) to any lousy little website that wants it.
Finally, I'm not terribly confident about the medium-term security of SMS if it becomes a common '2 factor' authentication method. Mobile OSes tend to be a bit more locked down than desktops; but hardly infallible, and the security of SMS gateway providers(who sites using SMS auth presumably employ to interface with the phone network) is an unknown and possibly not comforting factor.
RSA fobs are ultimately an inferior option because they cannot be safely shared across multiple systems, and carrying a fistful of the things is ridiculous(plus, the pricing is usurious); but smartcard/NFC cryptographic authentication has none of these weaknesses. The hardware is cheap, it doesn't require a secondary channel to be available, certificates are relatively tiny so you can carry an enormous number of them without issue; and you can implement certificate auth with varying levels of connection with user 'identity'. On the relatively anonymous side, the user can just generate a keypair and send the public key when they create an account. Trivially handled on the client end, no interaction with outside entities. At the other extreme, hierarchical PKI systems make it possible to robustly verify the user's affiliation with a given organization if the situation requires it. The trouble, of course, is the lack of card readers/NFC pads on a lot of contemporary computers and mobile devices. A great pity.
Unfortunately, as our fine folks in the TAO group have apparently proven on multiple occasions, even people with fancy access control tend to have very little power until the package shows up at their loading dock. What happens earlier in the process is less encouraging.
It isn't a standalone hack, since placing the implant is left as an exercise for the reader; but exfiltration is a necessary ingredient of hacks in situations where a network connection either doesn't exist or can't safely be used.
It isn't conceptually novel; but doing a practical TEMPEST attack with nothing but a dumbphone, with a fairly unobtrusive software modification, rather than a relatively classy SDR rig or some antenna-covered fed-van is a nice practical refinement.
Really, how many 'tech news' stories are actually conceptually novel, rather than "Thing you could lease from IBM for the GDP of a small country in the 60s and 70s, or buy from Sun or SGI for somewhere between the price of a new house and the price of a new car in the 80s and early 90s, is now available in a battery powered and pocket sized device that shows ads!" Conceptual novelty has a special place, of course; but one ought not to scorn engineering refinement.
The trouble here is that the rest of the monitor is pedestrian as all hell(gosh Samsung, 1920x1080 on a 27 inch screen! I can practically taste the future...) and the presence of the charging widget in the stand suggests that you aren't going to be VESA mounting this one. If you really care about 'de-cluttering', you are much better off having your monitor float conveniently above your desk, not being stuck with the lousy stock stand.
It's not hard to understand why using passwords is so popular; basically all software supports it as an authentication method, it requires only hardware that you can safely assume that all your users have; and even an idiot understands it well enough to do it dangerously weakly but more or less correctly.
What is frustrating is how few even offer the ability to do anything else. There has been some uptake of shitty little cellphone-based systems(either using SMS or some 'authenticator app'); but RSA-type fobs are pretty much exclusively for accessing corporate systems(and, as a fundamental limitation of their design, they can only be securely used to authenticate against one entity; since, unlike asymmetric key systems, the authentication server must know the initialization seed values of the fob in order to validate authentication attempts, so anyone in a position to authenticate you could impersonate you anywhere else the same fob was accepted); and certificate-based auth is either something you do yourself for SSH(often without secure hardware for storing the certs) or something you basically have to do work for the DoD to encounter.
I'm actually currently in the process of trying to switch banks because, when I inquired about authentication options that weren't pitiful bullshit, they gave me what amounted to "that's adorable; add three or four factors of ten to your account with us and maybe I'll transfer you to somebody who gives a fuck." Blizzard cares more than that. FFS.
The frustrating thing is that we have better technology available; but we mostly can't use it because sites don't support it. PKCS#11 is older than God, and ICs to suit are nice and cheap because SIMs also use them; but when was the last time you saw a non-state site supporting that? The RSA style auth fobs are also better, as long as you don't let somebody steal the seed data(looking at you RSA) and they don't even need a card reader on the client device. Whatever the 'FIDO' people are messing around with is immature and barely adopted; but also is better than passwords.
Aside from a few token "we'll send you a text message and call it two-factor" options, and amusing little pace-of-adoption quirks that make it easier to get a hardware token to protect your WoW account than your bank account, the sites that control the login options haven't done a damn thing in two decades.
Isn't that the only reason to care about this particular part? The laptop version is of interest because it has the distinction of being the fastest GPU(and probably pretty close to the fastest CPU) you can buy in any laptop too small/thin/etc. for a discrete GPU. The desktop version is just a solution looking for a problem unless the extra cache makes it better than other i7s.
It's also not comforting that these windows update drivers are breaking all over the place; because(at least for GPUs) the ones on windows update have historically been the relatively conservative option. They are frequently behind the curve compared to the direct-from-vendor ones; but are also supposed to be the ones that aren't breaking things just to improve some benchmark score.
Lawyers are paid to advance their employer's interests, not to achieve correctness. If one wrote up a contract that was so full of shit that the entire thing got tossed they would indeed get poor marks(this is why contracts usually insist on 'severability', so that any sections determined to be bullshit shall have no effect on the remaining sections). As long as they can avoid that, though, any advantage that they can derive by inserting scary-but-groundless language is pure gravy. If somebody doesn't know that it is baseless, or can't risk fighting about it, you get compliance without even needing the law on your side. If they do, well, it's just a severable clause, so no harm done.
You guys are fucked. Enjoy your draconian regulations.
To be fair, New Zealand is the country iconic for having flightless birds that are utterly incapable of surviving against species introduced to the island. It seems only appropriate that their drone situation should be similarly flightless and delicate.
If you already have a devastating remote hack, why not make a virtue of necessity and just distribute the patch by mass-p0wning all your units in the field and rewriting the affected software? Nothing could go wrong!
Drugs are a huge business; but if you are in it for the cash you would be chasing male pattern baldness, obesity, limp-dick-itis, and other lifestyle problems of people who have money. Vaccines are a perennially under-performing item; and vaccines for diseases that mostly affect the dreadfully poor are even less promising. I assume that there's some Gates Foundation money in it, and Uncle Sam would probably pay for something that would allow troops to operate in malarial hellholes without the drawbacks of today's chemical prophylaxis options; but anyone hoping to get rich would be doing R&D elsewhere.
(In the medium to long term, though, a malaria vaccine might be worth a great deal of money, indirectly. One of the nasty things about malaria is that it doesn't kill too many people; but it weakens and debilitates the infected on a massive scale, so regions where malaria is endemic lose huge amounts of school attendance and labor force participation to malaria, which helps keep them poor.)
Slashdot Mirror
Especially if you are dealing with solar-derived DC, which is going to be (reasonably) steady. For some purposes, it doesn't matter that much whether or not the voltage actually crosses zero; but the ripple is essential if you want the magnetics to work correctly. If you have to go to the trouble of switching the DC to get that working, odds are that it's time for a pure DC design.
There are good reasons to be skeptical of complexity(such as basically all software); but at least for motors small enough that solid state switching isn't heroically expensive and/or practically disposable, 'complex' and 'digital' also mean 'has convenient ways to monitor and control the motor's activity in some detail'. Simple is good; but when the complexity is in solid-state parts you get a serious discount and sometimes some cool features.
Certainly possible; but probably only efficient or sufficiently cheap for some items.
My (admittedly limited) understanding is that motors are one of the parts where you can get a relatively refined and mature design for almost any remotely normal flavor of electrical input; but the design of the motor is going to reflect your choice, and work either inefficiently or not at all from some other input. Since AC units are basically all motor(some fans, a compressor, maybe a pump), that is a problem.
Some devices just don't care very much(resistive heating works for basically anything except voltages too much lower than the system was designed for); and others(pretty much all modern electronics) always use DC internally, so you can re-use almost the entire design; but need to choose the correct PSU. Some hardware makes swapping one after the fact really obnoxious; but at very least it's an easy thing to choose at assembly time.
Did he have anything against DC period, or just take the position that it wasn't so hot for transmission systems, especially since high efficiency DC-DC converters weren't exactly off the shelf items at the time?
Can someone explain why the program handling interaction with assorted media files would be so closely linked to the rest of the system working? I understand that parsing the ghastly mess of different standard and pseudo-standard formats out there, as poorly or even maliciously interpreted by various 3rd parties, is a difficult and dangerous task; so I'm not surprised by the fact that there is a bug in the media component; but if it is known to do such a dangerous job why isn't it compartmentalized more aggressively? Why does losing the mediaserver process make a mess of the phone, rather than just causing it to mark the file that killed it as tainted, restart the process, and carry on?
It's not an invasion; it's just defense in a different direction.
The article named the phone as the Motorola C123. Apparently that model has an atypically well-understood baseband, which is probably why it was picked; but that handset is dumb as a rock except by comparison to the utter antiques from the age of analog cellular or something. I don't even think it has one of the teeny little JREs that phones used to have.
I think that it works both ways: the campaign gets face time and spending money from assorted big names in tech because of the hope that it will make programmers cheaper; but it gets buy-in from educators and parents and politicians looking for feel-good photo ops because of the hope that somehow every kid can be a well paid knowledge worker.
Compare to H1-Bs. Those are similarly favored as a way to drive labor costs down; but are more or less politically toxic; so they have none of the popular chatter. The major tech employers are in favor of both; but only one has the buzz in the other direction as well.
These 'zOMG, everyone should STEM up and become an app entrepreneur!!!' stories aren't really about the desirability of everyone having a career in software development. They are more a reflection of the fact that plucky optimists looking for what kids should do to be successful when they grow up are...not exactly...swimming in options. Yes, they are also letting the fascination with shiny trendy things distort their perception of the options, hence the fascination with who will make the next Social Twitfriend app, rather than who will write unbelievably dull line of business stuff; but in broader strokes they aren't pushing this because it's a good idea, they are pushing it because it's an idea, and they don't have another one.
The pronouncement that 'software is eating the world' may have been a bit hyperbolic; but it sure isn't doing the life chances of people without advanced qualifications any favors. "Everyone writing apps" sounds slightly better than "Everyone selling each other securitized bullshit", so it gets more face time.
SMS-based approaches are certainly better than passwords alone; but I have a few areas of dislike for them:
They require an active cell link and a live phone, so are bad news if you are trying to log in in the bowels of some structure, with a phone that has a dead battery, or while travelling outside your non-ridiculously-priced service area. It also tends not to be a problem in practice; but SMS is 'best-effort', so if the system is being flaky then that's just too bad. Essentially, it isn't a 'second factor' at all; but a secondary channel that is assumed not to be compromised.
Then there is the matter of the site needing your phone number. For some applications, that doesn't matter: your bank already knows way more than that about you, say. For others, I'm not so enthusiastic about providing a relatively persistent, and spammable, identifier(also fairly robustly tied to me by payment data, unless I get a burner specifically for dealing with auth issues) to any lousy little website that wants it.
Finally, I'm not terribly confident about the medium-term security of SMS if it becomes a common '2 factor' authentication method. Mobile OSes tend to be a bit more locked down than desktops; but hardly infallible, and the security of SMS gateway providers(who sites using SMS auth presumably employ to interface with the phone network) is an unknown and possibly not comforting factor.
RSA fobs are ultimately an inferior option because they cannot be safely shared across multiple systems, and carrying a fistful of the things is ridiculous(plus, the pricing is usurious); but smartcard/NFC cryptographic authentication has none of these weaknesses. The hardware is cheap, it doesn't require a secondary channel to be available, certificates are relatively tiny so you can carry an enormous number of them without issue; and you can implement certificate auth with varying levels of connection with user 'identity'. On the relatively anonymous side, the user can just generate a keypair and send the public key when they create an account. Trivially handled on the client end, no interaction with outside entities. At the other extreme, hierarchical PKI systems make it possible to robustly verify the user's affiliation with a given organization if the situation requires it. The trouble, of course, is the lack of card readers/NFC pads on a lot of contemporary computers and mobile devices. A great pity.
Unfortunately, as our fine folks in the TAO group have apparently proven on multiple occasions, even people with fancy access control tend to have very little power until the package shows up at their loading dock. What happens earlier in the process is less encouraging.
It isn't a standalone hack, since placing the implant is left as an exercise for the reader; but exfiltration is a necessary ingredient of hacks in situations where a network connection either doesn't exist or can't safely be used.
It isn't conceptually novel; but doing a practical TEMPEST attack with nothing but a dumbphone, with a fairly unobtrusive software modification, rather than a relatively classy SDR rig or some antenna-covered fed-van is a nice practical refinement.
Really, how many 'tech news' stories are actually conceptually novel, rather than "Thing you could lease from IBM for the GDP of a small country in the 60s and 70s, or buy from Sun or SGI for somewhere between the price of a new house and the price of a new car in the 80s and early 90s, is now available in a battery powered and pocket sized device that shows ads!" Conceptual novelty has a special place, of course; but one ought not to scorn engineering refinement.
The trouble here is that the rest of the monitor is pedestrian as all hell(gosh Samsung, 1920x1080 on a 27 inch screen! I can practically taste the future...) and the presence of the charging widget in the stand suggests that you aren't going to be VESA mounting this one. If you really care about 'de-cluttering', you are much better off having your monitor float conveniently above your desk, not being stuck with the lousy stock stand.
At least the color scheme is atrocious.
It's not hard to understand why using passwords is so popular; basically all software supports it as an authentication method, it requires only hardware that you can safely assume that all your users have; and even an idiot understands it well enough to do it dangerously weakly but more or less correctly.
What is frustrating is how few even offer the ability to do anything else. There has been some uptake of shitty little cellphone-based systems(either using SMS or some 'authenticator app'); but RSA-type fobs are pretty much exclusively for accessing corporate systems(and, as a fundamental limitation of their design, they can only be securely used to authenticate against one entity; since, unlike asymmetric key systems, the authentication server must know the initialization seed values of the fob in order to validate authentication attempts, so anyone in a position to authenticate you could impersonate you anywhere else the same fob was accepted); and certificate-based auth is either something you do yourself for SSH(often without secure hardware for storing the certs) or something you basically have to do work for the DoD to encounter.
I'm actually currently in the process of trying to switch banks because, when I inquired about authentication options that weren't pitiful bullshit, they gave me what amounted to "that's adorable; add three or four factors of ten to your account with us and maybe I'll transfer you to somebody who gives a fuck." Blizzard cares more than that. FFS.
The frustrating thing is that we have better technology available; but we mostly can't use it because sites don't support it. PKCS#11 is older than God, and ICs to suit are nice and cheap because SIMs also use them; but when was the last time you saw a non-state site supporting that? The RSA style auth fobs are also better, as long as you don't let somebody steal the seed data(looking at you RSA) and they don't even need a card reader on the client device. Whatever the 'FIDO' people are messing around with is immature and barely adopted; but also is better than passwords. Aside from a few token "we'll send you a text message and call it two-factor" options, and amusing little pace-of-adoption quirks that make it easier to get a hardware token to protect your WoW account than your bank account, the sites that control the login options haven't done a damn thing in two decades.
Isn't that the only reason to care about this particular part? The laptop version is of interest because it has the distinction of being the fastest GPU(and probably pretty close to the fastest CPU) you can buy in any laptop too small/thin/etc. for a discrete GPU. The desktop version is just a solution looking for a problem unless the extra cache makes it better than other i7s.
It's also not comforting that these windows update drivers are breaking all over the place; because(at least for GPUs) the ones on windows update have historically been the relatively conservative option. They are frequently behind the curve compared to the direct-from-vendor ones; but are also supposed to be the ones that aren't breaking things just to improve some benchmark score.
Lawyers are paid to advance their employer's interests, not to achieve correctness. If one wrote up a contract that was so full of shit that the entire thing got tossed they would indeed get poor marks(this is why contracts usually insist on 'severability', so that any sections determined to be bullshit shall have no effect on the remaining sections). As long as they can avoid that, though, any advantage that they can derive by inserting scary-but-groundless language is pure gravy. If somebody doesn't know that it is baseless, or can't risk fighting about it, you get compliance without even needing the law on your side. If they do, well, it's just a severable clause, so no harm done.
It's an ugly sort of business; but pragmatic.
The Pinkertons are still around, if you think that your labor relations strategy needs a firmer hand.
This seems like a logical step to encourage an atmosphere of professionalism in which HP's remaining employees can train their H1B replacements.
You guys are fucked. Enjoy your draconian regulations.
To be fair, New Zealand is the country iconic for having flightless birds that are utterly incapable of surviving against species introduced to the island. It seems only appropriate that their drone situation should be similarly flightless and delicate.
Touché.
If you already have a devastating remote hack, why not make a virtue of necessity and just distribute the patch by mass-p0wning all your units in the field and rewriting the affected software? Nothing could go wrong!
Drugs are a huge business; but if you are in it for the cash you would be chasing male pattern baldness, obesity, limp-dick-itis, and other lifestyle problems of people who have money. Vaccines are a perennially under-performing item; and vaccines for diseases that mostly affect the dreadfully poor are even less promising. I assume that there's some Gates Foundation money in it, and Uncle Sam would probably pay for something that would allow troops to operate in malarial hellholes without the drawbacks of today's chemical prophylaxis options; but anyone hoping to get rich would be doing R&D elsewhere.
(In the medium to long term, though, a malaria vaccine might be worth a great deal of money, indirectly. One of the nasty things about malaria is that it doesn't kill too many people; but it weakens and debilitates the infected on a massive scale, so regions where malaria is endemic lose huge amounts of school attendance and labor force participation to malaria, which helps keep them poor.)