not too smart, prejudiced to the gunwales, and always ready to sound off about things they don't know much about.
Oh, so true. But I suppose it's to be expected. After all, millennials are scientifically proven to be lazy with a strong sense of entitlement, so you can't blame them for being exactly how nature made them. Plus, the harm done by the outrageous antics and flagrant bias of the other political party has spread far beyond the bubble where those people cluster together like the vermin they are. Sites like Slashdot sadly aren't immune to their influences.
The "vulnerability" they've exposed is really just an easier way to discover organizations using insecure configurations. Organizations already have the ability to lock this issue down, should they choose to do so.
More or less, some organizations don't require authentication before a device can enroll in the organization, meaning that anyone at all can join their organization. If those organizations then foolishly configured things such that each enrollee is pushed a list of WiFi networks and VPNs belonging to the organization, guess what happens? Anyone at all can join their organization and receive that information, exactly like they configured it to work.
What these researchers discovered was an easier way to identify those organizations. Using a device's serial number, they can now query to find out whether the device is enrolled in an organization, and if it is, whether that organization requires authentication. Randomly generating serial numbers lets them scan through organizations in a rapid fashion. It's really not that much different than using a port scanner: it isn't an attack in and of itself, but it can reveal an avenue for attack.
I just built a new gaming PC this last weekend and installed Windows 10 Pro. It's exactly what you described. When I checked the Start Menu for the first time, I saw that Candy Crush, a hidden object game, the Dolby Experience, and a variety of other bloatware was already installed. On a brand new, fresh install of Pro.
Ridiculous.
And that's not even considering all of the other bad behavior the OS engages in by default. I went through every single control panel to enable every privacy-focused setting I could find, but after two days I'm still discovering new toggles that need switching off as I stumble upon hidden panes that are linked from control panels that I had thought I'd already covered in detail. Not to mention that disabling the telemetry collection seems to be virtually impossible.
Given that the last time I tried using Windows 10 it blue screened on me twice within the first 30 minutes (granted, it was the first week after its release and I was running it in a VM, but still...), I don't exactly have a stellar opinion of the system, though at least you can hide Cortana from the taskbar now, so that's something, I guess?
Every now and then Apple does take a step back and work towards making things smaller and faster instead of just newer.
Apple said something during their keynote last week that stuck with me afterwards, mostly because it was so unexpected.
Towards the end of the keynote, they had their VP for environmental and social issues up on stage to talk about how things were going (i.e. the part of the keynote I usually tune out of, since it's rare they ever say anything new). After reiterating that they've now completed the transition to running all of their facilities on 100% renewable energy (i.e. no energy credits), they turned to the topic of what their next initiative will be. Here's the relevant quote (emphasis mine) from that part of the keynote:
We hope to one day eliminate our need to mine new materials from the earth. Now, as you can imagine, this is a massive effort. So, to reach that goal, we have to do three things.
First, we have to find new ways to make our products with recycled or renewable materials that are sourced responsibly. Then we'll have to ensure that our products last as long as possible. And then finally, after a long life of use, we have to ensure that they're recycled properly.
Second, we also make sure to design and build durable products that last as long as possible. That means long-lasting hardware coupled with our amazing software. All of these devices [images of iPhone 5s through iPhone X displayed on screen], including the iPhone 5s, run iOS 12, and iOS 12 is designed to make your iPhone and iPad experience even better, even more responsive, faster...just better! And because they last longer, you can keep using them, and keeping using them is the best thing for the planet.
To say the least, hearing an executive of a major consumer products company say something that was so blatantly anti-consumerism on a stage caught me by surprise. Here's a major company saying that they want people to NOT buy their products because their customers are using their products for longer instead of buying new ones. And then they backed that statement up by releasing a software update a few days later that improved speeds on all of their oldest still-supported devices. I was skeptical of their claims about iOS 12's improvements, but I've actually become a beneficiary of it, since my iPhone 5s from 2013 is markedly faster with the just-released iOS 12, enough so that I ditched my plans to upgrade this year and instead decided to stick with the 5s for yet another year.
It should be possible to restore from a phone backup to your iPad, so that would be one way of transferring it over, though you'd then need to set your iPad back up as you like. Alternatively, it used to be the case that you could backup apps to iTunes on a PC/Mac and then sync them between devices that way, but I think they may have removed that functionality at some point in the last year or two.
I’m clearly failing to communicate here, since I don’t disagree with anything you’re arguing, yet it’s clear that you think you’re arguing against what I’m saying. My saying that people should be able to intelligently fill the space they’re given doesn’t mean that I’m suggesting they should pontificate at length when fewer words would serve them better.
I’m not advocating the padding of papers, “intelligently” or otherwise. I’m talking about a perspective issue. Samuelson could have written a novel-length report had he wanted to. Einstein too, of course. They obviously didn’t need to, but their concise points carry so much weight because they were so well thought out. The students asking how little space they needed to fill weren’t thinking that way. THAT was the underlying problem I was addressing. Their lack of words on a page was evidence of that problem, but it wasn’t a problem unto itself.
Well, then, it strikes me that they have two options:
1) Have the integrity necessary to not engage in personal behavior that runs contrary to your public image. Good luck with that.
2) Use some balance of carrots and sticks to encourage services to better protect our data/not keep it in the first place, but also provide more teeth for going after the bad guys.
They can do both if they want, but they don’t get to institutionalize the routine violation of our right to privacy and then complain about the situation when theirs is violated.
Maybe you should stick to one concise topic and discuss it well instead of describing several topics at length.
[...]
Get your point across clearly, completely, and concisely. Don't ramble about other shit to fill space.
Agreed! As I started my comment by saying, padding papers is a waste of everyone’s time. My point, however, was that you should have given the topic sufficient thought to have a need to edit yourself for concision. If you haven’t even given it that much thought, it’s likely that you aren’t saying something worthwhile in the first place, regardless of whether you write three paragraphs or three pages in the end.
Use what's given to you well. Padding papers wastes everyone's time and is stupid. Not being able to intelligently fill space that's been given to you is stupid too.
When I was serving as a teaching assistant in grad school, each semester a student would inevitably ask how many pages their essay would need to fill of the five (double-spaced) pages we had asked them to provide. I'd always tell them that their perspective was backwards: the problem they should be having was in figuring out what they needed to cut to squeeze their arguments down to five pages. We had equipped them with a number of logical tools and the topics we were giving them were rich with nuance and avenues to explore. Even a few moments of cursory thought should have left them overflowing with ideas that would need to be cut before their thoughts could fit in five pages. If they hadn't even given the topic enough thought to fill five pages, it was doubtful they had given it enough thought to warrant a decent grade.
Then I'd sigh loudly and say, "...but if you still need some encouragement, I'll deduct additional points if you drop under four pages", simply because that was a requirement the professors had put on us.
Students who pad their paper's length—either by using a font to make their paper appear longer or by using inane speech that adds nothing of value—are missing the point and are cheating themselves out of hundreds of words that their peers will be putting to good use.
It's sounding like NoScript, uMatrix, uBlock Origin with third-parties disabled, etc. may have prevented this attack for users. From what I've gathered, the attack revolved around inserting malicious code into a first-party script so that the page would transmit user information to servers under the attacker's control as the user entered it. Since the malicious code was running client-side and was phoning home to a third-party server, I believe those extensions should have been capable of preventing the malicious code from phoning home.
I'm certainly hoping that's the case, given that I was running one of those extensions, had it configured to block third-parties by default, and bought items from Newegg during that time period...
I'd actually suggest that the better way to handle payments is to reduce the value of the information transferred, namely, have the buyer's device generate a single-use token that can only be redeemed by the seller and can only be redeemed for the amount of the transaction(s). No credit card number that can be reused dozens of times. No PIN or security code. No home address. No name. Just a token that's useless once the transaction completes.
Apple Pay and other systems already do this transparently whether you use them in-person or online, which is great, since it both limits the scope of the damage (the most you could even possibly be on the hook for is that one transaction) and prevents a number of attacks from being possible in the first place (e.g. even if someone managed to scrape the token, they couldn't do anything with it).
There are still attacks that can be done against such systems, but most of them would revolve around replacing the seller's ID with your own in their system, thus redirecting the buyer's funds to your account. Doing so would reveal your hack immediately, however, since sellers tend to notice pretty quickly when they aren't getting paid.
And, as I said, Apple Pay isn't the only one doing this. In much the same way that some of us have used services that provide throwaway e-mail addresses to sign up for sites, there are "credit card" services that provide single-use credit card numbers that are only authorized for the amount of a given transaction. You can generate a one-off credit card number about as easily as you might fill in your password for a site from a password manager. They still have your other information attached, but they're a step in the right direction.
Can you not go to the Purchased section in the App Store on your iPad and redownload it? I can still see (nearly?) all of the apps I ever purchased in there, even ones the developers took down years ago.
I wonder if they found that they still make a nice profit on the room and board, etc.
They have a page breaking down the costs of a Rice education. Roughly 72% of the cost is tuition, so it's safe to say that they're waiving their biggest money generator. They also have a page dedicated to discussing off-campus housing, on which they earn no profit at all (plus, Rice is in Houston, and as that page goes into detail about, Houston is one of the cheapest big cities to live in). So, no, I don't think they view room and board as a profit center. Universities like Rice typically operate on endowments and donations from alumni more than tuition payments.
Try refreshing that screen (pull down from the top). I think their servers are getting hammered at the moment, so it sounds like a number of phones haven't had the info about the new release pushed to them yet (though, if past releases are any indication, that info should get pushed out over the next few hours and days to everyone with compatible devices). Mine didn't show it either until I refreshed that screen, at which point it was forced to pull the latest info from Apple.
I knew about a guy who was the main tank for a guild on my server back in the days of World of Warcraft 1.0. The guy went to get a sandwich halfway through a Molten Core raid, only to discover a note from his wife saying that she had taken the kids and was leaving for Florida to be with her parents because he was too addicted to the game (apparently he had logged 120 days of played time in the first year that the game was out).
He got his sandwich and finished the raid before going after his wife and kids.
He finally got her to come back by promising that he’d auction his character off on eBay, but then he posted it for a price he knew it would never sell at and then bragged about his cleverness on his guild’s forums...which is when he discovered that his wife read the forums. In the end, he was forced to sell the character for less and their marriage survived, though by the time I quit the game a year later, he was playing again on another character.
You have yet to actually suggest what a harmful attack would even accomplish, let alone the means to accomplish it. While I touched on some of the means by which we could do this stuff, the overarching point I was making was that the concern you raised doesn’t allow for a bad actor to actually do anything harmful enough to warrant your claims that it’s unworkable and gets us nothing in terms of security.
Discussing flaws in a hypothetical device is pointless when the flaws don’t even expose a means to cause harm.
Yeah but all those false positives are clogging up the doctors office, thatâ(TM)s were the problem is
No, the problem is that people who didn't catch the problem early enough are clogging up the office on an ongoing, continual, significant basis. False positives would be a drastic improvement to that situation if they helped reduce the ongoing appointments.
Trusted third parties are expensive and usually unworkable. Cameras signing things will not provide any security at all, as they are easily hacked.
I don't think you understand what he's talking about. We already have certificate authorities working just fine, some of them for free (e.g. Let's Encrypt). His notion isn't much different than what we already have with SSL/TLS, and hacking the camera wouldn't actually get you much of anything.
Hacking the camera wouldn't allow you to change the file, since doing so would invalidate the cryptographic signature on the file. Hacking the camera wouldn't destroy copies of the file that had already been exported. Hacking the camera wouldn't destroy an investigator's ability to link a copy of the file to that camera. In fact, other than perhaps allowing you to delete the file before it's ever shared (good luck with that, since how's a hacker supposed to know to delete a file that hasn't yet been shared?), hacking the camera wouldn't really do much of anything at all, other than leave behind a trail of obvious evidence that someone had tried to alter things after the fact.
If someone had hacked the camera in advance, it'd be possible for them to change its key to mimic someone else's, but that's why those keys are kept private and only exist in silicon. We've had implementations that address that problem in a secure fashion and on a mass market basis, and we've had them for the better part of a decade at this point (e.g. Apple's Secure Enclave silicon in every iPhone), so this isn't anything novel we're talking about here.
These aren't difficult problems. They're already solved, in fact. It's just that we haven't applied our solutions to these workflows yet.
Ever since switching to my own domain several years ago, I haven't received a single e-mail intended for someone else. It used to happen with my Gmail account on occasion, but even then it was relatively rare for me, given that I'm the only person in the world with my first and last name.
Why would any expect Nintendo (or any company) to continue to store your data when you stopped paying for the service?
Because other popular services, such as Steam and GOG, already do this for us for free? GOG Galaxy supports cloud saves for literally every single game in their entire library. For Steam, developers have to explicitly add support for cloud saves. In either case, however, the user never pays a cent beyond the original purchase price for the game, and the saves are kept in perpetuity, so far as I know.
The fact that Sony, Microsoft, and Nintendo haven't yet baked the cost of storing cloud saves into the cost of the hardware or software is something that I hope they'll rethink with the next generation. It's 2018 and storage is cheap. Being stingy about keeping cloud saves at this point comes across as arbitrary penny-pinching that degrades the user experience significantly.
Yeah, it struck me as an odd comment. I mean, suppose 9 in 10 alerts are false positives (which I'd assume is an absurdly high number). The cost for a false positive in this sort of situation is relatively low: patients go in, get some simple tests, confirm they're fine, and go home. There are no ongoing costs to the patient or the system.
But what about that 1 in 10 who isn't a false positive? If we assume that they wouldn't have otherwise had their heart problems noticed until years later after the symptoms had grown severe enough to become noticeable in more significant ways, I'd wager that catching the problem at such an early point would be SIGNIFICANTLY cheaper in the long run. After all, what would have otherwise taken heart surgeries, expensive medications, and numerous visits to fix could instead—at least in some cases—be addressed by a handful of visits and some adjustments to lifestyle. You'd be able to prevent so much harm from ever happening that you'd save a tremendous amount of time and money for each true positive.
Even if it's just 1 in 10 that it gets right, the benefit for that 1 would almost certainly be FAR more than enough to outweigh the cost of the 9. And, as I said earlier, I sincerely doubt it gets as many as 9 out of 10 wrong.
We were in Boca Raton when Andrew came through (about 80 miles or 130km north of the worst damage, for those who don't know), and you're spot-on. We were geared up for the worst in the days leading to Andrew's landfall, since they didn't know exactly where it would land. By the time it was all said and done, however, the most that we had to deal with were some screens that popped out over our screened-in pool. A neighbor of ours had some flooding in a part of their house that was below the groundwater level, and a few people who didn't have shutters had to replace their windows, but that was about it around us.
But we had friends in Homestead (i.e. where Andrew hit the hardest) who rode the storm out by hiding in the interior bathroom of their home as their house collapsed around them. They crawled out from under the rubble after the storm was over and then had to live out of the half of their house that was left for the next several weeks. I recall them talking years later about how it was actually a really amazing experience, since the community came together in incredibly positive ways in the aftermath, with everyone helping everyone and the attitude staying really upbeat.
Anyway, yeah, just because a hurricane doesn't do much damage in one area that was ready for impact doesn't mean that the storm is, as the OP put it, "a BIG nothing burger". It just means they were fortunate.
Slashdot Mirror
not too smart, prejudiced to the gunwales, and always ready to sound off about things they don't know much about.
Oh, so true. But I suppose it's to be expected. After all, millennials are scientifically proven to be lazy with a strong sense of entitlement, so you can't blame them for being exactly how nature made them. Plus, the harm done by the outrageous antics and flagrant bias of the other political party has spread far beyond the bubble where those people cluster together like the vermin they are. Sites like Slashdot sadly aren't immune to their influences.
</tongue planted very firmly in cheek>
The "vulnerability" they've exposed is really just an easier way to discover organizations using insecure configurations. Organizations already have the ability to lock this issue down, should they choose to do so.
More or less, some organizations don't require authentication before a device can enroll in the organization, meaning that anyone at all can join their organization. If those organizations then foolishly configured things such that each enrollee is pushed a list of WiFi networks and VPNs belonging to the organization, guess what happens? Anyone at all can join their organization and receive that information, exactly like they configured it to work.
What these researchers discovered was an easier way to identify those organizations. Using a device's serial number, they can now query to find out whether the device is enrolled in an organization, and if it is, whether that organization requires authentication. Randomly generating serial numbers lets them scan through organizations in a rapid fashion. It's really not that much different than using a port scanner: it isn't an attack in and of itself, but it can reveal an avenue for attack.
I just built a new gaming PC this last weekend and installed Windows 10 Pro. It's exactly what you described. When I checked the Start Menu for the first time, I saw that Candy Crush, a hidden object game, the Dolby Experience, and a variety of other bloatware was already installed. On a brand new, fresh install of Pro.
Ridiculous.
And that's not even considering all of the other bad behavior the OS engages in by default. I went through every single control panel to enable every privacy-focused setting I could find, but after two days I'm still discovering new toggles that need switching off as I stumble upon hidden panes that are linked from control panels that I had thought I'd already covered in detail. Not to mention that disabling the telemetry collection seems to be virtually impossible.
Given that the last time I tried using Windows 10 it blue screened on me twice within the first 30 minutes (granted, it was the first week after its release and I was running it in a VM, but still...), I don't exactly have a stellar opinion of the system, though at least you can hide Cortana from the taskbar now, so that's something, I guess?
I think it's safe to say that I've now received my recommended dosage of dystopia for the day.
Every now and then Apple does take a step back and work towards making things smaller and faster instead of just newer.
Apple said something during their keynote last week that stuck with me afterwards, mostly because it was so unexpected.
Towards the end of the keynote, they had their VP for environmental and social issues up on stage to talk about how things were going (i.e. the part of the keynote I usually tune out of, since it's rare they ever say anything new). After reiterating that they've now completed the transition to running all of their facilities on 100% renewable energy (i.e. no energy credits), they turned to the topic of what their next initiative will be. Here's the relevant quote (emphasis mine) from that part of the keynote:
We hope to one day eliminate our need to mine new materials from the earth. Now, as you can imagine, this is a massive effort. So, to reach that goal, we have to do three things.
First, we have to find new ways to make our products with recycled or renewable materials that are sourced responsibly. Then we'll have to ensure that our products last as long as possible. And then finally, after a long life of use, we have to ensure that they're recycled properly.
And then about a minute later she expands on that second point:
Second, we also make sure to design and build durable products that last as long as possible. That means long-lasting hardware coupled with our amazing software. All of these devices [images of iPhone 5s through iPhone X displayed on screen], including the iPhone 5s, run iOS 12, and iOS 12 is designed to make your iPhone and iPad experience even better, even more responsive, faster...just better! And because they last longer, you can keep using them, and keeping using them is the best thing for the planet.
To say the least, hearing an executive of a major consumer products company say something that was so blatantly anti-consumerism on a stage caught me by surprise. Here's a major company saying that they want people to NOT buy their products because their customers are using their products for longer instead of buying new ones. And then they backed that statement up by releasing a software update a few days later that improved speeds on all of their oldest still-supported devices. I was skeptical of their claims about iOS 12's improvements, but I've actually become a beneficiary of it, since my iPhone 5s from 2013 is markedly faster with the just-released iOS 12, enough so that I ditched my plans to upgrade this year and instead decided to stick with the 5s for yet another year.
Agreed, hence the loud sigh I mentioned before I told students about the professor-mandated minimum length.
Weird.
It should be possible to restore from a phone backup to your iPad, so that would be one way of transferring it over, though you'd then need to set your iPad back up as you like. Alternatively, it used to be the case that you could backup apps to iTunes on a PC/Mac and then sync them between devices that way, but I think they may have removed that functionality at some point in the last year or two.
Anyway, sorry to hear that's the case.
I’m clearly failing to communicate here, since I don’t disagree with anything you’re arguing, yet it’s clear that you think you’re arguing against what I’m saying. My saying that people should be able to intelligently fill the space they’re given doesn’t mean that I’m suggesting they should pontificate at length when fewer words would serve them better.
I’m not advocating the padding of papers, “intelligently” or otherwise. I’m talking about a perspective issue. Samuelson could have written a novel-length report had he wanted to. Einstein too, of course. They obviously didn’t need to, but their concise points carry so much weight because they were so well thought out. The students asking how little space they needed to fill weren’t thinking that way. THAT was the underlying problem I was addressing. Their lack of words on a page was evidence of that problem, but it wasn’t a problem unto itself.
Well, then, it strikes me that they have two options:
1) Have the integrity necessary to not engage in personal behavior that runs contrary to your public image. Good luck with that.
2) Use some balance of carrots and sticks to encourage services to better protect our data/not keep it in the first place, but also provide more teeth for going after the bad guys.
They can do both if they want, but they don’t get to institutionalize the routine violation of our right to privacy and then complain about the situation when theirs is violated.
Maybe you should stick to one concise topic and discuss it well instead of describing several topics at length.
[...]
Get your point across clearly, completely, and concisely. Don't ramble about other shit to fill space.
Agreed! As I started my comment by saying, padding papers is a waste of everyone’s time. My point, however, was that you should have given the topic sufficient thought to have a need to edit yourself for concision. If you haven’t even given it that much thought, it’s likely that you aren’t saying something worthwhile in the first place, regardless of whether you write three paragraphs or three pages in the end.
Use what's given to you well. Padding papers wastes everyone's time and is stupid. Not being able to intelligently fill space that's been given to you is stupid too.
When I was serving as a teaching assistant in grad school, each semester a student would inevitably ask how many pages their essay would need to fill of the five (double-spaced) pages we had asked them to provide. I'd always tell them that their perspective was backwards: the problem they should be having was in figuring out what they needed to cut to squeeze their arguments down to five pages. We had equipped them with a number of logical tools and the topics we were giving them were rich with nuance and avenues to explore. Even a few moments of cursory thought should have left them overflowing with ideas that would need to be cut before their thoughts could fit in five pages. If they hadn't even given the topic enough thought to fill five pages, it was doubtful they had given it enough thought to warrant a decent grade.
Then I'd sigh loudly and say, "...but if you still need some encouragement, I'll deduct additional points if you drop under four pages", simply because that was a requirement the professors had put on us.
Students who pad their paper's length—either by using a font to make their paper appear longer or by using inane speech that adds nothing of value—are missing the point and are cheating themselves out of hundreds of words that their peers will be putting to good use.
It's sounding like NoScript, uMatrix, uBlock Origin with third-parties disabled, etc. may have prevented this attack for users. From what I've gathered, the attack revolved around inserting malicious code into a first-party script so that the page would transmit user information to servers under the attacker's control as the user entered it. Since the malicious code was running client-side and was phoning home to a third-party server, I believe those extensions should have been capable of preventing the malicious code from phoning home.
I'm certainly hoping that's the case, given that I was running one of those extensions, had it configured to block third-parties by default, and bought items from Newegg during that time period...
I'd actually suggest that the better way to handle payments is to reduce the value of the information transferred, namely, have the buyer's device generate a single-use token that can only be redeemed by the seller and can only be redeemed for the amount of the transaction(s). No credit card number that can be reused dozens of times. No PIN or security code. No home address. No name. Just a token that's useless once the transaction completes.
Apple Pay and other systems already do this transparently whether you use them in-person or online, which is great, since it both limits the scope of the damage (the most you could even possibly be on the hook for is that one transaction) and prevents a number of attacks from being possible in the first place (e.g. even if someone managed to scrape the token, they couldn't do anything with it).
There are still attacks that can be done against such systems, but most of them would revolve around replacing the seller's ID with your own in their system, thus redirecting the buyer's funds to your account. Doing so would reveal your hack immediately, however, since sellers tend to notice pretty quickly when they aren't getting paid.
And, as I said, Apple Pay isn't the only one doing this. In much the same way that some of us have used services that provide throwaway e-mail addresses to sign up for sites, there are "credit card" services that provide single-use credit card numbers that are only authorized for the amount of a given transaction. You can generate a one-off credit card number about as easily as you might fill in your password for a site from a password manager. They still have your other information attached, but they're a step in the right direction.
I take it you didn’t read anything past his first paragraph?
Can you not go to the Purchased section in the App Store on your iPad and redownload it? I can still see (nearly?) all of the apps I ever purchased in there, even ones the developers took down years ago.
I wonder if they found that they still make a nice profit on the room and board, etc.
They have a page breaking down the costs of a Rice education. Roughly 72% of the cost is tuition, so it's safe to say that they're waiving their biggest money generator. They also have a page dedicated to discussing off-campus housing, on which they earn no profit at all (plus, Rice is in Houston, and as that page goes into detail about, Houston is one of the cheapest big cities to live in). So, no, I don't think they view room and board as a profit center. Universities like Rice typically operate on endowments and donations from alumni more than tuition payments.
Try refreshing that screen (pull down from the top). I think their servers are getting hammered at the moment, so it sounds like a number of phones haven't had the info about the new release pushed to them yet (though, if past releases are any indication, that info should get pushed out over the next few hours and days to everyone with compatible devices). Mine didn't show it either until I refreshed that screen, at which point it was forced to pull the latest info from Apple.
I knew about a guy who was the main tank for a guild on my server back in the days of World of Warcraft 1.0. The guy went to get a sandwich halfway through a Molten Core raid, only to discover a note from his wife saying that she had taken the kids and was leaving for Florida to be with her parents because he was too addicted to the game (apparently he had logged 120 days of played time in the first year that the game was out).
He got his sandwich and finished the raid before going after his wife and kids.
He finally got her to come back by promising that he’d auction his character off on eBay, but then he posted it for a price he knew it would never sell at and then bragged about his cleverness on his guild’s forums...which is when he discovered that his wife read the forums. In the end, he was forced to sell the character for less and their marriage survived, though by the time I quit the game a year later, he was playing again on another character.
You have yet to actually suggest what a harmful attack would even accomplish, let alone the means to accomplish it. While I touched on some of the means by which we could do this stuff, the overarching point I was making was that the concern you raised doesn’t allow for a bad actor to actually do anything harmful enough to warrant your claims that it’s unworkable and gets us nothing in terms of security.
Discussing flaws in a hypothetical device is pointless when the flaws don’t even expose a means to cause harm.
Yeah but all those false positives are clogging up the doctors office, thatâ(TM)s were the problem is
No, the problem is that people who didn't catch the problem early enough are clogging up the office on an ongoing, continual, significant basis. False positives would be a drastic improvement to that situation if they helped reduce the ongoing appointments.
Trusted third parties are expensive and usually unworkable. Cameras signing things will not provide any security at all, as they are easily hacked.
I don't think you understand what he's talking about. We already have certificate authorities working just fine, some of them for free (e.g. Let's Encrypt). His notion isn't much different than what we already have with SSL/TLS, and hacking the camera wouldn't actually get you much of anything.
Hacking the camera wouldn't allow you to change the file, since doing so would invalidate the cryptographic signature on the file. Hacking the camera wouldn't destroy copies of the file that had already been exported. Hacking the camera wouldn't destroy an investigator's ability to link a copy of the file to that camera. In fact, other than perhaps allowing you to delete the file before it's ever shared (good luck with that, since how's a hacker supposed to know to delete a file that hasn't yet been shared?), hacking the camera wouldn't really do much of anything at all, other than leave behind a trail of obvious evidence that someone had tried to alter things after the fact.
If someone had hacked the camera in advance, it'd be possible for them to change its key to mimic someone else's, but that's why those keys are kept private and only exist in silicon. We've had implementations that address that problem in a secure fashion and on a mass market basis, and we've had them for the better part of a decade at this point (e.g. Apple's Secure Enclave silicon in every iPhone), so this isn't anything novel we're talking about here.
These aren't difficult problems. They're already solved, in fact. It's just that we haven't applied our solutions to these workflows yet.
Ever since switching to my own domain several years ago, I haven't received a single e-mail intended for someone else. It used to happen with my Gmail account on occasion, but even then it was relatively rare for me, given that I'm the only person in the world with my first and last name.
Why would any expect Nintendo (or any company) to continue to store your data when you stopped paying for the service?
Because other popular services, such as Steam and GOG, already do this for us for free? GOG Galaxy supports cloud saves for literally every single game in their entire library. For Steam, developers have to explicitly add support for cloud saves. In either case, however, the user never pays a cent beyond the original purchase price for the game, and the saves are kept in perpetuity, so far as I know.
The fact that Sony, Microsoft, and Nintendo haven't yet baked the cost of storing cloud saves into the cost of the hardware or software is something that I hope they'll rethink with the next generation. It's 2018 and storage is cheap. Being stingy about keeping cloud saves at this point comes across as arbitrary penny-pinching that degrades the user experience significantly.
Yeah, it struck me as an odd comment. I mean, suppose 9 in 10 alerts are false positives (which I'd assume is an absurdly high number). The cost for a false positive in this sort of situation is relatively low: patients go in, get some simple tests, confirm they're fine, and go home. There are no ongoing costs to the patient or the system.
But what about that 1 in 10 who isn't a false positive? If we assume that they wouldn't have otherwise had their heart problems noticed until years later after the symptoms had grown severe enough to become noticeable in more significant ways, I'd wager that catching the problem at such an early point would be SIGNIFICANTLY cheaper in the long run. After all, what would have otherwise taken heart surgeries, expensive medications, and numerous visits to fix could instead—at least in some cases—be addressed by a handful of visits and some adjustments to lifestyle. You'd be able to prevent so much harm from ever happening that you'd save a tremendous amount of time and money for each true positive.
Even if it's just 1 in 10 that it gets right, the benefit for that 1 would almost certainly be FAR more than enough to outweigh the cost of the 9. And, as I said earlier, I sincerely doubt it gets as many as 9 out of 10 wrong.
We were in Boca Raton when Andrew came through (about 80 miles or 130km north of the worst damage, for those who don't know), and you're spot-on. We were geared up for the worst in the days leading to Andrew's landfall, since they didn't know exactly where it would land. By the time it was all said and done, however, the most that we had to deal with were some screens that popped out over our screened-in pool. A neighbor of ours had some flooding in a part of their house that was below the groundwater level, and a few people who didn't have shutters had to replace their windows, but that was about it around us.
But we had friends in Homestead (i.e. where Andrew hit the hardest) who rode the storm out by hiding in the interior bathroom of their home as their house collapsed around them. They crawled out from under the rubble after the storm was over and then had to live out of the half of their house that was left for the next several weeks. I recall them talking years later about how it was actually a really amazing experience, since the community came together in incredibly positive ways in the aftermath, with everyone helping everyone and the attitude staying really upbeat.
Anyway, yeah, just because a hurricane doesn't do much damage in one area that was ready for impact doesn't mean that the storm is, as the OP put it, "a BIG nothing burger". It just means they were fortunate.