This gamma ray camera from the same institute may be something related? It seems to use Scintilation from a dislocated electron (which gives away path and energy) combined with the point of impact of the gamma ray on a detector plate.
Oh great, now we're going to be overwhelmed with Japanese tourists taking pictures of radioactive things!
Great scene; but it's really funny how the "Japanese tourist" meme has so much died out. We're all Japanese tourists now, with the average teenage girl much more intrusive than they ever were (I never remember a Japanse tourist who wasn't really careful not to get in the way with his camera...the main problem was always the way the waited politely for everybody to be gone making you feel a bit rude for walking through the scene.. ). It's really amazing how they were so much fore runners of modern "western" society (think music players; mobile internet; simple plain furniture etc.). I wonder how many other examples there are like this that we never spot.
how do you tell if the computer is cheating? Well, you don't need paper to tell if a computer is broken; you just need a reliable QA test. Black-box testing is the heart of modern software quality control. We don't insist that our accounting programs print us a receipt for everything. Why do we trust accounting software, but not voting software?
Black box testing assumes that the software is written by friendly people who make mistakes. It is not able to pick up attacks by hostile programmers. There are real world examples where attempts to put in this kind of back door, have been made and some have been remarkably successful. If you look at the Linux kernel example it was sufficiently well hidden that if they hadn't been spotted by other means they would at most have thought that it was an accidental bug.
These backdoors tend to be triggered by a software state which is extremely unlikely to be reached in black box testing. If you have to go through, for example 10 steps of choosing locations on a touch screen (probably from an effective choice of about 20 locations) you end up having to do 10^20 tests just on the touch screen alone in order to detect a problem (and remember you have to test everything in the same way). This would end up taking longer than the heat death of the universe. Obviously nobody does that.
Security testing is not the same as normal black box testing and even security testing does not pick up this kind of trick; having a full and detailed code audit is a beginning, adding on full source change control is crucial; in the end you must have fully trust worty programmers and engineers for every component of your system, down to and including the ICs that go to make it and still you have to have HR processes monitor them to check that none have been turned.
We didn't send them to the gas chambers, but we were only marginally less cruel than the people we were fighting.
Generally your point is sound. There were also a number of interesting war crimes committed by Allied forces and so on. This statement is going massively too far. As a few random examples: The Germans under the Nazi regime actually took mathematicians (members of the educated classes) and grew lice on them for experiments before starving them to death. They deliberately had babies born in the concentration camp and then denied them access to any milk to test malnutrition and starvation. The treatment of the interned Japanese Americans was terribly unjust but it was nothing close to the acts of Nazi Germany and should not be compared in that way. It stands on it's own as a serious crime; don't undermine that.
They don't need to. Why should they. The FBI just accesses the database when they have a "reasonable suspicion" ("he looked ugly and had a kid with him"). Why go to the cost of keeping your own database when someone else could do that for you and won't have to go cleaning it up of innocent people.
Seeing as Gore had the majority of "hanging Chads", it looked to me that the only fake votes were for Gore and he still lost. They have since switched to paper fill-in the blank ballots so you can't reproduce the experiment with the same equipment anymore.
this is really really interesting stuff. Please don't just post this anon. You sound like yet another republican failing to admit to having lost. If what you say is true, then you have enough interesting stuff to put up a pretty clear blog posting, or better to get published and that would have a real effect on the ability of the rest of us to trust the US as a democracy.
YOU have no clue how the government works, do you?
As we understand it:
x works for Big Notebooks inc in the lobbying department
x gets brought in by "conservative"* politicians with an unlimited mandate to preside over government notebooks committee
x expresses shock at the dangers of "big government" and the inefficiency of career bureaucrats unable to even solve the notebook supply problems
x identifies a need for $700 steel-plated anti-terrorist notebooks for schoolchildren and orders 200million to ensure a supply for the next 20 years
x resigns in a "cocaine body part snorting" scandle the day after becoming eligable for his departmental pension
it turns out that "resigning from the contract would be more expensive than continuing", so the government continues the contract, melting the non-safety standard covers down and selling them at a loss; this is despite the fact that they are the people which make the law
then, after a decent interval of at least 6 hours;
completely unrelated to the previous contract, x gets a directorship in Big Notebooks inc
x retires to the golf course, except for a few drunken days of directorship work once a year.
Please do explain where we have misunderstood, though.
* N.B. Note the quotes. I have no idea what "conservative" actually means, but these guys behave nothing like what the "conservatives" I know describe themselves as.
were later considered statistically questionable. Because they were right their data was re-examined and exonerated. If they'd been wrong.
If they had found something else wrong but weird, that would have been fine too. For example maybe the GPS satellites are slowing down more than people expect, but normally it's not measurable.*
What was wrong was that this turned out to be a bad cable. It's too simple and boring.
That shows that they didn't know that they hadn't taken enough care in setting up the instruments. If they continue without change then their future results are devalued. Maybe it's a new particle; maybe it's a loose cable. Who knows until the Japanse confirm it? By resigning he is saying that that's not an acceptable situation and defending the integrity of the lab. The next guy will not want to make the same mistake and will check twice; twice; at least. maybe twice.
I have no idea if this was the best way to do it but it seems to me a good way.
* probably you are right, this isn't a possible example. Imagine your own example of something really weird that could influence the experiment; I dunno; aliens or whatever.
He fucking did fucking use his fucking home network as you would fucking know if you had just fucking read the fucking article about his fucking post containing fucking lots of use of the fucking word fucking.
If you think education has nothing to do with food then you are the one who needs more.
Forget about advanced education that could get people jobs through which they could afford to buy food. Just think that there are simple systems of irrigation which stabilise soil on steep slopes whilst conserving water. These systems are not obvious and have to be taught. Just think that a knowledge of climate and even to some extent climate change together with the value and risk of different crops allows farmers to diversify so that in exceptionally bad years they still have enough to eat.
In order to undersand the risks of fertilizers, for example, you should really have a good understanding of micronutrients and the ways in which a crop which looks perfect may in fact be nutritionally deficient. You should really have a reasonable grasp of the limitations of scientific knowledge of biochemistry if you want to be able to debate and explain these things with agri-biz representatives. These kind of things are not fully understand even in places with supposedly good educational systems.
The whole point of this is that even when they are trying not to outsource, but when they attempt to buy "made in USA" parts it turns out that lots of stuff being sold to them is actually sourced indirectly from China and made to look like the US parts. Looking at the parts they are examining it's pretty interesting. For example, bit that protect against anti-static discharge; presumably ones where long term stability is critical and breakdowns like the capacitor plague would be a complete pain.
This is pretty difficult because, in the end, nobody can keep all the parts in stock. You have to go to a shop. The shop has to go to a supplier and so on. At any point in that chain there are people who have a good motive to swap out the good component (which can be sold on at US prices or used to make reliable equipment) for a fake component which costs much less.
The free market selects exactly for components which work for some time but fail shortly after the testing period or guarantee period. I'd be interested to see what the effect of European two year guarantees is on the level of fake components in distribution. Probably not enough; you really need at least five years and a government testing lab willing to prove that inadequate components were used to even have a chance of pushing back against this.
Although the number of iPhone apps is amazing, the limited number of apps is the least of Windows phone's problems. With both my Androids and N900 I got most of what I needed and I've always been able to show off to iPhone people if needed. It's worth reading between the lines of Andrew Orlowski's Lumia 700 review. Remember that he's a total Microsoft Fanboi but even so, he often makes pretty perceptive comments such as the ones about fonts. The key thing is to realise that Windows Phone is designed to look good in the shop, but hasn't actually been designed to work. The terrible battery life and design make a phone you can't actually use properly. Think of tiles for example; about 8-10 fit on a screen where normally you would have 20-25 icons. This is great for display and selling where almost no apps have been installed and you are just learning which are which. Five months down the line, when you have 150-200 apps, it suddenly doesn't seem like a good trade off.
This general trade off of actual functionality for things which sell Microsoft products goes on through the design and brings us straight back to the topic; security. For example: your contacts in a Windows Phone are entirely stored on your online service, almost certainly Facebook unless you change it yourself. By design, there's no private place to store contacts you don't want shared. The first question with security is not "is this implementation done right". The real question is "who is this working for". This same user hostile attitude continues through the DRM implemenaton
When Microsoft sets up something equivalent to the Data Liberation Front, then we will be able to talk about Windows Phone as a secure operating system. Not a day before.
that's like saying a serial killer is a hero for showing that you can get away with murder
Firstly if this was a murder it was a failure; more like a pathetic assault using an over-ripe banana. This wouldn't even make a Monty Python sketch.
Secondly; the difference between a "serial killer" and a "war hero sniper" is whether they are attacking people who are a threat to you. Electronic elections are a threat to all humanity so it is always acceptable to attack them. The main thing which makes this a fail is the fact that the party is still able to pretend that the election was not influenced.
Let's say it loud and clear. The only safe and acceptable way to interfere with elections is in an obvious way which ensures that a candidate completely unacceptable to the establishment gets a majority of votes. Bugs bunny if you can't pick. The Green party or the Libertarians if you mess with an American election. Vladimir Putin, for any other country outside Russia; Anna Politkovskaya if you are messing with the Russian elections.
In addition, they cannot just put a note saying "you agree to the contract by buying this", because that violates the contract law requirement of meeting of the minds.
You have a point; however the summary is "it's not as simple as that". This has been tested multiple times in which people rejected Microsoft EULAs. In civilised places like France and some US states, and probably, but there's no real precedent yet, the rest of the European Union, what you said turns out to be true (though exact details are more complicated than that; sometimes it might be that other contracts might be valid). In uncivilised places, such as many other US states and much of the rest of the world, it turns out that, by being bigger than you little people, companies have the right to do exactly what they want when the put out a contract.
As an example, have a look at the recent AT&T contracts which take away your right to class actions. Try sending them a message that you don't agree. See how far that gets you.
For many companies in many situations you are right but there are lots of cases where the grandparent has a point. Look at the way Microsoft does it. They "donate" copies of Microsoft windows. This costs them practically nothing (the marginal cost is e.g. the DVD; nowadays they probably don't even have to provide that, just a sticker) but can be tax-deducted at full value. Further to that, low cost computer installations would often be done with Linux if Windows cost money, so they actually increase their software monopoly by doing it.
The key question, at this point, is what would be the cost of disposal of the blades? Most companies I have seen pay considerable amounts to get rid of old hardware. If that's true in this case it could be even worse than Microsoft. They would not just be stealing the tax-deduction from the tax payer, but also planning to dump the cost of hardware disposal on them when the purchasers finally simply throw away the blades.
This can make sense if the servers have real value and/or if Blizzard or the original vendor, HP, is going to pick up the disposal costs at the end as they should; however, all cases of corporate "generosity" have to be really really carefully looked over. This is a win even for the good/honest companies since it means they get the real credit they deserve rather than being compared with the likes of Microsoft.
I think they had been outsourcing name production to the Celts and the Picts for too long. Once those disappeared or lost interest in that, they no longer knew how to produce any more of their own.
What do you even mean by that? What do you mean by a computer? Most smartphones today are "computers". There are lots of people that need to get delivery addresses but do not need the full functions of a PC. In the old days they could have worked by getting those in the morning on a sheet of paper. Now their competitors all have modern communication devices; if they tried to work in the old way they would not be competitive and would not get any business. For these people a tablet, which could provide them full routing information on a nice display may be perfect. They need a computer but they don't need a PC.
OMG SO EVERYONE SHOULD GET IPADS INSTEAD OF PC's FOR WORK
that is what i see when i read your post..
In that case you need your eyes tested.
..fact: ipad does not replace a pc. get this through your fanboy heads. its not a microsoft conspiracy either. I am a linux user.
A tablet does not replace a PC in many applications (e.g. as a developer's workstation) in just the same way as a PC does not replace a tablet (in e.g. carrying patient's notes or fully mobile work). That doesn't have anything to do with the fact that there are many people who are using tablets for work.
The criticism of my post seems to be based on the idea that the only work people do is software development and being PHBs. Doctors work too; graphic designers, believe it or not, work too; architects and artists work too. For each of those groups, a tablet where you can present information and read a bit of email is actually more valuable for their work most of the time.
To accuse me of being an Apple fanboi (note the spelling), is ridiculous based on my posting record. As a Linux user you should be able to recognise that it is perfectly possible to work without Windows. Something I do every day.
Sorry; one part of your comment I didn't respond to with my other post. I read your original article (considered immoral around here; I took the "rtfa-troll" tag specifically so I could claim to be trolling if someone caught me doing this). You mentioned risk mitigation; I was not convinced by your arguments and they have mostly been answered elsewhere in the comments thread. I will point to some:
There is more risk if the cracker obtains access to your actual device, but that person must have significant forensic skills and software, and extracting the app data might take an inordinately long time
There are specific forensic devices which do this automatically and are available to the kinds of people who run organisations where stolen iPhones end up, not to mention large foreign competitors of the type of people who need and care about password safes and governments. These machines fully automate these attacks.
If you use iCloud for backups or have a strong, secret iTunes backup password, your device backups aren’t vulnerable.
Serious security concerns have been raised against iCloud by people with more security knowledge than myself. Also I am not aware of a serious outside audit with published results. I would not be prepared to accept this statement without much further research and access to Apple's design and implementation information.
If locked, the passcodes used by the iPad 2, third-generation iPad, and iPhone 4S are entirely secure unless the device was jailbroken before being locked.
In my experience, problems such as USB/Wireless etc. etc. exploits have always found ways to work around this security. Could you please give a bit more basis for this belief?
Simply put, good security should be made up of different layers where the failure of one layer will not lead to the others failing. I do not find the general security of iOS to be sufficiently convincing to consider running an insecure password manager on it a good idea.
Thanks for responding. First I'd like to apologise. I tried to make it clear that I don't think you are deliberately trying to mislead. I clearly failed. I'll say it again but more clearly. Nothing I could see in the article you wrote made me think you were acting in anything other than good faith. I think you should have written some things differently, but I do not see this as a deliberate attempt to mislead.
Now this is my understanding of the situation as it is now and why I think your publication should repudiate it's support for 1password:
The aim of a password safe is to increase security. There is a very simple and functional alternative to a password safe; to use the same password on all sites. In that case there is no problem whatsoever with remembering which site has what password (since they are all the same). However, there's a specific change of risk here.
- compromise of one password, e.g. from a network capture, does not compromise all sites
- it is easier to use more secure longer passwords which are harder to guess
+ compromise of the password safe compromises all passwords, even higher security ones which were different
+ compromise of the password safe gives a list of sites for the attacker to attack
+ since the attacker can target only specific sites she is less likely to be discovered
+ a remote compromise of the device can compromise all passwords once one is used rather than just the ones which are used during the time the device is compromised
So a password safe trades one threat; that the user's password for one site will be found from the password from another site; for a different threat; that the user's password safe will give away all of the user's passwords for all sites. When you think about this, it's actually trading a lesser potential damage for a greater one.
That trade off is only acceptable when the chance of the password safe compromise is considerably reduced. Good designs for this are clearly available in open texts. There are multiple elements; all of which were included in programs such as "Password Safe" which are inspiration for most of the modern software of this type. These elements include:
encouraging a strong / long password
using password strengthening
ensuring the use of secure memory
To these elements I would currently add that on a modern system they should probably have additional protection from facilities of the operating system such as fully encrypted disks on Linux or the keychain on iOS and OS X.
Many of the programs listed, including the one recommended by your website, fail to provide these basics. The full implications of this will depend on the user's threat environment and behaviour profile. However, I think it's pretty clear that for many, possibly even most of your readers, using a badly designed password safe will increase their risk over using none at all.
Put simply: the current recommendation on your web site, to use 1passwd, seems to increase your readers risks and does so with no justification since there are better alternatives available which do not do so. Elcomsoft has correctly pointed this out although they have not put it fully clearly. You should be telling your users to migrate from solutions previously suggested by your web site to more secure ones.
Finally, I'd like to address, a little, your point about having no interest here. Firstly your site has published a review suggesting the use of one of the insecure products. Whether you were involved or not, you or your editor should be clearly retracting that recommendation.
Secondly you do get advertising money from security products. I have found several encryption and password related products advertised on your site. I can completely believe that you didn't think of this. It's on the boundary between careless and acceptable
If I connect an ipad to my desktop, windows detects it as an "entertainment device"
That is so pathetic; most people I know with iPads use theirs more for work than entertainment. I can see why Microsoft shills on this site would try to push the "it's just a toy" message, it's one of their arguable points. Doing it at the operating system level, however, is really unprofessional, but most of all desperate.
Yes, Microsoft, we get it. You want everyone to think you need Windows to do work. It's not true and everybody knows it. Try to be more subtle and you might get this into people's unconscious thinking. Point out sensible missing features and you might get people to buy both an iPad and a PC. Do it this openly and you just look out of touch.
The entire threat model for a password safe is that your phone gets stolen. Otherwise a plaintext list of passwords would pretty much do. If the enemy never gets the data then they can never do anything with it even if it isn't encrypted. Oh, and what the others said about bruteforcing.
Slashdot Mirror
What's wrong with stacking multiple layers of deep well ccd's?
Off the top of my head, I have the following questions:
This gamma ray camera from the same institute may be something related? It seems to use Scintilation from a dislocated electron (which gives away path and energy) combined with the point of impact of the gamma ray on a detector plate.
Oh great, now we're going to be overwhelmed with Japanese tourists taking pictures of radioactive things!
Great scene; but it's really funny how the "Japanese tourist" meme has so much died out. We're all Japanese tourists now, with the average teenage girl much more intrusive than they ever were (I never remember a Japanse tourist who wasn't really careful not to get in the way with his camera...the main problem was always the way the waited politely for everybody to be gone making you feel a bit rude for walking through the scene.. ). It's really amazing how they were so much fore runners of modern "western" society (think music players; mobile internet; simple plain furniture etc.). I wonder how many other examples there are like this that we never spot.
The link for "remarkably successful" should have been to Symantek's W32/Induc-A page which describes a virus which attack delphi programmers.
how do you tell if the computer is cheating? Well, you don't need paper to tell if a computer is broken; you just need a reliable QA test. Black-box testing is the heart of modern software quality control. We don't insist that our accounting programs print us a receipt for everything. Why do we trust accounting software, but not voting software?
Black box testing assumes that the software is written by friendly people who make mistakes. It is not able to pick up attacks by hostile programmers. There are real world examples where attempts to put in this kind of back door, have been made and some have been remarkably successful. If you look at the Linux kernel example it was sufficiently well hidden that if they hadn't been spotted by other means they would at most have thought that it was an accidental bug.
These backdoors tend to be triggered by a software state which is extremely unlikely to be reached in black box testing. If you have to go through, for example 10 steps of choosing locations on a touch screen (probably from an effective choice of about 20 locations) you end up having to do 10^20 tests just on the touch screen alone in order to detect a problem (and remember you have to test everything in the same way). This would end up taking longer than the heat death of the universe. Obviously nobody does that.
Security testing is not the same as normal black box testing and even security testing does not pick up this kind of trick; having a full and detailed code audit is a beginning, adding on full source change control is crucial; in the end you must have fully trust worty programmers and engineers for every component of your system, down to and including the ICs that go to make it and still you have to have HR processes monitor them to check that none have been turned.
We didn't send them to the gas chambers, but we were only marginally less cruel than the people we were fighting.
Generally your point is sound. There were also a number of interesting war crimes committed by Allied forces and so on. This statement is going massively too far. As a few random examples: The Germans under the Nazi regime actually took mathematicians (members of the educated classes) and grew lice on them for experiments before starving them to death. They deliberately had babies born in the concentration camp and then denied them access to any milk to test malnutrition and starvation. The treatment of the interned Japanese Americans was terribly unjust but it was nothing close to the acts of Nazi Germany and should not be compared in that way. It stands on it's own as a serious crime; don't undermine that.
If that's the case, I'm sure every park visitor at Disneyworld now has their fingerprints automatically added to an FBI database
They don't need to. Why should they. The FBI just accesses the database when they have a "reasonable suspicion" ("he looked ugly and had a kid with him"). Why go to the cost of keeping your own database when someone else could do that for you and won't have to go cleaning it up of innocent people.
Seeing as Gore had the majority of "hanging Chads", it looked to me that the only fake votes were for Gore and he still lost. They have since switched to paper fill-in the blank ballots so you can't reproduce the experiment with the same equipment anymore.
this is really really interesting stuff. Please don't just post this anon. You sound like yet another republican failing to admit to having lost. If what you say is true, then you have enough interesting stuff to put up a pretty clear blog posting, or better to get published and that would have a real effect on the ability of the rest of us to trust the US as a democracy.
YOU have no clue how the government works, do you?
As we understand it:
then, after a decent interval of at least 6 hours;
Please do explain where we have misunderstood, though.
* N.B. Note the quotes. I have no idea what "conservative" actually means, but these guys behave nothing like what the "conservatives" I know describe themselves as.
As a simplification you are right.
However, if they had found a real effect nobody would have cared. Look at the fact that the first measurments of relativistic deflection of light by gravity
were later considered statistically questionable. Because they were right their data was re-examined and exonerated. If they'd been wrong.
If they had found something else wrong but weird, that would have been fine too. For example maybe the GPS satellites are slowing down more than people expect, but normally it's not measurable.*
What was wrong was that this turned out to be a bad cable. It's too simple and boring.
That shows that they didn't know that they hadn't taken enough care in setting up the instruments. If they continue without change then their future results are devalued. Maybe it's a new particle; maybe it's a loose cable. Who knows until the Japanse confirm it? By resigning he is saying that that's not an acceptable situation and defending the integrity of the lab. The next guy will not want to make the same mistake and will check twice; twice; at least. maybe twice.
I have no idea if this was the best way to do it but it seems to me a good way.
* probably you are right, this isn't a possible example. Imagine your own example of something really weird that could influence the experiment; I dunno; aliens or whatever.
Er; perhaps they were trying to test election strategies, not find out your views?
He fucking did fucking use his fucking home network as you would fucking know if you had just fucking read the fucking article about his fucking post containing fucking lots of use of the fucking word fucking.
First amendment indeed.
If you think education has nothing to do with food then you are the one who needs more.
Forget about advanced education that could get people jobs through which they could afford to buy food. Just think that there are simple systems of irrigation which stabilise soil on steep slopes whilst conserving water. These systems are not obvious and have to be taught. Just think that a knowledge of climate and even to some extent climate change together with the value and risk of different crops allows farmers to diversify so that in exceptionally bad years they still have enough to eat.
In order to undersand the risks of fertilizers, for example, you should really have a good understanding of micronutrients and the ways in which a crop which looks perfect may in fact be nutritionally deficient. You should really have a reasonable grasp of the limitations of scientific knowledge of biochemistry if you want to be able to debate and explain these things with agri-biz representatives. These kind of things are not fully understand even in places with supposedly good educational systems.
The whole point of this is that even when they are trying not to outsource, but when they attempt to buy "made in USA" parts it turns out that lots of stuff being sold to them is actually sourced indirectly from China and made to look like the US parts. Looking at the parts they are examining it's pretty interesting. For example, bit that protect against anti-static discharge; presumably ones where long term stability is critical and breakdowns like the capacitor plague would be a complete pain.
This is pretty difficult because, in the end, nobody can keep all the parts in stock. You have to go to a shop. The shop has to go to a supplier and so on. At any point in that chain there are people who have a good motive to swap out the good component (which can be sold on at US prices or used to make reliable equipment) for a fake component which costs much less.
The free market selects exactly for components which work for some time but fail shortly after the testing period or guarantee period. I'd be interested to see what the effect of European two year guarantees is on the level of fake components in distribution. Probably not enough; you really need at least five years and a government testing lab willing to prove that inadequate components were used to even have a chance of pushing back against this.
Although the number of iPhone apps is amazing, the limited number of apps is the least of Windows phone's problems. With both my Androids and N900 I got most of what I needed and I've always been able to show off to iPhone people if needed. It's worth reading between the lines of Andrew Orlowski's Lumia 700 review. Remember that he's a total Microsoft Fanboi but even so, he often makes pretty perceptive comments such as the ones about fonts. The key thing is to realise that Windows Phone is designed to look good in the shop, but hasn't actually been designed to work. The terrible battery life and design make a phone you can't actually use properly. Think of tiles for example; about 8-10 fit on a screen where normally you would have 20-25 icons. This is great for display and selling where almost no apps have been installed and you are just learning which are which. Five months down the line, when you have 150-200 apps, it suddenly doesn't seem like a good trade off.
This general trade off of actual functionality for things which sell Microsoft products goes on through the design and brings us straight back to the topic; security. For example: your contacts in a Windows Phone are entirely stored on your online service, almost certainly Facebook unless you change it yourself. By design, there's no private place to store contacts you don't want shared. The first question with security is not "is this implementation done right". The real question is "who is this working for". This same user hostile attitude continues through the DRM implemenaton
When Microsoft sets up something equivalent to the Data Liberation Front, then we will be able to talk about Windows Phone as a secure operating system. Not a day before.
that's like saying a serial killer is a hero for showing that you can get away with murder
Firstly if this was a murder it was a failure; more like a pathetic assault using an over-ripe banana. This wouldn't even make a Monty Python sketch.
Secondly; the difference between a "serial killer" and a "war hero sniper" is whether they are attacking people who are a threat to you. Electronic elections are a threat to all humanity so it is always acceptable to attack them. The main thing which makes this a fail is the fact that the party is still able to pretend that the election was not influenced.
Let's say it loud and clear. The only safe and acceptable way to interfere with elections is in an obvious way which ensures that a candidate completely unacceptable to the establishment gets a majority of votes. Bugs bunny if you can't pick. The Green party or the Libertarians if you mess with an American election. Vladimir Putin, for any other country outside Russia; Anna Politkovskaya if you are messing with the Russian elections.
In addition, they cannot just put a note saying "you agree to the contract by buying this", because that violates the contract law requirement of meeting of the minds.
You have a point; however the summary is "it's not as simple as that". This has been tested multiple times in which people rejected Microsoft EULAs. In civilised places like France and some US states, and probably, but there's no real precedent yet, the rest of the European Union, what you said turns out to be true (though exact details are more complicated than that; sometimes it might be that other contracts might be valid). In uncivilised places, such as many other US states and much of the rest of the world, it turns out that, by being bigger than you little people, companies have the right to do exactly what they want when the put out a contract.
As an example, have a look at the recent AT&T contracts which take away your right to class actions. Try sending them a message that you don't agree. See how far that gets you.
For many companies in many situations you are right but there are lots of cases where the grandparent has a point. Look at the way Microsoft does it. They "donate" copies of Microsoft windows. This costs them practically nothing (the marginal cost is e.g. the DVD; nowadays they probably don't even have to provide that, just a sticker) but can be tax-deducted at full value. Further to that, low cost computer installations would often be done with Linux if Windows cost money, so they actually increase their software monopoly by doing it.
The key question, at this point, is what would be the cost of disposal of the blades? Most companies I have seen pay considerable amounts to get rid of old hardware. If that's true in this case it could be even worse than Microsoft. They would not just be stealing the tax-deduction from the tax payer, but also planning to dump the cost of hardware disposal on them when the purchasers finally simply throw away the blades.
This can make sense if the servers have real value and/or if Blizzard or the original vendor, HP, is going to pick up the disposal costs at the end as they should; however, all cases of corporate "generosity" have to be really really carefully looked over. This is a win even for the good/honest companies since it means they get the real credit they deserve rather than being compared with the likes of Microsoft.
I think they had been outsourcing name production to the Celts and the Picts for too long. Once those disappeared or lost interest in that, they no longer knew how to produce any more of their own.
a job that doesn't require a damn computer.
What do you even mean by that? What do you mean by a computer? Most smartphones today are "computers". There are lots of people that need to get delivery addresses but do not need the full functions of a PC. In the old days they could have worked by getting those in the morning on a sheet of paper. Now their competitors all have modern communication devices; if they tried to work in the old way they would not be competitive and would not get any business. For these people a tablet, which could provide them full routing information on a nice display may be perfect. They need a computer but they don't need a PC.
OMG SO EVERYONE SHOULD GET IPADS INSTEAD OF PC's FOR WORK
that is what i see when i read your post..
In that case you need your eyes tested.
..fact: ipad does not replace a pc. get this through your fanboy heads. its not a microsoft conspiracy either. I am a linux user.
A tablet does not replace a PC in many applications (e.g. as a developer's workstation) in just the same way as a PC does not replace a tablet (in e.g. carrying patient's notes or fully mobile work). That doesn't have anything to do with the fact that there are many people who are using tablets for work.
The criticism of my post seems to be based on the idea that the only work people do is software development and being PHBs. Doctors work too; graphic designers, believe it or not, work too; architects and artists work too. For each of those groups, a tablet where you can present information and read a bit of email is actually more valuable for their work most of the time.
To accuse me of being an Apple fanboi (note the spelling), is ridiculous based on my posting record. As a Linux user you should be able to recognise that it is perfectly possible to work without Windows. Something I do every day.
There are specific forensic devices which do this automatically and are available to the kinds of people who run organisations where stolen iPhones end up, not to mention large foreign competitors of the type of people who need and care about password safes and governments. These machines fully automate these attacks.
Serious security concerns have been raised against iCloud by people with more security knowledge than myself. Also I am not aware of a serious outside audit with published results. I would not be prepared to accept this statement without much further research and access to Apple's design and implementation information.
In my experience, problems such as USB/Wireless etc. etc. exploits have always found ways to work around this security. Could you please give a bit more basis for this belief?
Simply put, good security should be made up of different layers where the failure of one layer will not lead to the others failing. I do not find the general security of iOS to be sufficiently convincing to consider running an insecure password manager on it a good idea.
Thanks for responding. First I'd like to apologise. I tried to make it clear that I don't think you are deliberately trying to mislead. I clearly failed. I'll say it again but more clearly. Nothing I could see in the article you wrote made me think you were acting in anything other than good faith. I think you should have written some things differently, but I do not see this as a deliberate attempt to mislead.
Now this is my understanding of the situation as it is now and why I think your publication should repudiate it's support for 1password:
The aim of a password safe is to increase security. There is a very simple and functional alternative to a password safe; to use the same password on all sites. In that case there is no problem whatsoever with remembering which site has what password (since they are all the same). However, there's a specific change of risk here.
So a password safe trades one threat; that the user's password for one site will be found from the password from another site; for a different threat; that the user's password safe will give away all of the user's passwords for all sites. When you think about this, it's actually trading a lesser potential damage for a greater one.
That trade off is only acceptable when the chance of the password safe compromise is considerably reduced. Good designs for this are clearly available in open texts. There are multiple elements; all of which were included in programs such as "Password Safe" which are inspiration for most of the modern software of this type. These elements include:
To these elements I would currently add that on a modern system they should probably have additional protection from facilities of the operating system such as fully encrypted disks on Linux or the keychain on iOS and OS X.
Many of the programs listed, including the one recommended by your website, fail to provide these basics. The full implications of this will depend on the user's threat environment and behaviour profile. However, I think it's pretty clear that for many, possibly even most of your readers, using a badly designed password safe will increase their risk over using none at all.
Put simply: the current recommendation on your web site, to use 1passwd, seems to increase your readers risks and does so with no justification since there are better alternatives available which do not do so. Elcomsoft has correctly pointed this out although they have not put it fully clearly. You should be telling your users to migrate from solutions previously suggested by your web site to more secure ones.
Finally, I'd like to address, a little, your point about having no interest here. Firstly your site has published a review suggesting the use of one of the insecure products. Whether you were involved or not, you or your editor should be clearly retracting that recommendation.
Secondly you do get advertising money from security products. I have found several encryption and password related products advertised on your site. I can completely believe that you didn't think of this. It's on the boundary between careless and acceptable
If I connect an ipad to my desktop, windows detects it as an "entertainment device"
That is so pathetic; most people I know with iPads use theirs more for work than entertainment. I can see why Microsoft shills on this site would try to push the "it's just a toy" message, it's one of their arguable points. Doing it at the operating system level, however, is really unprofessional, but most of all desperate.
Yes, Microsoft, we get it. You want everyone to think you need Windows to do work. It's not true and everybody knows it. Try to be more subtle and you might get this into people's unconscious thinking. Point out sensible missing features and you might get people to buy both an iPad and a PC. Do it this openly and you just look out of touch.
The entire threat model for a password safe is that your phone gets stolen. Otherwise a plaintext list of passwords would pretty much do. If the enemy never gets the data then they can never do anything with it even if it isn't encrypted. Oh, and what the others said about bruteforcing.