Employees with STEM degrees might also believe (incorrectly) that they can do the job without learning anything new, which makes them less useful. Employees without STEM degrees may be less susceptible to this since it's clear to them that they've got a lot to learn.
Not saying this is always the case, but I think it's a factor sometimes.
You mean like the 125 comments so far in this article, from STEM grads insisting that the coursework to earn their degree has prepared them perfectly for any possible situation in the real world? Yeah... about that...
And you trust the cashier making $3 an hour after taxes not to be stealing your controlled substances?
So long as the bags are sealed in the pharmacy and the contents are not noted on the outside, it should be fine.
Should be fine! Because there's no way the security of the stapled paper bag can be subverted (the method pharmacies use to "seal" hand-filled prescriptions). Not to mention the pharmacy won't let your drugs go to someone who doesn't know your DOB.
Great, so let's review: I am giving someone on Uber my DOB, home address, form of payment, telling them what drugs I am on, letting the pharmacy give them random paperwork about me (which might be an insurance form carrying my SSN) AND hoping they dont swap the drugs out for roofies and then come in and steal all my shit while i'm unconscious or simply fill the prescription and tomorrow steal my identity.
Sure, it should be fine, but I think I will trudge to the pharmacy myself, thankyouverymuch.
What the fuck is wrong with modern society? You're not a cunting ER nurse. Whatever the hell you have been asked to do is not that urgent, either for you or for your boss (who couldn't give two shits about you, so take your nose out of there). Grow some cojones.
If you ACTUALLY need to answer calls all the time as part of your job, wear a Bluetooth headset. Then you don't have to rush to your 'phone or speak into your fucking wrist, or whatever you're supposed to do. A ringtone/announcement can indicate the origin/importance of the call. Cost of decent headset: starting around $20.
There, I've just saved you however-many-hundreds-I-assume-this-thing-costs. You're welcome.
How else would I keep up with all the "someone just called you a cunt on slashdot" alerts I get on my phone? Oh, just wear a bluetooth headset around all the time? Good way to not look like a complete fucking toolbag!/sarcasm. No thanks, I would rather throw money at the smartwatch company. If you don't want one, don't buy one. However, the absence of a use case isn't a use case for absence. Or, in case you need it in plain fucking English, there's no fucking way you are smart enough to tell everyone else they don't need one.
I am genuinely baffled at how the embargo is supposed to support US policy interests(either idealistic, cynical, or both); but alleged damages that high do seem to suggest that the "It's pointless, they'll just trade with the EU and BRIC and things" theory is limited at best. I honestly would have expected a smaller effect myself. I just can't fathom why anyone thinks it's a worthwhile plan.
At this point the embargo is there solely for the "I'm right as long as I don't admit I was wrong" effect. In that regard, it is highly effective. The other possible explanation is to serve as a warning to others (i.e. nations with resources we might actually want, such as Bolivia, Venezuela, etc) such that they know any further steps toward socialism would lead to economic disaster even worse that what they have already endured.
I kind of liked the idea of a "smart steering wheel"
If for any reason, the driver takes either of their hands off the wheel, then their paired phone will automatically lock, and they can't place or answer calls when moving, except by using voice commands and a hands-free device.
What good would this be, why not just use the existing method of locking the phone while it's in motion? Or, do you mean to have a way for all other phones in the vehicle to somehow also pair and abide by the steering wheel hand sensor, thereby allowing passengers to text only when the driver is being "safe"? Why not just have a working phone act as a key to the car, which then becomes locked (presumably its the driver's phone) and therefore who ever isnt the driver has a working phone still? Better yet, have electronic "driving gloves" in the car that are required to have hands firmly in them in order for the engine to run, which will naturally stop the user from being able to operate a touchscreen while driving (unless they have a blackberry or happen to be Bennett Hasselton, two punishments worth more than the crime of texting while driving anyway.)
The unfortunate thing is that drivers have a really endless list of dangerous shit they can do behind the wheel (ghost riding the whip, anyone?) and passengers do, too (watch any given episode of tosh.0 for hints) so bending over backwards to stop serial texters is probably not worth the trouble. Give cops good ways to spot and cite it, let the offenders get penalized, and if they dont stop then take their license away. Pretty simple, really. Alcohol, at least, has a chemically addictive component that isn't easily forsaken which calls for more specific punishment to encourage rehabilitation. Texting and driving is perhaps only rehabilitated if you take away the offender's friends.
LOL, true. We were talking about this at work. I'm far from an Apple hater. I bought a first-gen iPod and loved it, along with some later generations. I've had two iPhones (though now am on my second Android). I'm on my 4th Mac. I have Kindle tablets but admit that the iPad is a very nice machine.
With that said, it is hard for me to imagine why I would want - price aside - another device on my wrist that does a subset of the thing in my pocket. If the watch were useful away from the phone, I could see some applications. But as is? The uses are contrived and niche.
If you're like a lot of people, you carry a backpack/computer case with you on a regular basis. Keeping your phone safely inside that bag for most circumstances would be a benefit, freeing your pockets of the burden. You could still receive/triage incoming communications while the phone was tucked away. "Nearby" for a well designed bluetooth transceiver is 30-45 feet which is enough to keep you from having to unsheathe your phone in most circumstances. If you're worried about EIRP from carrying a phone on your body, this is a clear win for the smartwatch (assuming the watch is good about TX power management).
Not until the health/life insurance companies start offering incentives to wear and heed a smartwatch's fitness advice. Given the recent findings correlating sitting for extended periods with poor health outcomes (even for those that exercise and have an otherwise "fit" life) , a smartwatch that guided the user to the right level of daily activity could significantly reduce their risk of many chronic diseases later in life and thereby reduce the cost profile for insurers.
Ironically, if you do text and drive, you are likely to become disabled.
How any automated system will know if the phone is used by driver vs passenger is a challenge, I imagine.
They are OK with ignition interlocks that could easily be defeated if a non-inebriated passenger were to provide the breath for analysis. The idea is to put a barrier in front of a known offender, not to properly filter the actions of would-be offenders. One would think that this sort of reform/punishment would be offered in lieu of alternatives (i.e. you can get your license back in half the time, if you agree to have your phone locked/monitored) such that you can opt out, if you want to receive the normal punishment.
I don't know a single cloud provider that would provide that contract. In other lines of work, there would be a third party escrow company. However, with a cloud provider, since decryption would be needed, the only way to provide any assurance is to have some backend appliances that do encryption and are rented, with a paid deposit that once the rental ceases, all keys are wiped. That way, a bankrupt provider would have all their servers sold, but the encryption appliances would be owned by another party. Of course, this may not mean much as it might be a fight wresting the leased items from the bankruptcy trustee, but in theory, it helps put at least a layer in place of protection.
However, I don't know any cloud provider who would spend the time and effort to do this, just because the current system of assuring people that "passwords", "encryption", and "firewalls" is good enough.
If you don't care that the data is "gone for good" then a split encryption system is not needed, just a thorough erasure system (which is where an escrowed sum comes into play, to cover the cost of a third party service performing on-site wiping of all hard drives with customer data in the event of bankruptcy). I also do not know of a single cloud provider that does this today, the cost difference at scale of a cloud solution vs a managed hosting solution is not that great, so a company with truly invaluable data will choose the latter and retain all control. Hopefully one or more all-cloud platforms will come forward with solutions like this in the future.
Then how exactly you want to control it? Artificial heart won't speed up/slow down automatically in response to oxygen needs of your body because it is not controlled by nervous system. Maybe you want wired connection with plug embedded between your ribs? I don't understand why 'wifi' means 'unsecured/unauthenticated wifi' to you.
It seems that considering all the other hurdles, an internal pulse-oximeter and manometer would be an easy feature to build in. No doubt it will have some sort of feedback loop with the body, but perform better when a profile is loaded knowing what to expect (say, extended running vs extended sitting around). To your point about security, the real problem isn't that it is well designed today, but is it considered well designed still in ten years? Wifi protocols have a pretty serious history of security-breaking vulnerabilities discovered after only a few years of use (see WEP and WPA first gen) so it would be good to know that a new organ won't be obsoleted in 10 years and need replaced else it become a security risk.
How would a cloud provider assure customers that their data will remain secure if they go bankrupt or just quit the business?
As of now, if a provider tanks, the servers go to the auction house, and in theory, are blanked. However, in reality, there is no assurance of that, and the buyer will get all data stored free and clear. If they wanted to do a multi-terabyte torrent of a failed bank's account and transaction data, they can, and nothing legally could stop them.
Like, a contract to escrow the cost of the wiping and/or returning of all relevant hardware to the original owner? There are plenty of precedents in contract law to mitigate risk in the case of bankruptcy. Just because you can't think of them doesn't mean they aren't there.
Recently there was this story about NSA guys leaking Tor bugs to devs and suggesting changes to "improve" Tor's design: http://yro.slashdot.org/story/...
I vividly remember that Snowden's documents said that NSA tries to influence Tor's design, being unable to actually break it. This might be a way of doing it: they pretend to be "good guys" and suggest changes that, while removing purely theoretical vulnerabilities, actually open the doors to more serious ones.
I hope Tor developers aren't so foolish to follow those "suggestions".
Of course they aren't documenting their ability to subvert anonymity on Tor. It is probably the most powerful weapon an intelligence agency can wield right now. The rather simple (but un-falsifiable) fact is that with enough relay and exit nodes owned by one entity (and ownership is deliberately un-attributable) you can pretty effectively de-anonymize it by attrition (there are a few protocol weaknesses too, that allow you to leverage a lot of hosts). The only clue an outside observer might have that it is happening is inorganic changes in the network layout (i.e. a lot of nodes going online or offline) signalling a large single controller is at work. Luckily, at least this avenue is covered and you can see via the Tor Metrics portal what is going on across the network, and infer occasional events (like the de-anonymizing attack this past spring).
There's practically no limit to how many places you could build an artificial mountain to force rainfall, and an artificial valley on an artificial plateau for the upper reservoir. And you can get more energy from the same amount of rainfall just by making the plateau taller.
Taking your infrastructure planning cues from SimCity2000 isn't the best way to arrive at practical solutions.
It's called free market: demand sets the price. Suck it up.
Free market requires competition. If you're required to use this specific model there is not competition. That is not the free market. Suck it yourself.
Ahem, free market requires lack of collusion. No one is stopping Casio, et.al from making a competitive product that does the same thing but costs 1/10th as much, except apparently they don't want to bother or are choosing to do it just differently enough that the learning curve is unattractive to prospective buyers. Maybe $150 for an educational product that is well thought out and well supported isn't over the top after all? What's amazing is that there isn't a 1:1 TI-84 clone from AliExpress that sells for $9 shipped (from Hong Kong.) The usually on-the-ball knockoff kings in China who can clone a new model of iPhone in 60 days for 30% of the cost aren't even bothering to go after what is allegedly a hugely profitable product? Something is fishy with the premise here.
Because school districts taxing property owners and buying calculators is so much more efficient than students obtaining their own calculators with that same money.
Who said the students would keep the calculators? The only situation where you MUST HAVE THIS SPECIFIC CALCULATOR is in the classroom. Keep the calculator there! The special calculator stays where people find it worthwhile, everywhere else the rest of us can use a computer like a normal person.
If you're actually going in to a field where having a fancy calculator is useful versus a smartphone you can buy it yourself then. Most of us have absolutely no need for these things beyond the few tests for which they're required.
You are so right. And to any parents who find the problem with this (what problem? wait for it...) I will sell you a TI-84 Simulator for your iPad that perfectly recreates the UI of the calculator that your little snowflake will need to master in order to get into college, and it won't even be that expensive! $49.95 should do the trick. Paypal or bitcoin, thx.
The OBD-II dongles are not a threat until Metasploit module exploiting this overflow or that out of bound write comes out and cars start crashing. OBD of modern cars have been successfully exploited, considering that cars can easily stay on the road 15+ years and automotive industry only now started taking rudimentary first steps to secure it, it will be 20+ years until such dongles will be safe to use for general public.
The AT&T telematics system (that the Progressive Snapshot system runs on) is internal to AT&T and there have been no credible threats to its integrity. Does that mean it's totally secure? Of course not. But your hand-waving of "oh someone will just start pwning them with metasploit! and then you will see!!!!11" is completely uncalled for and uninformed. You might as well suggest that drivers' cellphones that get "hacked" can then "hack into" the Bluetooth interface on late model cars and totally "hack the brakes!!!" and make them refuse to operate.
Well, not to waste this comment, gonna plug for Diceware as a nice freely available ~7k word dictionary organised for passphrase generation. Oh yeah, and it doesn't contain "refined", still.
The Diceware method is a good process it makes me uncomfortable to use a nice preformatted set of words to make a passphrase out of. Attackers could build a rainbow table pretty easily (and we know not enough people salt their database hashes) with a few PB of disk space. Why not make new Diceware lists from less common words, and change it every so often? It would require the same process but offer a lot more entropy.
Also w.r.t. your earlier claims about the top 5000 words, check that list again (you no doubt used the one from http://www.wordfrequency.info/...) there are only actually 4352 words in that list, it contains duplicates due to homographs.
All that ranting just because he could not get new phone *immediately*. What is wrong with this guy?
It's even a phone he admittedly hates. For fucks sake, he should have listened to the sign from God and just bought an iPhone (which they no doubt have in stock) so he can complain about *real* phone problems.
(the authors of the article, who make about $3500 a pop selling reflashed phones to paranoid rich guys who do business in Asia, didn't seem to have a hard time finding such towers and making the hasty connection to China),
FTFY. And yes, these are US DoD towers used to prevent leaks of classified info and do other counterespionage monitoring.
What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases.
The summary says...
Many of them are built around U.S. military bases.
Way to slant the summary to make it look like Chinese towers rather than our towers.
Considering that data exfiltration via 4G networks can be fast and run from nearly anywhere, it's not surprising at all that military installations (probably ones with secrets to keep) use these towers as a way to know exactly what's going in/out of their territory. It sure beats something as on-the-nose as simply using RF interference to block all calls/texts/data. They can catch would-be espionage spies in the act and probably even ID who sent them.
"refineddisplayparcelsuited" is not a common phrase, and this isn't Master Mind where the attacker gets hints when he correctly selects part of the password.
I love how we spend so much time picking passwords that are hard for people to guess-- or remember-- when computer programs can only be written in a practical matter to try the most common dictionary words or "hunter2"-type passwords. Past that, it's all brute force whether you used "j$b01[BaP*@" or "refineddisplayparcelsuited" because the program has no idea how much of the character set your password used until it's been cracked.
Except guessing at strings of words is trivial if they are in the dictionary.
refined display parcel suited are 4 common words. I could write a tool to attack that very quickly, starting with the most common words arranged in 2,3,4 sets.
It's simple, get control of a domain and you can redirect all email. Redirect all email and you can reset passwords without needing to ever worry about the actual mailbox password (which is probably stronger than the registrar password but obviously is just as important).
Really? You are going with the "blaming the victim" route?
How about this one. There are probably over 100 websites that have store my credit card information in their own proprietary system because every company seems to have "not developed here" syndrome, and making each uname/password combo is very difficult without some easy to guess alto, or even remembering where accounts might have been created already. And on top of that, nobody has any clue who was affected or how they were affected because the only group claiming to have any idea what happened has refused to divulge that information, giving the hackers free reign to continue to exploit vulnerabilities no matter how users respond.
So any attempt at blaming users seems awfully idiotic in the face of everything else.
How many companies actually mandate saving a credit card within the account though? Almost all of them that I use (although not most of them by default) allow payment via a nonsaved credit card, so an attacker can't do anything nefarious after gaining access to the account. It does require more effort though. But yes, to your point it is silly to blame the user when clearly the actual mistake was made by the site that lost the credentials through bad security management. I will however raise you one more. JP Morgan Chase spends $200 million dollars a year *just on computer security*. And they still lost data. We need to move beyond a blame the victim (be they the user or the site manager) to a point where we account for the inevitability of data loss.
Slashdot Mirror
Employees with STEM degrees might also believe (incorrectly) that they can do the job without learning anything new, which makes them less useful. Employees without STEM degrees may be less susceptible to this since it's clear to them that they've got a lot to learn.
Not saying this is always the case, but I think it's a factor sometimes.
You mean like the 125 comments so far in this article, from STEM grads insisting that the coursework to earn their degree has prepared them perfectly for any possible situation in the real world? Yeah... about that...
And you trust the cashier making $3 an hour after taxes not to be stealing your controlled substances?
So long as the bags are sealed in the pharmacy and the contents are not noted on the outside, it should be fine.
Should be fine! Because there's no way the security of the stapled paper bag can be subverted (the method pharmacies use to "seal" hand-filled prescriptions). Not to mention the pharmacy won't let your drugs go to someone who doesn't know your DOB.
Great, so let's review: I am giving someone on Uber my DOB, home address, form of payment, telling them what drugs I am on, letting the pharmacy give them random paperwork about me (which might be an insurance form carrying my SSN) AND hoping they dont swap the drugs out for roofies and then come in and steal all my shit while i'm unconscious or simply fill the prescription and tomorrow steal my identity.
Sure, it should be fine, but I think I will trudge to the pharmacy myself, thankyouverymuch.
triage incoming communications
What the fuck is wrong with modern society? You're not a cunting ER nurse. Whatever the hell you have been asked to do is not that urgent, either for you or for your boss (who couldn't give two shits about you, so take your nose out of there). Grow some cojones.
If you ACTUALLY need to answer calls all the time as part of your job, wear a Bluetooth headset. Then you don't have to rush to your 'phone or speak into your fucking wrist, or whatever you're supposed to do. A ringtone/announcement can indicate the origin/importance of the call. Cost of decent headset: starting around $20.
There, I've just saved you however-many-hundreds-I-assume-this-thing-costs. You're welcome.
How else would I keep up with all the "someone just called you a cunt on slashdot" alerts I get on my phone? Oh, just wear a bluetooth headset around all the time? Good way to not look like a complete fucking toolbag! /sarcasm. No thanks, I would rather throw money at the smartwatch company. If you don't want one, don't buy one. However, the absence of a use case isn't a use case for absence. Or, in case you need it in plain fucking English, there's no fucking way you are smart enough to tell everyone else they don't need one.
I am genuinely baffled at how the embargo is supposed to support US policy interests(either idealistic, cynical, or both); but alleged damages that high do seem to suggest that the "It's pointless, they'll just trade with the EU and BRIC and things" theory is limited at best. I honestly would have expected a smaller effect myself. I just can't fathom why anyone thinks it's a worthwhile plan.
At this point the embargo is there solely for the "I'm right as long as I don't admit I was wrong" effect. In that regard, it is highly effective. The other possible explanation is to serve as a warning to others (i.e. nations with resources we might actually want, such as Bolivia, Venezuela, etc) such that they know any further steps toward socialism would lead to economic disaster even worse that what they have already endured.
So you wouldn't use a device that helps you avoid unhealthy behavior, just out of spite against the insurance companies?
Sure I would (I do already, actually, regardless of financial incentives) but this isn't about me.
I kind of liked the idea of a "smart steering wheel"
If for any reason, the driver takes either of their hands off the wheel, then their paired phone will automatically lock, and they can't place or answer calls when moving,
except by using voice commands and a hands-free device.
What good would this be, why not just use the existing method of locking the phone while it's in motion? Or, do you mean to have a way for all other phones in the vehicle to somehow also pair and abide by the steering wheel hand sensor, thereby allowing passengers to text only when the driver is being "safe"? Why not just have a working phone act as a key to the car, which then becomes locked (presumably its the driver's phone) and therefore who ever isnt the driver has a working phone still? Better yet, have electronic "driving gloves" in the car that are required to have hands firmly in them in order for the engine to run, which will naturally stop the user from being able to operate a touchscreen while driving (unless they have a blackberry or happen to be Bennett Hasselton, two punishments worth more than the crime of texting while driving anyway.)
The unfortunate thing is that drivers have a really endless list of dangerous shit they can do behind the wheel (ghost riding the whip, anyone?) and passengers do, too (watch any given episode of tosh.0 for hints) so bending over backwards to stop serial texters is probably not worth the trouble. Give cops good ways to spot and cite it, let the offenders get penalized, and if they dont stop then take their license away. Pretty simple, really. Alcohol, at least, has a chemically addictive component that isn't easily forsaken which calls for more specific punishment to encourage rehabilitation. Texting and driving is perhaps only rehabilitated if you take away the offender's friends.
LOL, true. We were talking about this at work. I'm far from an Apple hater. I bought a first-gen iPod and loved it, along with some later generations. I've had two iPhones (though now am on my second Android). I'm on my 4th Mac. I have Kindle tablets but admit that the iPad is a very nice machine.
With that said, it is hard for me to imagine why I would want - price aside - another device on my wrist that does a subset of the thing in my pocket. If the watch were useful away from the phone, I could see some applications. But as is? The uses are contrived and niche.
If you're like a lot of people, you carry a backpack/computer case with you on a regular basis. Keeping your phone safely inside that bag for most circumstances would be a benefit, freeing your pockets of the burden. You could still receive/triage incoming communications while the phone was tucked away. "Nearby" for a well designed bluetooth transceiver is 30-45 feet which is enough to keep you from having to unsheathe your phone in most circumstances. If you're worried about EIRP from carrying a phone on your body, this is a clear win for the smartwatch (assuming the watch is good about TX power management).
Not until the health/life insurance companies start offering incentives to wear and heed a smartwatch's fitness advice. Given the recent findings correlating sitting for extended periods with poor health outcomes (even for those that exercise and have an otherwise "fit" life) , a smartwatch that guided the user to the right level of daily activity could significantly reduce their risk of many chronic diseases later in life and thereby reduce the cost profile for insurers.
Ironically, if you do text and drive, you are likely to become disabled.
How any automated system will know if the phone is used by driver vs passenger is a challenge, I imagine.
They are OK with ignition interlocks that could easily be defeated if a non-inebriated passenger were to provide the breath for analysis. The idea is to put a barrier in front of a known offender, not to properly filter the actions of would-be offenders. One would think that this sort of reform/punishment would be offered in lieu of alternatives (i.e. you can get your license back in half the time, if you agree to have your phone locked/monitored) such that you can opt out, if you want to receive the normal punishment.
I don't know a single cloud provider that would provide that contract. In other lines of work, there would be a third party escrow company. However, with a cloud provider, since decryption would be needed, the only way to provide any assurance is to have some backend appliances that do encryption and are rented, with a paid deposit that once the rental ceases, all keys are wiped. That way, a bankrupt provider would have all their servers sold, but the encryption appliances would be owned by another party. Of course, this may not mean much as it might be a fight wresting the leased items from the bankruptcy trustee, but in theory, it helps put at least a layer in place of protection.
However, I don't know any cloud provider who would spend the time and effort to do this, just because the current system of assuring people that "passwords", "encryption", and "firewalls" is good enough.
If you don't care that the data is "gone for good" then a split encryption system is not needed, just a thorough erasure system (which is where an escrowed sum comes into play, to cover the cost of a third party service performing on-site wiping of all hard drives with customer data in the event of bankruptcy). I also do not know of a single cloud provider that does this today, the cost difference at scale of a cloud solution vs a managed hosting solution is not that great, so a company with truly invaluable data will choose the latter and retain all control. Hopefully one or more all-cloud platforms will come forward with solutions like this in the future.
Then how exactly you want to control it? Artificial heart won't speed up/slow down automatically in response to oxygen needs of your body because it is not controlled by nervous system. Maybe you want wired connection with plug embedded between your ribs? I don't understand why 'wifi' means 'unsecured/unauthenticated wifi' to you.
It seems that considering all the other hurdles, an internal pulse-oximeter and manometer would be an easy feature to build in. No doubt it will have some sort of feedback loop with the body, but perform better when a profile is loaded knowing what to expect (say, extended running vs extended sitting around). To your point about security, the real problem isn't that it is well designed today, but is it considered well designed still in ten years? Wifi protocols have a pretty serious history of security-breaking vulnerabilities discovered after only a few years of use (see WEP and WPA first gen) so it would be good to know that a new organ won't be obsoleted in 10 years and need replaced else it become a security risk.
How would a cloud provider assure customers that their data will remain secure if they go bankrupt or just quit the business?
As of now, if a provider tanks, the servers go to the auction house, and in theory, are blanked. However, in reality, there is no assurance of that, and the buyer will get all data stored free and clear. If they wanted to do a multi-terabyte torrent of a failed bank's account and transaction data, they can, and nothing legally could stop them.
Like, a contract to escrow the cost of the wiping and/or returning of all relevant hardware to the original owner? There are plenty of precedents in contract law to mitigate risk in the case of bankruptcy. Just because you can't think of them doesn't mean they aren't there.
Recently there was this story about NSA guys leaking Tor bugs to devs and suggesting changes to "improve" Tor's design:
http://yro.slashdot.org/story/...
I vividly remember that Snowden's documents said that NSA tries to influence Tor's design, being unable to actually break it. This might be a way of doing it: they pretend to be "good guys" and suggest changes that, while removing purely theoretical vulnerabilities, actually open the doors to more serious ones.
I hope Tor developers aren't so foolish to follow those "suggestions".
Of course they aren't documenting their ability to subvert anonymity on Tor. It is probably the most powerful weapon an intelligence agency can wield right now. The rather simple (but un-falsifiable) fact is that with enough relay and exit nodes owned by one entity (and ownership is deliberately un-attributable) you can pretty effectively de-anonymize it by attrition (there are a few protocol weaknesses too, that allow you to leverage a lot of hosts). The only clue an outside observer might have that it is happening is inorganic changes in the network layout (i.e. a lot of nodes going online or offline) signalling a large single controller is at work. Luckily, at least this avenue is covered and you can see via the Tor Metrics portal what is going on across the network, and infer occasional events (like the de-anonymizing attack this past spring).
There's practically no limit to how many places you could build an artificial mountain to force rainfall, and an artificial valley on an artificial plateau for the upper reservoir. And you can get more energy from the same amount of rainfall just by making the plateau taller.
Taking your infrastructure planning cues from SimCity2000 isn't the best way to arrive at practical solutions.
It's called free market: demand sets the price. Suck it up.
Free market requires competition. If you're required to use this specific model there is not competition. That is not the free market. Suck it yourself.
Ahem, free market requires lack of collusion. No one is stopping Casio, et.al from making a competitive product that does the same thing but costs 1/10th as much, except apparently they don't want to bother or are choosing to do it just differently enough that the learning curve is unattractive to prospective buyers. Maybe $150 for an educational product that is well thought out and well supported isn't over the top after all? What's amazing is that there isn't a 1:1 TI-84 clone from AliExpress that sells for $9 shipped (from Hong Kong.) The usually on-the-ball knockoff kings in China who can clone a new model of iPhone in 60 days for 30% of the cost aren't even bothering to go after what is allegedly a hugely profitable product? Something is fishy with the premise here.
Because school districts taxing property owners and buying calculators is so much more efficient than students obtaining their own calculators with that same money.
Who said the students would keep the calculators? The only situation where you MUST HAVE THIS SPECIFIC CALCULATOR is in the classroom. Keep the calculator there! The special calculator stays where people find it worthwhile, everywhere else the rest of us can use a computer like a normal person.
If you're actually going in to a field where having a fancy calculator is useful versus a smartphone you can buy it yourself then. Most of us have absolutely no need for these things beyond the few tests for which they're required.
You are so right. And to any parents who find the problem with this (what problem? wait for it...) I will sell you a TI-84 Simulator for your iPad that perfectly recreates the UI of the calculator that your little snowflake will need to master in order to get into college, and it won't even be that expensive! $49.95 should do the trick. Paypal or bitcoin, thx.
The OBD-II dongles are not a threat until Metasploit module exploiting this overflow or that out of bound write comes out and cars start crashing. OBD of modern cars have been successfully exploited, considering that cars can easily stay on the road 15+ years and automotive industry only now started taking rudimentary first steps to secure it, it will be 20+ years until such dongles will be safe to use for general public.
The AT&T telematics system (that the Progressive Snapshot system runs on) is internal to AT&T and there have been no credible threats to its integrity. Does that mean it's totally secure? Of course not. But your hand-waving of "oh someone will just start pwning them with metasploit! and then you will see!!!!11" is completely uncalled for and uninformed. You might as well suggest that drivers' cellphones that get "hacked" can then "hack into" the Bluetooth interface on late model cars and totally "hack the brakes!!!" and make them refuse to operate.
I meant log2(5000^4), of course.
Well, not to waste this comment, gonna plug for Diceware as a nice freely available ~7k word dictionary organised for passphrase generation. Oh yeah, and it doesn't contain "refined", still.
The Diceware method is a good process it makes me uncomfortable to use a nice preformatted set of words to make a passphrase out of. Attackers could build a rainbow table pretty easily (and we know not enough people salt their database hashes) with a few PB of disk space. Why not make new Diceware lists from less common words, and change it every so often? It would require the same process but offer a lot more entropy.
Also w.r.t. your earlier claims about the top 5000 words, check that list again (you no doubt used the one from http://www.wordfrequency.info/...) there are only actually 4352 words in that list, it contains duplicates due to homographs.
All that ranting just because he could not get new phone *immediately*. What is wrong with this guy?
It's even a phone he admittedly hates. For fucks sake, he should have listened to the sign from God and just bought an iPhone (which they no doubt have in stock) so he can complain about *real* phone problems.
(the authors of the article, who make about $3500 a pop selling reflashed phones to paranoid rich guys who do business in Asia, didn't seem to have a hard time finding such towers and making the hasty connection to China),
FTFY. And yes, these are US DoD towers used to prevent leaks of classified info and do other counterespionage monitoring.
The article says ...
What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases.
The summary says ...
Many of them are built around U.S. military bases.
Way to slant the summary to make it look like Chinese towers rather than our towers.
Considering that data exfiltration via 4G networks can be fast and run from nearly anywhere, it's not surprising at all that military installations (probably ones with secrets to keep) use these towers as a way to know exactly what's going in/out of their territory. It sure beats something as on-the-nose as simply using RF interference to block all calls/texts/data. They can catch would-be espionage spies in the act and probably even ID who sent them.
"refineddisplayparcelsuited" is not a common phrase, and this isn't Master Mind where the attacker gets hints when he correctly selects part of the password.
I love how we spend so much time picking passwords that are hard for people to guess-- or remember-- when computer programs can only be written in a practical matter to try the most common dictionary words or "hunter2"-type passwords. Past that, it's all brute force whether you used "j$b01[BaP*@" or "refineddisplayparcelsuited" because the program has no idea how much of the character set your password used until it's been cracked.
Except guessing at strings of words is trivial if they are in the dictionary.
refined display parcel suited are 4 common words. I could write a tool to attack that very quickly, starting with the most common words arranged in 2,3,4 sets.
correcthorsebatterystaple
22f0ebce1cbb13f9b9ea8ad40442c1852932156c
thanks sha1sum
It's simple, get control of a domain and you can redirect all email. Redirect all email and you can reset passwords without needing to ever worry about the actual mailbox password (which is probably stronger than the registrar password but obviously is just as important).
Exhibit A, in which this exact scenario happened:
https://medium.com/p/24eb09e02...
Really? You are going with the "blaming the victim" route?
How about this one. There are probably over 100 websites that have store my credit card information in their own proprietary system because every company seems to have "not developed here" syndrome, and making each uname/password combo is very difficult without some easy to guess alto, or even remembering where accounts might have been created already. And on top of that, nobody has any clue who was affected or how they were affected because the only group claiming to have any idea what happened has refused to divulge that information, giving the hackers free reign to continue to exploit vulnerabilities no matter how users respond.
So any attempt at blaming users seems awfully idiotic in the face of everything else.
How many companies actually mandate saving a credit card within the account though? Almost all of them that I use (although not most of them by default) allow payment via a nonsaved credit card, so an attacker can't do anything nefarious after gaining access to the account. It does require more effort though. But yes, to your point it is silly to blame the user when clearly the actual mistake was made by the site that lost the credentials through bad security management. I will however raise you one more. JP Morgan Chase spends $200 million dollars a year *just on computer security*. And they still lost data. We need to move beyond a blame the victim (be they the user or the site manager) to a point where we account for the inevitability of data loss.