True, but they were more expensive, and junkyards aren't filled with disused plastic drums nearly as much as metal. As well, we were worried that the bright colors of most of those would attract attention... we wanted it to quietly float down the river and off into the sunset, not attract seven different varieties of law enforcement thinking it was some kind of bomb. -_- We spray painted a smiley face on it... so you know, if anyone did find it, maybe they wouldn't immediately assume it was full of evil... or if the repo company caught up with it to have a good laugh (or profane tirade... we were cool with either).:3
Well, you're answering your own question, aren't you? They believe, or at least this one guy does, they should convince their customers that this data is safe with them, in order to maximize the shareholder profits.
You're making an extraordinary claim there; Namely, that customers care that their data is safe. The evidence does not support this claim. Look at almost any of the major data breaches of the past year. Companies that specialize in damage control, spin, brand identity, and business reputation repair services will tell you that profits are only adversely affected for a few months after a data breach is made known to the public. This suggests that privacy-invasive practices only become harmful to profit margins (a) for a short period of time and (b) when major news agencies report it.
Nobody reads the EULA. Nobody investigates companies and makes purchasing decisions based on their privacy policies. These types of people are as mythical as unicorns -- the one or two guys who will respond to this post claiming they are the said unicorns notwithstanding, the general public just doesn't care.
Which means selling personal data is a long term investment with a low risk over a timescale of years. As long as your company doesn't do anything substantially different than others in your industry, the envelope can be slowly and collectively pushed outwards and upwards.
One reason car companies collect this data is to steal the car back from you (repossess it) in the event of non-payment. The GPS tracking is often turned over to the Repo operators when they need to go steal your car back.
True. And it works because of the incredibly low level of understanding about modern technology. Anyone with a wire cutter, soldering iron, and a few long runs of wire can thoroughly disable such a system. It's usually just a box wired directly to the battery and has a relay in series with the ignition. Cut the power leads and solder a wire to bridge the relay and you're done. Total time: 10 minutes. For bonus points, buy a deep cycle marine battery, a 50 gallon drum, and throw the result inside then seal it up and drop it off in the nearest river. It'll happily chirp it's location as it floats nine states away and off into the ocean.
But then, I was feeling really bitchy when I helped a friend do this...
The same way it does for used software or used computers.
I seriously doubt that any original owner agreements would be binding.
Use of the product constitutes acceptance of its terms.
in fact, 'ford' won't know who the current owner is, only the dealer-based buyer's identity. the gov will know (due to registration and tags) though.
GPS tracking. Publicly-searchable vehicle titles. Carfax. Onstar with continuous connectivity to at least one major cellular network at all times. Yeah... no way at all Ford could know who the current owner is.
I just wanted to point out that even when they would prefer not to hand over the data -
What incentive, exactly, do you think they have for such a preference? As a publicly-traded company they have an obligation to maximize shareholder profits. You need to make a compelling case for having such a preference if it isn't specifically laid out in the mission statement. As far as the bean counters are concerned, your personal data being sold off means more revenue, the end. Ethics? Profit.
So this ends up being another needless law that requires companies to to extensive work reporting something that the bad guys have already found a way around.
It didn't start out that way. There were punishment clauses and a mandate to create an independent body to review the companies being reported to ensure they weren't just laundering fronts. But then Republican happened and it was defanged and defunded.
This is hardly news. Mediation is typically always strongly recommended by the judge prior to trial. Either party refusing to attend would make them look bad in the judge's eyes. So whether or not they actually think it is worthwhile, they both attend. And then there is no resolution. And then the trial goes ahead as planned.
It's not news, it's Dice Holdings, Inc. News for Consumers -- Stuff That Sells.
Customers don't generally report casual breakdowns, for example. Also, habit trends can help with designing newer models. You'll always get a better picture of your customers' habits with transparent metrics.
Let's not forget that a complete history of your driving habits can be sold to third parties for a nice profit. Oh, did I mention by third parties I mean anyone, ever? You don't need a search warrant... just pay the $5 to get a complete "enhanced driver profile". I know what you're thinking: Aren't there laws against this? Maybe, but you agreed to let them do whatever they want when you turned the key and drove it off the lot; says so in the small print.
When you run a Vehicle Health Report, Ford Motor Company may collect your cell phone number (to process your report request) and diagnostic information about your vehicle. Certain versions or updates to Vehicle Health Report may also collect additional vehicle information. Ford may use the vehicle information it collects, as well as information regarding individual access to Vehicle Health Reports at www.syncmyride.com for any purpose.
Well, until they show up with an NSL, in which case we'll supply the data forthwith. But don't worry, we'll still have to maintain we really don't.
NSL? Dude, why does everyone think it takes super secret letters from the government to get a corporation to whore on your personal data? I wasn't joking when I said cars these days have EULAs. To quote Ford's EULA covering this particular feature: Ford may use the vehicle information it collects, as well as information regarding individual access to Vehicle Health Reports at www.syncmyride.com for any purpose.
Fired, CEO, def.: To be given a bonus. To be handed large amounts of money. Given an early retirement with free company-provided yachts.
Fired, you, def.: To be fucked. Screwed. Rendered destitute. Forced to sell everything of value and told you are a drain on the resources of society. --
No matter how badly a CEO fucks up, they still get a "punishment" that's far in excess of any reward you'll likely get for your entire career, no matter how big the contribution.
Yes, and we should shame Grandma because she can't afford to plop down several grand on a Windows 8 license, new computer, and internet connection on her fixed income which barely pays for her medications and food. That seems legit.
Hey, asshole -- here's the reality: Most of those "zombie" machines aren't because Grandma is being a bitch, but because Microsoft and other vendors are. It's called forced obsolescence. I can still drive a Model T on the highway; the infrastructure hasn't changed. Computers can be designed in such a way that they can be used for decades before needing replacement. But they aren't, because it's not as profitable as screwing people over with mandatory upgrades every few years. We may be IT people who like to live on the bleeding edge, but extending that mentality to the general public is just a dick move that shows how out of touch you are with reality. The reality is it's our responsibility to design systems that can be maintained for long periods of time -- there's no reason why XP can't continue to have security patches on it.
Look at Linux: It hasn't bloated up to need a billion gigs of RAM and 9 trillion teraquads of quantum processors. It's requirements have pretty much remained constant for the past decade... and security patches are retroactively added for many years. There's no Linux XP, Linux 2003, Linux 8... there's just. fucking. Linux.
If a bunch of nerds in their mom's basement can maintain an operating system and keep it secure and up to date for decades at a go, why can't one of the biggest companies on the planet with billions in revenue manage to support their own products for more than the time it takes to say "Mandatory online activation"? Simple answer: Because we let them get away with it... because fuck Grandma. She should pony up for the latest and greatest like the rest of us! Yeah. -_-
And you both need to get over it. English has only descriptive dictionaries not prescriptive ones, anyone can assign any meaning to a word they like.
The english language is not Fortran, where we should just redefine the value of four because we thought it'd be hip and cool. Language only works when people agree on what the words mean. So yes, anyone can assign any meaning to a word... but everyone else will (rightly) look at them as a dumb bastard who should be beaten to death slowly with a dictionary... and possibly the Chicago Style Manual too, because beating knowledge into people is a time-honored tradition amongst people who feel their IQ points slowly draining away everytime someone says something stupid on the internet and thinks it's actually half-way intelligent.
^this, many analogies in science are made to give a layperson a general/basic understanding of the concepts at work. They were never meant to be or expected to be working mathematical models.
But how can we claim to be more smarter than the next person if we can't take a useful analogy and utterly destroy it by being overly pedantic?
The main way in which we acquire new knowledge is by relating it to old knowledge. We introduce concepts progressively, building on primitives and emerging with complex models. Geometry can be reduced to a finite set of axioms (with an optional postulate) yet results in a near-infinite number of complex interactions. When we describe how computers work, we discuss in terms of layers of abstraction, from transistors and resistors, to APIs and data flows.
Yet at every level and skill level, I can find people who scoff at those who continue to conceptualize things based on a earlier or lower level of abstraction. These people are what I call petty intellectuals: They aren't actually smart or gifted, they just read a lot of books and memorized a bunch of shit, and think this makes them "better" than others. The truly gifted will make you feel like you, too, can be gifted. This is the real lesson out of this article -- people who pick apart analogies for being "wrong" are usually simple-minded folk of average to below-average intelligence who desperately want to be "better" than you.
The rubber sheet analogy works because it gives us a way to visualize a natural phenomenon; Not everyone has an aptitude for complex math, or the patience for it. The essentials of the theory of relativity can be relayed without resorting to complex math -- ie, describing space time as a "rubber sheet". It may not be as accurate, but accuracy is not the goal: Understanding is. It is also why we talk about "strings" in string theory, despite them having not much to do with a ball of yarn. It's why Heisenburg's black cat is forever dying in internet memes. It's why quarks have some rather strange names... owing to leading a decidely charmed existance. Communicating concepts and relationships is what analogies are good for: They build a foundation for later learning to be given context and meaning.
This is not a small problem in the scientific community either: Richard Feynman was laughed at for years for Feynman diagrams. He was told in no uncertain terms that visualizing these complex interactions couldn't be done, shouldn't be done, and was an abomination and a sin against those who practiced "proper" science. It wasn't supposed to be simple, dammit.
Today, the Feyman diagram is one of the most recognizable images in quantum physics. The pedantics lost... but it was a bitter fight.
A 'virtual model' equates to 'proof-of-concept'? Since when?
Since anyone familiar with the amount of regulations governing the production of gasoline engines will tell you that the ability to innovate in any capacity requires billions of dollars, at least in this country. And this is no accident: The incumbent automobile manufacturers do not want innovation. They want to provide the same incrementally better cars year after year, at incrementally higher prices... creating a predictable and reliable revenue stream.
This guy is talking about a radical advancement in the industry that would make every other manufacturer of gasoline engines look like they were Model Ts. Naturally... this is not something that can be taken to the prototype stage without violating about a hundred federal laws. Yes, indeed... attempting to be an inventor in this country can result in felony convictions and prison time. Several people who have built turbine engines out of rebuilt turbochargers and other hobbyists have found themselves facing investigation by the FBI and BATF for building "weapons of mass destruction" -- since, by definition, an engine is powered by controlled explosions. Yes, it's stupid logic. Were you expecting intelligence from your corporate overlords?
So yes... a virtual model is a proof of concept.. since building the real thing requires an army of lawyers and expensive certification to even build a lab. And in any event, the computer models are quite robust. Every car designed in the past ten years was designed first by computer, validated by computer, and then assembled as a prototype... and these prototypes have rarely failed. The physics is well understood and can be modelled to a high degree of accuracy.
What never ceases to amaze me is the intolerance of people who claim they are tolerant and liberal. Snowden is a classic example of the combination of a bias blind spot and confirmation bias. They made up their minds about Snowden and no amount of contradictory information about him will make him any less of a hero to him. He could, infact, have fucked children and been a filthy pedo (to borrow your +5, Insightful words), and still be venerated as a patriot. We laugh when the religious do this, and call them backwards, but when it's our own idols and icons being put on the chopping block... we react in pretty much the exact same way, while claiming it's totally different in this case.
In every article about Snowden on Slashdot, people have pointed out that he stole classified documents, caused considerable harm to American interests, and his disclosures assisted terrorists and foreign intelligence agencies to conduct high level attacks against the country. They've pointed out how his motives and actions are completely inconsistent, and how "whistleblowing" is a poor adjective to describe his actions. And yet, he's labelled the "Tech person of the year" by the media, and venerated by millions.
To the point, I don't think anyone actually believe Snowden's a hero -- I think Snowden is nothing more than a puppet to vent our frustrations at an authoritarian complex that has abused and punished us with a decade-long recession and an endless series of political debacles that have brought ruinous fates to millions of middle class, while the rich profit enormously. We're angry, and rightfully so... and Snowden standing up to the super secret spy agency makes us feel like we won one over against "The Man". It's purely an emotive reaction, but god help you if you point this out. People desperately want to believe they're logical and rational... even when it's quite apparent that they aren't.
Maybe it's nice to see The Man take a kick to the nuts... but try not to forget: He also kicked everybody in the nuts. Cisco posted a 25% loss of revenue due to Snowden. By 2025, it was expected that Cisco's revenue would make it the largest company on Earth, and eclipse that of over half the countries on the planet. Because of him... that isn't going to happen. All that wealth that would have poured into this country setting up internet throughout the world? Gone. Poof. And that's not the only economic damage he's caused. By the time this is all done, we may be looking at Snowden's long-term effects on the economy as being equal to that of our first war in Iraq. It's going to cost us many billions.
But hey... he did kick the man in the balls, right? So yay. I guess.
Someone "modded" it up at the Firehose, and Soulskill put it on the front page... It's probably a Slashvert, either paid to Dice or more likely paid to Soulskill.
The future is coming... and it's ugly and full of ads.
Now, had he figured out a way to divine the secret device ID from the generated codes, well now that would be bad.
Since has has duplicated the functionality of the device, including its ability to generate codes... then the "secret device id" is no longer secret. It also invalidates the security model that you need to be in physical possession of the token to access the account.
He has effectively copied a key that had "do not duplicate" stamped on it. This attack could be carried out against a customer and then used to impersonate them in the future.
This is not my definition of security that is working, and I'm disappointed that Slashdot has downmodded me for pointing this out... it's as if people are are becoming incapable of critical thinking.
He found a way to accurately generate his unlock codes with some custom code and an Arduino clone.
By itself, this isn't a bad thing. But the fact that they've obscured the crap out of their code suggests to me this wasn't done by a crypto expert, but an insecure programmer forced by management to develop a solution in a field he didn't fully understand, and did it homebrew. The overwhelming, vast, pitifully large, number of attempts made by non-crypto experts to do this result in a house of cards when it comes to security.
There are standard, tested, and amply documented alternatives available. It's just criminal that this bank decided to elect some middle manager with no understanding of the technology and his lackies to impliment such a solution. I'm sure the bank official in question, who we'll call Sir Moron McMoneypants, thought that rolling their own would result in a more secure setup, because afterall... who's going to invest all that time to crack one bank's crypto when all the rest use the standard one?
This is security through obscurity at its worst, and the managers involved should all be rounded up and excommunicated to some remote part of the world where there is no internet, no computers, and no way for them to talk to the outside world and thus give anyone who has money in their pockets any bad advice.
Really, it's quite impressive the knowledge you have of internal, top-secret NSA operations. How exactly do you come up with this information?
By using common sense and the belief that the NSA is run by rational people, not snarky assholes on Slashdot who think they know everything simply because they googled it, but in actuality have exactly dick in the way of critical thinking skills. Nowhere in military or intelligence doctrine will you find the "Put all your eggs in one basket" to be marked as the best idea. Our nuclear weapons are spread throughout the country. Our military bases are spread throughout as well. Our training facilities are kept separate from our active duty areas. The internet, originally designed to support these activities, was designed to be so decentralized it could withstand a nuclear strike. It does not take very much imagination at all to conclude that the NSA will have decentralized and compartmentalized intelligence assets. I'm really sorry if there isn't a wikipedia entry for you to read up on this, but amongst those who didn't grow up having content spoon fed to them, we had to use this thing called a "brain" to fill in the missing pieces.
That doesn't make his old information irrelevant. It just means that any new program which we
This article references a current claim by Apple. It is not a claim Apple made two years ago which is being investigated. Unless I'm mistaken Snowden stole classified documents, not a time machine. He cannot possibly have any knowledge of whether Apple is telling the truth, today, right now, at this moment. Again, your inability to engage in any kind of deductive reasoning has failed you.
How do you know what he stole? You've never seen it. Maybe it's files organized by folders with
Snowden has already released all of the documents he stole. He's said as much. There are multiple copies of the data he released available for anyone who wants it. I'm sorry to disappoint you, but what Snowden released was not organized in any meaningful capacity. It's just like the diplomatic cables on Wikileaks... a lot of data, but no useful organizational scheme. That's why it's taken most of 2013 for people to go through it and release new "revelations" and attribute the find to Snowden. All he's ever done is run to Russia, hide, send a bunch of copies of what he stole to a bunch of people, get asylum, and then take his 15 minutes of fame about 20 times over. That's it. He wasn't an NSA analyst. He didn't know what he was looking at really -- his level of understanding of the overall organization and its operations was casual, unspecialized, and of the sort of thing you'd overhear at the water cooler. Which is what you'd expect from a systems administrator -- not an analyst. He knew the general picture, but not the specifics. The documents he stole took months to piece together the specifics enough to support his claims. There was no organization.
You clearly don't understand what verification means in the intelligence community. All you're doing is just regurgitating what you've heard from someone else. The ability to copy and paste does not create validation, anymore than citing a wikipedia article can prove the veracity of a statement.
whatever they claim can be sooner or later verified by checking Snowden data
Clearly slashdot's common sense quotient has passed its apex with the number of up-mods on this. Snowden didn't download the full NSA database of everything. Ever. Nobody in the NSA has that level of access. Nothing like that likely even exists at the NSA. It isn't like there's just this one computer, somewhere, that sits in a warehouse and contains every national secret ever. You do not get to "Hack the Gibson" and then it just ejects candy like it's a digital pinata. SIPR/NIPR is a network, and it's second only to the actual internet in its size. In fact, it's where the Internet came from; it's MILNET version 2.0 basically. That's where the data is; on thousand of servers spread across the world. And that's just the stuff the NSA has ownership of.
But let's ignore all of that because here on Slashdot, we (apparently) cannot expect people to have a basic grasp of networking and systems fundamentals. Let's look at just the non-technical reasons why this is a horribly stupid statement to make: Snowden's gone. He's not part of current operations. Who is to say that after he left, the NSA decided to embark on a new intelligence initiative. I know -- it's shocking, but organizations sometimes continue to function and do new things after someone leaves it. And that person, no longer being part of the organization, will know nothing of them.
Snowden has no useful function as verification for anything right now. Much of the intelligence data he's collected is now worthless -- a lot of this stuff has a "use by" date, and just like milk, once it's gone bad, trying to consume it will do terrible things to you. There is no Snowden Fact Checking Emporium, where you can just show up and punch in some keywords and find out what the NSA's up to today, or yesterday, or any day really. The data he stole doesn't offer that kind of granulated access... it's like he shoplifted a library, but all the pages in all the books are ripped out and thrown in the middle of the room. Without the organization and analysis of the data, it's largely useless anyway.
There is no verification potential here. None. Nadda. Zero. Zippo. No potential at all. What Snowden says or doesn't say, what he released or didn't release, offers us no confirmation of any kind whatsoever regarding current intelligence operations.
Isn't that what the UNIX philosophy is supposed to be anyway?
Adherence to a philosophy in the face of more reasonable alternatives is an act of irrationality. Philosophies are meant to guide, not dictate. When a philosophy is elevated to the status of a belief, it ceases being an idea to free us, and instead becomes something to restrict and control us.
The engineer in me says the only "philosophy" one should adopt is the one that leads to the most benefits with the fewest drawbacks. If that requires eschewing the current design paradigm for a different one, than so be it.
But once enough applications get ported, the more complex and less security-hardened parts of X11 will be paged in only while an X11 application is updating its window.
The flaw in this statement is beyond biblical proportions, and in fact extends into the patently absurd domain of hollywood proportions. It's non-digital counterpart is referenced in #63 of the Evil Overlord List: "Bulk trash will be disposed of in incinerators, not compactors. And they will be kept hot, with none of that nonsense about flames going through accessible tunnels at predictable intervals."
You're suggesting that only having a vulnerability present at certain times mitigates the risk. It does not.
Slashdot Mirror
Plenty of those drums are just plastic.
True, but they were more expensive, and junkyards aren't filled with disused plastic drums nearly as much as metal. As well, we were worried that the bright colors of most of those would attract attention... we wanted it to quietly float down the river and off into the sunset, not attract seven different varieties of law enforcement thinking it was some kind of bomb. -_- We spray painted a smiley face on it... so you know, if anyone did find it, maybe they wouldn't immediately assume it was full of evil... or if the repo company caught up with it to have a good laugh (or profane tirade... we were cool with either). :3
Well, you're answering your own question, aren't you? They believe, or at least this one guy does, they should convince their customers that this data is safe with them, in order to maximize the shareholder profits.
You're making an extraordinary claim there; Namely, that customers care that their data is safe. The evidence does not support this claim. Look at almost any of the major data breaches of the past year. Companies that specialize in damage control, spin, brand identity, and business reputation repair services will tell you that profits are only adversely affected for a few months after a data breach is made known to the public. This suggests that privacy-invasive practices only become harmful to profit margins (a) for a short period of time and (b) when major news agencies report it.
Nobody reads the EULA. Nobody investigates companies and makes purchasing decisions based on their privacy policies. These types of people are as mythical as unicorns -- the one or two guys who will respond to this post claiming they are the said unicorns notwithstanding, the general public just doesn't care.
Which means selling personal data is a long term investment with a low risk over a timescale of years. As long as your company doesn't do anything substantially different than others in your industry, the envelope can be slowly and collectively pushed outwards and upwards.
One reason car companies collect this data is to steal the car back from you (repossess it) in the event of non-payment. The GPS tracking is often turned over to the Repo operators when they need to go steal your car back.
True. And it works because of the incredibly low level of understanding about modern technology. Anyone with a wire cutter, soldering iron, and a few long runs of wire can thoroughly disable such a system. It's usually just a box wired directly to the battery and has a relay in series with the ignition. Cut the power leads and solder a wire to bridge the relay and you're done. Total time: 10 minutes. For bonus points, buy a deep cycle marine battery, a 50 gallon drum, and throw the result inside then seal it up and drop it off in the nearest river. It'll happily chirp it's location as it floats nine states away and off into the ocean.
But then, I was feeling really bitchy when I helped a friend do this...
I'm assuming[...]I'm also guessing[...]
There's a flaw somewhere in this line of thinking... but damned if I can figure out what it is.
how does that work for used car purchases?
The same way it does for used software or used computers.
I seriously doubt that any original owner agreements would be binding.
Use of the product constitutes acceptance of its terms.
in fact, 'ford' won't know who the current owner is, only the dealer-based buyer's identity. the gov will know (due to registration and tags) though.
GPS tracking. Publicly-searchable vehicle titles. Carfax. Onstar with continuous connectivity to at least one major cellular network at all times. Yeah... no way at all Ford could know who the current owner is.
I just wanted to point out that even when they would prefer not to hand over the data -
What incentive, exactly, do you think they have for such a preference? As a publicly-traded company they have an obligation to maximize shareholder profits. You need to make a compelling case for having such a preference if it isn't specifically laid out in the mission statement. As far as the bean counters are concerned, your personal data being sold off means more revenue, the end. Ethics? Profit.
So this ends up being another needless law that requires companies to to extensive work reporting something that the bad guys have already found a way around.
It didn't start out that way. There were punishment clauses and a mandate to create an independent body to review the companies being reported to ensure they weren't just laundering fronts. But then Republican happened and it was defanged and defunded.
Your tax dollars at work.
This is hardly news. Mediation is typically always strongly recommended by the judge prior to trial. Either party refusing to attend would make them look bad in the judge's eyes. So whether or not they actually think it is worthwhile, they both attend. And then there is no resolution. And then the trial goes ahead as planned.
It's not news, it's Dice Holdings, Inc. News for Consumers -- Stuff That Sells.
Customers don't generally report casual breakdowns, for example. Also, habit trends can help with designing newer models. You'll always get a better picture of your customers' habits with transparent metrics.
Let's not forget that a complete history of your driving habits can be sold to third parties for a nice profit. Oh, did I mention by third parties I mean anyone, ever? You don't need a search warrant... just pay the $5 to get a complete "enhanced driver profile". I know what you're thinking: Aren't there laws against this? Maybe, but you agreed to let them do whatever they want when you turned the key and drove it off the lot; says so in the small print.
Well, until they show up with an NSL, in which case we'll supply the data forthwith. But don't worry, we'll still have to maintain we really don't.
NSL? Dude, why does everyone think it takes super secret letters from the government to get a corporation to whore on your personal data? I wasn't joking when I said cars these days have EULAs. To quote Ford's EULA covering this particular feature: Ford may use the vehicle information it collects, as well as information regarding individual access to Vehicle Health Reports at www.syncmyride.com for any purpose.
Fired, CEO, def.: To be given a bonus. To be handed large amounts of money. Given an early retirement with free company-provided yachts.
Fired, you, def.: To be fucked. Screwed. Rendered destitute. Forced to sell everything of value and told you are a drain on the resources of society.
--
No matter how badly a CEO fucks up, they still get a "punishment" that's far in excess of any reward you'll likely get for your entire career, no matter how big the contribution.
Farley later realized how his statement sounded, and added, "We do not track our customers in their cars without their approval or consent."
Approval or consent, English-American, verb: To use. To accept the licensing terms. To look at. To think about.
A million zombies strong - and growing.
Yes, and we should shame Grandma because she can't afford to plop down several grand on a Windows 8 license, new computer, and internet connection on her fixed income which barely pays for her medications and food. That seems legit.
Hey, asshole -- here's the reality: Most of those "zombie" machines aren't because Grandma is being a bitch, but because Microsoft and other vendors are. It's called forced obsolescence. I can still drive a Model T on the highway; the infrastructure hasn't changed. Computers can be designed in such a way that they can be used for decades before needing replacement. But they aren't, because it's not as profitable as screwing people over with mandatory upgrades every few years. We may be IT people who like to live on the bleeding edge, but extending that mentality to the general public is just a dick move that shows how out of touch you are with reality. The reality is it's our responsibility to design systems that can be maintained for long periods of time -- there's no reason why XP can't continue to have security patches on it.
Look at Linux: It hasn't bloated up to need a billion gigs of RAM and 9 trillion teraquads of quantum processors. It's requirements have pretty much remained constant for the past decade... and security patches are retroactively added for many years. There's no Linux XP, Linux 2003, Linux 8... there's just. fucking. Linux.
If a bunch of nerds in their mom's basement can maintain an operating system and keep it secure and up to date for decades at a go, why can't one of the biggest companies on the planet with billions in revenue manage to support their own products for more than the time it takes to say "Mandatory online activation"? Simple answer: Because we let them get away with it... because fuck Grandma. She should pony up for the latest and greatest like the rest of us! Yeah. -_-
And you both need to get over it. English has only descriptive dictionaries not prescriptive ones, anyone can assign any meaning to a word they like.
The english language is not Fortran, where we should just redefine the value of four because we thought it'd be hip and cool. Language only works when people agree on what the words mean. So yes, anyone can assign any meaning to a word... but everyone else will (rightly) look at them as a dumb bastard who should be beaten to death slowly with a dictionary... and possibly the Chicago Style Manual too, because beating knowledge into people is a time-honored tradition amongst people who feel their IQ points slowly draining away everytime someone says something stupid on the internet and thinks it's actually half-way intelligent.
^this, many analogies in science are made to give a layperson a general/basic understanding of the concepts at work. They were never meant to be or expected to be working mathematical models.
But how can we claim to be more smarter than the next person if we can't take a useful analogy and utterly destroy it by being overly pedantic?
The main way in which we acquire new knowledge is by relating it to old knowledge. We introduce concepts progressively, building on primitives and emerging with complex models. Geometry can be reduced to a finite set of axioms (with an optional postulate) yet results in a near-infinite number of complex interactions. When we describe how computers work, we discuss in terms of layers of abstraction, from transistors and resistors, to APIs and data flows.
Yet at every level and skill level, I can find people who scoff at those who continue to conceptualize things based on a earlier or lower level of abstraction. These people are what I call petty intellectuals: They aren't actually smart or gifted, they just read a lot of books and memorized a bunch of shit, and think this makes them "better" than others. The truly gifted will make you feel like you, too, can be gifted. This is the real lesson out of this article -- people who pick apart analogies for being "wrong" are usually simple-minded folk of average to below-average intelligence who desperately want to be "better" than you.
The rubber sheet analogy works because it gives us a way to visualize a natural phenomenon; Not everyone has an aptitude for complex math, or the patience for it. The essentials of the theory of relativity can be relayed without resorting to complex math -- ie, describing space time as a "rubber sheet". It may not be as accurate, but accuracy is not the goal: Understanding is. It is also why we talk about "strings" in string theory, despite them having not much to do with a ball of yarn. It's why Heisenburg's black cat is forever dying in internet memes. It's why quarks have some rather strange names ... owing to leading a decidely charmed existance. Communicating concepts and relationships is what analogies are good for: They build a foundation for later learning to be given context and meaning.
This is not a small problem in the scientific community either: Richard Feynman was laughed at for years for Feynman diagrams. He was told in no uncertain terms that visualizing these complex interactions couldn't be done, shouldn't be done, and was an abomination and a sin against those who practiced "proper" science. It wasn't supposed to be simple, dammit.
Today, the Feyman diagram is one of the most recognizable images in quantum physics. The pedantics lost... but it was a bitter fight.
A 'virtual model' equates to 'proof-of-concept'? Since when?
Since anyone familiar with the amount of regulations governing the production of gasoline engines will tell you that the ability to innovate in any capacity requires billions of dollars, at least in this country. And this is no accident: The incumbent automobile manufacturers do not want innovation. They want to provide the same incrementally better cars year after year, at incrementally higher prices... creating a predictable and reliable revenue stream.
This guy is talking about a radical advancement in the industry that would make every other manufacturer of gasoline engines look like they were Model Ts. Naturally... this is not something that can be taken to the prototype stage without violating about a hundred federal laws. Yes, indeed... attempting to be an inventor in this country can result in felony convictions and prison time. Several people who have built turbine engines out of rebuilt turbochargers and other hobbyists have found themselves facing investigation by the FBI and BATF for building "weapons of mass destruction" -- since, by definition, an engine is powered by controlled explosions. Yes, it's stupid logic. Were you expecting intelligence from your corporate overlords?
So yes... a virtual model is a proof of concept.. since building the real thing requires an army of lawyers and expensive certification to even build a lab. And in any event, the computer models are quite robust. Every car designed in the past ten years was designed first by computer, validated by computer, and then assembled as a prototype... and these prototypes have rarely failed. The physics is well understood and can be modelled to a high degree of accuracy.
Thanks for that FUD-piece.
What never ceases to amaze me is the intolerance of people who claim they are tolerant and liberal. Snowden is a classic example of the combination of a bias blind spot and confirmation bias. They made up their minds about Snowden and no amount of contradictory information about him will make him any less of a hero to him. He could, infact, have fucked children and been a filthy pedo (to borrow your +5, Insightful words), and still be venerated as a patriot. We laugh when the religious do this, and call them backwards, but when it's our own idols and icons being put on the chopping block... we react in pretty much the exact same way, while claiming it's totally different in this case.
In every article about Snowden on Slashdot, people have pointed out that he stole classified documents, caused considerable harm to American interests, and his disclosures assisted terrorists and foreign intelligence agencies to conduct high level attacks against the country. They've pointed out how his motives and actions are completely inconsistent, and how "whistleblowing" is a poor adjective to describe his actions. And yet, he's labelled the "Tech person of the year" by the media, and venerated by millions.
To the point, I don't think anyone actually believe Snowden's a hero -- I think Snowden is nothing more than a puppet to vent our frustrations at an authoritarian complex that has abused and punished us with a decade-long recession and an endless series of political debacles that have brought ruinous fates to millions of middle class, while the rich profit enormously. We're angry, and rightfully so... and Snowden standing up to the super secret spy agency makes us feel like we won one over against "The Man". It's purely an emotive reaction, but god help you if you point this out. People desperately want to believe they're logical and rational... even when it's quite apparent that they aren't.
Maybe it's nice to see The Man take a kick to the nuts... but try not to forget: He also kicked everybody in the nuts. Cisco posted a 25% loss of revenue due to Snowden. By 2025, it was expected that Cisco's revenue would make it the largest company on Earth, and eclipse that of over half the countries on the planet. Because of him... that isn't going to happen. All that wealth that would have poured into this country setting up internet throughout the world? Gone. Poof. And that's not the only economic damage he's caused. By the time this is all done, we may be looking at Snowden's long-term effects on the economy as being equal to that of our first war in Iraq. It's going to cost us many billions.
But hey... he did kick the man in the balls, right? So yay. I guess.
Someone "modded" it up at the Firehose, and Soulskill put it on the front page... It's probably a Slashvert, either paid to Dice or more likely paid to Soulskill.
The future is coming... and it's ugly and full of ads.
Now, had he figured out a way to divine the secret device ID from the generated codes, well now that would be bad.
Since has has duplicated the functionality of the device, including its ability to generate codes... then the "secret device id" is no longer secret. It also invalidates the security model that you need to be in physical possession of the token to access the account.
He has effectively copied a key that had "do not duplicate" stamped on it. This attack could be carried out against a customer and then used to impersonate them in the future.
This is not my definition of security that is working, and I'm disappointed that Slashdot has downmodded me for pointing this out... it's as if people are are becoming incapable of critical thinking.
He found a way to accurately generate his unlock codes with some custom code and an Arduino clone.
By itself, this isn't a bad thing. But the fact that they've obscured the crap out of their code suggests to me this wasn't done by a crypto expert, but an insecure programmer forced by management to develop a solution in a field he didn't fully understand, and did it homebrew. The overwhelming, vast, pitifully large, number of attempts made by non-crypto experts to do this result in a house of cards when it comes to security.
There are standard, tested, and amply documented alternatives available. It's just criminal that this bank decided to elect some middle manager with no understanding of the technology and his lackies to impliment such a solution. I'm sure the bank official in question, who we'll call Sir Moron McMoneypants, thought that rolling their own would result in a more secure setup, because afterall... who's going to invest all that time to crack one bank's crypto when all the rest use the standard one?
This is security through obscurity at its worst, and the managers involved should all be rounded up and excommunicated to some remote part of the world where there is no internet, no computers, and no way for them to talk to the outside world and thus give anyone who has money in their pockets any bad advice.
Really, it's quite impressive the knowledge you have of internal, top-secret NSA operations. How exactly do you come up with this information?
By using common sense and the belief that the NSA is run by rational people, not snarky assholes on Slashdot who think they know everything simply because they googled it, but in actuality have exactly dick in the way of critical thinking skills. Nowhere in military or intelligence doctrine will you find the "Put all your eggs in one basket" to be marked as the best idea. Our nuclear weapons are spread throughout the country. Our military bases are spread throughout as well. Our training facilities are kept separate from our active duty areas. The internet, originally designed to support these activities, was designed to be so decentralized it could withstand a nuclear strike. It does not take very much imagination at all to conclude that the NSA will have decentralized and compartmentalized intelligence assets. I'm really sorry if there isn't a wikipedia entry for you to read up on this, but amongst those who didn't grow up having content spoon fed to them, we had to use this thing called a "brain" to fill in the missing pieces.
That doesn't make his old information irrelevant. It just means that any new program which we
This article references a current claim by Apple. It is not a claim Apple made two years ago which is being investigated. Unless I'm mistaken Snowden stole classified documents, not a time machine. He cannot possibly have any knowledge of whether Apple is telling the truth, today, right now, at this moment. Again, your inability to engage in any kind of deductive reasoning has failed you.
How do you know what he stole? You've never seen it. Maybe it's files organized by folders with
Snowden has already released all of the documents he stole. He's said as much. There are multiple copies of the data he released available for anyone who wants it. I'm sorry to disappoint you, but what Snowden released was not organized in any meaningful capacity. It's just like the diplomatic cables on Wikileaks... a lot of data, but no useful organizational scheme. That's why it's taken most of 2013 for people to go through it and release new "revelations" and attribute the find to Snowden. All he's ever done is run to Russia, hide, send a bunch of copies of what he stole to a bunch of people, get asylum, and then take his 15 minutes of fame about 20 times over. That's it. He wasn't an NSA analyst. He didn't know what he was looking at really -- his level of understanding of the overall organization and its operations was casual, unspecialized, and of the sort of thing you'd overhear at the water cooler. Which is what you'd expect from a systems administrator -- not an analyst. He knew the general picture, but not the specifics. The documents he stole took months to piece together the specifics enough to support his claims. There was no organization.
You clearly don't understand what verification means in the intelligence community. All you're doing is just regurgitating what you've heard from someone else. The ability to copy and paste does not create validation, anymore than citing a wikipedia article can prove the veracity of a statement.
whatever they claim can be sooner or later verified by checking Snowden data
Clearly slashdot's common sense quotient has passed its apex with the number of up-mods on this. Snowden didn't download the full NSA database of everything. Ever. Nobody in the NSA has that level of access. Nothing like that likely even exists at the NSA. It isn't like there's just this one computer, somewhere, that sits in a warehouse and contains every national secret ever. You do not get to "Hack the Gibson" and then it just ejects candy like it's a digital pinata. SIPR/NIPR is a network, and it's second only to the actual internet in its size. In fact, it's where the Internet came from; it's MILNET version 2.0 basically. That's where the data is; on thousand of servers spread across the world. And that's just the stuff the NSA has ownership of.
But let's ignore all of that because here on Slashdot, we (apparently) cannot expect people to have a basic grasp of networking and systems fundamentals. Let's look at just the non-technical reasons why this is a horribly stupid statement to make: Snowden's gone. He's not part of current operations. Who is to say that after he left, the NSA decided to embark on a new intelligence initiative. I know -- it's shocking, but organizations sometimes continue to function and do new things after someone leaves it. And that person, no longer being part of the organization, will know nothing of them.
Snowden has no useful function as verification for anything right now. Much of the intelligence data he's collected is now worthless -- a lot of this stuff has a "use by" date, and just like milk, once it's gone bad, trying to consume it will do terrible things to you. There is no Snowden Fact Checking Emporium, where you can just show up and punch in some keywords and find out what the NSA's up to today, or yesterday, or any day really. The data he stole doesn't offer that kind of granulated access... it's like he shoplifted a library, but all the pages in all the books are ripped out and thrown in the middle of the room. Without the organization and analysis of the data, it's largely useless anyway.
There is no verification potential here. None. Nadda. Zero. Zippo. No potential at all. What Snowden says or doesn't say, what he released or didn't release, offers us no confirmation of any kind whatsoever regarding current intelligence operations.
Isn't that what the UNIX philosophy is supposed to be anyway?
Adherence to a philosophy in the face of more reasonable alternatives is an act of irrationality. Philosophies are meant to guide, not dictate. When a philosophy is elevated to the status of a belief, it ceases being an idea to free us, and instead becomes something to restrict and control us.
The engineer in me says the only "philosophy" one should adopt is the one that leads to the most benefits with the fewest drawbacks. If that requires eschewing the current design paradigm for a different one, than so be it.
But once enough applications get ported, the more complex and less security-hardened parts of X11 will be paged in only while an X11 application is updating its window.
The flaw in this statement is beyond biblical proportions, and in fact extends into the patently absurd domain of hollywood proportions. It's non-digital counterpart is referenced in #63 of the Evil Overlord List: "Bulk trash will be disposed of in incinerators, not compactors. And they will be kept hot, with none of that nonsense about flames going through accessible tunnels at predictable intervals."
You're suggesting that only having a vulnerability present at certain times mitigates the risk. It does not.