And he'd be happy if one person would be inspired by that. As a CS student myself, "hacking out programs" (e.g., applied computer science) seems to be what most of the people here want to do, excepting the very theory-oriented ones who'll most likely continue up through a PhD. Assuming that all people are like that when the education is catering to both types is just plain wrong. Being a nerd, I certainly understood the difference between abstract and practical research and engineering by that age. What should be communicated is the way to get to the place on the spectrum you want to work at.
Assuming that you're not a troll, what's your view on the morality of child pornography? And do you find your paedophilia as being a sexual orientation like "straight" or "gay" or more like an aquired sexual fetish?
From the chat logs released he seems like a really emotionally unstable guy. Kind of like someone with borderline, or some other serious problem. IANAP, at all, but he doesn't come off as "normal".
Yeah, but far from all people who leak data can be assumed to have technical competence. Mounting a forensics dist and just reading the data off a laptops drive is easy, but not for everyone. Also, connecting to stuff on the company intranet (by stealing the vpn key off the drive and logging in via another computer or live cd) would be mighty suspicious? And any attack where you (say) connect to the presumed VPN with a computer placed in front of the monitored one, letting it transparently forward the "legit" data back home while you connect to internal services from the one in front would also presumably be detected, unless this system doesn't correlate activity on the internal protected services also?
You are perhaps right, but I have ADD and I am both introspective and attached to long-term goals which I have no qualms about following. However, without stimulant medication I simply can't keep long enough threads of thought to (say) study (or even play videogames well) and the medication does nothing about the high-level executive dysfunction causing me to have a really low intuitive ability to break down tasks into pieces leading to sometimes rather slapstick behaviour (think "absent-minded professor").
You and other posters make it sound like it's some sort of problem put upon me by my surroundings, but I haven't had any greater exposure to strong or varied stimuli than my siblings or friends, none of which have my problems. And my personality isn't of the kind that readily gives in to petty societial demands either.
It's possible that what you're describing is a general attitude in society rather than the actual medical condition, but the two shouldn't be confused.
I get that part, and that any signal-obfuscating electronics tricks might also draw power but (as the poster above also noted) I'd imagine the vast majority of readers for building access are not battery-driven - so why is it a problem rather than simply a requirement?
To ensure that customers and partners receive products with the best performance and security NXP constantly improves its MIFARE portfolio with the concept of evolving platforms. While the underlying product hardware is upgraded in terms of its performance and security, we keep next generation products functionally backwards compatible to ensure that the infrastructure can adopt the new product evolution without major upgrades. In this way, our customers can take advantage of the new technology with minimum or no additional investment into their infrastructure. The benefits of this approach become apparent now, allowing our customers to migrate quickly and easily to MIFARE DESFire EV1, introduced in 2008 as the successor of MF3ICD40. The MIFARE DESFire EV1 is Common Criteria EAL 4+ certified and the research group at the Bochum University failed when attacking the card with non-invasive side-channel attacks.
As planned, NXP will discontinue the MIFARE DESFire MF3ICD40 as of December 31, 2011, and we recommend that our customers and partners migrate to MIFARE DESFire EV1 for existing and new systems.
This would at least seem to indicate that the customers can just purchase new cards.
"We" don't do anything. Slashdot is the equivalent of an online watercooler - not a very good breeding ground for "getting things done". If I'd hazard a guess, the only way anyone could recruit support from here would be to start some sort of constructive project that can be grasped intellectually (that is, the less abstract socioemotional "hippy bullshit" the better) and that to a rational geeky mind seems to have a reasonable chance of success, and get an article posted about it detailing the specifics in the most straightforward manner possible.
It's not fundamentally a problem of freedom, but of good and evil. Sharia law must be wiped from the planet; it is IMHO abhorrently evil. On the other hand, killing everyone living in such societies sort of misses the point, doesn't it?
My view is that no objective morality exists outside of the functions of the human brain, even though that isn't relevant most of the time since we to a larger or smaller degree share this functioning with others. This isn't to be confused with moral nihilism; I still act upon my moral convictions like any other person. And yes, Charles Mansons brain evidently "just works that way", since he did the things he did. Whether he lacks anything I would regard as morality, thus making his actions truly amoral, or he has a morality that is "weak" or just very far from mine in functioning I cannot tell.
I agree with hsthompson69, however there is a perfectly rational basis for my morality: my brain just works that way. If we posit that "God" created me such, then he obviously chose me to have such a morality, and there's not much I can do about it.
I know of TEMPEST and such, and the wikipedia article lists some designations used by NATO and the US; it seems like they thought of the problem. I always thought that the only practical attack like that was being able to roughly read the images off of monochrome screens from a distance?
Okay, actually reading the feature list of the sectera it looks like it manages stuff that's not "secret" as well, like mailing lists and contacts and such and that's stored with "type 1 encryption" which wikipedia defines as being the designation for protection of "classified" data.
Exactly my point; as long as you can delay cracking the password on the auth key to well beyond the time required to remove access privileges from the key the system should be safe in a practical sense. A remote wipe wouldn't be neccessary since it would be obviously unsafe for the phone to store or cache information - you could defeat remote wipe by putting the phone in a signal-proof container and taking it somewhere safe to view the data on it.
Maybe you could program a stealthy mechanism to have the phone send a "help, my user is having a gun to his head" message, like entering and leaving a set of menus in a certain order?
More likely it'l be forgotten or stolen, ovbiously, but if it contains no information but a password-encrypted VPN or authentication key by itself and the password is of proper length it should be practically safe anyway? And the data it has access to is presumably really, really limited and segregated?
There's only one good way to learn programming/scripting/whatever technical: sit down with the reference and study, apply what you've learned in examples so it "sticks", lather, rinse, repeat. If the material is difficult to comprehend on an abstract level (or you don't have a reference) it's nice to have someone explain it to you - but learning a new programming language isn't like that unless it incorporates concepts that are foreign.
It's almost impossible, IMHO, to understand the user-interface mindset of someone who only uses GUI apps when you've used CLI since your mid-teens. It's even harder to understand someone who doesn't think like a programmer and doesn't relate the abstractions of the UI to underlying structures, GUI or not.
Wild guess: he means managing the entire software stack on a device using a combination of the iphone walled-garden approach and "running applications in the cloud" (like, say, google docs?).
Slashdot Mirror
But I'l think I'm going to hold off upgrading my natural skin until they can cram in 16^2 sensors per cm^2.
(Yes, that's a very obscure reference but I just can't help myself.)
And he'd be happy if one person would be inspired by that. As a CS student myself, "hacking out programs" (e.g., applied computer science) seems to be what most of the people here want to do, excepting the very theory-oriented ones who'll most likely continue up through a PhD. Assuming that all people are like that when the education is catering to both types is just plain wrong. Being a nerd, I certainly understood the difference between abstract and practical research and engineering by that age. What should be communicated is the way to get to the place on the spectrum you want to work at.
Assuming that you're not a troll, what's your view on the morality of child pornography? And do you find your paedophilia as being a sexual orientation like "straight" or "gay" or more like an aquired sexual fetish?
From the chat logs released he seems like a really emotionally unstable guy. Kind of like someone with borderline, or some other serious problem. IANAP, at all, but he doesn't come off as "normal".
A thought: just because it only logs one hour of screen captures doesn't mean that it only logs one hour of "events".
Yeah, but far from all people who leak data can be assumed to have technical competence. Mounting a forensics dist and just reading the data off a laptops drive is easy, but not for everyone. Also, connecting to stuff on the company intranet (by stealing the vpn key off the drive and logging in via another computer or live cd) would be mighty suspicious? And any attack where you (say) connect to the presumed VPN with a computer placed in front of the monitored one, letting it transparently forward the "legit" data back home while you connect to internal services from the one in front would also presumably be detected, unless this system doesn't correlate activity on the internal protected services also?
You are perhaps right, but I have ADD and I am both introspective and attached to long-term goals which I have no qualms about following. However, without stimulant medication I simply can't keep long enough threads of thought to (say) study (or even play videogames well) and the medication does nothing about the high-level executive dysfunction causing me to have a really low intuitive ability to break down tasks into pieces leading to sometimes rather slapstick behaviour (think "absent-minded professor").
You and other posters make it sound like it's some sort of problem put upon me by my surroundings, but I haven't had any greater exposure to strong or varied stimuli than my siblings or friends, none of which have my problems. And my personality isn't of the kind that readily gives in to petty societial demands either.
It's possible that what you're describing is a general attitude in society rather than the actual medical condition, but the two shouldn't be confused.
Yeah, but they state in their press release that the cards will be backwards-compatible.
I get that part, and that any signal-obfuscating electronics tricks might also draw power but (as the poster above also noted) I'd imagine the vast majority of readers for building access are not battery-driven - so why is it a problem rather than simply a requirement?
How are power requirements a problem?
To ensure that customers and partners receive products with the best performance and security NXP constantly improves its MIFARE portfolio with the concept of evolving platforms. While the underlying product hardware is upgraded in terms of its performance and security, we keep next generation products functionally backwards compatible to ensure that the infrastructure can adopt the new product evolution without major upgrades. In this way, our customers can take advantage of the new technology with minimum or no additional investment into their infrastructure. The benefits of this approach become apparent now, allowing our customers to migrate quickly and easily to MIFARE DESFire EV1, introduced in 2008 as the successor of MF3ICD40. The MIFARE DESFire EV1 is Common Criteria EAL 4+ certified and the research group at the Bochum University failed when attacking the card with non-invasive side-channel attacks.
As planned, NXP will discontinue the MIFARE DESFire MF3ICD40 as of December 31, 2011, and we recommend that our customers and partners migrate to MIFARE DESFire EV1 for existing and new systems.
This would at least seem to indicate that the customers can just purchase new cards.
"We" don't do anything. Slashdot is the equivalent of an online watercooler - not a very good breeding ground for "getting things done". If I'd hazard a guess, the only way anyone could recruit support from here would be to start some sort of constructive project that can be grasped intellectually (that is, the less abstract socioemotional "hippy bullshit" the better) and that to a rational geeky mind seems to have a reasonable chance of success, and get an article posted about it detailing the specifics in the most straightforward manner possible.
It's not fundamentally a problem of freedom, but of good and evil. Sharia law must be wiped from the planet; it is IMHO abhorrently evil. On the other hand, killing everyone living in such societies sort of misses the point, doesn't it?
My view is that no objective morality exists outside of the functions of the human brain, even though that isn't relevant most of the time since we to a larger or smaller degree share this functioning with others. This isn't to be confused with moral nihilism; I still act upon my moral convictions like any other person. And yes, Charles Mansons brain evidently "just works that way", since he did the things he did. Whether he lacks anything I would regard as morality, thus making his actions truly amoral, or he has a morality that is "weak" or just very far from mine in functioning I cannot tell.
I agree with hsthompson69, however there is a perfectly rational basis for my morality: my brain just works that way. If we posit that "God" created me such, then he obviously chose me to have such a morality, and there's not much I can do about it.
I know of TEMPEST and such, and the wikipedia article lists some designations used by NATO and the US; it seems like they thought of the problem. I always thought that the only practical attack like that was being able to roughly read the images off of monochrome screens from a distance?
Okay, actually reading the feature list of the sectera it looks like it manages stuff that's not "secret" as well, like mailing lists and contacts and such and that's stored with "type 1 encryption" which wikipedia defines as being the designation for protection of "classified" data.
Exactly my point; as long as you can delay cracking the password on the auth key to well beyond the time required to remove access privileges from the key the system should be safe in a practical sense. A remote wipe wouldn't be neccessary since it would be obviously unsafe for the phone to store or cache information - you could defeat remote wipe by putting the phone in a signal-proof container and taking it somewhere safe to view the data on it.
Maybe you could program a stealthy mechanism to have the phone send a "help, my user is having a gun to his head" message, like entering and leaving a set of menus in a certain order?
More likely it'l be forgotten or stolen, ovbiously, but if it contains no information but a password-encrypted VPN or authentication key by itself and the password is of proper length it should be practically safe anyway? And the data it has access to is presumably really, really limited and segregated?
Who's saying that the employees conversations on these phones won't be tracked?
Mod parent up. This is perhaps the one constructive comment in this thread, though I can't test it - but others seems to report it to work.
If you hadn't realized, people research security vulnerabilities for fun and prestige. Not just profit.
There's only one good way to learn programming/scripting/whatever technical: sit down with the reference and study, apply what you've learned in examples so it "sticks", lather, rinse, repeat. If the material is difficult to comprehend on an abstract level (or you don't have a reference) it's nice to have someone explain it to you - but learning a new programming language isn't like that unless it incorporates concepts that are foreign.
It's almost impossible, IMHO, to understand the user-interface mindset of someone who only uses GUI apps when you've used CLI since your mid-teens. It's even harder to understand someone who doesn't think like a programmer and doesn't relate the abstractions of the UI to underlying structures, GUI or not.
Wild guess: he means managing the entire software stack on a device using a combination of the iphone walled-garden approach and "running applications in the cloud" (like, say, google docs?).