It's a concept car. It's a showpiece designed to attract attention and nothing else. Picking on it for being unrealistic is like picking on a fashion show because the dresses would never hold up to actual wear. That's not what they're meant for.
"OMG! Like, Tiffany? She totally told Heather that I had sex with Trevor. I mean, no way! He's such a dork! Anyway, Heather told Megan who told Sierra who wrote a note and passed it around 7th hour band and now everyone in the school thinks Trevor and me are an item! My life is like totally ruined! Now I'm afraid no one will ask me to the prom because they're all gonna think I'm a slut!"
That's what you sound like, and your doxxing problems are going to be about as meaningful a year from now. Your life will suck for a short period of time, then everyone will forget about you and move on to the next bit of juvenile drama.
If you're honestly concerned about your safety (not just your reputation, that damage will blow over and be forgotten) take the evidence to the police and get real legal advice instead of asking a bunch of jerkwads on a random tech web site.
By the time this bill is law, it will be changed so much that it defends the privacy of your inbox every bit as well as CAN-SPAM defends it from unsolicited commercial email.
Any password manager that lets you enter arbitrary text (even a single plain-text "notes" field) handles it. It may not auto-fill forms for these, but it can at least record them for later use. You really should never need them auto-filled anyway, since they're just for when you forget your password which you won't because you're using a password manager. I use KeePass which allows me to enter arbitrary key:value pairs. Most sites in my database now have a few entries like Ol' Hashy up there.
Userid
Chelloveck
Password
+NJUR3xGhQwaFQ/b
"What is your quest?"
S~V%.tywopTl0kB!
"What is your favorite color?"
*E3sj*_6Jp
I just use the same random generator that I use for making my actual passwords.
(Really, Slashdot? Have you ever actually looked at your styling choices? The definition list styling is just plain stupid for lists longer than a single term/definition pair.)
How can you have a rational discussion when the very premise is irrational? Any back door, front door, side door, or window can be exploited by The Bad Guys just as easily as it can be by The Good Guys. It's ludicrous to think that the secret entrance will stay secret. Someone on the outside will discover the secret keys, or someone on the inside will leak them either intentionally or unintentionally. And once the secret's out, it's game over. NOTHING is secure from ANYONE at that point.
No one's open to a rational discussion because there's nothing at all rational about this proposition.
The original poster wasn't clear. In the linked image the top half of each row of color is 24-bit. The bottom half of each row is 18-bit. So on a 24-bit display you should see color banding in the bottom half of each row, but not in the top half. I had to zoom way in before I realized that each row was split in half.
They are missing a perfect opportunity to conduct testing on the effects of alcohol on the human body while weightless!
You do realize half the station personnel at any time are Russian, right? And that they get a personal baggage allowance? Which is inspected by other Russians? That was practically the first experiment conducted on the human body in space, aside from just living and breathing.
Small memory leaks are very hard to find in testing. Most testing cycles involve testing a particular feature, looking for pass/fail for that feature. Say the feature is window display, as the summary seems to imply. Okay, does the window pop up when the command is given? Does it contain the right contents? Does it go away when commanded? Check, check, and check. Ship it! It's very unusual to test a feature long enough that a smallish memory leak adds up to anything noticeable. "System crashes when window is opened and closed 256 times in a session." QA is just plain never going to get to that point. It may take weeks of heavy use to get to the breaking point. Sure, it would be *nice* if there was a month-long burn-in period where the system was used heavily to expose any slow leaks, but that never happens.
From the summary I can't tell if the leak is anything that could be fixed by garbage collection. Was a block simply not freed and lost? Or was a reference to it still in a list somewhere, so that it would never get garbage collected even if that was a feature of the language? Is the memory in question on the regular heap so that something like valgrind could find that blocks weren't freed? Is the memory part of a specialized buffer pool managed by some other means? There's nowhere near enough information to go on, but that's not stopping anyone here from jumping to conclusions about the development and QA process.
Pretty much any car with a system like OnStar is going to be remotely accessible even if you don't use it, and the car companies have admitted this.
In fact, it's an intended feature, not just an unfortunate side-effect. Remote unlock and theft immobilization are first-class features of OnStar and similar systems. It is logically impossible to have those features and not be remotely accessible. You just have to hope that the link back to the mothership can't be spoofed and that the support personnel can't be socially engineered to doing the attacker's dirty work.
Some good stuff in there, and at the very least it's a starting point for manufacturers that actually care about consumer privacy and trust. Whether any such manufacturers exist is still an open question...
The only way this is going to turn into something consumers can use is if the Online Trust Alliance sets up a certification program. Certification would involve demonstrating that care has been taken to meet each of the points in the framework, and a passing grade gets you the right to paste a shiny "OTA Certified!" logo on your widget. That'd be good, until the Association of Trusted Onlineness comes out with its much weaker set of standards and its own "ATO Certified!" logo. How's the consumer to know which privacy certification is worth the pixels it's printed on?
(Maybe it would work out. I often wonder why Underwriter's Laboratories has a near-monopoly on safety certification, and why no one has come up with a much more "manufacturer-friendly" certification process. Maybe there's regulation involved, I don't know.)
Love Google Voice. On their own most of the transcripts are laughably bad, but if you know who is calling and can imagine them speaking as you read the jumble of words you can usually understand it well enough. Can't remember the last time I had to actually listen to my voice mail.
Of course, knowing Apple they're going to claim that this is all a remarkable invention on their part. Just think, now it's Siri asking you to leave a message at the tone instead of some nameless generic voice. Innovation!
Which of the "tons of apps" do you actually use? I'm trying find a reason to buy a smart watch (of whatever variety) but I just haven't found a use case that justifies the cost.
things will change as the watch becomes untethered from the iphone. first, over wifi, and then with a cellular connection. that's when the benefits really grow.
What benefits? I'm not being snarky, I'm genuinely curious. What would you want an untethered wrist-worn computer to do? I can't think of anything, myself. It'd be nice to get notifications and texts, but the form factor is too small to actually respond to them. Maybe if voice recognition technology improved by a couple orders of magnitude it'd be useful.
Perhaps most people "cheat" without their spouses knowing about it?
That is the reason it's called "cheating", after all. I would never cheat on my wife. That's not to say I'd never sleep with anyone else, just that I'd never do it without her knowledge and consent. It's only cheating if it's against the rules.
[1] up to around age 55-60. At which point it stabilises, then drops slowly.
That's right, ladies, you heard him. I'm nearing peak desirability! Queue forms to the left. No pushing or shoving please, there's plenty of me to go around.
There's nothing said anywhere in the source code or docs about authentication or authorization. There's an Encrypt() hook in the source code but it's merely a stub function in the section commented "Configurable hooks for use as an application library", which implies to me that encryption is intended to be completely up to the the application.
So the idea is that you're passing around executable bytecode from node to node in the clear, to be unquestioningly executed by the receiving node. Does anyone else see a problem here?
Sure, it's a brand-spanking-new language. It's incomplete. I get that. But the security model cannot be an after-thought for something like this! It needs to be designed into the foundation of a serious IoT framework. As far as I can tell it hasn't even been considered.
What do you think was up with that "safe mode" last week? They obviously saw something in the pics and they needed time photoshop it away and move the probe so the spots would be out of view in future pics. It's aliens, all right!
I didn't say it was a good system, just that it wasn't a new system and therefore didn't need a new category of worker. As a matter of fact I actually expect Uber drivers will end up with all the prestige and advantages of any other day laborers -- which is to say none at all, and living hand-to-mouth unless they're simply using it to supplement some steady form of income.
You forget that unlike copyright, patents actually expire after 20 years. This invention is unworkable now, and is unlikely to be workable within the lifetime of the patent. But, the patent can be considered prior art when someone finally does figure out how to make one of these. In the best case this will be an unencumbered technology by the time it's ready to be used. (Yes, I know that's an idealistic statement, and that anyone actually doing this will be able to file dozens of patents regarding the implementation details. But no one should be able to claim that the basic idea is innovative again.)
We already have this class of worker. It's called a "day laborer". Show up looking for work, or don't, on a day to day basis. Get paid if you show up and somebody has work for you. Drop in and out of the labor pool at will. There's no fancy app to arrange day labor, but apart from that how is driving for Uber any different from hanging around outside Home Depot hoping someone happens by who needs half a dozen cheap construction workers or landscapers?
Slashdot Mirror
It's a concept car. It's a showpiece designed to attract attention and nothing else. Picking on it for being unrealistic is like picking on a fashion show because the dresses would never hold up to actual wear. That's not what they're meant for.
This happens regularly, yet you still use CapitalOne? I think I see the problem...
"OMG! Like, Tiffany? She totally told Heather that I had sex with Trevor. I mean, no way! He's such a dork! Anyway, Heather told Megan who told Sierra who wrote a note and passed it around 7th hour band and now everyone in the school thinks Trevor and me are an item! My life is like totally ruined! Now I'm afraid no one will ask me to the prom because they're all gonna think I'm a slut!"
That's what you sound like, and your doxxing problems are going to be about as meaningful a year from now. Your life will suck for a short period of time, then everyone will forget about you and move on to the next bit of juvenile drama.
If you're honestly concerned about your safety (not just your reputation, that damage will blow over and be forgotten) take the evidence to the police and get real legal advice instead of asking a bunch of jerkwads on a random tech web site.
By the time this bill is law, it will be changed so much that it defends the privacy of your inbox every bit as well as CAN-SPAM defends it from unsolicited commercial email.
I just use the same random generator that I use for making my actual passwords.
(Really, Slashdot? Have you ever actually looked at your styling choices? The definition list styling is just plain stupid for lists longer than a single term/definition pair.)
Hmmm... Dancing with the Surviving Bachelor Idols on Mars!... Dammit, somebody call my agent!
How can you have a rational discussion when the very premise is irrational? Any back door, front door, side door, or window can be exploited by The Bad Guys just as easily as it can be by The Good Guys. It's ludicrous to think that the secret entrance will stay secret. Someone on the outside will discover the secret keys, or someone on the inside will leak them either intentionally or unintentionally. And once the secret's out, it's game over. NOTHING is secure from ANYONE at that point.
No one's open to a rational discussion because there's nothing at all rational about this proposition.
The original poster wasn't clear. In the linked image the top half of each row of color is 24-bit. The bottom half of each row is 18-bit. So on a 24-bit display you should see color banding in the bottom half of each row, but not in the top half. I had to zoom way in before I realized that each row was split in half.
You say that like it's a bad thing.
"Results inconclusive. More testing needed."
Small memory leaks are very hard to find in testing. Most testing cycles involve testing a particular feature, looking for pass/fail for that feature. Say the feature is window display, as the summary seems to imply. Okay, does the window pop up when the command is given? Does it contain the right contents? Does it go away when commanded? Check, check, and check. Ship it! It's very unusual to test a feature long enough that a smallish memory leak adds up to anything noticeable. "System crashes when window is opened and closed 256 times in a session." QA is just plain never going to get to that point. It may take weeks of heavy use to get to the breaking point. Sure, it would be *nice* if there was a month-long burn-in period where the system was used heavily to expose any slow leaks, but that never happens.
From the summary I can't tell if the leak is anything that could be fixed by garbage collection. Was a block simply not freed and lost? Or was a reference to it still in a list somewhere, so that it would never get garbage collected even if that was a feature of the language? Is the memory in question on the regular heap so that something like valgrind could find that blocks weren't freed? Is the memory part of a specialized buffer pool managed by some other means? There's nowhere near enough information to go on, but that's not stopping anyone here from jumping to conclusions about the development and QA process.
In fact, it's an intended feature, not just an unfortunate side-effect. Remote unlock and theft immobilization are first-class features of OnStar and similar systems. It is logically impossible to have those features and not be remotely accessible. You just have to hope that the link back to the mothership can't be spoofed and that the support personnel can't be socially engineered to doing the attacker's dirty work.
Some good stuff in there, and at the very least it's a starting point for manufacturers that actually care about consumer privacy and trust. Whether any such manufacturers exist is still an open question...
The only way this is going to turn into something consumers can use is if the Online Trust Alliance sets up a certification program. Certification would involve demonstrating that care has been taken to meet each of the points in the framework, and a passing grade gets you the right to paste a shiny "OTA Certified!" logo on your widget. That'd be good, until the Association of Trusted Onlineness comes out with its much weaker set of standards and its own "ATO Certified!" logo. How's the consumer to know which privacy certification is worth the pixels it's printed on?
(Maybe it would work out. I often wonder why Underwriter's Laboratories has a near-monopoly on safety certification, and why no one has come up with a much more "manufacturer-friendly" certification process. Maybe there's regulation involved, I don't know.)
Love Google Voice. On their own most of the transcripts are laughably bad, but if you know who is calling and can imagine them speaking as you read the jumble of words you can usually understand it well enough. Can't remember the last time I had to actually listen to my voice mail.
Of course, knowing Apple they're going to claim that this is all a remarkable invention on their part. Just think, now it's Siri asking you to leave a message at the tone instead of some nameless generic voice. Innovation!
Sorry, that's not a quip, that's an anecdote.
Next you'll be trying to tell us that some people play Sudoku without any knowledge of math.
Which of the "tons of apps" do you actually use? I'm trying find a reason to buy a smart watch (of whatever variety) but I just haven't found a use case that justifies the cost.
What benefits? I'm not being snarky, I'm genuinely curious. What would you want an untethered wrist-worn computer to do? I can't think of anything, myself. It'd be nice to get notifications and texts, but the form factor is too small to actually respond to them. Maybe if voice recognition technology improved by a couple orders of magnitude it'd be useful.
That is the reason it's called "cheating", after all. I would never cheat on my wife. That's not to say I'd never sleep with anyone else, just that I'd never do it without her knowledge and consent. It's only cheating if it's against the rules.
That's right, ladies, you heard him. I'm nearing peak desirability! Queue forms to the left. No pushing or shoving please, there's plenty of me to go around.
There's nothing said anywhere in the source code or docs about authentication or authorization. There's an Encrypt() hook in the source code but it's merely a stub function in the section commented "Configurable hooks for use as an application library", which implies to me that encryption is intended to be completely up to the the application.
So the idea is that you're passing around executable bytecode from node to node in the clear, to be unquestioningly executed by the receiving node. Does anyone else see a problem here?
Sure, it's a brand-spanking-new language. It's incomplete. I get that. But the security model cannot be an after-thought for something like this! It needs to be designed into the foundation of a serious IoT framework. As far as I can tell it hasn't even been considered.
What do you think was up with that "safe mode" last week? They obviously saw something in the pics and they needed time photoshop it away and move the probe so the spots would be out of view in future pics. It's aliens, all right!
I didn't say it was a good system, just that it wasn't a new system and therefore didn't need a new category of worker. As a matter of fact I actually expect Uber drivers will end up with all the prestige and advantages of any other day laborers -- which is to say none at all, and living hand-to-mouth unless they're simply using it to supplement some steady form of income.
You forget that unlike copyright, patents actually expire after 20 years. This invention is unworkable now, and is unlikely to be workable within the lifetime of the patent. But, the patent can be considered prior art when someone finally does figure out how to make one of these. In the best case this will be an unencumbered technology by the time it's ready to be used. (Yes, I know that's an idealistic statement, and that anyone actually doing this will be able to file dozens of patents regarding the implementation details. But no one should be able to claim that the basic idea is innovative again.)
We already have this class of worker. It's called a "day laborer". Show up looking for work, or don't, on a day to day basis. Get paid if you show up and somebody has work for you. Drop in and out of the labor pool at will. There's no fancy app to arrange day labor, but apart from that how is driving for Uber any different from hanging around outside Home Depot hoping someone happens by who needs half a dozen cheap construction workers or landscapers?