If 10% of people are gay, then this impacts 10% of nerds. I don't run Apache, but I don't bitch when they put an Apache story on the front page. Get over it.
This is how organized religion dies -- to thunderous applause.
As they fade into irrelevance day after day, and people discover that they actually value the freedoms their churches have been suppressing, I expect people will abandon them at an even faster pace.
The TV market is bad, but the watch market is not great.
What they should be trying to crack is the in-car nav/infotainment systems - the iCarStereo. Current nav systems are somewhere between total-suckage and so-distracting-they-cause-accidents. Bluetooth pairing is painful when it even works, calling systems don't integrate with smartphone phonebooks, there is no way to share contact addresses, and the voice controls are no better than someone reading a "Car navigation is attempting to quit, cancel or allow?" dialog box. And the interfaces are so poor as to command the driver's full attention for seconds, looking for touch-screen items or clicking the right button, taking focus off the task of driving.
People would trade their old cars in for one equipped with an Apple iCarStereo if it solved those problems. A watch? It will take a lot of luck for it to be more than a fashion item that falls off the radar in a few years.
I think adblockers are great - for the end user to own and maintain. I've been running filtering proxies of one type or another since the last millennium. (And nothing will teach you the nuances of regex like the challenge of stripping out unwanted HTML tags.) It's for me to decide what I want my browser to display.
But just as it's wrong for my ISP to inject their own ads, it's also not the place of my ISP to censor them out of my data stream. That's my decision, not theirs.
Good point. I would not assume that flight information is from the nav and control systems. But it could be, in which case they could use one-way data isolation devices to eliminate the possibility of anything on the entertainment system negatively impacting navigation controls. That would technically be a "tie", but not one that could be exploited.
Yes, they *could* have used some kind of special 'data diode' isolation device, but then the researcher probably wouldn't have been able to jump networks in the lab, or, as stated in TFA, "He told WIRED that he did access in-flight networks about 15 times during various flights but had not done anything beyond explore the networks and observe data traffic crossing them".
Car networks (CAN bus) have a similar weakness in that the infotainment systems have previously been breached, allowing attackers access to cross over to security systems and unlocking the doors.
There's no way that entertainment/wifi/anything-accessible-to-a-passenger could in anyway be connected to those critical systems...is there?
There should be no tie between the control and entertainment networks. I would be surprised if there aren't regulations that forbid it. My guess is this simulated system was not like the real ones. It certainly isn't clear what really was done.
If there is no tie between the entertainment and nav systems, then it becomes difficult to explain the seatback display of the current flight information. At some point the data has to move from one system to the other. That takes a lot more than "no tie".
I'm fairly certain humanity would find plenty of reasons to wage war if religions were not around to blame it on.
Religions were created as the first rudimentary forms of government or control over other people, and are still remarkably effective at that task. They only require an ongoing group of leaders to ensure obligations are continually felt by the members, as it's difficult to create a new religion quickly with a large enough number of committed adherents to wage an effective war.
The entire process is well understood and practiced worldwide.
Your stuff's cargo container was not heated during shipping. If it was stacked below the deck line, where it was not exposed to the sun, it didn't reach 55C during the journey.
Arthur Anderson was primarily an accounting and auditing firm. The entire reason that firm existed was to be trustworthy. If people can't trust the auditors, they blame it on instructions coming down from the top that said "anything for a buck comes before an accurate audit." So there was no way to trust the rest of the firm wasn't uninfected with the same corruption that led to Enron.
At Green Mountain, the decision to put DRM into coffee came from the top. While it doesn't translate the same way to the line workers, the trust in the company was similarly lost by their clients.
And yes, people might lose their retirement savings. Employees often have a lot invested in company stock. And if Green Mountain has a pension plan, those employees are at risk as well.
What would be ironic is if Green Mountain collapsed, but other players in the marketplace continued to thrive while using the K-cup (1.0, of course) as a de facto standard.
Connectivity is huge, but it's only one of the ingredients in making this decision.
If you want the app to work for them outside of the corporate WiFi, you have to host it on the public internet, where all attackers are equally welcome without regard to skillz or skripts. Are you sure that server is secure? What about tomorrow? Are you patching it? Are your users securing their devices properly? Uh oh, it's the new version of Heartbleed, go back three spaces.
You also have to consider performance. Is this something that your users will use constantly for their jobs, or occasionally for some rare piece of info? If it's going to add one second to every screen, and you're asking people to tap their way through 600 screens a day, the inefficiency is going to cost you 10 minutes worth of payroll per user per day. Maybe you make that up in hardware costs if you force your users to bring their own smartphone to work. Maybe the sluggishness just makes your users miserable throughout the day. Or maybe it simply costs you a lot of money.
On the other side, if it's used perhaps once or twice a day by 2000 people, poor performance and connectivity issues won't be nearly as important as savings on developer costs and time to market, Or if you have only a half dozen heavy users, perhaps you're willing to eat the payroll cost of an hour per day instead of spending them on development.
Manning would almost certainly have been caught regardless. All those State Department cables could only have come from someone with access to the entire database. That's a reasonably short list of people, and everyone on it would have been grilled and inspected from head to toe.
His (her) talking about it just made the inevitable happen faster.
I'm much more cynical, and I don't think Pepsi is giving in to anyone. I think they're trying to exploit people's fears that "OMG chemicals bad". It's more like they're advertising "We're the only brand that dares to print arsenic-free on our products."
I think the real problem with Diet Pepsi and Pepsi Max is that they taste more or less like regular Pepsi. Their advertising slogan may as well be "Pepsi - for when you can't afford actual Coca-Cola."
Neither Manning nor Snowden remained anonymous. At some point the leak is so big that anonymity is not possible, and someone will pay the price for the leak.
They could maintain a list of third party library versions and identify versions of apps that link with them. But then what? As a user, I might not want Apple to shut off some random app I depend on -- just because they think it might be hackable doesn't mean my device is actually being hacked; and I might really need that app today for some important client presentation.
They could contact impacted developers and request they repair the damage, but what can they do if nobody responds?
Apple focuses on end user experience first. They won't want to inconvenience their users that much.
You barely survived bullying, so you should know better than most that many people don't. That's plenty of reason not to tolerate bullying.
Look at it this way: survival of the fittest is already being changed by modern medicine; would you withhold penicillin from a child with pneumonia because he's too weak to survive? By extension, we owe the same level of concern to people with psychological problems.
No, it's pre-crime if they've done no harm at the time they're banned.
The triggers or flags the algorithm recognizes are not themselves the offenses. They are just attributes of posts from people who in the past have exhibited similar early behavior; this algorithm knows how to recognize that pattern.
Let's say that you categorize a thousand historical troll posts, and study their metrics (I'm going to make up some fake metrics here for example.) The average number of posts before they actually get to spewing the bile might be 15. Of those 15, an average of two of them might contain the misspelled phrase "your wrong". Another indicator might be writing five posts within the first hour of registering a new ID. None of those posts contain an actual troll message, but 75% of the time someone matches that behavior, they will have written a troll by their 10th-20th post.
Pre-crime would be banning people based on matching this pattern without waiting for the actual troll post to be made. It would ban 100% of pattern-matchers, but of those, only 75% would statistically have gone on to actually troll. The other 25% would be unfairly banned for their poor spelling and bad timing.
While I believe that people who are less sensitive tend to thrive more than others, I don't agree that "thicker skin" is a workable solution. Too many people have fragile emotional states and simply don't have the neural hardware psychological capacity required to dismiss the hate and insults that often happen on line. There have been some high-profile suicides among teens who were attacked online, and who knows how many people remove themselves from public comment because of the hate they've received? For safety reasons I don't think society should completely abrogate the forums to the trolls.
Does that not mean some people are overly sensitive? Sure. But just as we shouldn't velour-line the internet to cater to absolutely every person with a psychological disorder; we also don't have to tolerate the diarrhea that spews forth from the trolls. We don't have to draw a hard-and-fast line on the ground, either, and define "these words are always 100% bad in 100% of situations". Instead, we should be welcoming humans in the loop, asking them to pass judgment when needed. That gets us to a more fluid state than full automation. It also lets the user choose. Don't like the judgment process on Slashdot? Don't hang out on Slashdot.
I know full automated filtering is the holy grail of internet forum moderation, but as soon as you deploy a filter it becomes a pass/fail test for the trolls, who quickly learn to adapt and evade it. Human judges can adapt, too, and are about the only thing that can; there are simply too few for the volume of trolls out there. A tool like this might help them scale this effort to YouTube volumes.
Well, the Mounties haven't shown up at the border to haul away the G-men, so if I were Canadian I wouldn't place any faith in that treaty to keep myself out of harm's way.
If it looks like toilet paper and is used like toilet paper, it's worth the same as toilet paper.
Well, the Mounties haven't shown up at the border to haul away the G-men, so I wouldn't place any faith in that treaty to keep out of harm's way. If it looks like toilet paper and is used like toilet paper, it's worth the same as toilet paper.
Because too many people still associate coding with Computer Science, and are not taught Software Engineering.
Computer Science is all about the languages and the algorithms: how to make the computer count, how to make it sort, how to normalize data, etc. Software engineering is about the whys of design principles and design patterns. It's about testability, quality, readability, maintainability. It's about development methodologies. Almost anyone can write a sequential list of instructions, but unless they understand modularity, complexity, coupling, cohesion, they will not produce effectively maintainable code. They still think that because they passed a coding class that they're a coder, so they produce a crappy pile of hard-coded inappropriate dependencies, and then build more stuff that depends on the badly designed stuff, and then they wonder why programming sucks.
If we taught every child in the "Intro to Coding" class using Test Driven Development, we'd be teaching them to be the very first consumers of the code they write, and they'd quickly feel the consequences of making their own poor choices. They'd learn to course correct early, instead of struggling like so many of the questioners asking about homework problems on Stack Overflow. Instead of waiting to teach TDD as an advanced graduate level course, we'd have a lot more people who "get it". Or we'd quickly weed out the people who are incapable of ever getting it. Either way, everyone would be better off than we are.
A heartbeat can theoretically be traced, at least to the last RF transmitter in the chain. If that's WiFi, it's a few hundred meters at most. If it's typical home automation, it's 20 meters or so. So, if the Evil Midnight Bomber is being watched, the messages originating from him could be noticed. It's definitely not the stealthiest of options.
Yes, a transmitter putting out a watt or two would lead to the needle in the haystack scenario, but the bad guys aren't doing that yet.
They didn't qualify it at all. That was the editor who wrote the story, and the Slashdot editor who quoted the story. Neither quoted it from the report. https://opencryptoaudit.org/re...
Slashdot Mirror
If 10% of people are gay, then this impacts 10% of nerds. I don't run Apache, but I don't bitch when they put an Apache story on the front page. Get over it.
This is how organized religion dies -- to thunderous applause.
As they fade into irrelevance day after day, and people discover that they actually value the freedoms their churches have been suppressing, I expect people will abandon them at an even faster pace.
The TV market is bad, but the watch market is not great.
What they should be trying to crack is the in-car nav/infotainment systems - the iCarStereo. Current nav systems are somewhere between total-suckage and so-distracting-they-cause-accidents. Bluetooth pairing is painful when it even works, calling systems don't integrate with smartphone phonebooks, there is no way to share contact addresses, and the voice controls are no better than someone reading a "Car navigation is attempting to quit, cancel or allow?" dialog box. And the interfaces are so poor as to command the driver's full attention for seconds, looking for touch-screen items or clicking the right button, taking focus off the task of driving.
People would trade their old cars in for one equipped with an Apple iCarStereo if it solved those problems. A watch? It will take a lot of luck for it to be more than a fashion item that falls off the radar in a few years.
I think adblockers are great - for the end user to own and maintain. I've been running filtering proxies of one type or another since the last millennium. (And nothing will teach you the nuances of regex like the challenge of stripping out unwanted HTML tags.) It's for me to decide what I want my browser to display.
But just as it's wrong for my ISP to inject their own ads, it's also not the place of my ISP to censor them out of my data stream. That's my decision, not theirs.
Good point. I would not assume that flight information is from the nav and control systems. But it could be, in which case they could use one-way data isolation devices to eliminate the possibility of anything on the entertainment system negatively impacting navigation controls. That would technically be a "tie", but not one that could be exploited.
Yes, they *could* have used some kind of special 'data diode' isolation device, but then the researcher probably wouldn't have been able to jump networks in the lab, or, as stated in TFA, "He told WIRED that he did access in-flight networks about 15 times during various flights but had not done anything beyond explore the networks and observe data traffic crossing them".
Car networks (CAN bus) have a similar weakness in that the infotainment systems have previously been breached, allowing attackers access to cross over to security systems and unlocking the doors.
There's no way that entertainment/wifi/anything-accessible-to-a-passenger could in anyway be connected to those critical systems...is there?
There should be no tie between the control and entertainment networks. I would be surprised if there aren't regulations that forbid it. My guess is this simulated system was not like the real ones. It certainly isn't clear what really was done.
If there is no tie between the entertainment and nav systems, then it becomes difficult to explain the seatback display of the current flight information. At some point the data has to move from one system to the other. That takes a lot more than "no tie".
I'm fairly certain humanity would find plenty of reasons to wage war if religions were not around to blame it on.
Religions were created as the first rudimentary forms of government or control over other people, and are still remarkably effective at that task. They only require an ongoing group of leaders to ensure obligations are continually felt by the members, as it's difficult to create a new religion quickly with a large enough number of committed adherents to wage an effective war.
The entire process is well understood and practiced worldwide.
Yeah...but I"m curious...
Why did Roger Daltrey and Pete Townshend break this news......?
Because Keith Moon is dead.
Your stuff's cargo container was not heated during shipping. If it was stacked below the deck line, where it was not exposed to the sun, it didn't reach 55C during the journey.
Arthur Anderson was primarily an accounting and auditing firm. The entire reason that firm existed was to be trustworthy. If people can't trust the auditors, they blame it on instructions coming down from the top that said "anything for a buck comes before an accurate audit." So there was no way to trust the rest of the firm wasn't uninfected with the same corruption that led to Enron.
At Green Mountain, the decision to put DRM into coffee came from the top. While it doesn't translate the same way to the line workers, the trust in the company was similarly lost by their clients.
And yes, people might lose their retirement savings. Employees often have a lot invested in company stock. And if Green Mountain has a pension plan, those employees are at risk as well.
What would be ironic is if Green Mountain collapsed, but other players in the marketplace continued to thrive while using the K-cup (1.0, of course) as a de facto standard.
Connectivity is huge, but it's only one of the ingredients in making this decision.
If you want the app to work for them outside of the corporate WiFi, you have to host it on the public internet, where all attackers are equally welcome without regard to skillz or skripts. Are you sure that server is secure? What about tomorrow? Are you patching it? Are your users securing their devices properly? Uh oh, it's the new version of Heartbleed, go back three spaces.
You also have to consider performance. Is this something that your users will use constantly for their jobs, or occasionally for some rare piece of info? If it's going to add one second to every screen, and you're asking people to tap their way through 600 screens a day, the inefficiency is going to cost you 10 minutes worth of payroll per user per day. Maybe you make that up in hardware costs if you force your users to bring their own smartphone to work. Maybe the sluggishness just makes your users miserable throughout the day. Or maybe it simply costs you a lot of money.
On the other side, if it's used perhaps once or twice a day by 2000 people, poor performance and connectivity issues won't be nearly as important as savings on developer costs and time to market, Or if you have only a half dozen heavy users, perhaps you're willing to eat the payroll cost of an hour per day instead of spending them on development.
It's a question best answered by the money.
Manning would almost certainly have been caught regardless. All those State Department cables could only have come from someone with access to the entire database. That's a reasonably short list of people, and everyone on it would have been grilled and inspected from head to toe.
His (her) talking about it just made the inevitable happen faster.
I'm much more cynical, and I don't think Pepsi is giving in to anyone. I think they're trying to exploit people's fears that "OMG chemicals bad". It's more like they're advertising "We're the only brand that dares to print arsenic-free on our products."
I think the real problem with Diet Pepsi and Pepsi Max is that they taste more or less like regular Pepsi. Their advertising slogan may as well be "Pepsi - for when you can't afford actual Coca-Cola."
Neither Manning nor Snowden remained anonymous. At some point the leak is so big that anonymity is not possible, and someone will pay the price for the leak.
"Call your doctor immediately if you experience a coding session lasting more than four hours, as this may indicate a serious side effect."
It is through the Dew of Mountains that thoughts acquire speed.
They could maintain a list of third party library versions and identify versions of apps that link with them. But then what? As a user, I might not want Apple to shut off some random app I depend on -- just because they think it might be hackable doesn't mean my device is actually being hacked; and I might really need that app today for some important client presentation.
They could contact impacted developers and request they repair the damage, but what can they do if nobody responds?
Apple focuses on end user experience first. They won't want to inconvenience their users that much.
You barely survived bullying, so you should know better than most that many people don't. That's plenty of reason not to tolerate bullying.
Look at it this way: survival of the fittest is already being changed by modern medicine; would you withhold penicillin from a child with pneumonia because he's too weak to survive? By extension, we owe the same level of concern to people with psychological problems.
No, it's pre-crime if they've done no harm at the time they're banned.
The triggers or flags the algorithm recognizes are not themselves the offenses. They are just attributes of posts from people who in the past have exhibited similar early behavior; this algorithm knows how to recognize that pattern.
Let's say that you categorize a thousand historical troll posts, and study their metrics (I'm going to make up some fake metrics here for example.) The average number of posts before they actually get to spewing the bile might be 15. Of those 15, an average of two of them might contain the misspelled phrase "your wrong". Another indicator might be writing five posts within the first hour of registering a new ID. None of those posts contain an actual troll message, but 75% of the time someone matches that behavior, they will have written a troll by their 10th-20th post.
Pre-crime would be banning people based on matching this pattern without waiting for the actual troll post to be made. It would ban 100% of pattern-matchers, but of those, only 75% would statistically have gone on to actually troll. The other 25% would be unfairly banned for their poor spelling and bad timing.
While I believe that people who are less sensitive tend to thrive more than others, I don't agree that "thicker skin" is a workable solution. Too many people have fragile emotional states and simply don't have the neural hardware psychological capacity required to dismiss the hate and insults that often happen on line. There have been some high-profile suicides among teens who were attacked online, and who knows how many people remove themselves from public comment because of the hate they've received? For safety reasons I don't think society should completely abrogate the forums to the trolls.
Does that not mean some people are overly sensitive? Sure. But just as we shouldn't velour-line the internet to cater to absolutely every person with a psychological disorder; we also don't have to tolerate the diarrhea that spews forth from the trolls. We don't have to draw a hard-and-fast line on the ground, either, and define "these words are always 100% bad in 100% of situations". Instead, we should be welcoming humans in the loop, asking them to pass judgment when needed. That gets us to a more fluid state than full automation. It also lets the user choose. Don't like the judgment process on Slashdot? Don't hang out on Slashdot.
I know full automated filtering is the holy grail of internet forum moderation, but as soon as you deploy a filter it becomes a pass/fail test for the trolls, who quickly learn to adapt and evade it. Human judges can adapt, too, and are about the only thing that can; there are simply too few for the volume of trolls out there. A tool like this might help them scale this effort to YouTube volumes.
Well, the Mounties haven't shown up at the border to haul away the G-men, so if I were Canadian I wouldn't place any faith in that treaty to keep myself out of harm's way.
If it looks like toilet paper and is used like toilet paper, it's worth the same as toilet paper.
Well, the Mounties haven't shown up at the border to haul away the G-men, so I wouldn't place any faith in that treaty to keep out of harm's way. If it looks like toilet paper and is used like toilet paper, it's worth the same as toilet paper.
Because too many people still associate coding with Computer Science, and are not taught Software Engineering.
Computer Science is all about the languages and the algorithms: how to make the computer count, how to make it sort, how to normalize data, etc. Software engineering is about the whys of design principles and design patterns. It's about testability, quality, readability, maintainability. It's about development methodologies. Almost anyone can write a sequential list of instructions, but unless they understand modularity, complexity, coupling, cohesion, they will not produce effectively maintainable code. They still think that because they passed a coding class that they're a coder, so they produce a crappy pile of hard-coded inappropriate dependencies, and then build more stuff that depends on the badly designed stuff, and then they wonder why programming sucks.
If we taught every child in the "Intro to Coding" class using Test Driven Development, we'd be teaching them to be the very first consumers of the code they write, and they'd quickly feel the consequences of making their own poor choices. They'd learn to course correct early, instead of struggling like so many of the questioners asking about homework problems on Stack Overflow. Instead of waiting to teach TDD as an advanced graduate level course, we'd have a lot more people who "get it". Or we'd quickly weed out the people who are incapable of ever getting it. Either way, everyone would be better off than we are.
A heartbeat can theoretically be traced, at least to the last RF transmitter in the chain. If that's WiFi, it's a few hundred meters at most. If it's typical home automation, it's 20 meters or so. So, if the Evil Midnight Bomber is being watched, the messages originating from him could be noticed. It's definitely not the stealthiest of options.
Yes, a transmitter putting out a watt or two would lead to the needle in the haystack scenario, but the bad guys aren't doing that yet.
They didn't qualify it at all. That was the editor who wrote the story, and the Slashdot editor who quoted the story. Neither quoted it from the report. https://opencryptoaudit.org/re...