It actually is stupid. His logic apparently suggests that all it takes for criminals to succeed in their endeavours is to not use mobile communication devices (because without them, the authorities are screwed!). So the outcome would be that everyone would get snooped except for the criminals who won't get caught.
That's not stupid at all, because it's absolutely true. If you leave all your RF behind, wear a ghillie suit or CV dazzle makeup, or at least a cap with camera-blinding IR LEDs pointed out from around the brim, and use a vehicle not-your-own for travel, you'll be highly successful. However, most thieves are not that smart, and won't leave their phones behind. So they get caught.
May I suggest you visit India some time, and experience the noise for yourself? The drivers there are completely undisciplined. People honk because everyone else honks. They honk to announce they're tailgating, they honk to announce they are moving left or right (calling it changing lanes would imply they cared about lanes), they honk to announce they're about to enter an intersection, and they honk if someone cuts them off; as it's the only way anyone drives, the honking is almost continuous. When I got back, the silence on Minnesota streets was remarkable. It was almost three weeks before I heard an actual horn honk in traffic.
People aren't compelled to push the button just because it's in front of them. People push it because they don't know any better.
Absolutely. It may have something to do with a common bond of technology, of the higher education that typically correlates to technophilia, or that some higher percentage of people interested in technology are simply interested in the truth of how things work as opposed to the political reason a thing exists. It might be that the moderation system is really effective at keeping extremists, trolls, griefers, and spammers from adding too much noise into the discussions. It might just be that people are more civil when they're not Anonymous Cowards, and most people ignore the cowards by default.
Whatever it is, and despite the incessant whining about how Slashdot's gone downhill (for thirteen straight years? really?), Slashdot seems to have what it takes to remain relevant to hundreds of thousands of nerds.
I don't think so. The Joker, as Alfred put it "wants to watch the world burn." But I don't think Snowden did what he did out of malice. Instead, he's more like Batman at the end of The Dark Knight, where he accepts the blame for Dent's death in order to preserve the work he did, thus Gotham's finest set out to hunt him down. "Why is Batman running, Dad?" "So we can chase him. He's the hero Gotham deserves, but not the one it needs right now. So we'll hunt him, because he's not our hero."
Can we overcome that anymore? It used to be we all had to share the same media: there were only a few TV channels and a few newspapers to choose from. And yes, they were "slanted", but most editors realized they had a vested interest in at least catering a bit to everyone. There were exceptions, of course, with yellow rags like The Spotlight, but the rest of the population recognized the people who read them were the rabidly crazy conspiracy theorists, and they never became credible sources of news.
Now, thanks to millions of blogs on the internet and a hundred cable news networks, you can easily find yourself getting news only from GreenieLeftistSocialistNews.com or RightWingBigCorporateNews.com and getting a message that delivers only one particular bias, tailored exactly to your worldview, with no desire to include any competing viewpoints. While the Huffington Post may not match the Spotlight in crazy unbalanced coverage, it certainly has an unabashed slant, and it's easy to see the readers are just as sure of the correctness of their ideas as any reader of the Spotlight ever was. Worse, there are no guarantees the writers for these sites ever had any journalism training, and they may not recognize the ethical responsibilities of their jobs (yes, a journalist still has the truth as his first duty.)
Oddly enough, sites like Slashdot occupy a unique position that may actually help. While editorial "integrity" here is a long-standing running joke, it brings together news about technology from all over the political spectrum. The articles are reposted from both the right and left points of view, and readers can at least get an occasional bit of perspective from "the other side".
I was thinking ditching it may have been a deliberate choice to keep it out of the hands of the American public. Just imagine some hackers getting to the wreckage first and disassembling the electronics and optics to learn its true capabilities.
If you're going to rely on a secret weapon to keep the bad guys guessing, you have to keep it secret.
There's an even easier solution: don't store cardholder information in a database
There is no need to save credit card numbers, expiration dates, CVV2 codes, and personally identifiable information once the authorization of charge has been obtained. None whatsoever.
Getting an auth code means you're getting your money. You don't need to store my entire credit card number.
Go read the analysis of the BlackPOS malware at Krebs. He says that the attack that hit Target was done with a RAM scraper. It wouldn't matter if Target stored the data or not, or if they used SSL or not, the malware read the card data as soon as it was in the memory of the register.
The Vasco DIGIPASS device is a small smart-card reader that resembles a pocket calculator. It allows the cardholder to insert their card, enter the transaction details, and produce a one-time authorization code that can be entered into a web page (like a CVV2 code, but cryptographically secure.) It's a sealed device that is electrically air-gapped from everything apart from the batteries and the card, so it is unhackable from on-line threats. Such devices are used to secure on-line banking transactions. The only thing it can't protect against is users being duped by fraudulent web sites: "paypa1.com" type threats, phishing, etc.
They're cheap and simple devices that some European banks give out to their customers.
And double spending is going to be a huge problem. A year ago (around New Years) there was a large gang of thieves who used fraudulent cards in hundreds of ATMs in a coordinated attack, where a hacker had removed the withdrawal limits from the bank's computers. The collective of smurfs withdrew millions of dollars in a few hours.
Now place a hundred of those thieves into physical world stores, tell them all to use the time according to their cell phone, and have them put 10 BTC worth of stuff in their carts by 10:30AM. At 10:35AM you will post a copy of a 10BTC number on the gang's Facebook page, and the clock is counting. They need to be paid and gone as soon as possible, because by 10:40AM they will get caught.
The value of the attack increases by each smurf you add. And you're not bounded by geography: you can have your smurfs steal from shops around the globe. The only risk is of discovery before the attack, and even then the only defense is to validate the transaction as quickly as possible.
It's likely more expensive for automakers and repair shops to carry two different models of seat than it is to build un-sold heaters in half of them. And a wiring harness will already have the needed wires in place for other things, such as seat weight detectors (required for safety equipment) and position controls (likely another opportunity for an add-on option.) I don't think it will cost the manufacturers much extra to include the features.
Depending on the weight of the disabled options, of course. You can't lug a hundred pounds of dead gear around without it costing you in MPG, and consumers are very sensitive to fuel usage.
It will probably show up in a cost difference between leasing and purchasing. As others have pointed out, they can't stop you from modding your own car, but they can stop you from modding a car they own and just lease to you.
https://krebsonsecurity.com/20... That's an article about the value a hacked device can deliver to a bad guy. Most of those things won't apply, but a botherder could use your thermostat to send spam. He could also open a reverse command shell to act as a staging point to dig into your internal network from inside your router's firewall, and use it to launch an attack on your banking PC, perhaps.
I haven't found the start menu to be the problem that many of the complainers are whining about. Instead, I'm not liking the gesture-only approach. Gestures are never user friendly, even when they're intended as accelerators. One of the principles of a GUI is that your options should be visible. Instead, Win 8 forces me to remember a fairly long list: "swipe from the left to swap tasks, swipe from the left then back again to bring up the list of tasks, swipe from the right to bring up charms, swipe from the middle up to bring up all the apps, swipe from the bottom up to bring up the options, swipe from the top down to close", and no doubt others I haven't learned yet. I haven't learned them because they're hidden.
And iOS is not exactly the king of User Experience, either. You always swipe to delete, except when there's a box to check, or if you have to hold an icon until it wiggles then tap the red X, or sometimes you have to find the red button marked delete, or sometimes you have to flick the thing either up or down to throw it away, or sometimes you tap the trashcan. Their hallmark consistency proved too restrictive for certain apps and the experience even varies amongst iOS features.
I get why Microsoft wanted a change: fingers are too fat to hit desktop-sized icons with any accuracy. I spent way too much time on the/. messages screen just trying to tick the box to delete a message. But that doesn't mean that a person with a keyboard and mouse should ever have anything to do with a gesture. It means they tackled the right problem with the wrong approach.
Fiber doesn't generally have that same kind of problems (unless you foolishly installed cheap plastic optical fibers.) There isn't a special "greased lightning fiber" people can turn to that carries more data.
Speak for yourself - I just picked up a $5000 S/PDIF cable from Monster Cable that moves those bits so much faster than any other cable on the market. When you hear the results, you can just tell that the 1's and 0's have so much more definition and crispness than ordinary commodity cables.
I hate to disappoint you, Skippy, but that's just regular optical fiber that's been SpeedWaxed. You still need to buy a tube of Denon Optical Fiber SpeedWax and coat the fibers monthly. Otherwise, the ones tend to get a bit fat, and the zeros get a little skinny. Without it, the highs will have a pronounced distortion on the even harmonics, and the phrenological ephemera will subluxate the transception. Oh, and don't forget to get their Shielded optical cable, specifically designed to reject RF interference. Get the one with gold plated connectors to ensure rich bass.
If you can force errors to cause the user to perform another key exchange that you can compromise, it's still game over. Never pair your Bluetooth devices in an untrustworthy location, especially if they "used to work".
The difference is that DSL is running data over old Cat 3 voice grade lines, and there is a clear technological benefit to moving to an alternative media for distribution. The reason is noise: Cat 3 was never designed to reject it. Coax, Cat 5, and other wire types were specifically engineered to help reject noise at different frequencies. And the better the category of wire, the better the throughput.
Fiber doesn't generally have that same kind of problems (unless you foolishly installed cheap plastic optical fibers.) There isn't a special "greased lightning fiber" people can turn to that carries more data. Instead, advances in lasers, optics, and encoding technologies are used to increase throughput by replacing the transmitters and receivers.
In general, if you need more throughput in a fiber environment than commercially available transmitters can produce, your only choice is to pull more fibers. Whereas in DSL-land if you need more throughput, the rational choice is to abandon the technology completely and move to a different media.
Slashdot Mirror
But we praise the leaders when they use a piece of fiction to decide science policy.
Perhaps we should judge the leaders on the actual policies they produce, rather than the source of them.
It actually is stupid. His logic apparently suggests that all it takes for criminals to succeed in their endeavours is to not use mobile communication devices (because without them, the authorities are screwed!). So the outcome would be that everyone would get snooped except for the criminals who won't get caught.
That's not stupid at all, because it's absolutely true. If you leave all your RF behind, wear a ghillie suit or CV dazzle makeup, or at least a cap with camera-blinding IR LEDs pointed out from around the brim, and use a vehicle not-your-own for travel, you'll be highly successful. However, most thieves are not that smart, and won't leave their phones behind. So they get caught.
DC is America's thermal exhaust port. It's where all the hot air comes from.
And it's filled with womp-rats.
May I suggest you visit India some time, and experience the noise for yourself? The drivers there are completely undisciplined. People honk because everyone else honks. They honk to announce they're tailgating, they honk to announce they are moving left or right (calling it changing lanes would imply they cared about lanes), they honk to announce they're about to enter an intersection, and they honk if someone cuts them off; as it's the only way anyone drives, the honking is almost continuous. When I got back, the silence on Minnesota streets was remarkable. It was almost three weeks before I heard an actual horn honk in traffic.
People aren't compelled to push the button just because it's in front of them. People push it because they don't know any better.
Absolutely. It may have something to do with a common bond of technology, of the higher education that typically correlates to technophilia, or that some higher percentage of people interested in technology are simply interested in the truth of how things work as opposed to the political reason a thing exists. It might be that the moderation system is really effective at keeping extremists, trolls, griefers, and spammers from adding too much noise into the discussions. It might just be that people are more civil when they're not Anonymous Cowards, and most people ignore the cowards by default.
Whatever it is, and despite the incessant whining about how Slashdot's gone downhill (for thirteen straight years? really?), Slashdot seems to have what it takes to remain relevant to hundreds of thousands of nerds.
I don't think so. The Joker, as Alfred put it "wants to watch the world burn." But I don't think Snowden did what he did out of malice. Instead, he's more like Batman at the end of The Dark Knight, where he accepts the blame for Dent's death in order to preserve the work he did, thus Gotham's finest set out to hunt him down. "Why is Batman running, Dad?" "So we can chase him. He's the hero Gotham deserves, but not the one it needs right now. So we'll hunt him, because he's not our hero."
Can we overcome that anymore? It used to be we all had to share the same media: there were only a few TV channels and a few newspapers to choose from. And yes, they were "slanted", but most editors realized they had a vested interest in at least catering a bit to everyone. There were exceptions, of course, with yellow rags like The Spotlight, but the rest of the population recognized the people who read them were the rabidly crazy conspiracy theorists, and they never became credible sources of news.
Now, thanks to millions of blogs on the internet and a hundred cable news networks, you can easily find yourself getting news only from GreenieLeftistSocialistNews.com or RightWingBigCorporateNews.com and getting a message that delivers only one particular bias, tailored exactly to your worldview, with no desire to include any competing viewpoints. While the Huffington Post may not match the Spotlight in crazy unbalanced coverage, it certainly has an unabashed slant, and it's easy to see the readers are just as sure of the correctness of their ideas as any reader of the Spotlight ever was. Worse, there are no guarantees the writers for these sites ever had any journalism training, and they may not recognize the ethical responsibilities of their jobs (yes, a journalist still has the truth as his first duty.)
Oddly enough, sites like Slashdot occupy a unique position that may actually help. While editorial "integrity" here is a long-standing running joke, it brings together news about technology from all over the political spectrum. The articles are reposted from both the right and left points of view, and readers can at least get an occasional bit of perspective from "the other side".
He's the villain Gotham needs today.
I was thinking ditching it may have been a deliberate choice to keep it out of the hands of the American public. Just imagine some hackers getting to the wreckage first and disassembling the electronics and optics to learn its true capabilities.
If you're going to rely on a secret weapon to keep the bad guys guessing, you have to keep it secret.
There's an even easier solution: don't store cardholder information in a database
There is no need to save credit card numbers, expiration dates, CVV2 codes, and personally identifiable information once the authorization of charge has been obtained. None whatsoever.
Getting an auth code means you're getting your money. You don't need to store my entire credit card number.
Go read the analysis of the BlackPOS malware at Krebs. He says that the attack that hit Target was done with a RAM scraper. It wouldn't matter if Target stored the data or not, or if they used SSL or not, the malware read the card data as soon as it was in the memory of the register.
The Vasco DIGIPASS device is a small smart-card reader that resembles a pocket calculator. It allows the cardholder to insert their card, enter the transaction details, and produce a one-time authorization code that can be entered into a web page (like a CVV2 code, but cryptographically secure.) It's a sealed device that is electrically air-gapped from everything apart from the batteries and the card, so it is unhackable from on-line threats. Such devices are used to secure on-line banking transactions. The only thing it can't protect against is users being duped by fraudulent web sites: "paypa1.com" type threats, phishing, etc.
They're cheap and simple devices that some European banks give out to their customers.
Thanks for clearing that up for me.
And double spending is going to be a huge problem. A year ago (around New Years) there was a large gang of thieves who used fraudulent cards in hundreds of ATMs in a coordinated attack, where a hacker had removed the withdrawal limits from the bank's computers. The collective of smurfs withdrew millions of dollars in a few hours.
Now place a hundred of those thieves into physical world stores, tell them all to use the time according to their cell phone, and have them put 10 BTC worth of stuff in their carts by 10:30AM. At 10:35AM you will post a copy of a 10BTC number on the gang's Facebook page, and the clock is counting. They need to be paid and gone as soon as possible, because by 10:40AM they will get caught.
The value of the attack increases by each smurf you add. And you're not bounded by geography: you can have your smurfs steal from shops around the globe. The only risk is of discovery before the attack, and even then the only defense is to validate the transaction as quickly as possible.
It's likely more expensive for automakers and repair shops to carry two different models of seat than it is to build un-sold heaters in half of them. And a wiring harness will already have the needed wires in place for other things, such as seat weight detectors (required for safety equipment) and position controls (likely another opportunity for an add-on option.) I don't think it will cost the manufacturers much extra to include the features.
Depending on the weight of the disabled options, of course. You can't lug a hundred pounds of dead gear around without it costing you in MPG, and consumers are very sensitive to fuel usage.
It will probably show up in a cost difference between leasing and purchasing. As others have pointed out, they can't stop you from modding your own car, but they can stop you from modding a car they own and just lease to you.
Lest you think I was kidding about shielded fiber cable with gold plated connectors: http://www.amazon.com/Cable-Ma...
But it's only $8.99, so it's kind of difficult to mock it mercilessly.
That's why I qualified my comment with "generally". Figures I'd get caught :-)
https://krebsonsecurity.com/20...
That's an article about the value a hacked device can deliver to a bad guy. Most of those things won't apply, but a botherder could use your thermostat to send spam. He could also open a reverse command shell to act as a staging point to dig into your internal network from inside your router's firewall, and use it to launch an attack on your banking PC, perhaps.
In case you doubt this could happen, it just did. http://www.businessinsider.com...
I haven't found the start menu to be the problem that many of the complainers are whining about. Instead, I'm not liking the gesture-only approach. Gestures are never user friendly, even when they're intended as accelerators. One of the principles of a GUI is that your options should be visible. Instead, Win 8 forces me to remember a fairly long list: "swipe from the left to swap tasks, swipe from the left then back again to bring up the list of tasks, swipe from the right to bring up charms, swipe from the middle up to bring up all the apps, swipe from the bottom up to bring up the options, swipe from the top down to close", and no doubt others I haven't learned yet. I haven't learned them because they're hidden.
And iOS is not exactly the king of User Experience, either. You always swipe to delete, except when there's a box to check, or if you have to hold an icon until it wiggles then tap the red X, or sometimes you have to find the red button marked delete, or sometimes you have to flick the thing either up or down to throw it away, or sometimes you tap the trashcan. Their hallmark consistency proved too restrictive for certain apps and the experience even varies amongst iOS features.
I get why Microsoft wanted a change: fingers are too fat to hit desktop-sized icons with any accuracy. I spent way too much time on the /. messages screen just trying to tick the box to delete a message. But that doesn't mean that a person with a keyboard and mouse should ever have anything to do with a gesture. It means they tackled the right problem with the wrong approach.
Remember their (fictitious) slogan from back then? "At Microsoft, quality is job 3.1"
Speak for yourself - I just picked up a $5000 S/PDIF cable from Monster Cable that moves those bits so much faster than any other cable on the market. When you hear the results, you can just tell that the 1's and 0's have so much more definition and crispness than ordinary commodity cables.
I hate to disappoint you, Skippy, but that's just regular optical fiber that's been SpeedWaxed. You still need to buy a tube of Denon Optical Fiber SpeedWax and coat the fibers monthly. Otherwise, the ones tend to get a bit fat, and the zeros get a little skinny. Without it, the highs will have a pronounced distortion on the even harmonics, and the phrenological ephemera will subluxate the transception. Oh, and don't forget to get their Shielded optical cable, specifically designed to reject RF interference. Get the one with gold plated connectors to ensure rich bass.
If you can force errors to cause the user to perform another key exchange that you can compromise, it's still game over. Never pair your Bluetooth devices in an untrustworthy location, especially if they "used to work".
Ha, let's see 'em try to sniff RF signals off my difference engine!
You kid, but a radar set could easily do just that.
The security is "adequate" for most people. However, it's not perfect: http://www.hackfromacave.com/p...
The difference is that DSL is running data over old Cat 3 voice grade lines, and there is a clear technological benefit to moving to an alternative media for distribution. The reason is noise: Cat 3 was never designed to reject it. Coax, Cat 5, and other wire types were specifically engineered to help reject noise at different frequencies. And the better the category of wire, the better the throughput.
Fiber doesn't generally have that same kind of problems (unless you foolishly installed cheap plastic optical fibers.) There isn't a special "greased lightning fiber" people can turn to that carries more data. Instead, advances in lasers, optics, and encoding technologies are used to increase throughput by replacing the transmitters and receivers.
In general, if you need more throughput in a fiber environment than commercially available transmitters can produce, your only choice is to pull more fibers. Whereas in DSL-land if you need more throughput, the rational choice is to abandon the technology completely and move to a different media.
And then spend the next 10 years inaccurately classifying the rest of the internet.
FTFY.