With a removable hard drive/SSD, you can swap it for a "clean" one while traveling abroad to avoid border guards abusing their authority and (say) stealing sensitive corporate or medical data. Takes five minutes on an older MacBook or (better yet) a Thinkpad.
If the thing is soldered in, your only choice is full backup, zero, reformat, reinstall or carry two computers.
What’s the point in doing that? If you’re not bringing a burner laptop, you’re wasting your time. If they want your data, they will modify your firmware and will just take it from you the next time you boot up, and every time after that.
Why does security have to consume a fair amount of processing power?
Because it's easier to just ACCEPT all connection attempts instead of piping them through multiple layers of filters. Even the most basic authentication scheme is more complicated and time consuming than allowing total access to everyone. Even if the gadget only connects actively and does not allow others to establish a connection, you have to sanitize input from your peer.
But you should always be sanitizing your inputs, no matter where they came from. So the lost processing power SHOULD be zero because you should already be doing that anyway. And most hardware has cryptographic instructions that offload the verification of hashes and signatures so the only wasted processing power there is waiting for the bus to send and receive the request.
The problem with microcontrollers and security is that security consumes a fair lot of processing power if done right. And while this is really no concern these days for a desktop or even a mobile computer (including smartphones), it still is a concern for lower end IoT devices powered by microcontrollers that can barely accomplish what their function is with the computing power they have.
And try to justify the 2.50 bucks for the extra IC (or the next powerful IC) to implement sensible security. Not to mention the hundreds of hours.
Why does security have to consume a fair amount of processing power? This all depends on the attack surface of your project, but most of the things that need to be secured ought to be considered and planned for before you even write your first line of code. And checking input shouldn't be that time consuming for a microcontroller. The real costly part of security is the time it takes to properly implement and verify it.
OP didn't say buy the firewalls at EoL - just the switches. EoL is not the same as end of support, which mean you get a good few years before they go out of support and patches cease, so you get a decent switch for your home network, rather than your regular cheap SOHO model.
Switches do generally last forever though, what happens when patches do cease is up to your security risk appetite. Assuming you know what you are doing and have them properly locked down with management IPs firewalled away or disabled, etc., then they're a pretty low security risk, barring some "packet of doom" style exploit.
Do you follow CERT? Cisco has tons of exploits in their gear, including countless backdoor accounts. Some that have been discovered and published on the internet that Cisco hasn't even acknowledged. You can't secure a switch against a known backdoor if the switch can be accessed.
I don’t think it is a very productive exercise to ask “why” in most cases involving stupidy relating to use of electronics. I am certain anyone who has ever been in corporate cyber security will eagerly confirm this statement. Mind you, we are talking about people with degrees that attended security policy orientations and still manage to send confidential data over unsecured channels. Now imagine the guy whose main skill is selling meth in a night club. I would not be surprised if he kept a log of his transactions on his Facebook wall or something.
But in this case it is very productive to ask why someone would add an electronic layer to a cash business. There's no justification for it, and a great way to get busted by the IRS or whatever tax agency rules your country. So I have to ask why would that night club meth dealer accept VenMo? If one buyer doesn't have the cash, the next will. And anyone who goes to a night club to buy drugs always has cash.
I always have write caching turned off. Windows has the Quick Removal option, so why would it be there and be called that if it wasn't there to allow you to pull it out?
I never ejected a flash drive in XP and never had a problem. In Win 7 I almost always do, as it doesn't seem to work properly, but at work we have a Win 10 laptop and 90% of the time it doesn't allow me to eject (warning message pops up), so I have to either reboot (yeah, right), or just pull it out and hope for the best.
Why don't flash drives work the same as floppy disks? We never had a problem ejecting those.
Write cache is the default. I don't know if you can even disable it in Windows 10 but there was an OS bug that made it difficult to eject USB drives. That has recently been fixed.
TL;DR: Criminals are by and large compete and utter idiots. So are many of their customers.
This bot post has just saved you a minute of reading. Praise Jobs.
You may want to reconsider that statement. Yes there are plenty of dumb criminals but there are also plenty of people who think it is funny to put silly things in Venmo. It's no different that someone putting "Sensual Massage" in the memo field of a check they write to their roommate, except that nobody ever looks at the memo field on a check. Most of those are probably jokes. Unless people are buying these drugs by mail why would they use Venmo instead of cold hard cash? And we all know that people prefer cryptocoins for their online drug purchases
We're that not true, Hillary most certainly wouldn't have relinquished her home mail server, would she.
I think where the prosecution screwed up is in asking for the password, which is not evidence. They should have instead asked for "the text messages you sent in the last 24 hours to Jose Jones", which are evidence.
Well they have every single bit that is stored on the internal storage device of that phone, including all of the text messages.
That is not how the courts have decided this is. Much like many other things, what you think it "should" be is not what the court precedent says it is. The precedents on the record since the early days of the cellphone and computer make it entirely legal for the judge to do what she did.
Then the judges have failed to keep up with precedents from far before when celllphones and computers ever existed. It has never been the defendant’s responsibility to interpret evidence for the prosecution. They have all the individual bits that compose all of the data on the phone. It is up to the prosecution to make sense of them. It is no different than forcing a bookkeeper to testify to the meaning of coded entries in an accounting ledger. They cannot be forced to do so if it results in them being prosecuted for a crime in relation to the bookkeeping records.
>They have no way of knowing if there is evidence on the phone.
According to the warrant, the judge find they DO have probable cause to believe there is evidence on the phone. I don't know what their probable cause it, but if the defendant said "my dealer texted me saying to meet him at Denny's to get the weed", that would be probable cause to believe such a text message is on the phone.
> If the prosecution wants the contents of the... Thatâ(TM)s their prerogative to do if they have the resources.
If they have probable cause. Without probable cause, they shouldn't be searching it.
I think you contradict yourself when you say "they have no way of knowing there is evidence on the phone... they can search it". Constitutionally, they need to show that specific evidence will likely be found before they may search (absent permission from the owner).
I am not saying that they have the right to search the phone without a warrant. But if they have a warrant then they can choose to spend the resources to break the encryption.
> They cannot force you to provide evidence against yourself.
Not quite true. They cannot force you to TESTIFY as a WITNESS against yourself. They CAN force you to hand over evidence you have in your possession.
And how do they determine what evidence I have in my possession? By executing a search warrant. But that is the extent of the law. Once they have the evidence it is up to them to interpret it. If all it does is look like random bits to them, well they can hire an expert to help them try and figure out what those random bits mean.
For example, suppose a bank illegally opened accounts for "customers" who never asked for them. The bank has records showing when the accounts were set up, by whom. The bank can be forced to hand over those pre-existing records.
And there is no law that says that a bank employee has to help them interpret those records. Take Al Capone’s tax evasion prosecution. If they did not have the bookkeepers testimony to show that “John Smith” or whatever alias they used for Al Capone was in fact Al Capone, they could not have compelled Al Capone to show that he was “John Smith”. The government has to take whatever evidence at face value and make their case.
Suppose it were a crime to be negligent (not careful) in allowing classified information to be released on to unauthorized networks. Suppose someone was "grossly negligent", er I mean "extremely careless" in sending classified information to a computer in their basement. They CAN be forced to turn over that computer. In fact, once they become aware of investigation, intentionally destroying the evidence by "wiping" the computer is a separate crime.
Yes. The warrant will allow them to search the computer to their heart’s content. The warrant cannot compel the interpretation of any evidence on that computer.
When someone is ordered to turn over evidence in the form of documents, of course they aren't allowed to encrypt the documents first, or glue them all together with super glue, or otherwise mess with the ability to examine the evidence.
But he didn’t do any of those things, did he? They got a warrant for his phone. They now have his phone. Do they have any evidence that he encrypted the device after knowing that the warrant would be issued? I would guess not. Most likely the phone was taken from him at the time of his arrest and the warrant was obtained before he ever got the phone back from the police. So, again, they are asking him to interpret the evidence against him.
>The contents of the phone are evidence.
And you must turn over evidence. You can't be required to produce new testimony against yourself, you can be ordered to turn over evidence.
not quite as well as they could have, but they made a serious go at it. The went from a third world hell hole to a first world nation in about 50 years. But when the price of oil tanked that was kind of that. The sanctions didn't help either (and I have no bloody idea why my country is sanctioning another country that has not attacked us or our allies... It honestly feels like we're attacking them for being socialistic... ).
John Oliver has a pretty good piece on it. I think if they'd had another 50 years to stabilize they could have weathered it (or if those aforementioned sanctions didn't exist and they could get some aid in).
Have you been to Venezuela? They did NOT do it at all. The US, British, and Dutch oil companies ran Venezuela until the 90s when the government took over and then it became a way to reward your friends and families with cushy high paying jobs. A janitor at PDVSA made many times the minimum wage while most people were living in shanty towns around Caracas. The only part of Venezuela that seems to have done okay with the oil is the city of Maturin, which is one of the cleanest cities I have ever been to (though that has most likely changed since I was last there). Unemployment in Maturin was incredibly low, most of the unemployed were given city jobs to do street sweeping. But I can tell you that most of the people I knew there lived in shacks and that they waited days to get the most basic healthcare. You had to go to the emergency room for everything. Anyone who had money would go see a US trained doctor because it was the only way to get decent medical care there. Anyone who needed anything serious done flew to the US or another nearby country if they could afford it.
> Since the police had a search warrant, I am not sure there is a constitutional argument to be made.
It seems to me the warrant changes the argument a bit vs not having a warrant.
First, one can argue if the warrant was Constitutional. The Constitution doesn't say "no unreasonable search and seizure - unless you have a warrant". A warrant which purports to authorize an unreasonable search is unconstitutional and therefore void. One could certainly argue that the search is unreasonable, which voids the warrant.
The Constitution does say "no warrants shall issue, but upon probable cause". Was probable cause shown that the phones contain evidence of a crime? If not, the warrant is unconstitutional.
Suppose the warrant and search are themselves constitutional. Then you run into the fifth amendment issue forcing the person to reveal the password. It has been ruled that where ownership of the device is disputed, revealing the password would be tantamount to testifying that the defendant owns the device. The fifth amendment applies and the defendant can not be forced to reveal the password, if the phone may not be his.
Suppose it's agreed that the phone is his. One CAN be forced to hand over documents in your possession. That's evidence, not testimony. Had the court ordered him to hand over the contents of the phone, rather than the password, that would probably be constitutional. Where the defendant can turn over unencrypted copies, it can be argued that he can be forced to do so.
The 5th says you can't be forced to give testimony against yourself. Testimony is spoken evidence. Evidence is things you'd present to the judge or jury to demonstrate guilt or innocence. Is the password spoken evidence, testimony? Probably the password isn't evidence; you wouldn't show the jury the password. Rather, it's something that is needed in order to decrypt the evidence. If it's not evidence, it's not spoken evidence - not testimony. If you aren't asking the defendant to testify as a witness against himself, the 5th amendment protection doesn't seem to apply. I *want* a right to not reveal my password, but thinking through existing law, if the search is reasonable and there is probable cause, I don't see any such protection in existing law.
Of course if the search is unreasonable, or if there is not probable cause, the search itself is unconstitutional.
How is this any different than jailing someone who is suspected of murder until they disclose the location of the dead body? They have no way of knowing if there is evidence on the phone. They cannot force you to provide evidence against yourself. If the prosecution wants the contents of the phone, they can try to decrypt the contents of the phone just as they’re welcome to try and crack open a safe. That’s their prerogative to do if they have the resources.
It's no different from the defendant claiming he's lost the key, while the judge thinks he's just carefully hidden it somewhere and isn't telling. Both (the password, or location of the physical key) are "mind reading" aspects. The case law does in fact apply here.
This is what I've been trying to caution people against when they cite 4th Amendment protection for passwords. The 4th Amendment isn't a bulletproof shield. Once a warrant has been issued (as was in this case), pretty much all of your 4th Amendment protections evaporate. Failing to obey the warrant puts you at risk of being jailed indefinitely for contempt of court. No trial, no jury, the judge just sends you to jail because you didn't obey a court order.
This has nothing to do with the fourth amendment. It has everything to do with the fifth amendment. You do not have to aid the prosecution’s case against you. You do not need to cooperate. If the evidence in the phone is important enough, they will break the encryption on it. Just like they would crack a safe open if they wanted to get inside of it without having the combination or key. It is up to law enforcement and the prosecution to find what evidence they may. You cannot destroy evidence, by law, but you are not forced to produce it, either. Claiming that having knowledge of the password is somehow not incriminating is complete and utter bullshit. This would be no different than jailing someone in a murder case until they agreed to show the prosecution where the bodies are buried.
Good news topic for, I don't know, Cosmopolitan magazine? Not a tech site or generally anywhere where there is no lack of common sense among the audience.
Welcome to Slashdot! It is always nice to see new users on here. I hope you enjoy your stay here and find plenty of insightful and common-sense filled posts.
And Intel has given us microcode updates for these fixes long before AMD provided any microcode fixes for their platforms.
Many of those microcode fixes were garbage, leading to boot loops, boot hang... Intel does not deserve a reward for pushing out garbage to customers.
They did rollback their Spectre V2 mitigation because it caused problems for some users and an OS mitigation was sufficient.
AMD and Intel have been notified of these issues at the same time. Intel has consistently provided us with fixes prior to the publication of these vulnerabilities
That is completely false. Intel lagged behind the initial announcement, then started pushing out buggy fixes.
I know for a fact that is not true because I receive access to both NDA advisories and NDA microcode updates. Intel did not release a production version of certain server platforms at the time of release because they do several months of testing server microcode before calling it production but the client microcode updates were all tested for at least a month and were made available to OEMs withing a week of the date of publication for the newest variants and prior to publication for the original meltdown mitigation.
AMD is definitely better protected against this type of attack but Intel has been far more responsive to all hardware or firmware vulnerabilities that Iâ(TM)ve seen that affect both platforms.
AMD did the right thing in the first place, so they are less affected by AFAICT all variants. They can afford to take a couple more days to get it right. They can't afford to push out buggy firmware fixes like Intel can, since they don't have the massive market inertia that Intel does. Thus, they don't have the benefit of as many customers with cognitive dissonance who will justify their purchasing decisions by being Intel's parrot.
I have acknowledged that AMD did a better job to prevent this specific type of attack. The only practical attack has been a problem strictly for Intel. But they have been just as slow to push fixes for Ryzenfall, etc as they have been for Spectre. And it’s not just a matter of development. It’s a complete lack of communication. It takes me months to get information out of AMD and Intel proactively meets with me almost monthly. I know that they were not given a fair shake with the disclosure of Ryzenfall and I don’t really have a preference for Intel or AMD in my personal life. But I can tell you which company is a lot easier to deal with in my professional life and it’s not AMD.
The caveat to those updates from Intel before the publication is that they have always been beta fixes, though at least 50% of the betas theyâ(TM)ve given us ended up going to production unmodified.
It's nice you mention that, but it belongs at the top of your comment, not the bottom.
Why does that really matter? Did I say that the publication date fixes were beta? No. I said that the pre-publication fixes that Intel provides me for validation have been betas. That’s normal. But over half of those beta fixes also end up being the production fix. I can do a binary comparison between them and see they’re identical. This is how I can assert to you that Intel pretty much has a fix ready before publication.
Mitigation of prior SPECTRE attacks is cheaper on AMD than on intel. I would be surprised to learn that was not the case again. In addition, it's more difficult to exploit on AMD, and further, AMD was NOT vulnerable to all the classes of SPECTRE attack which affected intel processors. So while you're technically correct, there are also caveats.
Based on metrics I’ve seen from Intel, as well as tests performed by my own company, I do not believe that Intel is running any slower than AMD with these mitigations in place. And Intel has given us microcode updates for these fixes long before AMD provided any microcode fixes for their platforms. AMD and Intel have been notified of these issues at the same time. Intel has consistently provided us with fixes prior to the publication of these vulnerabilities and AMD has averaged a 2-3 month delay after notification. AMD is definitely better protected against this type of attack but Intel has been far more responsive to all hardware or firmware vulnerabilities that I’ve seen that affect both platforms.
The caveat to those updates from Intel before the publication is that they have always been beta fixes, though at least 50% of the betas they’ve given us ended up going to production unmodified.
Do you work for Intel? AMD is not vulnerable to the newly announced exploits. Also the ones AMD is vulnerable too are low risk and hard to exploit, far lower risk than Intel only ones, which are trivial to exploit. Bottom line: AMD is VASTLY safer.
AMD has already admitted to being vulnerable to certain variants. Intel has mitigations for the most serious variants in place. The latest round of vulnerabilities have been mitigated through OS fixes. As long as you've been consuming these updates, there is no reason to think that Intel or AMD are in any different position at this point. AMD's pipeline definitely prevented meltdown from affecting them, and most likely makes it easier for them to provide future resiliency through silicon, but I don't see a huge difference between either one as far as the silicon that has already been shipped.
>> MacBook and MacBook Pro: Nothing but minor processor upgrades expected, and that only because we can't buy the old ones anymore.
How is this voted insightful? Intel still manufactures and sells 486 chips. I know a company that uses them. In fact, there are pieces of military hardware that still use the 486 also. You just have to have a high enough volume or pay a high enough price and Intel will sell you any of its chips. If Apple still wants these chips, they could get them. And what laptop has come out in the last 10 years that was truly innovative? They've all just been hardware upgrades for a long time.
the only reason we lost 'Nam was the press was paying attention and they wouldn't let us kill civilians indiscriminately
Watch the Ken Burns documentary on the Vietnam war. It doesn't support your contention that the USA lost because it was restrained in its action. By the time the press started reporting on what was really taking place, the war was already lost. It's just that it was politically impossible to acknowledge the loss until later.
Read the Pentagon Papers. The US government knew that the war was lost long before we ever even seriously considered pulling out.
The carrier does not need my lat/long stored to provide service. They need it only at the time of use. The recording of my position is not required for them to bill. However, I have no choice but to have a cell phone in order to function in society. They should not have the right to store my location data to being with.
You are using the public phone network, tell me again about your expectation of privacy...
Oh it’s a public phone network now? So anyone can start a cellular phone service on this network? No. It is PUBLIC spectrum, but the network itself is private. As a condition of using the public spectrum for a PRIVATE network, the government ought to protect the rights of its citizens to privacy.
Since phones are effectively required for life in the USA
No, they are not.
Unless you’re Ted Kazinski living entirely off the grid on land you do not own, how exactly do you function in modern society without a phone? Your employer is 100% okay with having no way to reach you in an emergency? Your children are allowed to be enrolled in school without providing an emergency contact number? The DMV will issue you a drivers license without having a phone number to contact you with? Sure you could lie about all of these things, but that would cause nothing but trouble if any of those organizations ever tried to use your contact info.
you don't have a choice about giving that data, only a choice of which company you give the data to.
So you DO have a choice, choose a provider that doesn't share their customers metadata with the government.
If cellular phone networks were actually PUBLIC like you claim, such a company would exist. But they’re private companies with such a high barrier to entry that it is almost impossible for anyone to compete with them. There are only 4 nationwide networks in the US.
Unless you are a criminal, ICE really doesn't have any standing to hassle you
Do you follow the news at all? ICE agents harass people on a regular basis, whether they are US citizens or not. They can stop you and search your vehicle at any time if you’re within a certain distance of any border (including the entire east and west coast), as well as a certain distance of an international airport. They can stop and search something like 95% of the US population at any time under the current rules that they operate under. Even the ACLU talks about it though they erroneously omit international airports as a port of entry.
With ammo being 5x more expensive, the cheapest AR costing $400ish vs a decent 22 for half that or less, plus increased noise, increased safety issues, etc. your uncle would probably be still using the same 22lr rifle he'd been using way back when, unless it broke. Even then he'd more likely spend $200 on a new 10/22 than $400+ on an AR15.
That said, I know of several farmers that DO use AR-15s (and other evil scary black rifles) around the farm, but they are animal farmers/ranchers, not crop farmers, and they are protecting their cows, sheep, goats, and horses from coyotes, not picking off rabbits that have gotten into the bean crop....
There is a cost difference but by the time I ever went out with my uncle jack rabbit hunting, the farm was more of a hobby than a business. He had quite a few toys that were more about being fun than being practical around the farm. So yes, I do think he would shoot an AR-15 just because it's more fun to shoot than a.22LR. There was nothing off in the direction of his crops for miles. Safety was taken seriously but there was almost zero risk of anyone wandering out there without his knowledge.
My uncle was far into his 80s before he retired from the farm, and he had a pension from both the military and his career before he took the farm over from his father. His wife also has a pension. The farm was never really about making money, he just enjoyed the lifestyle.
This is a minor fix 11.3 => 11.4, and yet that battery drain issue is back from the dead, again? Either Apple has some main dev team problem (which it has in a way), or maybe the new fw (os) install reset some settings, like "backup app refresh" set to true for some apps which would cause that issue.
Well we have plenty of proof that they have a hard time porting fixes in the current OS release into the future OS release under development, but that can't be occurring in this case since it was 11.x to 11.x. But they usually have quite a few regressions they have to patch once they release a new major OS version.
I'll bet that if my uncle were still running the farm he grew up on he'd use an AR-15 to shoot all the jack rabbits that would get into his crops. He typically used a.22 long rifle cartridge and a 5.56mm or.223 would be more expensive, but it would also be easier to use as the larger powder charge would cycle a semi-automatic more reliably than a.22LR
I am frequently amazed how Americans manage to make things be about the right to be able to kill other people at the squeeze of a trigger.
I think the true problem in the US is the fact that people want to have rights without responsibilities. I have nothing against anyone owning a gun so long as they take responsibility for it and store it, and its ammunition, in a safe manner. The problem is that people often neglect to do so because they're paranoid about home invasions and other such things that, while they do happen, are statistically unlikely to happen to any specific person.
Slashdot Mirror
With a removable hard drive/SSD, you can swap it for a "clean" one while traveling abroad to avoid border guards abusing their authority and (say) stealing sensitive corporate or medical data. Takes five minutes on an older MacBook or (better yet) a Thinkpad.
If the thing is soldered in, your only choice is full backup, zero, reformat, reinstall or carry two computers.
What’s the point in doing that? If you’re not bringing a burner laptop, you’re wasting your time. If they want your data, they will modify your firmware and will just take it from you the next time you boot up, and every time after that.
Why does security have to consume a fair amount of processing power?
Because it's easier to just ACCEPT all connection attempts instead of piping them through multiple layers of filters. Even the most basic authentication scheme is more complicated and time consuming than allowing total access to everyone. Even if the gadget only connects actively and does not allow others to establish a connection, you have to sanitize input from your peer.
But you should always be sanitizing your inputs, no matter where they came from. So the lost processing power SHOULD be zero because you should already be doing that anyway. And most hardware has cryptographic instructions that offload the verification of hashes and signatures so the only wasted processing power there is waiting for the bus to send and receive the request.
The problem with microcontrollers and security is that security consumes a fair lot of processing power if done right. And while this is really no concern these days for a desktop or even a mobile computer (including smartphones), it still is a concern for lower end IoT devices powered by microcontrollers that can barely accomplish what their function is with the computing power they have.
And try to justify the 2.50 bucks for the extra IC (or the next powerful IC) to implement sensible security. Not to mention the hundreds of hours.
Why does security have to consume a fair amount of processing power? This all depends on the attack surface of your project, but most of the things that need to be secured ought to be considered and planned for before you even write your first line of code. And checking input shouldn't be that time consuming for a microcontroller. The real costly part of security is the time it takes to properly implement and verify it.
OP didn't say buy the firewalls at EoL - just the switches. EoL is not the same as end of support, which mean you get a good few years before they go out of support and patches cease, so you get a decent switch for your home network, rather than your regular cheap SOHO model. Switches do generally last forever though, what happens when patches do cease is up to your security risk appetite. Assuming you know what you are doing and have them properly locked down with management IPs firewalled away or disabled, etc., then they're a pretty low security risk, barring some "packet of doom" style exploit.
Do you follow CERT? Cisco has tons of exploits in their gear, including countless backdoor accounts. Some that have been discovered and published on the internet that Cisco hasn't even acknowledged. You can't secure a switch against a known backdoor if the switch can be accessed.
I don’t think it is a very productive exercise to ask “why” in most cases involving stupidy relating to use of electronics. I am certain anyone who has ever been in corporate cyber security will eagerly confirm this statement. Mind you, we are talking about people with degrees that attended security policy orientations and still manage to send confidential data over unsecured channels. Now imagine the guy whose main skill is selling meth in a night club. I would not be surprised if he kept a log of his transactions on his Facebook wall or something.
But in this case it is very productive to ask why someone would add an electronic layer to a cash business. There's no justification for it, and a great way to get busted by the IRS or whatever tax agency rules your country. So I have to ask why would that night club meth dealer accept VenMo? If one buyer doesn't have the cash, the next will. And anyone who goes to a night club to buy drugs always has cash.
I always have write caching turned off. Windows has the Quick Removal option, so why would it be there and be called that if it wasn't there to allow you to pull it out? I never ejected a flash drive in XP and never had a problem. In Win 7 I almost always do, as it doesn't seem to work properly, but at work we have a Win 10 laptop and 90% of the time it doesn't allow me to eject (warning message pops up), so I have to either reboot (yeah, right), or just pull it out and hope for the best.
Why don't flash drives work the same as floppy disks? We never had a problem ejecting those.
Write cache is the default. I don't know if you can even disable it in Windows 10 but there was an OS bug that made it difficult to eject USB drives. That has recently been fixed.
TL;DR: Criminals are by and large compete and utter idiots. So are many of their customers. This bot post has just saved you a minute of reading. Praise Jobs.
You may want to reconsider that statement. Yes there are plenty of dumb criminals but there are also plenty of people who think it is funny to put silly things in Venmo. It's no different that someone putting "Sensual Massage" in the memo field of a check they write to their roommate, except that nobody ever looks at the memo field on a check. Most of those are probably jokes. Unless people are buying these drugs by mail why would they use Venmo instead of cold hard cash? And we all know that people prefer cryptocoins for their online drug purchases
> How is this any different than jailing someone who is suspected of murder until they disclose the location of the dead body
If they can prove you HAVE a dead body (or unlawful email server) that is evidence, they CAN jail you until you turn it over.
https://www.law.cornell.edu/ru...
We're that not true, Hillary most certainly wouldn't have relinquished her home mail server, would she.
I think where the prosecution screwed up is in asking for the password, which is not evidence. They should have instead asked for "the text messages you sent in the last 24 hours to Jose Jones", which are evidence.
Well they have every single bit that is stored on the internal storage device of that phone, including all of the text messages.
That is not how the courts have decided this is. Much like many other things, what you think it "should" be is not what the court precedent says it is. The precedents on the record since the early days of the cellphone and computer make it entirely legal for the judge to do what she did.
Then the judges have failed to keep up with precedents from far before when celllphones and computers ever existed. It has never been the defendant’s responsibility to interpret evidence for the prosecution. They have all the individual bits that compose all of the data on the phone. It is up to the prosecution to make sense of them. It is no different than forcing a bookkeeper to testify to the meaning of coded entries in an accounting ledger. They cannot be forced to do so if it results in them being prosecuted for a crime in relation to the bookkeeping records.
>They have no way of knowing if there is evidence on the phone.
According to the warrant, the judge find they DO have probable cause to believe there is evidence on the phone. I don't know what their probable cause it, but if the defendant said "my dealer texted me saying to meet him at Denny's to get the weed", that would be probable cause to believe such a text message is on the phone.
> If the prosecution wants the contents of the ... Thatâ(TM)s their prerogative to do if they have the resources.
If they have probable cause. Without probable cause, they shouldn't be searching it.
I think you contradict yourself when you say "they have no way of knowing there is evidence on the phone ... they can search it". Constitutionally, they need to show that specific evidence will likely be found before they may search (absent permission from the owner).
I am not saying that they have the right to search the phone without a warrant. But if they have a warrant then they can choose to spend the resources to break the encryption.
> They cannot force you to provide evidence against yourself.
Not quite true. They cannot force you to TESTIFY as a WITNESS against yourself. They CAN force you to hand over evidence you have in your possession.
And how do they determine what evidence I have in my possession? By executing a search warrant. But that is the extent of the law. Once they have the evidence it is up to them to interpret it. If all it does is look like random bits to them, well they can hire an expert to help them try and figure out what those random bits mean.
For example, suppose a bank illegally opened accounts for "customers" who never asked for them. The bank has records showing when the accounts were set up, by whom. The bank can be forced to hand over those pre-existing records.
And there is no law that says that a bank employee has to help them interpret those records. Take Al Capone’s tax evasion prosecution. If they did not have the bookkeepers testimony to show that “John Smith” or whatever alias they used for Al Capone was in fact Al Capone, they could not have compelled Al Capone to show that he was “John Smith”. The government has to take whatever evidence at face value and make their case.
Suppose it were a crime to be negligent (not careful) in allowing classified information to be released on to unauthorized networks. Suppose someone was "grossly negligent", er I mean "extremely careless" in sending classified information to a computer in their basement. They CAN be forced to turn over that computer. In fact, once they become aware of investigation, intentionally destroying the evidence by "wiping" the computer is a separate crime.
Yes. The warrant will allow them to search the computer to their heart’s content. The warrant cannot compel the interpretation of any evidence on that computer.
When someone is ordered to turn over evidence in the form of documents, of course they aren't allowed to encrypt the documents first, or glue them all together with super glue, or otherwise mess with the ability to examine the evidence.
But he didn’t do any of those things, did he? They got a warrant for his phone. They now have his phone. Do they have any evidence that he encrypted the device after knowing that the warrant would be issued? I would guess not. Most likely the phone was taken from him at the time of his arrest and the warrant was obtained before he ever got the phone back from the police. So, again, they are asking him to interpret the evidence against him.
>The contents of the phone are evidence.
And you must turn over evidence. You can't be required to produce new testimony against yourself, you can be ordered to turn over evidence.
not quite as well as they could have, but they made a serious go at it. The went from a third world hell hole to a first world nation in about 50 years. But when the price of oil tanked that was kind of that. The sanctions didn't help either (and I have no bloody idea why my country is sanctioning another country that has not attacked us or our allies... It honestly feels like we're attacking them for being socialistic... ). John Oliver has a pretty good piece on it. I think if they'd had another 50 years to stabilize they could have weathered it (or if those aforementioned sanctions didn't exist and they could get some aid in).
Have you been to Venezuela? They did NOT do it at all. The US, British, and Dutch oil companies ran Venezuela until the 90s when the government took over and then it became a way to reward your friends and families with cushy high paying jobs. A janitor at PDVSA made many times the minimum wage while most people were living in shanty towns around Caracas. The only part of Venezuela that seems to have done okay with the oil is the city of Maturin, which is one of the cleanest cities I have ever been to (though that has most likely changed since I was last there). Unemployment in Maturin was incredibly low, most of the unemployed were given city jobs to do street sweeping. But I can tell you that most of the people I knew there lived in shacks and that they waited days to get the most basic healthcare. You had to go to the emergency room for everything. Anyone who had money would go see a US trained doctor because it was the only way to get decent medical care there. Anyone who needed anything serious done flew to the US or another nearby country if they could afford it.
> Since the police had a search warrant, I am not sure there is a constitutional argument to be made.
It seems to me the warrant changes the argument a bit vs not having a warrant.
First, one can argue if the warrant was Constitutional. The Constitution doesn't say "no unreasonable search and seizure - unless you have a warrant". A warrant which purports to authorize an unreasonable search is unconstitutional and therefore void. One could certainly argue that the search is unreasonable, which voids the warrant.
The Constitution does say "no warrants shall issue, but upon probable cause". Was probable cause shown that the phones contain evidence of a crime? If not, the warrant is unconstitutional.
Suppose the warrant and search are themselves constitutional. Then you run into the fifth amendment issue forcing the person to reveal the password. It has been ruled that where ownership of the device is disputed, revealing the password would be tantamount to testifying that the defendant owns the device. The fifth amendment applies and the defendant can not be forced to reveal the password, if the phone may not be his.
Suppose it's agreed that the phone is his. One CAN be forced to hand over documents in your possession. That's evidence, not testimony. Had the court ordered him to hand over the contents of the phone, rather than the password, that would probably be constitutional. Where the defendant can turn over unencrypted copies, it can be argued that he can be forced to do so.
The 5th says you can't be forced to give testimony against yourself. Testimony is spoken evidence. Evidence is things you'd present to the judge or jury to demonstrate guilt or innocence. Is the password spoken evidence, testimony? Probably the password isn't evidence; you wouldn't show the jury the password. Rather, it's something that is needed in order to decrypt the evidence. If it's not evidence, it's not spoken evidence - not testimony. If you aren't asking the defendant to testify as a witness against himself, the 5th amendment protection doesn't seem to apply. I *want* a right to not reveal my password, but thinking through existing law, if the search is reasonable and there is probable cause, I don't see any such protection in existing law.
Of course if the search is unreasonable, or if there is not probable cause, the search itself is unconstitutional.
How is this any different than jailing someone who is suspected of murder until they disclose the location of the dead body? They have no way of knowing if there is evidence on the phone. They cannot force you to provide evidence against yourself. If the prosecution wants the contents of the phone, they can try to decrypt the contents of the phone just as they’re welcome to try and crack open a safe. That’s their prerogative to do if they have the resources.
It's no different from the defendant claiming he's lost the key, while the judge thinks he's just carefully hidden it somewhere and isn't telling. Both (the password, or location of the physical key) are "mind reading" aspects. The case law does in fact apply here. This is what I've been trying to caution people against when they cite 4th Amendment protection for passwords. The 4th Amendment isn't a bulletproof shield. Once a warrant has been issued (as was in this case), pretty much all of your 4th Amendment protections evaporate. Failing to obey the warrant puts you at risk of being jailed indefinitely for contempt of court. No trial, no jury, the judge just sends you to jail because you didn't obey a court order.
This has nothing to do with the fourth amendment. It has everything to do with the fifth amendment. You do not have to aid the prosecution’s case against you. You do not need to cooperate. If the evidence in the phone is important enough, they will break the encryption on it. Just like they would crack a safe open if they wanted to get inside of it without having the combination or key. It is up to law enforcement and the prosecution to find what evidence they may. You cannot destroy evidence, by law, but you are not forced to produce it, either. Claiming that having knowledge of the password is somehow not incriminating is complete and utter bullshit. This would be no different than jailing someone in a murder case until they agreed to show the prosecution where the bodies are buried.
Good news topic for, I don't know, Cosmopolitan magazine? Not a tech site or generally anywhere where there is no lack of common sense among the audience.
Welcome to Slashdot! It is always nice to see new users on here. I hope you enjoy your stay here and find plenty of insightful and common-sense filled posts.
And Intel has given us microcode updates for these fixes long before AMD provided any microcode fixes for their platforms.
Many of those microcode fixes were garbage, leading to boot loops, boot hang... Intel does not deserve a reward for pushing out garbage to customers.
They did rollback their Spectre V2 mitigation because it caused problems for some users and an OS mitigation was sufficient.
AMD and Intel have been notified of these issues at the same time. Intel has consistently provided us with fixes prior to the publication of these vulnerabilities
That is completely false. Intel lagged behind the initial announcement, then started pushing out buggy fixes.
I know for a fact that is not true because I receive access to both NDA advisories and NDA microcode updates. Intel did not release a production version of certain server platforms at the time of release because they do several months of testing server microcode before calling it production but the client microcode updates were all tested for at least a month and were made available to OEMs withing a week of the date of publication for the newest variants and prior to publication for the original meltdown mitigation.
AMD is definitely better protected against this type of attack but Intel has been far more responsive to all hardware or firmware vulnerabilities that Iâ(TM)ve seen that affect both platforms.
AMD did the right thing in the first place, so they are less affected by AFAICT all variants. They can afford to take a couple more days to get it right. They can't afford to push out buggy firmware fixes like Intel can, since they don't have the massive market inertia that Intel does. Thus, they don't have the benefit of as many customers with cognitive dissonance who will justify their purchasing decisions by being Intel's parrot.
I have acknowledged that AMD did a better job to prevent this specific type of attack. The only practical attack has been a problem strictly for Intel. But they have been just as slow to push fixes for Ryzenfall, etc as they have been for Spectre. And it’s not just a matter of development. It’s a complete lack of communication. It takes me months to get information out of AMD and Intel proactively meets with me almost monthly. I know that they were not given a fair shake with the disclosure of Ryzenfall and I don’t really have a preference for Intel or AMD in my personal life. But I can tell you which company is a lot easier to deal with in my professional life and it’s not AMD.
The caveat to those updates from Intel before the publication is that they have always been beta fixes, though at least 50% of the betas theyâ(TM)ve given us ended up going to production unmodified.
It's nice you mention that, but it belongs at the top of your comment, not the bottom.
Why does that really matter? Did I say that the publication date fixes were beta? No. I said that the pre-publication fixes that Intel provides me for validation have been betas. That’s normal. But over half of those beta fixes also end up being the production fix. I can do a binary comparison between them and see they’re identical. This is how I can assert to you that Intel pretty much has a fix ready before publication.
Mitigation of prior SPECTRE attacks is cheaper on AMD than on intel. I would be surprised to learn that was not the case again. In addition, it's more difficult to exploit on AMD, and further, AMD was NOT vulnerable to all the classes of SPECTRE attack which affected intel processors. So while you're technically correct, there are also caveats.
Based on metrics I’ve seen from Intel, as well as tests performed by my own company, I do not believe that Intel is running any slower than AMD with these mitigations in place. And Intel has given us microcode updates for these fixes long before AMD provided any microcode fixes for their platforms. AMD and Intel have been notified of these issues at the same time. Intel has consistently provided us with fixes prior to the publication of these vulnerabilities and AMD has averaged a 2-3 month delay after notification. AMD is definitely better protected against this type of attack but Intel has been far more responsive to all hardware or firmware vulnerabilities that I’ve seen that affect both platforms.
The caveat to those updates from Intel before the publication is that they have always been beta fixes, though at least 50% of the betas they’ve given us ended up going to production unmodified.
Do you work for Intel? AMD is not vulnerable to the newly announced exploits. Also the ones AMD is vulnerable too are low risk and hard to exploit, far lower risk than Intel only ones, which are trivial to exploit. Bottom line: AMD is VASTLY safer.
AMD has already admitted to being vulnerable to certain variants. Intel has mitigations for the most serious variants in place. The latest round of vulnerabilities have been mitigated through OS fixes. As long as you've been consuming these updates, there is no reason to think that Intel or AMD are in any different position at this point. AMD's pipeline definitely prevented meltdown from affecting them, and most likely makes it easier for them to provide future resiliency through silicon, but I don't see a huge difference between either one as far as the silicon that has already been shipped.
>> MacBook and MacBook Pro: Nothing but minor processor upgrades expected, and that only because we can't buy the old ones anymore.
How is this voted insightful? Intel still manufactures and sells 486 chips. I know a company that uses them. In fact, there are pieces of military hardware that still use the 486 also. You just have to have a high enough volume or pay a high enough price and Intel will sell you any of its chips. If Apple still wants these chips, they could get them. And what laptop has come out in the last 10 years that was truly innovative? They've all just been hardware upgrades for a long time.
Watch the Ken Burns documentary on the Vietnam war. It doesn't support your contention that the USA lost because it was restrained in its action. By the time the press started reporting on what was really taking place, the war was already lost. It's just that it was politically impossible to acknowledge the loss until later.
Read the Pentagon Papers. The US government knew that the war was lost long before we ever even seriously considered pulling out.
This isn't your data, it's the carrier's.
The carrier does not need my lat/long stored to provide service. They need it only at the time of use. The recording of my position is not required for them to bill. However, I have no choice but to have a cell phone in order to function in society. They should not have the right to store my location data to being with.
You are using the public phone network, tell me again about your expectation of privacy...
Oh it’s a public phone network now? So anyone can start a cellular phone service on this network? No. It is PUBLIC spectrum, but the network itself is private. As a condition of using the public spectrum for a PRIVATE network, the government ought to protect the rights of its citizens to privacy.
Since phones are effectively required for life in the USA
No, they are not.
Unless you’re Ted Kazinski living entirely off the grid on land you do not own, how exactly do you function in modern society without a phone? Your employer is 100% okay with having no way to reach you in an emergency? Your children are allowed to be enrolled in school without providing an emergency contact number? The DMV will issue you a drivers license without having a phone number to contact you with? Sure you could lie about all of these things, but that would cause nothing but trouble if any of those organizations ever tried to use your contact info.
you don't have a choice about giving that data, only a choice of which company you give the data to.
So you DO have a choice, choose a provider that doesn't share their customers metadata with the government.
If cellular phone networks were actually PUBLIC like you claim, such a company would exist. But they’re private companies with such a high barrier to entry that it is almost impossible for anyone to compete with them. There are only 4 nationwide networks in the US.
Unless you are a criminal, ICE really doesn't have any standing to hassle you
Do you follow the news at all? ICE agents harass people on a regular basis, whether they are US citizens or not. They can stop you and search your vehicle at any time if you’re within a certain distance of any border (including the entire east and west coast), as well as a certain distance of an international airport. They can stop and search something like 95% of the US population at any time under the current rules that they operate under. Even the ACLU talks about it though they erroneously omit international airports as a port of entry.
Ummm... No.
With ammo being 5x more expensive, the cheapest AR costing $400ish vs a decent 22 for half that or less, plus increased noise, increased safety issues, etc. your uncle would probably be still using the same 22lr rifle he'd been using way back when, unless it broke. Even then he'd more likely spend $200 on a new 10/22 than $400+ on an AR15.
That said, I know of several farmers that DO use AR-15s (and other evil scary black rifles) around the farm, but they are animal farmers/ranchers, not crop farmers, and they are protecting their cows, sheep, goats, and horses from coyotes, not picking off rabbits that have gotten into the bean crop....
There is a cost difference but by the time I ever went out with my uncle jack rabbit hunting, the farm was more of a hobby than a business. He had quite a few toys that were more about being fun than being practical around the farm. So yes, I do think he would shoot an AR-15 just because it's more fun to shoot than a .22LR. There was nothing off in the direction of his crops for miles. Safety was taken seriously but there was almost zero risk of anyone wandering out there without his knowledge.
My uncle was far into his 80s before he retired from the farm, and he had a pension from both the military and his career before he took the farm over from his father. His wife also has a pension. The farm was never really about making money, he just enjoyed the lifestyle.
This is a minor fix 11.3 => 11.4, and yet that battery drain issue is back from the dead, again? Either Apple has some main dev team problem (which it has in a way), or maybe the new fw (os) install reset some settings, like "backup app refresh" set to true for some apps which would cause that issue.
Well we have plenty of proof that they have a hard time porting fixes in the current OS release into the future OS release under development, but that can't be occurring in this case since it was 11.x to 11.x. But they usually have quite a few regressions they have to patch once they release a new major OS version.
Out of interest what sport is an AR-15 suited to?
I'll bet that if my uncle were still running the farm he grew up on he'd use an AR-15 to shoot all the jack rabbits that would get into his crops. He typically used a .22 long rifle cartridge and a 5.56mm or .223 would be more expensive, but it would also be easier to use as the larger powder charge would cycle a semi-automatic more reliably than a .22LR
I am frequently amazed how Americans manage to make things be about the right to be able to kill other people at the squeeze of a trigger.
I think the true problem in the US is the fact that people want to have rights without responsibilities. I have nothing against anyone owning a gun so long as they take responsibility for it and store it, and its ammunition, in a safe manner. The problem is that people often neglect to do so because they're paranoid about home invasions and other such things that, while they do happen, are statistically unlikely to happen to any specific person.