Let's just sell diplomas to everyone with a credit card and we'll be the most educated nation in the world! So what if the people buying them cannot balance their checkbooks or figure out that $50/month for 60 months is way more expensive than a $1000 one time fee - hey, we'll be propping up the failing bank industry too!
What they are selling here is a way to measure stimulation while playing a game. The conclusion was that it would help develop peaceful games rather than even more stimulating violent games is simply subjective wishful thinking, or just press spin. The same MRI technology could be developed to tune the violence just the same.
If your single sign-on is compromised, the attacker gains access to all your accounts (and potentially locks you out until you can prove it is actually you who owns this single sing-on account and reset it, which is not always possible since there is not much verification at the time of signing up for a single sign-on account).
If you trust your cell phone to do your banking, one solution for you would be to get a password storage application that would encrypt and store (different) passwords to all the websites you visit.
Bingo! In addition to the aforementioned reasons consider battery life and potential bandwidth implications. A script running in the background pinging machines and performing other periodic tasks will eat up both your battery and your bandwidth allotment - battery life being the more limiting one unless you also get a backpack battery pack for your phone.
"nobody has lost anything"?!? Is your basic premise is that intellectual property has no value whatsoever? Something tells me if you were the musician whose paycheck was directly proportional to the number of CD's sold you may have a different opinion.
TH: "The delay of BlackBerry 10 is not because we added stuff to it. The delay is because our software groups were actually so successful in coding..."
If coding the a set set of features (so no feature creep) too quickly causes overall delays in product release, either hire slower programmers or insist on long weekends every week for everyone! You'll make the schedule AND save money on paychecks!:-)
Take away from the rich until everyone is equal and do this via total government control. It's been tried already in USSR, China and a few other countries that chose this ideology. And yes, you Obama fans will argue that the other guys just didn't implement it well - WAKE UP - if you divide all the wealth equally amongst all people we'll all be poor, there will be noone to give you a job exept for the govrnment.
Doesn't the glacial/ice melt reverse the thermal expansion effect by adding cold water to the mix? I would assume the melt is about as cold water as it can be in the liquid state (since it just changed from a solid ice state).
Why does it cost >2X to develop Android or Apple app over a Blackberry one? I could see specs or even code resuse but in that case only 1, not 2 platforms should have the high cost. Does blackberry do something that makes development easier or is there a surplus of blackberry developers out there driving down the price? Or are the blackberry developers just so much more efficient with their time?;-)
Software is a business. If offshore development produces "good enough" results and costs less, that is what a good business is obligated to do. No different than any other industry (hence you buy cheap T-shirts made in China and are not willing to spend 10x the money on one made locally).
Similar argument to off-sourcing is using open free software. Businesses often use free software because it's "good enough" killing jobs for people who would like to make a better product they can charge money for (but also need a paycheck for it).
If you say open source free software benefits the software industry, why would cheap software (developed off-shore) not do the same?
There are 2 kinds of interviewers the ones who what to find out what you know and the ones who want to see if you know what they know. The latter tend to be very narrow minded looking for the interviewee to come up with the only answer they know, often phrased exactly how they heard or read it.
Does anyone know whether the information logged and/or sold is based only on your traffic log, deep packet inspection or is Verizon forcing a spying application on every phone. For example, if I'm browsing on a blackberry via a blackberry proxy, will Verizon log the sites or only the fact that I'm VPN'ed back to he BES server?
Google is the "Do no Evil" company, they are immune. Have you ever installed google maps on your cell phone? Did you read the EULA that states they reserve the right to turn on the microphone at any time and record what they termed "ambient noise"? That's besides the fact that google maps will not start unless you give it permissions to access absolutely EVERYTHING on your phone - try it on a blackberry and set the application permission to deny even one permission - no go, you must surrender everything on the phone to google. I'm guessing on other phones where there is no such fine grained permission scheme noone notices.
You a missing some basic geometry - if you have a 1920x1080 screen with HD aspect ratio, you can watch 1080p in native resolution taking up the entire screen. If you have the same size and aspect ration screen but 1920x1200 you cannot do pixel-for-pixel playback because the pixels are different shape, this means you have to either scale the image either way unless you don't care about stretched pictutre. In the case you chose to use only 1080 lines, you'll end up with bars all around the screen which reduces your screen size. Either way, scaling costs power (whether performed by the graphics chipset or by software which case it also costs you processing power) and that shortens the battery life of the laptop.
Stretched picture, shorter battery life and/or smaller viewable video size are things that some people care about.
They didn't come for anyone. Apple App Store is (as the name implies) Apple's property. Their store, their service, not funded by any money anyone was forced to pay (such as taxes). They also don't put anyone in jail, fine or inflict any other punishment on anyone. If you don't like Apple, don't buy their products - there are alternatives. Next are you going to go after McDonalds for not service some ethnic food as censorship?
TimHunter, since you don't consider this private information that anyone can do anything with, can you please post your name, address, city of birth and last 4 digits of your SSN? Maybe some folks reading this can demonstrate to you what can be achieved with such information.
So why was Google asking for the SSN in the first place if they had no plans to record it? Maybe just to give some landfill diggers a chance to collect this information?
Also, how is providing city of birth any better proof than clicking "yes - I am a citizen"? Do you think coming up with a name of a US city is so much harder? Google itself will provide you a myriad of choices (go ahead, google it).
The other exploits still exist due to SMTP. 1. Unless 100% of servers go to TLS, you'll have to allow for unencrypted sessions and since the decision to encrypt is unsecured, you will always be able to do a man-in-the middle attack forcing unencrypted sessions. 2. Even if 100% of servers do go TLS, SMTP is still missing the information of who is allowed to send what mail. my_evil_server.com with a valid certificate can connect to you, validate with proper certificate, then sends you mail from JPMorgan
The only way to secure the 2 above exploits is to hard code on your server to only accept JPMorgan emails over TLS, *AND* only from a specific set of server - that doesn't scale if JPMorgan adds a new mail server, nor does it scale as a generic solution for all emails from all over the internet.
Using TLS for your SMTP is like putting a 6ft steel door on a straw hut. There are so many ways to go around it. For example: 1. Most servers that use TLS SMTP don't check trust chains - self signed certificates work with them so you can do main-in-the middle TLS 2. Most server that support TLS still allow non-TLS connections to accommodate servers that don't. This means man-in-the-middle attacks are trivial (just filer out the string that tells advertises TLS support causing the connection to proceed without encryption) 3. Even if you set your server to enforce TLS from JPmorgan (and properly check the trust chain for the other server) I can still obtain a valid cert for myevilmailserver.com and then connect to your server, authenticate and send you the email. If you go further and check SPF/SenderID (if JP Morgan has it properly setup) I can still spoof those since JP Morgan most likely does use secure DNS. Etc, etc...
SMTP TLS doesn't really give you anything other than prevent casual packet sniffer from seeing your email. Once you allow man-in-the-middle attacks all bets are off. If you are willing to restrict your server to only work with a known other server and not with any other server, create your own trust chains for certs, configure the other server to work securely with your server (and yes, you'll need access to both servers), etc, etc - it's easier to just setup a proper VPN between you and the server you want to secure communication from.
You may run into a small problem in that department - UN is one of the most impotent organizations in the world.
Lucky for the world too, considering it's main purpose seems to be to legitimize the wrongdoers. If you don't believe me, look up for example the countries with biggest human rights violations by the government and see if they have a seat at the UN. It's like having an anti-organized-crime task force with the biggest crime bosses on the board of directors.
None of matters, how? Because you say so? And you state it with such authority too. Such naive "authoritative" views is why we have such bad security ideas go ahead. Direct URL prevents users from catching a virus from their free porn site, but is still totally vulnerable to so many attacks. E.g:
1. I can spoof your DNS and have your browser connect my server instead of the bank's 2. I can ARP spoof your gateway and pick from a choice of man-in-the-middle attacks (if you are using 1 year old version of Firefox, I can go download ready-made programs to perform those attacks, I don't even need to understand them - there is even one which lets me execute arbitrary code on your machine). 3. I can use attacks like sslstrip, most users won't notice 4. etc, etc.
Do some research on SSL/TLS attacks, HTTP attacks, etc.
No disrespect intended, but this is a rather naive point of view. Let's set aside the gaping security hole this leaves for hackers to do a targeted attack by either slipping in trojan disks in the bank or simply mass mailing a "New, more secure" DVD to bank customers. The bigger problem is security vulnerabilities on such hard live-CD. Imagine that every time today you see "there is a Firefox update" you would not get "Sorry, the live CD is of date, take a hike to your local bank to pick up a new one". How is that for customer experience? The more likely scenario is that people will continue to use the old live CD's, which leaves them open to a bunch of hacks (let's say you are still using firefox from a year ago, you'd be vulnerable to a who slew of SSL attacks, like the NULL prefix, etc. etc). Using such live-CD's is like disabling the security updates for all customers - hackers will love you!
Good point. Social networking sites are very much lacking in security today. But what if the internet was fragmented into many such context based networks with built-in access control and security? It increases hacking effort significantly as hackers now have to hack each network individually. It also allows people to expose their devices on such much smaller (then the internet) networks, reducing their exposure to the elements. Searching also becomes easier since you can search only relevant context networks. No?
Slashdot Mirror
Let's just sell diplomas to everyone with a credit card and we'll be the most educated nation in the world! So what if the people buying them cannot balance their checkbooks or figure out that $50/month for 60 months is way more expensive than a $1000 one time fee - hey, we'll be propping up the failing bank industry too!
What they are selling here is a way to measure stimulation while playing a game. The conclusion was that it would help develop peaceful games rather than even more stimulating violent games is simply subjective wishful thinking, or just press spin. The same MRI technology could be developed to tune the violence just the same.
If your single sign-on is compromised, the attacker gains access to all your accounts (and potentially locks you out until you can prove it is actually you who owns this single sing-on account and reset it, which is not always possible since there is not much verification at the time of signing up for a single sign-on account).
If you trust your cell phone to do your banking, one solution for you would be to get a password storage application that would encrypt and store (different) passwords to all the websites you visit.
Bingo! In addition to the aforementioned reasons consider battery life and potential bandwidth implications. A script running in the background pinging machines and performing other periodic tasks will eat up both your battery and your bandwidth allotment - battery life being the more limiting one unless you also get a backpack battery pack for your phone.
I hope they are ordered to pay maximum damages per Harry potter DVD sold!
"nobody has lost anything"?!? Is your basic premise is that intellectual property has no value whatsoever? Something tells me if you were the musician whose paycheck was directly proportional to the number of CD's sold you may have a different opinion.
TH: "The delay of BlackBerry 10 is not because we added stuff to it. The delay is because our software groups were actually so successful in coding..."
If coding the a set set of features (so no feature creep) too quickly causes overall delays in product release, either hire slower programmers or insist on long weekends every week for everyone! You'll make the schedule AND save money on paychecks! :-)
Take away from the rich until everyone is equal and do this via total government control. It's been tried already in USSR, China and a few other countries that chose this ideology. And yes, you Obama fans will argue that the other guys just didn't implement it well - WAKE UP - if you divide all the wealth equally amongst all people we'll all be poor, there will be noone to give you a job exept for the govrnment.
Doesn't the glacial/ice melt reverse the thermal expansion effect by adding cold water to the mix? I would assume the melt is about as cold water as it can be in the liquid state (since it just changed from a solid ice state).
Next time you need surgery, will you ask for the doctor who aced his degree or the one who got it for participation?
Why does it cost >2X to develop Android or Apple app over a Blackberry one? I could see specs or even code resuse but in that case only 1, not 2 platforms should have the high cost. Does blackberry do something that makes development easier or is there a surplus of blackberry developers out there driving down the price? Or are the blackberry developers just so much more efficient with their time? ;-)
Software is a business. If offshore development produces "good enough" results and costs less, that is what a good business is obligated to do. No different than any other industry (hence you buy cheap T-shirts made in China and are not willing to spend 10x the money on one made locally).
Similar argument to off-sourcing is using open free software. Businesses often use free software because it's "good enough" killing jobs for people who would like to make a better product they can charge money for (but also need a paycheck for it).
If you say open source free software benefits the software industry, why would cheap software (developed off-shore) not do the same?
There are 2 kinds of interviewers the ones who what to find out what you know and the ones who want to see if you know what they know. The latter tend to be very narrow minded looking for the interviewee to come up with the only answer they know, often phrased exactly how they heard or read it.
Does anyone know whether the information logged and/or sold is based only on your traffic log, deep packet inspection or is Verizon forcing a spying application on every phone. For example, if I'm browsing on a blackberry via a blackberry proxy, will Verizon log the sites or only the fact that I'm VPN'ed back to he BES server?
Google is the "Do no Evil" company, they are immune. Have you ever installed google maps on your cell phone? Did you read the EULA that states they reserve the right to turn on the microphone at any time and record what they termed "ambient noise"? That's besides the fact that google maps will not start unless you give it permissions to access absolutely EVERYTHING on your phone - try it on a blackberry and set the application permission to deny even one permission - no go, you must surrender everything on the phone to google. I'm guessing on other phones where there is no such fine grained permission scheme noone notices.
You a missing some basic geometry - if you have a 1920x1080 screen with HD aspect ratio, you can watch 1080p in native resolution taking up the entire screen. If you have the same size and aspect ration screen but 1920x1200 you cannot do pixel-for-pixel playback because the pixels are different shape, this means you have to either scale the image either way unless you don't care about stretched pictutre. In the case you chose to use only 1080 lines, you'll end up with bars all around the screen which reduces your screen size. Either way, scaling costs power (whether performed by the graphics chipset or by software which case it also costs you processing power) and that shortens the battery life of the laptop.
Stretched picture, shorter battery life and/or smaller viewable video size are things that some people care about.
They didn't come for anyone. Apple App Store is (as the name implies) Apple's property. Their store, their service, not funded by any money anyone was forced to pay (such as taxes). They also don't put anyone in jail, fine or inflict any other punishment on anyone. If you don't like Apple, don't buy their products - there are alternatives. Next are you going to go after McDonalds for not service some ethnic food as censorship?
TimHunter, since you don't consider this private information that anyone can do anything with, can you please post your name, address, city of birth and last 4 digits of your SSN? Maybe some folks reading this can demonstrate to you what can be achieved with such information.
Do you seriously consider this an explanation?
So why was Google asking for the SSN in the first place if they had no plans to record it? Maybe just to give some landfill diggers a chance to collect this information?
Also, how is providing city of birth any better proof than clicking "yes - I am a citizen"? Do you think coming up with a name of a US city is so much harder? Google itself will provide you a myriad of choices (go ahead, google it).
The other exploits still exist due to SMTP.
1. Unless 100% of servers go to TLS, you'll have to allow for unencrypted sessions and since the decision to encrypt is unsecured, you will always be able to do a man-in-the middle attack forcing unencrypted sessions.
2. Even if 100% of servers do go TLS, SMTP is still missing the information of who is allowed to send what mail. my_evil_server.com with a valid certificate can connect to you, validate with proper certificate, then sends you mail from JPMorgan
The only way to secure the 2 above exploits is to hard code on your server to only accept JPMorgan emails over TLS, *AND* only from a specific set of server - that doesn't scale if JPMorgan adds a new mail server, nor does it scale as a generic solution for all emails from all over the internet.
Cheers!
Using TLS for your SMTP is like putting a 6ft steel door on a straw hut. There are so many ways to go around it. For example:
1. Most servers that use TLS SMTP don't check trust chains - self signed certificates work with them so you can do main-in-the middle TLS
2. Most server that support TLS still allow non-TLS connections to accommodate servers that don't. This means man-in-the-middle attacks are trivial (just filer out the string that tells advertises TLS support causing the connection to proceed without encryption)
3. Even if you set your server to enforce TLS from JPmorgan (and properly check the trust chain for the other server) I can still obtain a valid cert for myevilmailserver.com and then connect to your server, authenticate and send you the email. If you go further and check SPF/SenderID (if JP Morgan has it properly setup) I can still spoof those since JP Morgan most likely does use secure DNS. Etc, etc...
SMTP TLS doesn't really give you anything other than prevent casual packet sniffer from seeing your email. Once you allow man-in-the-middle attacks all bets are off. If you are willing to restrict your server to only work with a known other server and not with any other server, create your own trust chains for certs, configure the other server to work securely with your server (and yes, you'll need access to both servers), etc, etc - it's easier to just setup a proper VPN between you and the server you want to secure communication from.
You may run into a small problem in that department - UN is one of the most impotent organizations in the world.
Lucky for the world too, considering it's main purpose seems to be to legitimize the wrongdoers. If you don't believe me, look up for example the countries with biggest human rights violations by the government and see if they have a seat at the UN. It's like having an anti-organized-crime task force with the biggest crime bosses on the board of directors.
None of matters, how? Because you say so? And you state it with such authority too. Such naive "authoritative" views is why we have such bad security ideas go ahead. Direct URL prevents users from catching a virus from their free porn site, but is still totally vulnerable to so many attacks. E.g:
1. I can spoof your DNS and have your browser connect my server instead of the bank's
2. I can ARP spoof your gateway and pick from a choice of man-in-the-middle attacks (if you are using 1 year old version of Firefox, I can go download ready-made programs to perform those attacks, I don't even need to understand them - there is even one which lets me execute arbitrary code on your machine).
3. I can use attacks like sslstrip, most users won't notice
4. etc, etc.
Do some research on SSL/TLS attacks, HTTP attacks, etc.
No disrespect intended, but this is a rather naive point of view. Let's set aside the gaping security hole this leaves for hackers to do a targeted attack by either slipping in trojan disks in the bank or simply mass mailing a "New, more secure" DVD to bank customers. The bigger problem is security vulnerabilities on such hard live-CD. Imagine that every time today you see "there is a Firefox update" you would not get "Sorry, the live CD is of date, take a hike to your local bank to pick up a new one". How is that for customer experience? The more likely scenario is that people will continue to use the old live CD's, which leaves them open to a bunch of hacks (let's say you are still using firefox from a year ago, you'd be vulnerable to a who slew of SSL attacks, like the NULL prefix, etc. etc). Using such live-CD's is like disabling the security updates for all customers - hackers will love you!
Good point. Social networking sites are very much lacking in security today. But what if the internet was fragmented into many such context based networks with built-in access control and security? It increases hacking effort significantly as hackers now have to hack each network individually. It also allows people to expose their devices on such much smaller (then the internet) networks, reducing their exposure to the elements. Searching also becomes easier since you can search only relevant context networks. No?