The way I understand it, if code is written in such a way as to reference private information in a predictable way, this allows for the side channel attack described.
It should be possible to minimize, randomize and obfuscate these "calls" so that there is no predictable pattern.
So, no, I don't think it is just a hardware problem. Though, I am sure there are ways to beef this up as well.
When I did contract IT, I would always set up smart hosts, preferably Postini (now rolled into Google apps) or Securence (US Internet) but, in a pinch, I would use their ISP's mail server.
If they absolutely had to run their own mail server I would tell them that they required:
- Business class Internet connection - Static IP - Reverse DNS to match the forward DNS
If they didn't want to opt for any of those... well, I would still set up their mail server but made it clear that some e-mail was going to be rejected.
It isn't the '90s anymore. You cannot run your own e-mail server out of your basement and expect it to work 100%.
Maybe when "smart" devices are literally credit card sized, then it will be more convenient. Phones are just too big and slippery to be something you are constantly taking out and handling.
As it is, when I leave the apartment to run errands, I just put my CC and ID in my pocket and go.
If I do take my phone along it is to drive my BT headphones and the phone is in my messenger bag.
So, paying for something only involves me reaching in my pocket, swiping the CC and putting it back in my pocket. Nothing to unlock or fumble and drop and I don't have to take off my gloves. The only way this could be any more efficient is if the purchase was auto negotiated by my phone as I walk out of the store.
I am no Apple fanboy either but, from what I have heard, they used industry standards so it is not a "lock in" like some of their other technologies. I have no idea if they get a cut of the transaction but I would suspect that they don't.
You might want to back off the ideology a bit because it almost certainly doesn't help your customers when you try to force a square peg in a round hole. By that I mean, computers are tools, not religions. Use the right one for the right job and I suspect your customers will be much happier.
In my case, I avoid the whole IoT thing like it were some virulent form of radioactive space herpes. It's not out of paranoia, but because my rural Satellite ISP has a bandwidth cap during most of any given 24-hour cycle.
For me, it is because IoT is another way of saying "recurring monthly bill" or "forced obsolescence"
Oh, look, I have a nice alarm clock that is connected to the internet, has an app store, collects data about me and will stop functioning when the manufacturer doesn't feel like supporting it any more.... what a deal!
I cannot count how many times I have been behind the person who whips out their phone to pay only to be stymied by some little glitch. Bewildered expressions are exchanged, the words "try it now" are uttered one or more times and the process finally progresses when a manager is called in to fiddle with the PoS...
I will stick with the mag stripe until adoption is much higher. It just works and is very fast, even with the stupid signature.
I don't think the issue is with the technology per se... it is still just too new and support is too patchy.
Still... we need the hipsters to deal with these annoyances for us so that we can experience a smooth transition.
Yeah, I see happiness as a scattershot phenomenon and not so much a spectrum thing.
There are hundreds of tiny things that make me happy every day (your socks comment is a perfect example of one). There at least as many things that make me unhappy every day.
There will never be a time when there are 0 points on either side. The trick is to get all of the happy points concentrated together and the unhappy points scattered and alone.
I would never describe myself as a happy person. But I am not an exclusively unhappy person either.
I see wheelchair bound people on the bus all the time. The seats at the front of the bus fold up for them. So when they are not on the bus, those seats can be used by anyone.
I also see the baby strollers take these spots a lot, but it could also be people with a lot of groceries or people with other handicaps like blindness.
I don't think that everyone can afford a customized van and even if they could, their particular disability may not allow them to drive a vehicle. I think that having handicap access on buses is important and doesn't cost a lot (relatively speaking).
I don't know. I am more or less a life long public transportation kind of guy. I have had many cars over the years, but I always end up getting rid of them and go back to public transit; It is just so much more economical.
Yes, it takes longer, sometimes as much as 3x longer, but I have found that I end up making it work by getting stuff done I would normally do at home. For example, I remember when I was living in the suburbs going to college many years ago and I spent literally 6 hours a day on a bus (1.5 hours to downtown, 1.5 hours back out into a different suburb, twice a day). Now that was a little excessive, but I used that time to do 100% of the homework I was assigned (I graduated 2nd in my class) so really that time would have been spent anyway and then, once I was home, I was free to do whatever I wanted.
These days, I use the time to catch up on netcasts and stay informed or just read a book.
Seeing the transit system first hand for a number of years, I am actually surprised at how well it all works. The system is highly complex and operates in highly variable conditions (road condition, traffic, construction, etc) and yet it still manages to be accurate to the minute in most situations.
So, to the point of the article, I kind of feel like this guy is just really impatient. I don't know that the increased risk is worth arriving 15 minutes earlier to your destination.
Don't require buses to stop and open their doors at railroad crossings.
Sort of annoying, but really, how often does this happen? You would probably save 5 minutes total on your commute, and I think that is being generous.
Allow the driver to start while someone is still at the front paying.
They do this already. Maybe they are not supposed to, but I often get on the bus, go find a seat, put my groceries or whatever down and then go back up to pay/validate. The bus starts moving immediately.
Allow buses to drive 25mph on the shoulder of the highway in traffic jams where the main lanes are averaging below 10mph.
Again, pretty sure this already happens. But even if they do only stick to 10mph, that is 100x better than 0.1mph that the other cars on the road are doing.
Higher speed limits for buses. Lets say 15mph over.
Buses keep up with the flow of traffic and most people speed. As a matter of fact, on the routes I have been on that take the freeway, the bus is passing cars.
Leave (city) bus doors open, allow people to get on and off any time at their own risk.
I feel like this would actually *add* time to the trip because the bus would be stopping way more often. Obviously, this would also not be feasible in the winter time.
I think it is a good compromise. I use a 20+ character pass phrase which I keep stored in a password manager. I keep the password manager's files (I use roboform) in a separate location so they are not sync'd to the same cloud drive.
Both the pw manager and the cloud sync use 2FA.
It is not bulletproof but that is the nature of security tradeoffs. I am sure a government level actor could figure something out if they really wanted my data.
Slashdot Mirror
Occam's razer is only applicable if you have all of the available information.
And is arguably a better experience than the same apps on Windows Phone...
It would be funny if your safe room was upstairs.
The way I understand it, if code is written in such a way as to reference private information in a predictable way, this allows for the side channel attack described.
It should be possible to minimize, randomize and obfuscate these "calls" so that there is no predictable pattern.
So, no, I don't think it is just a hardware problem. Though, I am sure there are ways to beef this up as well.
Yeah, and it will come in platinum and rose gold and cost only $199.99
Markdown would allow for simple formatting like what you describe.
When I did contract IT, I would always set up smart hosts, preferably Postini (now rolled into Google apps) or Securence (US Internet) but, in a pinch, I would use their ISP's mail server.
If they absolutely had to run their own mail server I would tell them that they required:
- Business class Internet connection
- Static IP
- Reverse DNS to match the forward DNS
If they didn't want to opt for any of those... well, I would still set up their mail server but made it clear that some e-mail was going to be rejected.
It isn't the '90s anymore. You cannot run your own e-mail server out of your basement and expect it to work 100%.
I know what you mean.
I bought a Windows Phone a few years ago for $40 brand new on Amazon and put it on an AT&T pre-paid plan. It continues to work like a champ.
I can think of about a million things that I would rather spend money on than a phone.
Of course, you and I are not Apple's target market.
The funny thing is, I don't really know who Apple is targeting with this... perhaps the kids of current customers?
Maybe when "smart" devices are literally credit card sized, then it will be more convenient. Phones are just too big and slippery to be something you are constantly taking out and handling.
As it is, when I leave the apartment to run errands, I just put my CC and ID in my pocket and go.
If I do take my phone along it is to drive my BT headphones and the phone is in my messenger bag.
So, paying for something only involves me reaching in my pocket, swiping the CC and putting it back in my pocket. Nothing to unlock or fumble and drop and I don't have to take off my gloves. The only way this could be any more efficient is if the purchase was auto negotiated by my phone as I walk out of the store.
I am no Apple fanboy either but, from what I have heard, they used industry standards so it is not a "lock in" like some of their other technologies. I have no idea if they get a cut of the transaction but I would suspect that they don't.
You might want to back off the ideology a bit because it almost certainly doesn't help your customers when you try to force a square peg in a round hole. By that I mean, computers are tools, not religions. Use the right one for the right job and I suspect your customers will be much happier.
Cash is about as fast as CC if the cashier is at all practiced. Add in an automatic change dispenser and cash is probably faster.
Still, I like the paper trail of the CC. That, to me, is a feature.
When the government pays for my Internet connection then they may have some say in what I operate on it.
I guess what I am saying is be very suspicious when the government starts paying for your Internet connections...
In my case, I avoid the whole IoT thing like it were some virulent form of radioactive space herpes. It's not out of paranoia, but because my rural Satellite ISP has a bandwidth cap during most of any given 24-hour cycle.
For me, it is because IoT is another way of saying "recurring monthly bill" or "forced obsolescence"
Oh, look, I have a nice alarm clock that is connected to the internet, has an app store, collects data about me and will stop functioning when the manufacturer doesn't feel like supporting it any more.... what a deal!
I feel bad for you.
e-mail marketing is barely 1 step above straight spam.
If I had it my way, e-mail would be text only or implement some form of markdown
If you want to have fancy formatting, throw up a web page and go nuts, then send a non-shortened link by e-mail if you absolutely must.
There is unrest in the forest...
Exactly.
Also, more to the point, I think this is more about *authentication* than it is about encryption.
But since strong encryption requires authentication for proper implementation, you get 2 birds for the price of one.
I cannot count how many times I have been behind the person who whips out their phone to pay only to be stymied by some little glitch. Bewildered expressions are exchanged, the words "try it now" are uttered one or more times and the process finally progresses when a manager is called in to fiddle with the PoS...
I will stick with the mag stripe until adoption is much higher. It just works and is very fast, even with the stupid signature.
I don't think the issue is with the technology per se... it is still just too new and support is too patchy.
Still... we need the hipsters to deal with these annoyances for us so that we can experience a smooth transition.
I am afraid you are right.
People can point out the problems all day long, but until a child dies as a direct result, we won't have any meaningful action.
The only exception to this is guns.
Yeah, I see happiness as a scattershot phenomenon and not so much a spectrum thing.
There are hundreds of tiny things that make me happy every day (your socks comment is a perfect example of one). There at least as many things that make me unhappy every day.
There will never be a time when there are 0 points on either side. The trick is to get all of the happy points concentrated together and the unhappy points scattered and alone.
I would never describe myself as a happy person. But I am not an exclusively unhappy person either.
Sounds exhausting.
This is what I was thinking... This is one high energy person.
Good for her though. I think she has a much higher probability than most to find exactly the right person.
When you are just starting out or if the project is relatively small.
The more adoption you gain, the more the purity is corrupted.
Enjoy the view from your high horse while it lasts I guess.
I see wheelchair bound people on the bus all the time. The seats at the front of the bus fold up for them. So when they are not on the bus, those seats can be used by anyone.
I also see the baby strollers take these spots a lot, but it could also be people with a lot of groceries or people with other handicaps like blindness.
I don't think that everyone can afford a customized van and even if they could, their particular disability may not allow them to drive a vehicle. I think that having handicap access on buses is important and doesn't cost a lot (relatively speaking).
I don't know. I am more or less a life long public transportation kind of guy. I have had many cars over the years, but I always end up getting rid of them and go back to public transit; It is just so much more economical.
Yes, it takes longer, sometimes as much as 3x longer, but I have found that I end up making it work by getting stuff done I would normally do at home. For example, I remember when I was living in the suburbs going to college many years ago and I spent literally 6 hours a day on a bus (1.5 hours to downtown, 1.5 hours back out into a different suburb, twice a day). Now that was a little excessive, but I used that time to do 100% of the homework I was assigned (I graduated 2nd in my class) so really that time would have been spent anyway and then, once I was home, I was free to do whatever I wanted.
These days, I use the time to catch up on netcasts and stay informed or just read a book.
Seeing the transit system first hand for a number of years, I am actually surprised at how well it all works. The system is highly complex and operates in highly variable conditions (road condition, traffic, construction, etc) and yet it still manages to be accurate to the minute in most situations.
So, to the point of the article, I kind of feel like this guy is just really impatient. I don't know that the increased risk is worth arriving 15 minutes earlier to your destination.
Don't require buses to stop and open their doors at railroad crossings.
Sort of annoying, but really, how often does this happen? You would probably save 5 minutes total on your commute, and I think that is being generous.
Allow the driver to start while someone is still at the front paying.
They do this already. Maybe they are not supposed to, but I often get on the bus, go find a seat, put my groceries or whatever down and then go back up to pay/validate. The bus starts moving immediately.
Allow buses to drive 25mph on the shoulder of the highway in traffic jams where the main lanes are averaging below 10mph.
Again, pretty sure this already happens. But even if they do only stick to 10mph, that is 100x better than 0.1mph that the other cars on the road are doing.
Higher speed limits for buses. Lets say 15mph over.
Buses keep up with the flow of traffic and most people speed. As a matter of fact, on the routes I have been on that take the freeway, the bus is passing cars.
Leave (city) bus doors open, allow people to get on and off any time at their own risk.
I feel like this would actually *add* time to the trip because the bus would be stopping way more often. Obviously, this would also not be feasible in the winter time.
I know. I feel the same way. Watching them push the robots around makes me want to yell at them to stop.
This is my method.
I think it is a good compromise. I use a 20+ character pass phrase which I keep stored in a password manager. I keep the password manager's files (I use roboform) in a separate location so they are not sync'd to the same cloud drive.
Both the pw manager and the cloud sync use 2FA.
It is not bulletproof but that is the nature of security tradeoffs. I am sure a government level actor could figure something out if they really wanted my data.