There are adapters (passive if memory serves) that can convert from HDMI to VGA (http://www.amazon.com/HDMI-VGA-HD15-Male-Cable/dp/B001OLCHJ6)
Given that HDMI is a much higher quality signal dropping quality isn't too much of a problem. Going the other way, it is pretty much impossible to get HDMI quality from a VGA output.
Just add Blender (or similar program, offhand can't remember what the memory requirements are) + Raspberry Pi
That sounds like I need hundreds of people and massive infrastructure, US$1k. Given that the price is heavily influenced by the 3d printer the overall cost of the setup can be dropped substantially if the price of that item drops.
If memory serves at the time of the injunction, no the judge did not do that. Honestly it would not have made sense to have Apple bring in the devices themselves yet if you had no reason to believe the images themselves were altered.
You could still do some cool time-lapse, collect pictures from lots of different angles sweeping across the sky etc. Power might still be an issue but powered hubs can deal with that. Bandwidth would only become an issue at the first level when you have say 20-30 cameras aggregated into one port.
I'm curious how much bandwidth a web cam can create because to saturate a 480Mbit link (USB 1.0 or 1.1 would be useless here) with 30 cameras it would take 16Mbit/s each to saturate (I guess a bit lower due to overhead). One question I have for any fellow slashdotter is, do USB hubs act like Ethernet switches and allow one segment of the network to operate at say USB1.0, while allowing the uplinks to operate at a higher speed? If not then this idea won't work if any of the cameras are USB 1.0.
If that scenario stood a stand a chance of working, the need for anonymity would be zero.
What happens if the company is unable to recreate the flaw and as such can't fix it, they can't reach the researcher to get more info so are they are they being malicious by not fixing the issue? Nope.
Hence as you see with almost all other responsible disclosures you know who found it, are they being sued for finding the flaw? Nope.
Good luck to any company that lacks a public policy on how these matters are handled, the behavior of this one most likely will lead future exploits to remain hidden as no one will report until they explode as 0-days when someone does a full disclosure.
He used the appropriate amount of force, we all know these companies would not rush to fix it unless there was a known exploit ripping them to bits.
If he didn't show an exploit the company would most likely have claimed it was only "theoretically possible". Especially when all that was required was:
He had increased a numerical value in a URL used to access his statement by one digit and was granted access to a former colleagues' account.
Complete lack of authentication seems the culprit here, does that make google, yahoo, bing, etc potentially guilty as well? They could have come across it as well (hopefully this company knows about robots.txt), I guess mass spidering the site could yield some interesting results if this flaw exists (yes I know they fixed this one, doesn't mean others don't exist).
To tell you the honest truth, if someone said change the ID on that URL to get into another account when I'm logged into my online banking I would laugh them out of the room, what scares the F*** out of me is this company is in charge of a couple million retirement accounts (http://www.pillar.com.au/about_us.htm -> http://en.wikipedia.org/wiki/Superannuation_in_Australia).
Adding obscurity adds to the security. It is a more secure system than it was because the obscurity layer hardens it. Thus the overall security is dependant in part to the obscurity.
Obscurity as part of a larger system only serves to increase the signal to noise ratio, by making the login more difficult to find "accidental" contact with it is reduced (or completely negated). Which mean when someone is messing with the lock you either have a legitimate user or a very determined attacker. In a way it removes the grey area to which the system might otherwise have to respond. The most benefit I can see is it allows more strict policies (shoot first, ask questions never) to be implemented with relative guarantees that there will be few "false positives".
If I have a zero day exploit vs your lock, then your lock isn't offering you any security either. The fact that the correct keyhole is hidden might save your ass though.
I agree, but I think you will also agree that what you are describing is someone searching for low hanging fruit. What you are relying on there is that you are not of interest to the attacker. If someone is targeting you or your organization then moving the key hole will offer little protection.
Funny thing is all of this reminds me of Scooby Doo and all those passageways behind the bookshelves
I think you are looking at it from the same perspective I would, as a power user.
My phone (HTC HD2) can easily run everything everyone else my house uses on a daily basis fine (browser, mail client, video player, music, word processor), my usage is different but only my development environment and certain games are what force me to have a beefy PC.
What benefit other than established code base is there for sticking with x86 for the majority of computer users? Its been pretty well established that for most users a PC that's 3 years old (or possibly older) would easily suffice. Smaller form factors, less power usage and less heat are becoming important factors for almost all users seeing as speed isn't noticeably increasing for the vast majority of users.
One possible benefit to power users for going low power is longer UPS battery times. If your UPS can last hours instead of minutes would you care?
I was countering your point about "Wow, way to show undeniable proof that corporations should NOT support Linux! What did the community say? What were the words constantly used? "If you'll just give all your specs to the community why we'll not only do all the driver work FOR you, but we'll buy your product!""
There are outstanding issues that prevent the above comment from being done which has nothing to do with the open source community and at least with the patents with AMD either. In essence "If you'll just give ALL your specs to the community" is not a valid point as that has not been done.
Regardless the community has made allot of progress, if the full specs were actually released and the algorithms were not patent encumbered then much more could / would have been done. The quotes were to point out some of the areas where the open source version lags behind the binary blob and point out why.
"While many users want this support so that they can move their video playback process to the GPU rather than taxing the CPU, chances are we will not see this open-source support either. While Advanced Micro Devices tries to be open-source friendly, they refuse to document or provide sample code for the UVD engine. The UVD area of the graphics processor is off-limits to official AMD open-source support over fears that exposing it could lead to compromising its Digital Rights Management mechanisms on other operating systems." - Page 4
"We may see OpenGL 3.0 support in the 2012 calendar year for Mesa as most of the work left deals with GL Shading Language 1.30. However, by then the OpenGL 3.0 specification will be about four years old and there is still catching up to do with OpenGL 3.1/3.2/3.3 and then OpenGL 4.0/4.1/4.2. Additionally, it will be in crippled form by default. There is support for some OpenGL functionality like floating-point textures, but it's not enabled in the driver source-code by default nor are any major Linux distribution vendors (aside from Arch Linux) enabling these features. The support is disabled due to patents / intellectual property covering these technologies. It makes open-source graphics drivers a hot big mess. S3 Texture Compression (S3TC) is also only available as an external library that is not packaged in tier-one distributions due to these legal concerns." - Page 6
"There's the ability for dynamic power management and to force the GPU into lower power states, but it's not enabled by default and when enabling some of these options they can cause problems -- lockups or other issues if re-clocking takes place during a scan-out. Power management though is another sore spot for Linux and other open-source drivers. The proprietary drivers for both NVIDIA and AMD are better at it then the open-source drivers." - Page 7
The first 2 are not problems with either the open source community or AMD, the last could be deemed to be moving too slow although I can't say I've ever heard of those specs being released.
Re:For the uninformed like me....
on
Arduino Goes ARM
·
· Score: 1
Biggest difference will most likely come from ram, CPU speed will help with number crunching for some algorithms but going from 2k to 50k RAM will actually allow you to run a proper TCP/IP stack, store the image from a camera so you can process it immediately or save for later use or keep decent sized data sets in memory for machine learning algorithms.
Very good candidate for a central controller for a project. I doubt that it would be as cheap to get the chips vs the ATMega chips.
How good is the patent office at enforcing said clause? In the real world it takes someone allot of legal fees to fix their screw up all the while society gets screwed.
As a reader in a "third world country" (at least by the definitions of some publishers) I know there are books that I will never get to find out about because they never made the top sellers list that these publishers would want to risk bringing it to such countries because they won't see enough ROI to make it worthwhile.
Slashdot Mirror
A little curious as to where you are getting "a couple hundred dollars".
http://www.amazon.com/NEC-1560M-BK-LCD-Monitor-Black/dp/B00008456C/ref=sr_1_26?s=electronics&ie=UTF8&qid=1319821022&sr=1-26 - $40
http://www.amazon.com/Logitech-Desktop-MK120-keyboard-920-002565/dp/B003NREDC8/ref=sr_1_1?s=electronics&ie=UTF8&qid=1319820838&sr=1-1 - Logitech keyboard and mouse combo for $17, I'm sure with a bit of digging around you can get a cheaper mouse / keyboard.
This is how I can rack up a couple hundred dollars on a keyboard, mouse and monitor.
- http://www.amazon.com/Logitech-Programmable-Gaming-Keyboard-Display/dp/B001NXDBI6/ref=dp_cp_ob_e_title_3 - $146
- http://www.amazon.com/Logitech-G13-Programmable-Gameboard-Display/dp/B001NEK2GE/ref=dp_cp_ob_e_title_4 - $57.37
- http://www.amazon.com/Logitech-G500-Programmable-Gaming-Mouse/dp/B002J9GDXI/ref=dp_cp_ob_e_title_2 - $60
or
- http://www.amazon.com/Logitech-Wireless-Gaming-Mouse-G700/dp/B003VAM32E/ref=pd_bxgy_e_text_b - $75 (if you want a wireless mouse).
- http://www.amazon.com/NEC-LCD2490WUXi2-BK-Widescreen-LCD-Monitor/dp/B002C9KAO8/ref=sr_1_32?s=electronics&ie=UTF8&qid=1319821839&sr=1-32 - $746 (I decided to stay in a reasonable range, this is just a 24 inch).
There are adapters (passive if memory serves) that can convert from HDMI to VGA (http://www.amazon.com/HDMI-VGA-HD15-Male-Cable/dp/B001OLCHJ6)
Given that HDMI is a much higher quality signal dropping quality isn't too much of a problem. Going the other way, it is pretty much impossible to get HDMI quality from a VGA output.
You mean infrastructure like this?
http://reprap.org/wiki/Main_Page
Just add
Blender (or similar program, offhand can't remember what the memory requirements are)
+
Raspberry Pi
That sounds like I need hundreds of people and massive infrastructure, US$1k. Given that the price is heavily influenced by the 3d printer the overall cost of the setup can be dropped substantially if the price of that item drops.
If memory serves at the time of the injunction, no the judge did not do that. Honestly it would not have made sense to have Apple bring in the devices themselves yet if you had no reason to believe the images themselves were altered.
Would it be spam if you actually needed it?
peanut butter Jelly time!!!!
You could still do some cool time-lapse, collect pictures from lots of different angles sweeping across the sky etc. Power might still be an issue but powered hubs can deal with that. Bandwidth would only become an issue at the first level when you have say 20-30 cameras aggregated into one port.
I'm curious how much bandwidth a web cam can create because to saturate a 480Mbit link (USB 1.0 or 1.1 would be useless here) with 30 cameras it would take 16Mbit/s each to saturate (I guess a bit lower due to overhead). One question I have for any fellow slashdotter is, do USB hubs act like Ethernet switches and allow one segment of the network to operate at say USB1.0, while allowing the uplinks to operate at a higher speed? If not then this idea won't work if any of the cameras are USB 1.0.
http://hardware.slashdot.org/story/11/10/14/1840224/throwable-36-camera-ball-takes-spherical-panoramas is a nice use as well if you are bored enough to take them apart to mount and solder.
Not really a total loss, as long as you get audited at some point the money comes back into play.
And yes it does sound bizarre...
If that scenario stood a stand a chance of working, the need for anonymity would be zero.
What happens if the company is unable to recreate the flaw and as such can't fix it, they can't reach the researcher to get more info so are they are they being malicious by not fixing the issue? Nope.
Hence as you see with almost all other responsible disclosures you know who found it, are they being sued for finding the flaw? Nope.
Good luck to any company that lacks a public policy on how these matters are handled, the behavior of this one most likely will lead future exploits to remain hidden as no one will report until they explode as 0-days when someone does a full disclosure.
Do you care about the security of your bank?
Said company is in charge of this guys money...
You do realize what this company does right???
These guys claim to be in charge of the retirement accounts of 1 million+ people... http://en.wikipedia.org/wiki/Superannuation_in_Australia
Ethical morality comparison:
Researcher > Company
I understand your case where the potential loss is small but that clearly isn't the scenario here.
Indeed, leaving the bug there or REALLY exploiting it would be an ethical no-no...
He used the appropriate amount of force, we all know these companies would not rush to fix it unless there was a known exploit ripping them to bits.
If he didn't show an exploit the company would most likely have claimed it was only "theoretically possible". Especially when all that was required was:
He had increased a numerical value in a URL used to access his statement by one digit and was granted access to a former colleagues' account.
Complete lack of authentication seems the culprit here, does that make google, yahoo, bing, etc potentially guilty as well? They could have come across it as well (hopefully this company knows about robots.txt), I guess mass spidering the site could yield some interesting results if this flaw exists (yes I know they fixed this one, doesn't mean others don't exist).
To tell you the honest truth, if someone said change the ID on that URL to get into another account when I'm logged into my online banking I would laugh them out of the room, what scares the F*** out of me is this company is in charge of a couple million retirement accounts (http://www.pillar.com.au/about_us.htm -> http://en.wikipedia.org/wiki/Superannuation_in_Australia).
Adding obscurity adds to the security. It is a more secure system than it was because the obscurity layer hardens it. Thus the overall security is dependant in part to the obscurity.
Obscurity as part of a larger system only serves to increase the signal to noise ratio, by making the login more difficult to find "accidental" contact with it is reduced (or completely negated). Which mean when someone is messing with the lock you either have a legitimate user or a very determined attacker. In a way it removes the grey area to which the system might otherwise have to respond. The most benefit I can see is it allows more strict policies (shoot first, ask questions never) to be implemented with relative guarantees that there will be few "false positives".
If I have a zero day exploit vs your lock, then your lock isn't offering you any security either. The fact that the correct keyhole is hidden might save your ass though.
I agree, but I think you will also agree that what you are describing is someone searching for low hanging fruit. What you are relying on there is that you are not of interest to the attacker. If someone is targeting you or your organization then moving the key hole will offer little protection.
Funny thing is all of this reminds me of Scooby Doo and all those passageways behind the bookshelves
Fair point, but if the windows world supports both there is at least in my opinion a strong desire for any proprietary vendors to follow suit.
This is true only for the Windows world. (Which is admittedly 90% of the market...)
And as Windows is going ARM as well, the difference could very well become non-existant.
I think you are looking at it from the same perspective I would, as a power user.
My phone (HTC HD2) can easily run everything everyone else my house uses on a daily basis fine (browser, mail client, video player, music, word processor), my usage is different but only my development environment and certain games are what force me to have a beefy PC.
What benefit other than established code base is there for sticking with x86 for the majority of computer users? Its been pretty well established that for most users a PC that's 3 years old (or possibly older) would easily suffice. Smaller form factors, less power usage and less heat are becoming important factors for almost all users seeing as speed isn't noticeably increasing for the vast majority of users.
One possible benefit to power users for going low power is longer UPS battery times. If your UPS can last hours instead of minutes would you care?
I was countering your point about "Wow, way to show undeniable proof that corporations should NOT support Linux! What did the community say? What were the words constantly used? "If you'll just give all your specs to the community why we'll not only do all the driver work FOR you, but we'll buy your product!""
There are outstanding issues that prevent the above comment from being done which has nothing to do with the open source community and at least with the patents with AMD either. In essence "If you'll just give ALL your specs to the community" is not a valid point as that has not been done.
Regardless the community has made allot of progress, if the full specs were actually released and the algorithms were not patent encumbered then much more could / would have been done. The quotes were to point out some of the areas where the open source version lags behind the binary blob and point out why.
Some counters from the aricle.
"While many users want this support so that they can move their video playback process to the GPU rather than taxing the CPU, chances are we will not see this open-source support either. While Advanced Micro Devices tries to be open-source friendly, they refuse to document or provide sample code for the UVD engine. The UVD area of the graphics processor is off-limits to official AMD open-source support over fears that exposing it could lead to compromising its Digital Rights Management mechanisms on other operating systems." - Page 4
"We may see OpenGL 3.0 support in the 2012 calendar year for Mesa as most of the work left deals with GL Shading Language 1.30. However, by then the OpenGL 3.0 specification will be about four years old and there is still catching up to do with OpenGL 3.1/3.2/3.3 and then OpenGL 4.0/4.1/4.2. Additionally, it will be in crippled form by default. There is support for some OpenGL functionality like floating-point textures, but it's not enabled in the driver source-code by default nor are any major Linux distribution vendors (aside from Arch Linux) enabling these features. The support is disabled due to patents / intellectual property covering these technologies. It makes open-source graphics drivers a hot big mess. S3 Texture Compression (S3TC) is also only available as an external library that is not packaged in tier-one distributions due to these legal concerns." - Page 6
"There's the ability for dynamic power management and to force the GPU into lower power states, but it's not enabled by default and when enabling some of these options they can cause problems -- lockups or other issues if re-clocking takes place during a scan-out. Power management though is another sore spot for Linux and other open-source drivers. The proprietary drivers for both NVIDIA and AMD are better at it then the open-source drivers." - Page 7
The first 2 are not problems with either the open source community or AMD, the last could be deemed to be moving too slow although I can't say I've ever heard of those specs being released.
Biggest difference will most likely come from ram, CPU speed will help with number crunching for some algorithms but going from 2k to 50k RAM will actually allow you to run a proper TCP/IP stack, store the image from a camera so you can process it immediately or save for later use or keep decent sized data sets in memory for machine learning algorithms.
Very good candidate for a central controller for a project. I doubt that it would be as cheap to get the chips vs the ATMega chips.
Whats the cost to get up to that point?
How good is the patent office at enforcing said clause? In the real world it takes someone allot of legal fees to fix their screw up all the while society gets screwed.
How good is the patent office at detecting "prior art"?
As a reader in a "third world country" (at least by the definitions of some publishers) I know there are books that I will never get to find out about because they never made the top sellers list that these publishers would want to risk bringing it to such countries because they won't see enough ROI to make it worthwhile.
This particular attack is against the universities, not google.
They aren't allowed to settle according to their own internal laws, It must be litigated to completion.