Companies such as Yubikey create exactly what you are describing. The Yubikey 4 supports both RSA 4096 for OpenPGP, PKCS#11 and OTPs that this article talks about. Either of those first two features would do what you suggest. The problem with them is software. You need a browser and software on the OS (Linux, Windows, OS X) to interface with the Yubikey. The software doesn't even need to be Yubikey specific for all use cases. Some OSs will need a yubikey driver other OSs can use built-in drivers. For enrollment you will need yubikey software but they give you access to the source code and you can compile it yourself. The Yubikey USB device implements a standards compliant smart card device in addition to a HID device for OTP. However the OS needs to have smart card software and access to OS provided generic drivers or Yubikey driver to use it. The browser you are using needs to support PKCS#11 and interface with the smart card device.
The complexity of this is probably why many companies choose to just use OTPs since they require no special setup, drivers or software. Yubikey's RSA and PKCS support would be useful to secure your own workstations and servers. However if you want something that works without software, configuration or potentially drivers so that you can walk into an internet cafe while on vacation and login to your gmail account without worrying about the keylogger the previous patron might have placed on that PC then Yubikey and others OTP solution is more likely to work for you.
If you compare the article and originally submitted Slashdot story to what's posted now it appears that EditorDavid is the person who added the "(Meaning complex and frequently-changed passwords.)"
You didn't answer their question. You made a loosely related statement that attempted to move the goal post of the argument to something new.
Here's their question: "If the complete kernel configuration can be read, does this mean malware authors like NSA, CIA, criminals etc. will have an easier time getting inside your phone?" - Anon
Here's an answer: No.
Google's intention for these changes is to facilitate faster patching of bugs and security vulnerabilities.
The Android OS is already running on your Android phone so what other code are you talking about?
This new Android Oreo requirement that the article is talking about only says that your kernel configuration must be made available via/proc/config.gz (CONFIG_IKCONFIG_PROC=y) which is readable by any user. It does not require any special script or code to read. It's a pseudo file that's a gzip compressed ASCII representation of the kernel's compile time configuration.
In the United States IoT (Internet of Things) has no legal definition.
Microwave ovens on the other hand are legally defined and have several federal regulations concerning them. USC Title 21, Chapter 9, Subchapter V as well as Subchapter J, parts 1000 through 1005., 1010 and 1030.10.
Manufacturers and individuals get "a pass" unless there is a specific law regulating their behavior.
The problem with virtual sliders is that they take up more room than a virtual knob. VST plugins use a GUI that takes up as little room as possible. When you have multiple VST plugins running at the same time, space is at a premium. In addition, now a days many music artists use laptops in shows with even more limited desktop resolution.
The page you linked is concerning the 2008 election not the 2016 election. What proof or scientifically defensibly study do you have about 2016?
The underlying study by Jesse T. Richman, Gulshan A. Chattha and David C. Earnest found only five non-citizens self reported as voting in 2008 that they could verify out of a study sample size of 32,800 people.
If you are interested in reading the actual 2014 study concerning the 2008 election based on polling 32,800 people in 2008 and 55,400 in 2010 here is a link: https://ww2.odu.edu/~jrichman/...
If there's a vulnerability in this closed source module that can't be examined and someone browses any website on the web that exploits this module then a user is at risk without ever visiting Netflix.
Vaping gets its name from that fact that it vaporizes a liquid into a gas. In the same way that my mom's tea kettle vaporizes water into steam. There is no smoke. Nothing is burnt.
Disclosure: I don't vape e-cigarettes or smoke cigarettes.
1. Where is the money going to come from to build and staff these large dormitory style structures? Unless there's a tax surplus, who or what will be taxed or fined to pay for it? If based on a fine, does the party have money for the fine and likely to pay it? 2. Who is going to pay for the increased police, jails (food, bed, staff), lawyers for defendants, court costs, jury fees, etc if we more vigorously enforce misdemeanor trespass/vagrancy laws? Also in some cases police can't do more than tell vagrants to leave unless the owner of the property decided to press charges. 3. This sounds like it would require additional legislation at the city or state level. 4. It would be challenged as unconstitutional to force labor by some convicted criminals solely due to their housing status differently than other criminals. You couldn't force labor at all of non-convicted alleged criminals. See US Constitution, 13th amendment.
Having a serious mental illness is not a crime. You can't commit someone just because they are sick. A court of law would have to make a determination they are at risk of self-harm (Ex. attempted suicide) or harm of others (attempted murder, battery, etc).
With every proposed solution in government think: 1. Is it constitutional (Federal/State) and codified in law at the Federal, State or local level? 2. How much will it cost and who will pay for it? 3. Is the cost of plan less than the cost of not doing the proposed solution?
Personally I'm all for plans that are legal and cost taxpayers less in the long run than not doing them but this has to be proven.
When w3m requests a web page it sends the following: GET / HTTP/1.0 User-Agent: w3m/0.5.3+git20161120 Accept: text/html, text/*;q=0.5, image/* Accept-Encoding: gzip, compress, bzip, bzip2, deflate Accept-Language: en;q=1.0 Host: www.website.com
When lynx, with a w3m user agent, requests a web page it sends the following: GET / HTTP/1.0 Host: www.website.com Accept: text/html, text/plain, text/css, text/sgml, */*;q=0.01 Accept-Encoding: gzip, bzip2 Accept-Language: en User-Agent: w3m/0.5.3+git20161120
That depends on what you consider a shock. The original article never used the word shock. Shock is a term that vice.com decided to use. If you read the original article http://plopes.org/project/hapt... it says the electrical stimulations are not painful. Their devices simply stimulate certain muscles to simulate the weight or hardness of different objects.
Which programmer is liable when many are working on the firmware and programs running the vehicle/robot? How much of a code change would make me equally liable as the other programmers? What if the code was perfect (worked as designed) but the hardware it was running on or the sensors attached to it reported incorrect information? What if the programmers fixed a bug, that could cause an accident, but the manufacturer failed to sell vehicles whose code contained that fix? What if the programmers fixed a bug, that could cause an accident, but the owner of the vehicle/robot/toaster failed to apply the firmware update? What if the code on the vehicle/robot was altered by the owner? Is the owner now 100% responsible? Is there shared responsibility between the manufacturer’s programmers and the owner? What if the programmers made the robot to kill humans, because that was the job they were given by military but then the robot was put in the wrong setting and killed the wrong humans? What if a programmer believes a bug must be fixed but his or her employer won't allow them to fix that bug?
In my opinion, Bluetooth headphones are IoT devices. They are a network device utilizing an IEEE 802.15 protocol to connect to other devices within their network. Those devices in turn may be connected to other network devices using the same or other IEEE 802 protocols. The name we give the network made up of all these smaller networks is the Internet.
I would not consider a monitor an IoT device. It is not utilizing an IEEE 802 protocol to communicate with other devices on its network. If it's not in a network then it's not a part of the Internet. This could change in the future if someone made a network connected monitor. It's certainly possible since HDMI and Display Port have the ability to pass Ethernet between devices. At the point a monitor gets a MAC address or some other layer 1 identifier that allows it to communicate with other devices on a network then I would consider that monitor an IoT device.
In my opinion a device utilizing IEEE 802.15 (Bluetooth) to connect to a device utilizing IEEE 802.11 (Wireless LAN) to connect to a device utilizing IEEE 802.3 (Ethernet) to connect to other devices utilizing IEEE 802 standards across the network of networks that we call the Internet makes it an IoT (Internet of Things) device.
Do you feel like in order to be a IoT device it must have an IP address?
A friend of mine had a computer with a 3com NIC that incremented its MAC address every time he rebooted his PC. This started happening after he pulled the NIC out of a PCI slot while that motherboard was still turned on. This fried his motherboard and caused this peculiar behavior with his NIC.
If they had only provided an MSI installer containing this program would you have really trusted it and ran it? At least by releasing the source code, we can look at it and verify what we are running before we do so.
Slashdot Mirror
Companies such as Yubikey create exactly what you are describing. The Yubikey 4 supports both RSA 4096 for OpenPGP, PKCS#11 and OTPs that this article talks about. Either of those first two features would do what you suggest. The problem with them is software. You need a browser and software on the OS (Linux, Windows, OS X) to interface with the Yubikey. The software doesn't even need to be Yubikey specific for all use cases. Some OSs will need a yubikey driver other OSs can use built-in drivers. For enrollment you will need yubikey software but they give you access to the source code and you can compile it yourself. The Yubikey USB device implements a standards compliant smart card device in addition to a HID device for OTP. However the OS needs to have smart card software and access to OS provided generic drivers or Yubikey driver to use it. The browser you are using needs to support PKCS#11 and interface with the smart card device.
The complexity of this is probably why many companies choose to just use OTPs since they require no special setup, drivers or software. Yubikey's RSA and PKCS support would be useful to secure your own workstations and servers. However if you want something that works without software, configuration or potentially drivers so that you can walk into an internet cafe while on vacation and login to your gmail account without worrying about the keylogger the previous patron might have placed on that PC then Yubikey and others OTP solution is more likely to work for you.
If you compare the article and originally submitted Slashdot story to what's posted now it appears that EditorDavid is the person who added the "(Meaning complex and frequently-changed passwords.)"
Correction. Revision 1.1 of the M.2 specification allows USB 3.1 gen1 instead of USB 3.0 I stated earlier.
The M.2 specification allows for PCIe 3.0 (4 lanes), USB 3.0 or SATA 3.0 to be exposed. Most NVMe cards such as the Samsung 860 Pro use a M.2 interface. See http://www.samsung.com/semiconductor/minisite/ssd/product/consumer/ssd960.html
It's up to the host device (motherboard) maker and storage device maker to decide which bus to allow through the M.2 interface.
You didn't answer their question. You made a loosely related statement that attempted to move the goal post of the argument to something new.
Here's their question:
"If the complete kernel configuration can be read, does this mean malware authors like NSA, CIA, criminals etc. will have an easier time getting inside your phone?" - Anon
Here's an answer:
No.
Google's intention for these changes is to facilitate faster patching of bugs and security vulnerabilities.
The Android OS is already running on your Android phone so what other code are you talking about?
This new Android Oreo requirement that the article is talking about only says that your kernel configuration must be made available via /proc/config.gz (CONFIG_IKCONFIG_PROC=y) which is readable by any user. It does not require any special script or code to read. It's a pseudo file that's a gzip compressed ASCII representation of the kernel's compile time configuration.
In the United States IoT (Internet of Things) has no legal definition.
Microwave ovens on the other hand are legally defined and have several federal regulations concerning them. USC Title 21, Chapter 9, Subchapter V as well as Subchapter J, parts 1000 through 1005., 1010 and 1030.10.
Manufacturers and individuals get "a pass" unless there is a specific law regulating their behavior.
The problem with virtual sliders is that they take up more room than a virtual knob. VST plugins use a GUI that takes up as little room as possible. When you have multiple VST plugins running at the same time, space is at a premium. In addition, now a days many music artists use laptops in shows with even more limited desktop resolution.
When space is at a premium, knobs are king.
The page you linked is concerning the 2008 election not the 2016 election. What proof or scientifically defensibly study do you have about 2016?
The underlying study by Jesse T. Richman, Gulshan A. Chattha and David C. Earnest found only five non-citizens self reported as voting in 2008 that they could verify out of a study sample size of 32,800 people.
If you are interested in reading the actual 2014 study concerning the 2008 election based on polling 32,800 people in 2008 and 55,400 in 2010 here is a link:
https://ww2.odu.edu/~jrichman/...
Here is a link to the lead author, Jesse Richman, of that study saying that the washingtontimes.com article is deceptive if anyone believes it's concerning 2016.
https://fs.wp.odu.edu/jrichman/2017/01/27/i-do-not-support-the-washington-times-piece/
Can you cite any proof of wide scale voter fraud?
I've only read about four documented cases of vote fraud in 2016.
https://www.dailykos.com/stori...
Could you cite what study you are talking about?
If there's a vulnerability in this closed source module that can't be examined and someone browses any website on the web that exploits this module then a user is at risk without ever visiting Netflix.
In your opinion, what freedoms does it remove and from whom?
Who or what grants the freedom that it is removing?
Vaping gets its name from that fact that it vaporizes a liquid into a gas. In the same way that my mom's tea kettle vaporizes water into steam. There is no smoke. Nothing is burnt.
Disclosure: I don't vape e-cigarettes or smoke cigarettes.
It uses a wireless pad/dock for normal charging or USB-C for fast charging.
1. Where is the money going to come from to build and staff these large dormitory style structures? Unless there's a tax surplus, who or what will be taxed or fined to pay for it? If based on a fine, does the party have money for the fine and likely to pay it?
2. Who is going to pay for the increased police, jails (food, bed, staff), lawyers for defendants, court costs, jury fees, etc if we more vigorously enforce misdemeanor trespass/vagrancy laws? Also in some cases police can't do more than tell vagrants to leave unless the owner of the property decided to press charges.
3. This sounds like it would require additional legislation at the city or state level.
4. It would be challenged as unconstitutional to force labor by some convicted criminals solely due to their housing status differently than other criminals. You couldn't force labor at all of non-convicted alleged criminals. See US Constitution, 13th amendment.
Having a serious mental illness is not a crime. You can't commit someone just because they are sick. A court of law would have to make a determination they are at risk of self-harm (Ex. attempted suicide) or harm of others (attempted murder, battery, etc).
With every proposed solution in government think:
1. Is it constitutional (Federal/State) and codified in law at the Federal, State or local level?
2. How much will it cost and who will pay for it?
3. Is the cost of plan less than the cost of not doing the proposed solution?
Personally I'm all for plans that are legal and cost taxpayers less in the long run than not doing them but this has to be proven.
By comparing the behavior of the two clients.
When w3m requests a web page it sends the following:
GET / HTTP/1.0
User-Agent: w3m/0.5.3+git20161120
Accept: text/html, text/*;q=0.5, image/*
Accept-Encoding: gzip, compress, bzip, bzip2, deflate
Accept-Language: en;q=1.0
Host: www.website.com
When lynx, with a w3m user agent, requests a web page it sends the following:
GET / HTTP/1.0
Host: www.website.com
Accept: text/html, text/plain, text/css, text/sgml, */*;q=0.01
Accept-Encoding: gzip, bzip2
Accept-Language: en
User-Agent: w3m/0.5.3+git20161120
Yes, that's how I got to this Slashdot article.
No. Their devices do not cause painful shocks. They provide electrical stimulation of specific muscle groups to simulate objects.
That depends on what you consider a shock. The original article never used the word shock. Shock is a term that vice.com decided to use. If you read the original article http://plopes.org/project/hapt... it says the electrical stimulations are not painful. Their devices simply stimulate certain muscles to simulate the weight or hardness of different objects.
Which programmer is liable when many are working on the firmware and programs running the vehicle/robot?
How much of a code change would make me equally liable as the other programmers?
What if the code was perfect (worked as designed) but the hardware it was running on or the sensors attached to it reported incorrect information?
What if the programmers fixed a bug, that could cause an accident, but the manufacturer failed to sell vehicles whose code contained that fix?
What if the programmers fixed a bug, that could cause an accident, but the owner of the vehicle/robot/toaster failed to apply the firmware update?
What if the code on the vehicle/robot was altered by the owner? Is the owner now 100% responsible? Is there shared responsibility between the manufacturer’s programmers and the owner?
What if the programmers made the robot to kill humans, because that was the job they were given by military but then the robot was put in the wrong setting and killed the wrong humans?
What if a programmer believes a bug must be fixed but his or her employer won't allow them to fix that bug?
In my opinion, Bluetooth headphones are IoT devices. They are a network device utilizing an IEEE 802.15 protocol to connect to other devices within their network. Those devices in turn may be connected to other network devices using the same or other IEEE 802 protocols. The name we give the network made up of all these smaller networks is the Internet.
I would not consider a monitor an IoT device. It is not utilizing an IEEE 802 protocol to communicate with other devices on its network. If it's not in a network then it's not a part of the Internet. This could change in the future if someone made a network connected monitor. It's certainly possible since HDMI and Display Port have the ability to pass Ethernet between devices. At the point a monitor gets a MAC address or some other layer 1 identifier that allows it to communicate with other devices on a network then I would consider that monitor an IoT device.
In my opinion a device utilizing IEEE 802.15 (Bluetooth) to connect to a device utilizing IEEE 802.11 (Wireless LAN) to connect to a device utilizing IEEE 802.3 (Ethernet) to connect to other devices utilizing IEEE 802 standards across the network of networks that we call the Internet makes it an IoT (Internet of Things) device.
Do you feel like in order to be a IoT device it must have an IP address?
A friend of mine had a computer with a 3com NIC that incremented its MAC address every time he rebooted his PC. This started happening after he pulled the NIC out of a PCI slot while that motherboard was still turned on. This fried his motherboard and caused this peculiar behavior with his NIC.
If they had only provided an MSI installer containing this program would you have really trusted it and ran it? At least by releasing the source code, we can look at it and verify what we are running before we do so.