Apple can continue to offer iPads and Macs in the stores, along with a large explanatory sign where the iPhones would normally be. In the meantime, New York residents will have to get their iPhones somewhere else, and most will. I don't think Apple will be as hurt by this as the residents.
It would provide an easy way to determine which phones have backdoors.
That's a lot of commenters. The federal stuff I comment on seems to have about 15 others who care enough to comment. The comments are pretty good though.
I'm an implementor of non backdoored RNGs that are very widely deployed. However to be able to do that well you need to understand the many ways how to backdoor RNGs, so you can take preventative measures to prevent other people backdooring your design.
So I know many ways to backdoor an RNG. If I was trying to do that, why would I choose an RNG that was already widely known to be backdoored?
So either they are back at backdooring, or not good at not backdooring.
I grew up in a country where they did take away everyone's hand guns. On balance it was a very good thing. Fewer people got shot. Some people were annoyed, but the not-dead people probably don't give a monkey's nuts.
Back in the day, the USA produced a speaker powered by a V-8 Hemi. It was intended to be mounted on a tall tower and blast out emergency sirens for dozens of miles.
The mythbusters hooked a speaker up to a 4 cylinder diesel to try to break the car windows, but that wasn't as loud.
A siren or a speaker? I can see an engine pumping air into a forced cavity oscillation, but as a generator for an electrically amplified speaker, a V-8 Hemi would be pretty dumb.
It has puzzled me why reputedly intelligent people at google would handicap their platform by such an obviously slow, inefficient language. Android is C and NMI under the covers anyway. One wonders if James Gossling is behind it?
Great example; batshit insane conclusion. It also has nothing to do with this branch of the thread. Read what I was replying to.
I would agree that the original designs for the secure payment systems for smart phones were great, even if they were on devices like that. However, corners are being cut now. For example, from what I can tell, Android Pay no longer requires the use of a separate chip to securely store the sensitive data (the secure element).
There are reasons for that. The secure storage is still a requirement. However chip vendors have begun incorporating the secure storage on the main die. From an attack surface point of view, this is better. The physical 'separateness' of the storage element is not a security goal or feature. The logical separateness certainly is.
Regardless, there are solutions for that, but the physical world solution should not (IMO, and the opinion of the GP) be on some relatively insecure device where arbitrary software can be installed from the internet.
And yet, time after time, millions of people's card credentials have been stolen from supposedly certified, secure, PCI-DSS compliant Point of Sale equipment on which arbitary software was installed from the internet. Whereas payments through phone-NFC-PoS-Bank transactions have not suffered the same fate.
Maybe because people involved in the creation of the through phone-NFC-PoS-Bank transaction mechanisms knew what the hell they were doing, whereas the PCI-DSS people do not.
That is not how subnets work in IPv6./64 are just "class" networks in that everybody presumably will use the same size. Subnetting is done from there.
The missing feature of IPv6 compared to IPv4 is that ISP don't get to financially rape you for $100+ extra dollars a month for a measly five of the artificially scarce addresses. IPv6 loses them that revenue stream.
And yet, there are literally millions of assholes like me who use Uber constantly, and would take a ride managed by Uber over a taxi any day.
Yup. And so long as investors are willing to pump billions of dollars into those services, they'll be good value too. Of course once the money dries up they'll either get very terrible or very expensive (or both), but for now it shouldn't surprise anyone that they're nicer than the alternatives that have to pay for themselves (while actually being externally measured to make sure that they're not overcharging you).
WTF does 'value' have to do with it? I'm pretty much always on expenses when I'm traveling. The cost, within reasonable limits, is not my problem. The benefits of a decent smartphone mediated service are to do with it being a decent smartphone mediated service rather than an regulated militia of Travis Bickle look alikes.
It usually matters that a lawyer knows how to do their job and someone not trained as a lawyer is exceedingly unlikely to be able to do a competent job.
Not so with taxis/Ubers/Lyfts or whatever. Everytime I've used Lyft or Uber, the driver has arrived, driven me to my destination, not failed at driving, not exhibited incompetence and not tried to bilk me by taking the wrong route. The trained, regulated and entirely honest taxi drivers I've used seem not to manage to achieve the same levels of competence.
People never had any appreciation for the "spirit" of anything. People want things done. Social media are easier than learning HTML and therefore "better". Centralization is better business-wise. Yes, we're losing a lot but the we gain more.
HTML is the assembly language of the web. You don't have to touch it if you don't want to, but sometimes as with assembly, you find it's the only way.
The bar for novelty is really low and the bar for obvious is simply not there.
Arguing a patent is not novel involves showing it hasn't been done before. Arguing a patent is not obvious involves showing no one thought of it before.
It amounts to the same thing. Yet as a designer I see the genesis of a patent is coming up with the problem. Once you have the problem you can solve it. Pretty much anyone skilled in the art of what I can do can solve same problems the same way when presented with them. The solutions are obvious. But if you come up with the problem first you can be the first to come up with the obvious solution to the problem and then patent it.
Nope. This was the movie which crystalized in my mind the basic movie watching conundrum of "I'd prefer to see it at home, yet I can't".
For most movies I get around this by watching it at home or sometimes on a plane. For the occasional one I'll see it at a theater, but that would be for something I'm looking forward to. For instance, I watched the recent spate of Bond movies at the movie theater.
This movie is different in that I kind of would like to see it, but certainly not enough to put up with a movie theater, yet it isn't available through the internet without resorting to hackery that I don't do. Most movies are either good enough, or available. This one is neither.
Slashdot Mirror
You play Lemonade Stand 2-3 hours a day?
Screw that. Choplifter.
Apple can continue to offer iPads and Macs in the stores, along with a large explanatory sign where the iPhones would normally be. In the meantime, New York residents will have to get their iPhones somewhere else, and most will. I don't think Apple will be as hurt by this as the residents.
It would provide an easy way to determine which phones have backdoors.
That's a lot of commenters. The federal stuff I comment on seems to have about 15 others who care enough to comment. The comments are pretty good though.
>3DES-based generator called ANSI X9.17. Since that generator is actually FIPS-140 approved
Not any more it isn't. X9.82/SP800-90 replaced it and X9.17 has now been deprecated for FIPS 140 module certification.
I'm an implementor of non backdoored RNGs that are very widely deployed. However to be able to do that well you need to understand the many ways how to backdoor RNGs, so you can take preventative measures to prevent other people backdooring your design.
So I know many ways to backdoor an RNG. If I was trying to do that, why would I choose an RNG that was already widely known to be backdoored?
So either they are back at backdooring, or not good at not backdooring.
I grew up in a country where they did take away everyone's hand guns. On balance it was a very good thing. Fewer people got shot.
Some people were annoyed, but the not-dead people probably don't give a monkey's nuts.
You never really delete a tweet do you?
Back in the day, the USA produced a speaker powered by a V-8 Hemi. It was intended to be mounted on a tall tower and blast out emergency sirens for dozens of miles.
The mythbusters hooked a speaker up to a 4 cylinder diesel to try to break the car windows, but that wasn't as loud.
A siren or a speaker? I can see an engine pumping air into a forced cavity oscillation, but as a generator for an electrically amplified speaker, a V-8 Hemi would be pretty dumb.
Grammar? That's spelling!
1,$s/morning/mourning/g
You're welcome.
It's the quality that matters. They should have used tube/thermionic valve amplifiers, in class A.
RIP Mr. Bowie. I've an ex-lady friend who is surely in morning.
She's in morning every day.
Don't know about that... they'll probably just fall to Earth...
I thought that was Colombo.
It has puzzled me why reputedly intelligent people at google would handicap their platform by such an obviously slow, inefficient language. Android is C and NMI under the covers anyway. One wonders if James Gossling is behind it?
Non Maskable Interrupt?
Great example; batshit insane conclusion.
It also has nothing to do with this branch of the thread. Read what I was replying to.
I would agree that the original designs for the secure payment systems for smart phones were great, even if they were on devices like that. However, corners are being cut now. For example, from what I can tell, Android Pay no longer requires the use of a separate chip to securely store the sensitive data (the secure element).
There are reasons for that. The secure storage is still a requirement. However chip vendors have begun incorporating the secure storage on the main die. From an attack surface point of view, this is better. The physical 'separateness' of the storage element is not a security goal or feature. The logical separateness certainly is.
Regardless, there are solutions for that, but the physical world solution should not (IMO, and the opinion of the GP) be on some relatively insecure device where arbitrary software can be installed from the internet.
And yet, time after time, millions of people's card credentials have been stolen from supposedly certified, secure, PCI-DSS compliant Point of Sale equipment on which arbitary software was installed from the internet. Whereas payments through phone-NFC-PoS-Bank transactions have not suffered the same fate.
Maybe because people involved in the creation of the through phone-NFC-PoS-Bank transaction mechanisms knew what the hell they were doing, whereas the PCI-DSS people do not.
From pot boiler historical soap operas.
That is not how subnets work in IPv6. /64 are just "class" networks in that everybody presumably will use the same size. Subnetting is done from there.
The missing feature of IPv6 compared to IPv4 is that ISP don't get to financially rape you for $100+ extra dollars a month for a measly five of the artificially scarce addresses. IPv6 loses them that revenue stream.
Why else would the ISPs be dragging their feet?
And yet, there are literally millions of assholes like me who use Uber constantly, and would take a ride managed by Uber over a taxi any day.
Yup. And so long as investors are willing to pump billions of dollars into those services, they'll be good value too. Of course once the money dries up they'll either get very terrible or very expensive (or both), but for now it shouldn't surprise anyone that they're nicer than the alternatives that have to pay for themselves (while actually being externally measured to make sure that they're not overcharging you).
WTF does 'value' have to do with it? I'm pretty much always on expenses when I'm traveling. The cost, within reasonable limits, is not my problem. The benefits of a decent smartphone mediated service are to do with it being a decent smartphone mediated service rather than an regulated militia of Travis Bickle look alikes.
It usually matters that a lawyer knows how to do their job and someone not trained as a lawyer is exceedingly unlikely to be able to do a competent job.
Not so with taxis/Ubers/Lyfts or whatever. Everytime I've used Lyft or Uber, the driver has arrived, driven me to my destination, not failed at driving, not exhibited incompetence and not tried to bilk me by taking the wrong route. The trained, regulated and entirely honest taxi drivers I've used seem not to manage to achieve the same levels of competence.
People never had any appreciation for the "spirit" of anything. People want things done. Social media are easier than learning HTML and therefore "better". Centralization is better business-wise. Yes, we're losing a lot but the we gain more.
HTML is the assembly language of the web. You don't have to touch it if you don't want to, but sometimes as with assembly, you find it's the only way.
The bar for novelty is really low and the bar for obvious is simply not there.
Arguing a patent is not novel involves showing it hasn't been done before.
Arguing a patent is not obvious involves showing no one thought of it before.
It amounts to the same thing. Yet as a designer I see the genesis of a patent is coming up with the problem. Once you have the problem you can solve it. Pretty much anyone skilled in the art of what I can do can solve same problems the same way when presented with them. The solutions are obvious. But if you come up with the problem first you can be the first to come up with the obvious solution to the problem and then patent it.
WTF is "We should try to be nice to people" such a controversial position?
Because when you state it in a way that implies all men in open source projects are not being to nice to women, it's grossly offensive.
> Is grey hat ok when it's done for the greater good?
Yes. It's great for all the people who benefit. It sucks for the person who put their liberty at risk to bring those benefits to people.
>Were any of those dollars yours?
Nope. This was the movie which crystalized in my mind the basic movie watching conundrum of "I'd prefer to see it at home, yet I can't".
For most movies I get around this by watching it at home or sometimes on a plane. For the occasional one I'll see it at a theater, but that would be for something I'm looking forward to. For instance, I watched the recent spate of Bond movies at the movie theater.
This movie is different in that I kind of would like to see it, but certainly not enough to put up with a movie theater, yet it isn't available through the internet without resorting to hackery that I don't do. Most movies are either good enough, or available. This one is neither.
>worthless municipal make-work projects
If any city needed a tunnel, Seattle is it. It is far from worthless.
That tunnel will make a nice salt-water reservoir after the Cascadia subduction zone mega-quake and subsequent tsunami hits.
I'm rather hoping I'm on a business trip somewhere when that happens. At least that's the extent of my Earthquake preparation.