How many of those cable providers have a stake in Hulu, CBS All Access, etc already? This will further drive more consumers into the online streaming only services, which will get you fewer channels, and fewer choice in how to consume content. At least Star Trek: Discovery got released on DVD/Bluray now.
Here's the thing: In the United States, cable companies are regulated federally. The cable box they rent out to you is *federally mandated* to use the same crypto card (cable card) that other devices like TiVos and some TVs have built in.
Basically right now you can pay $160/month for phone+cable TV+internet and get an asston of TV channels, maybe 5% of which you watch religiously, and maybe an additional 20% that you watch infrequently. You benefit from this _some_ because the cable companies are merely distributors of premium content (e.g. HBO, Showtime, etc) and "extended digital basic" content (e.g. Discovery, History, Cartoon Network, ABC Family); and up until Netflix was streaming more content than shipping discs around everyone was clamoring for Cable TV a-la-carte.
The reality is, we've got it now with CBS All Access, NetFlix, Hulu Originals, YouTube Originals, but... the negotiation power of having 2.1M subscribers as a distribution company is lost, and consumers will (or already are) paying more for content a-la-carte.
I did some research on Phison based USB flash drives a couple years ago, and finally came back to the research a couple months ago. These controllers are dirt cheap, so they're prolific and in all kinds of flash drives. Brand name doens't really mean anything, nor do USB product ID and vendor IDs matter. The only way you can tell what kind of flash controller is on the inside of your USB flash drive is by either sending a vendor specific SCSI CDB at them, or ripping them apart and actually looking at the chip.
Anyway: details of the vuln - The phison 2251 (and similar) based drives have a way to split (think partitioning) the flash drive into separate regions, and then optionally lock access with a password. They let you choose the percentage of the split, so you could have a 2G "public" volume and a 2g "private" volume on a 4G stick, with the "private" volume requiring a password to make it visible to your OS.
But that password -- it's only used for visibility of the "private" volume. You can either re-position the split mark, or entirely disable the public/private split and make the drive one big volume again. It's not a configuration lock, it's a volume visibility lock. Stupid, stupid, stupid.
If you work computer security for any company of decent size...
And just how many people is that, precisely? 20? 50? 100? 1000?
I really don't see how that is relevant, do you expect me to quote a scientific study that shows MTTP (mean time to pr0n)? "decent size" was very obviously a generalization.
If you work computer security for any company of decent size, you're gonna discover someone surfing porn. Most times we give folks the benefit of a doubt the 1st time in case it's some porn ad something on an otherwise "okay" site (gray, but not really a policy violation), but once a pattern of porn surfing is discovered, it usually results in someone getting written up, potentially ending with them losing their job.
Don't do this at work. You're not on your personal computer, it could be a shared computer (ewwww), and it's not your network. There's always someone watching to the benefit of the company, not you. It makes for an awful work environment for the people in the office, and can bring in malware. There's a joke I heard, of people clicking on the Yes/Accept/Install buttons... "do I have porn yet?" [click] "do I have porn yet?" [click]. Lots of malware comes down in the form of a "video codec" or plugin you need to watch the media. It's just awful.
I'm pretty sure Valve has gameplay-related analytics for their games, e.g. "What part of the map did the player die in the most often" to show poor level design in play-testing, not sure if it made it into the release game or not. That's one kind of analytics that I'm fully in support of. None of this "you have IDA pro running, you can't play video games" crap.
From my browser's console, I see google's server throws 400 Bad Request, when the browser hits hxxps://www. google. com/_/AndroidPartnerUncertifiedRegistrationUi/mutate
Heavy redaction below, so that hopefully nobody can abuse this to mess with my google account.
Query string params: at AN????????????????????????YM:15?????????03 f.req ["af.maf",[["af.add",14?????94,[{"14?????94":["MyAndroidDeviceIDHere"]}]]]]
Post params: _reqid 15???60 ds.extension 14?????94 f.sid -12???????????????28 hl en rt c
Every time I've tried using the whitelisting link, I get an error message that pops up, and disappears at the bottom of the webpage: "Uh oh, something went wrong. Please try again later."
Since it's been difficut to track down how to get your android device ID, here's how over ADB:
$ adb shell settings get secure android_id 214d54464e505921
The sequence of hex digits above is your android device ID.
In the US, there's a swath of radio band that is reserved. First for the US government (e.g. military), then for licensed amateur radio operators. I think there's a tertiary option where if $user only uses less than some-small-number-of-miliwatts. But the higher precedence one trumps the lower ones.
If this is going to be on ham radio frequencies, hams are going to essentially be able to cite FCC regs and say "shut that shit off" due to interference. Hams are GOOD at triangulating interferance, and if they discover it's coming from *all around them* they're going to speak up *quick*.
Remember, Hams are folks who have spent their own money to get radio gear, and then use that radio gear to provide emergency communications in the event of a disaster. On 9/11 I took my handset to the local hospital in case land line phones and cell phones went down. Fortunately I wasn't needed, but... you do not want to fuck with free emergency communications.
Want to know when somebody finds a XSS vuln in your timesheet app? Give 'em a starbucks gift card. Or a $20 pre-paid gift debit card they can use anywhere.
Sure, employees will try to game the system at first, and you'll find loopholes in your "rules" of the game. But the end result is net positive:
1) Your employees are *paid* and *happy* to notify the company of vulnerabilities, and 2) You. Fucking. Fix. Vulnerabilities.
Seriously, it's a net win for both the company and the employees. Just do it.
SQRL, ShieldsUp and SpinRite are all crap. When I first heard about SQRL I knew it wasn't thought through completely, like how ShieldsUp! permits joe-random-employee at $office to cause GRC.com to portscan the ever loving shit out of your corporate firewall. I've blocked the scanner from GRC.com at multiple offices.
In short: I said there's no way you can have open source firmware for a proprietary undocumented ASIC, that has to keep track with new developments in flash memory every 3 months.
He want on to ask if there was a way to buy a USB flash drive that wasn't field-reprogrammable, or to "convince a company to make USBs [sic] that way". I'm not aware of any, and it's impossible as-is to A) ask a vendor "What chips are you using?" and B) have the vendor use the same controller/flash chips on the same device.
Dude wouldn't listen, and I gave up trying to educate him.
Actually, a lot of them aren't paying customers. Well, they do pay, but with fraudulent credit cards, so the ISPs a lot of times are out a wad of cash.
I do not think it means what you think it means. Classified documents originate from a classification authority. There is no classification authority within Apple. Classification authorities are within the state and federal government. While Apple is large (and last I heard had more money than the federal reserve), that doesn't mean they can classify documents:)
Now, there can be trade secrets, that's an entirely different thing.:)
I seem to remember there being a mechwarrior style game on kickstarter that looked really good in videos - now for the life of me I can't track it down. It was a mech style game, but not the mechwarrior brand.
I've been a customer for what feels like 10 years now. Their support is great, they have knowledgable people and yes, you do get root. You can have console access, just not graphical console access. (Who would want X running on a colocated server anyway?)
Here's their faq: http://www.linode.com/faq.cfm - They've got a great community, go pop on IRC on irc.oftc.net and join #linode. Ask your questions there if there's something you want to know that isn't in the FAQ.
Here's a referral link - you don't really need to use it, but if you do I'll get some free service as a thank you for referring you.
I used to do sysadmin work professionally, and I still do it personally (I have a Linode VPS) where I host my personal e-mail, website, jabber server, and personal e-mail of family members. It's just one of those things that as a geek a lot of us end up doing.
One of the unspoken golden rules of trust was this: don't fucking read other people's e-mail. Period.
Now I do information security, where I keep my employer's network safe. This includes both external, and internal threats - such as domain admins going rogue, and abusing their powers (I've seen it happen, and wrote up the incident). It really bothers me that 1 out of 4 "IT Professionals" are unprofessional enough to violate the trust that has been granted them.
iD software has historically produced Linux versions of their games; I remember fondly playing the quake(s), and doom 3 under Linux.
While there have been lots and lots of reports over the years showing there is a Linux gaming market, it isn't a large enough market share for these game developers to put serious effort into it. I bet some of them actually see developing for Linux as a hindrance, even though most big game dev companies essentially abstract-out the bits between PS3, XBOX, Wii, PC, etc that are different.
One for me please. I want to know how to join too. In the mean time I'm boycotting everything that is sony. Which is hard, because they've already got thousands of dollars of my cash. But I won't be doing any of the following:
Going to the movie theatre (sony pictures)
Listening to sony music (I havn't bought RIAA music in years, so this isn't hard)
Slashdot Mirror
How many of those cable providers have a stake in Hulu, CBS All Access, etc already? This will further drive more consumers into the online streaming only services, which will get you fewer channels, and fewer choice in how to consume content. At least Star Trek: Discovery got released on DVD/Bluray now.
Here's the thing: In the United States, cable companies are regulated federally. The cable box they rent out to you is *federally mandated* to use the same crypto card (cable card) that other devices like TiVos and some TVs have built in.
Basically right now you can pay $160/month for phone+cable TV+internet and get an asston of TV channels, maybe 5% of which you watch religiously, and maybe an additional 20% that you watch infrequently. You benefit from this _some_ because the cable companies are merely distributors of premium content (e.g. HBO, Showtime, etc) and "extended digital basic" content (e.g. Discovery, History, Cartoon Network, ABC Family); and up until Netflix was streaming more content than shipping discs around everyone was clamoring for Cable TV a-la-carte.
The reality is, we've got it now with CBS All Access, NetFlix, Hulu Originals, YouTube Originals, but ... the negotiation power of having 2.1M subscribers as a distribution company is lost, and consumers will (or already are) paying more for content a-la-carte.
I did some research on Phison based USB flash drives a couple years ago, and finally came back to the research a couple months ago. These controllers are dirt cheap, so they're prolific and in all kinds of flash drives. Brand name doens't really mean anything, nor do USB product ID and vendor IDs matter. The only way you can tell what kind of flash controller is on the inside of your USB flash drive is by either sending a vendor specific SCSI CDB at them, or ripping them apart and actually looking at the chip.
Anyway: details of the vuln - The phison 2251 (and similar) based drives have a way to split (think partitioning) the flash drive into separate regions, and then optionally lock access with a password. They let you choose the percentage of the split, so you could have a 2G "public" volume and a 2g "private" volume on a 4G stick, with the "private" volume requiring a password to make it visible to your OS.
But that password -- it's only used for visibility of the "private" volume. You can either re-position the split mark, or entirely disable the public/private split and make the drive one big volume again. It's not a configuration lock, it's a volume visibility lock. Stupid, stupid, stupid.
And just how many people is that, precisely? 20? 50? 100? 1000?
I really don't see how that is relevant, do you expect me to quote a scientific study that shows MTTP (mean time to pr0n)? "decent size" was very obviously a generalization.
If you work computer security for any company of decent size, you're gonna discover someone surfing porn. Most times we give folks the benefit of a doubt the 1st time in case it's some porn ad something on an otherwise "okay" site (gray, but not really a policy violation), but once a pattern of porn surfing is discovered, it usually results in someone getting written up, potentially ending with them losing their job.
Don't do this at work. You're not on your personal computer, it could be a shared computer (ewwww), and it's not your network. There's always someone watching to the benefit of the company, not you. It makes for an awful work environment for the people in the office, and can bring in malware. There's a joke I heard, of people clicking on the Yes/Accept/Install buttons ... "do I have porn yet?" [click] "do I have porn yet?" [click]. Lots of malware comes down in the form of a "video codec" or plugin you need to watch the media. It's just awful.
I'm pretty sure Valve has gameplay-related analytics for their games, e.g. "What part of the map did the player die in the most often" to show poor level design in play-testing, not sure if it made it into the release game or not. That's one kind of analytics that I'm fully in support of. None of this "you have IDA pro running, you can't play video games" crap.
Here's an article: https://www.pentadact.com/2007...
I'll just give you the details here:
From my browser's console, I see google's server throws 400 Bad Request, when the browser hits hxxps:/ /www. google. com/_ /AndroidPartnerUncertifiedRegistrationUi/mutate
Heavy redaction below, so that hopefully nobody can abuse this to mess with my google account.
Query string params:
at AN????????????????????????YM:15?????????03
f.req ["af.maf",[["af.add",14?????94,[{"14?????94":["MyAndroidDeviceIDHere"]}]]]]
Post params:
_reqid 15???60
ds.extension 14?????94
f.sid -12???????????????28
hl en
rt c
Every time I've tried using the whitelisting link, I get an error message that pops up, and disappears at the bottom of the webpage: "Uh oh, something went wrong. Please try again later."
Since it's been difficut to track down how to get your android device ID, here's how over ADB:
$ adb shell settings get secure android_id
214d54464e505921
The sequence of hex digits above is your android device ID.
In the US, there's a swath of radio band that is reserved. First for the US government (e.g. military), then for licensed amateur radio operators. I think there's a tertiary option where if $user only uses less than some-small-number-of-miliwatts. But the higher precedence one trumps the lower ones.
If this is going to be on ham radio frequencies, hams are going to essentially be able to cite FCC regs and say "shut that shit off" due to interference. Hams are GOOD at triangulating interferance, and if they discover it's coming from *all around them* they're going to speak up *quick*.
Remember, Hams are folks who have spent their own money to get radio gear, and then use that radio gear to provide emergency communications in the event of a disaster. On 9/11 I took my handset to the local hospital in case land line phones and cell phones went down. Fortunately I wasn't needed, but ... you do not want to fuck with free emergency communications.
Want to know when somebody finds a XSS vuln in your timesheet app? Give 'em a starbucks gift card. Or a $20 pre-paid gift debit card they can use anywhere.
Sure, employees will try to game the system at first, and you'll find loopholes in your "rules" of the game. But the end result is net positive:
1) Your employees are *paid* and *happy* to notify the company of vulnerabilities, and
2) You. Fucking. Fix. Vulnerabilities.
Seriously, it's a net win for both the company and the employees. Just do it.
SQRL, ShieldsUp and SpinRite are all crap. When I first heard about SQRL I knew it wasn't thought through completely, like how ShieldsUp! permits joe-random-employee at $office to cause GRC.com to portscan the ever loving shit out of your corporate firewall. I've blocked the scanner from GRC.com at multiple offices.
And no, SpinRite doesn't do jack.
Source: e-mail exchange with him, based on my shmoocon presentation on hacking USB flash drives.
In short: I said there's no way you can have open source firmware for a proprietary undocumented ASIC, that has to keep track with new developments in flash memory every 3 months.
He want on to ask if there was a way to buy a USB flash drive that wasn't field-reprogrammable, or to "convince a company to make USBs [sic] that way". I'm not aware of any, and it's impossible as-is to A) ask a vendor "What chips are you using?" and B) have the vendor use the same controller/flash chips on the same device.
Dude wouldn't listen, and I gave up trying to educate him.
Actually, a lot of them aren't paying customers. Well, they do pay, but with fraudulent credit cards, so the ISPs a lot of times are out a wad of cash.
Please update the article title, JFC.
Bit9's application whitelisting product was leveraged to attack customers using it.
http://krebsonsecurity.com/201...
No really, stop - this is not The Butlerian Jihad by Kevin Herbert.
I do not think it means what you think it means. Classified documents originate from a classification authority. There is no classification authority within Apple. Classification authorities are within the state and federal government. While Apple is large (and last I heard had more money than the federal reserve), that doesn't mean they can classify documents :)
:)
Now, there can be trade secrets, that's an entirely different thing.
http://www.techdirt.com/blog/wireless/articles/20130311/01344922277/government-might-want-to-legalize-phone-unlocking-unfortunately-it-signed-away-that-right.shtml
:/
The interesting part is treaties can (and do) override what the US federal government can do.
I seem to remember there being a mechwarrior style game on kickstarter that looked really good in videos - now for the life of me I can't track it down. It was a mech style game, but not the mechwarrior brand.
Upmod parent. Please. No animated GIF logos please.
I've been a customer for what feels like 10 years now. Their support is great, they have knowledgable people and yes, you do get root. You can have console access, just not graphical console access. (Who would want X running on a colocated server anyway?)
Here's their faq: http://www.linode.com/faq.cfm - They've got a great community, go pop on IRC on irc.oftc.net and join #linode. Ask your questions there if there's something you want to know that isn't in the FAQ.
Here's a referral link - you don't really need to use it, but if you do I'll get some free service as a thank you for referring you.
http://www.linode.com/?r=8304c52b0c2b67372d5dcbe998ee4e04271275d6
I used to do sysadmin work professionally, and I still do it personally (I have a Linode VPS) where I host my personal e-mail, website, jabber server, and personal e-mail of family members. It's just one of those things that as a geek a lot of us end up doing.
One of the unspoken golden rules of trust was this: don't fucking read other people's e-mail. Period.
Now I do information security, where I keep my employer's network safe. This includes both external, and internal threats - such as domain admins going rogue, and abusing their powers (I've seen it happen, and wrote up the incident). It really bothers me that 1 out of 4 "IT Professionals" are unprofessional enough to violate the trust that has been granted them.
What's going on here?
How come the software to "unlock" this capability appears to be windows only?
iD software has historically produced Linux versions of their games; I remember fondly playing the quake(s), and doom 3 under Linux. While there have been lots and lots of reports over the years showing there is a Linux gaming market, it isn't a large enough market share for these game developers to put serious effort into it. I bet some of them actually see developing for Linux as a hindrance, even though most big game dev companies essentially abstract-out the bits between PS3, XBOX, Wii, PC, etc that are different.