Not true - the only way for that information to have come into the possession of the bloggers was for someone to have committed a crime - stealing trade secrets.
The only way for that not to be true is if Apple itself had authorized the release, which clearly they did not.
A lot of people have complained about how many technologies get reported, and are never heard of again.
This is pretty ironic, given that most companies (FUD aside) will only talk about products to a) attract venture capital, or b) sell an actual product.
And any company which has burned all the v.c. without bringing anything to market is hardly to going to trumpet about it.
Whether this technology will be the next best thing or not is open to question (that's what makes the stock market work;). What I found most interesting was the reference to an agreement with Ovonics.
The stock market may hate Stan and company, but their list of accomplishments is pretty impressive, including having the word 'ovonics' added to the english language.
Either way, the news is a useful harbringer of things to come. Even if *this* technology doesn't make it, something else will. Somone will ALWAYS have a better idea. This is just a watermark for where the so-called state-of-the-art currently floats.
BZZZZZTTTTT! Thanks for playing, would you like to try again?
First of all, Visa doesn't pay for SQUAT. Chargebacks are funded by the merchants, who in most cases are forced to eat the fraud.
And even if that were NOT true, TAANSTAAFL. Regardless of who foots the bill for the losses, ultimately those costs are passed back to the consumer in the form of higher costs.
It may come as a complete shock to some people here, but some companies have to make a living somehow.
That's a perfectly valid point, although somewhat of a non sequitor. There is no profit to be made in acquiring 'dummy' registrations, and damned little to be made in sending spam to those who got sucked in because they didn't know to lie outright.
If I like a site, I'll register there. If I just want to look at something on the site, and I HAVE to register, I'll use BS information and - if confirmation is required - a throwaway e-mail address.
Now, keeping all the phony information in the database can become a non-trivial expense, particularly if the site is using a database which doesn't scale well, and suddenly has to transform to something more capable. Ditto for sending spam and dealing with the resulting bounces.
Cleaning the database is decidedly non-trivial, and many companies make a good living just doing 3rd-party database scrubbing.
Clearly salon.com chose to publish the information in question. And clearly it is not to their benefit - in many ways - to require that you sign in at the front desk. (I sometimes do meals-on-wheels deliveries, and some of these buildings will drive you freaking nuts -- a very apt analogy for comparable sites. All I want to do is deliver some freaking meals, for chrissake.)
So why hassle someone who provided an overall benefit for many of us by pointing out an alternate link? Because you disagreed with his turn of phrase? I just don't get it.
Personally, I look for gas milage, reliability and comfort, but each to their own....
Well, two outta three ain't bad; the gas mileage on virtually any twenty+ year old tank ain't what it is on today's 'crumple zone/safety cage' plastic cars.
However, I can attest to the comfort of my '84 daily driver.
Dunno - how old is your car? Mine will be old enough to legally drink next month, and would definitely be disabled by an EMP pulse.
Well, unless all that sheet metal acts as a Faraday cage for the fuel injection module et alia.;)
And as it happens, I have a GPS navigation system, as well as a lighting mod to turn my headlights on at night/in-the-rain and off during the day. (Wow, what a concept!) As well as a few other mods that make the car convenient _to me_, rather than to some designers idea of what I would find convenient.
Granted they are _FAR_ easier to work on. Often, however, they cost _more_ to fix, as the availability of parts dwindles. But they're also easier to save money on by fixing it yourself....
As any old phone phreaker knows, one can dial any (land) phone - even today - by clicking the receiver. To dial a three, for example, one clicks the receiver three times (within a second).
If you don't believe me, pick up your house phone and try it. This once was useful information, in the days of rotary phone locks, but now is just more useless trivia cluttering up my brain.;)
Actually, OGG seems to be catching on a bit more, at least at the hardware level. I've put several audio players up on our site which support OGG files in addition to MP3 and/or WMA and/or DRM files.
FINDING tracks in OGG format is still problematic, but perhaps that will change as more hardware supports them.
Great, another person who didn't bother to actually READ the post.
If I had mod points, *I* would mod the article in question down, as it has no relevance whatever to the parent.
I _certainly_ have no love of the/. editors, being among the thousands who have submitted rejected stories only to see them posted later (sometimes much later) by others.
However - get a life. If you hate this site that much, why read it???
Authorize.net (a fairly popular credit card gateway) is also an Internap client - I wonder how many sites (like ours) potentially lost revenue as a result of this outage.
But I believe you're missing the connection between the two. The huge amount of effort put forth by the IT industry would not have happened had the rising level of FUD not affected the PHBs. In that regard, the 'hoax' was entirely necessary.
Actually, I haven't. What information I have provided for/. registration was *my* decision, and is required only to *post* articles, not to *read* them.
If you can't see the difference, then I can't help you.....
Well, frankly, it doesn't seem like it would be that hard to figure out how to dummy the PIN entry on the front end if one had the physical device in hand.
Then again, with the SecurID card, it's even easier.;)
The only real problem I see is the 'if done right' part. Conceptually it's a better solution than SecurID (no surprise, the market does usually evolve). As far as actual USE goes, it seems a little less convenient.
(Note that I have successfully fought every effort to make me actually _carry_ a SecurID card, so that opinion is based mostly on anecdotal evidence. I *do* know that the SecurID cards *don't* always handle clock drift, despite the 'X previous key / Y future keys' settings on the server.)
Personally, I like the convenience of Firefox storing my passwords so I don't have to type them. If by some chance my firewall gets hacked, or my site gets burgled, it's easy enough to change/cancel them (unfortunately Linux doesn't really have any well-integrated file-system-based encryption, though I'm sure that will change).
Then too, who knows what encryption will look like in the world of quantum computing? The thought of having to carry a bunch of keychain devices to be able to access my accounts is annoying, at best. I don't WANT a bunch of crap clogging up my keyring. It's bad for the ignition switch on the car, and worse for the one on the bike....
Thanks for the link; I was actually not aware of even that much hacking done on those cards. It does seem a little limited, although I can envision some scenarios where it would be exploitable.
One point I wanted to add is that although SecureID may be well accepted in the IT world, it is _NOT_ that easy to roll-out. Or wasn't, the last time I had to play games in that world, anyway; it HAS been a while.
Note that I never claimed that it was the most *secure* solution, and yes, the lack of challenge/response does limit it's usefulness.
However, if I can reverse engineer the bank's device and discover the algorithm in use, it becomes worse than useless, in that instills a false sense of security.
Strong passwords are still less hassle, don't sacrifice much to security concerns (if never expressed in clear text), and just aren't that freaking hard to create. Pre-shared keys are even better, depending on how strong they are, and how they're distributed. And how well keys are guarded/revoked-if-stolen.;)
Interesting.... It sounds like it is a similar approach, in any event. The SecureID cards 'randomly' change values (every 60 seconds?); you just type in whatever is currently on the screen.
I can't help but wonder if your device has a battery-backup for the clock, or otherwise how could it be time-synched, if you can turn it off? A possibility that occurs to me is something along the lines of the salt used for many Unix password schemes. The password can be encoded any one of a finite number of ways, resulting in a different encrypted value each time, but all tied back to the original input.
This sounds like SecureID cards, which are time-synched to a master server which runs the same algorithm/seed. SecureID has a long history in the IT world, and works relatively well (and, as far as I know, no one has ever hacked the algorithm).
Sounds like your device just calculates a response based on two inputs; don't know why that wouldn't be just as easy in software. (You _can't_ turn a SecureID card off, so it can't get out of synch with the server, unlike software.)
Not to say that your device isn't secure - more reverse engineering would be required to determine that - but the two approaches *are* very different.
Yeah, I noticed a huge increase in dictionary attacks on one of my domains a few months ago.
On the other hand, the 'user unknown' log messages make a handy filter for identifying zombies. I'm up to over 1k 'access denied's - and down to one or two 'user unknowns' - on an average day.
My homebrew spam reporting scripts go to great length to find an authority for the IP which sent it to me. If they can't find one, or it is known to be non-responsive, the standard response is to add the IP to the mail access list.
Yeah, multiple VORs (with DME) would allow pretty accurate positioning, in most parts of the country and/or at high enough altitude. I've never seen such a receiver; sounds like a cool toy.
Although I'm not sure that 'arc' really describes the situation in a three-dimensional scenario. And I'm not sure you can locate more than 'the spot on the ground over which you currently are' (i.e. altitude) without a 4th source (at least without integrating the INS tracking data), although I'm too lazy to work it out, and could be wrong.
Hear, Hear. I took a H.S. Prob/Stats class (too many years ago to mention) where the teacher handed out TI stats calulcators to the entire class. (Funded on his own, I might add.)
And I believe I learned more / faster as a result. As one trivial example, it takes a LOT less time to understand the concept of "100!" than it does to compute it!
As he told us the first day of class, the calculator will NOT do your work for you; if you don't understand the concepts, you'll still fail, even with all those dedicated buttons.
I know there is still an on-going political battle over WAAS, LAAS and the like. It seems like the FAA has opposed WAAS for some time, and yet it is finally starting to spread. (Then again, what other agency can lay claim to still running tube-based computers?)
It will be especially interesting once we see approved implementations of the HITS heads-up technology, which I assume is all GPS-based - VORs aren't terribly useful for 3D spacial plotting.
Yeah, unfortunately it wasn't a right-of-way issue that caused at least one of the go arounds; just a lousy approach. And a personal heads-up that 6 hours in a unpressurized aircraft (TX-GA in a 182R) has more affect than I would have believed. A wake up call that, fortunately did NOT involve hitting the side runway lights, but it was a close run thing there for a while. (And you're correct that e.g. ballons have the ultimate right-of-way, being non-steerable.)
Helicopters - VERY expensive. And require reflexes which are effectively backwards from my motorcycle-riding ones (e.g. left-handed throttle). They look like a lot of fun, though, and I've enjoyed the couple trips I've taken as a passenger.
Slashdot Mirror
Not true - the only way for that information to have come into the possession of the bloggers was for someone to have committed a crime - stealing trade secrets.
The only way for that not to be true is if Apple itself had authorized the release, which clearly they did not.
A lot of people have complained about how many technologies get reported, and are never heard of again.
;). What I found most interesting was the reference to an agreement with Ovonics.
This is pretty ironic, given that most companies (FUD aside) will only talk about products to a) attract venture capital, or b) sell an actual product.
And any company which has burned all the v.c. without bringing anything to market is hardly to going to trumpet about it.
Whether this technology will be the next best thing or not is open to question (that's what makes the stock market work
The stock market may hate Stan and company, but their list of accomplishments is pretty impressive, including having the word 'ovonics' added to the english language.
Either way, the news is a useful harbringer of things to come. Even if *this* technology doesn't make it, something else will. Somone will ALWAYS have a better idea. This is just a watermark for where the so-called state-of-the-art currently floats.
If the system is hacked, they pay, not you.
;)
BZZZZZTTTTT! Thanks for playing, would you like to try again?
First of all, Visa doesn't pay for SQUAT. Chargebacks are funded by the merchants, who in most cases are forced to eat the fraud.
And even if that were NOT true, TAANSTAAFL. Regardless of who foots the bill for the losses, ultimately those costs are passed back to the consumer in the form of higher costs.
Trust me, I know. http://theboyz.biz/
It may come as a complete shock to some people here, but some companies have to make a living somehow.
That's a perfectly valid point, although somewhat of a non sequitor. There is no profit to be made in acquiring 'dummy' registrations, and damned little to be made in sending spam to those who got sucked in because they didn't know to lie outright.
If I like a site, I'll register there. If I just want to look at something on the site, and I HAVE to register, I'll use BS information and - if confirmation is required - a throwaway e-mail address.
Now, keeping all the phony information in the database can become a non-trivial expense, particularly if the site is using a database which doesn't scale well, and suddenly has to transform to something more capable. Ditto for sending spam and dealing with the resulting bounces.
Cleaning the database is decidedly non-trivial, and many companies make a good living just doing 3rd-party database scrubbing.
Clearly salon.com chose to publish the information in question. And clearly it is not to their benefit - in many ways - to require that you sign in at the front desk. (I sometimes do meals-on-wheels deliveries, and some of these buildings will drive you freaking nuts -- a very apt analogy for comparable sites. All I want to do is deliver some freaking meals, for chrissake.)
So why hassle someone who provided an overall benefit for many of us by pointing out an alternate link? Because you disagreed with his turn of phrase? I just don't get it.
Personally, I look for gas milage, reliability and comfort, but each to their own....
Well, two outta three ain't bad; the gas mileage on virtually any twenty+ year old tank ain't what it is on today's 'crumple zone/safety cage' plastic cars.
However, I can attest to the comfort of my '84 daily driver.
Dunno - how old is your car? Mine will be old enough to legally drink next month, and would definitely be disabled by an EMP pulse.
;)
Well, unless all that sheet metal acts as a Faraday cage for the fuel injection module et alia.
And as it happens, I have a GPS navigation system, as well as a lighting mod to turn my headlights on at night/in-the-rain and off during the day. (Wow, what a concept!) As well as a few other mods that make the car convenient _to me_, rather than to some designers idea of what I would find convenient.
Granted they are _FAR_ easier to work on. Often, however, they cost _more_ to fix, as the availability of parts dwindles. But they're also easier to save money on by fixing it yourself....
10 times per what? Only if you're dialing a zero.
;)
As any old phone phreaker knows, one can dial any (land) phone - even today - by clicking the receiver. To dial a three, for example, one clicks the receiver three times (within a second).
If you don't believe me, pick up your house phone and try it. This once was useful information, in the days of rotary phone locks, but now is just more useless trivia cluttering up my brain.
Actually, OGG seems to be catching on a bit more, at least at the hardware level. I've put several audio players up on our site which support OGG files in addition to MP3 and/or WMA and/or DRM files.
FINDING tracks in OGG format is still problematic, but perhaps that will change as more hardware supports them.
http://www.theboyz.biz/index.php?cPath=159_73_244
Great, another person who didn't bother to actually READ the post.
/. editors, being among the thousands who have submitted rejected stories only to see them posted later (sometimes much later) by others.
If I had mod points, *I* would mod the article in question down, as it has no relevance whatever to the parent.
I _certainly_ have no love of the
However - get a life. If you hate this site that much, why read it???
Authorize.net (a fairly popular credit card gateway) is also an Internap client - I wonder how many sites (like ours) potentially lost revenue as a result of this outage.
http://www.theboyz.biz/
But I believe you're missing the connection between the two. The huge amount of effort put forth by the IT industry would not have happened had the rising level of FUD not affected the PHBs. In that regard, the 'hoax' was entirely necessary.
Actually, I haven't. What information I have provided for /. registration was *my* decision, and is required only to *post* articles, not to *read* them.
If you can't see the difference, then I can't help you.....
Well, duh. Because most of us don't WANT to have to contribute our DNA just to read the freaking article.
Well, frankly, it doesn't seem like it would be that hard to figure out how to dummy the PIN entry on the front end if one had the physical device in hand.
;)
Then again, with the SecurID card, it's even easier.
The only real problem I see is the 'if done right' part. Conceptually it's a better solution than SecurID (no surprise, the market does usually evolve). As far as actual USE goes, it seems a little less convenient.
(Note that I have successfully fought every effort to make me actually _carry_ a SecurID card, so that opinion is based mostly on anecdotal evidence. I *do* know that the SecurID cards *don't* always handle clock drift, despite the 'X previous key / Y future keys' settings on the server.)
Personally, I like the convenience of Firefox storing my passwords so I don't have to type them. If by some chance my firewall gets hacked, or my site gets burgled, it's easy enough to change/cancel them (unfortunately Linux doesn't really have any well-integrated file-system-based encryption, though I'm sure that will change).
Then too, who knows what encryption will look like in the world of quantum computing? The thought of having to carry a bunch of keychain devices to be able to access my accounts is annoying, at best. I don't WANT a bunch of crap clogging up my keyring. It's bad for the ignition switch on the car, and worse for the one on the bike....
Thanks for the link; I was actually not aware of even that much hacking done on those cards. It does seem a little limited, although I can envision some scenarios where it would be exploitable.
One point I wanted to add is that although SecureID may be well accepted in the IT world, it is _NOT_ that easy to roll-out. Or wasn't, the last time I had to play games in that world, anyway; it HAS been a while.
;)
Note that I never claimed that it was the most *secure* solution, and yes, the lack of challenge/response does limit it's usefulness.
However, if I can reverse engineer the bank's device and discover the algorithm in use, it becomes worse than useless, in that instills a false sense of security.
Strong passwords are still less hassle, don't sacrifice much to security concerns (if never expressed in clear text), and just aren't that freaking hard to create. Pre-shared keys are even better, depending on how strong they are, and how they're distributed. And how well keys are guarded/revoked-if-stolen.
Interesting.... It sounds like it is a similar approach, in any event. The SecureID cards 'randomly' change values (every 60 seconds?); you just type in whatever is currently on the screen.
I can't help but wonder if your device has a battery-backup for the clock, or otherwise how could it be time-synched, if you can turn it off? A possibility that occurs to me is something along the lines of the salt used for many Unix password schemes. The password can be encoded any one of a finite number of ways, resulting in a different encrypted value each time, but all tied back to the original input.
This sounds like SecureID cards, which are time-synched to a master server which runs the same algorithm/seed. SecureID has a long history in the IT world, and works relatively well (and, as far as I know, no one has ever hacked the algorithm).
Sounds like your device just calculates a response based on two inputs; don't know why that wouldn't be just as easy in software. (You _can't_ turn a SecureID card off, so it can't get out of synch with the server, unlike software.)
Not to say that your device isn't secure - more reverse engineering would be required to determine that - but the two approaches *are* very different.
Yes, Cirrus does use the BRS chute, and has been for many years. They claim to be be working for TSO approval on other light singles.
/. news?
But how is any of this front page
Unfortunately, it appears that the gutting of the Constitution is well underway, and accelerating every day.
Privacy issues aside.
Yeah, I noticed a huge increase in dictionary attacks on one of my domains a few months ago.
On the other hand, the 'user unknown' log messages make a handy filter for identifying zombies. I'm up to over 1k 'access denied's - and down to one or two 'user unknowns' - on an average day.
My homebrew spam reporting scripts go to great length to find an authority for the IP which sent it to me. If they can't find one, or it is known to be non-responsive, the standard response is to add the IP to the mail access list.
Unsubscribe? I don't even read the d*mn things.
Yeah, multiple VORs (with DME) would allow pretty accurate positioning, in most parts of the country and/or at high enough altitude. I've never seen such a receiver; sounds like a cool toy.
Although I'm not sure that 'arc' really describes the situation in a three-dimensional scenario. And I'm not sure you can locate more than 'the spot on the ground over which you currently are' (i.e. altitude) without a 4th source (at least without integrating the INS tracking data), although I'm too lazy to work it out, and could be wrong.
Hear, Hear. I took a H.S. Prob/Stats class (too many years ago to mention) where the teacher handed out TI stats calulcators to the entire class. (Funded on his own, I might add.)
And I believe I learned more / faster as a result. As one trivial example, it takes a LOT less time to understand the concept of "100!" than it does to compute it!
As he told us the first day of class, the calculator will NOT do your work for you; if you don't understand the concepts, you'll still fail, even with all those dedicated buttons.
http://www.theboyz.biz/Hardware, software, electronics and more!
I know there is still an on-going political battle over WAAS, LAAS and the like. It seems like the FAA has opposed WAAS for some time, and yet it is finally starting to spread. (Then again, what other agency can lay claim to still running tube-based computers?)
It will be especially interesting once we see approved implementations of the HITS heads-up technology, which I assume is all GPS-based - VORs aren't terribly useful for 3D spacial plotting.
Yeah, unfortunately it wasn't a right-of-way issue that caused at least one of the go arounds; just a lousy approach. And a personal heads-up that 6 hours in a unpressurized aircraft (TX-GA in a 182R) has more affect than I would have believed. A wake up call that, fortunately did NOT involve hitting the side runway lights, but it was a close run thing there for a while. (And you're correct that e.g. ballons have the ultimate right-of-way, being non-steerable.)
Helicopters - VERY expensive. And require reflexes which are effectively backwards from my motorcycle-riding ones (e.g. left-handed throttle). They look like a lot of fun, though, and I've enjoyed the couple trips I've taken as a passenger.