>>Does FB collect data on you
YES. Even when you're not actively using the website. It will create "pre-profiles" based on e-mail addresses people put in the "look for friends" function, so that when you create an account it can instantly suggest "friends". If you have an account, and a friend tags you in a photo they uploaded, how is that not collecting data on *you*?
>>your searches
It's slightly unclear, but it seems that does collect data on what you put into the FB "search bar" at the top of the page as part of their "Realtime Activities" data.
>>and what you're reading outside of FB?
Facebook connect? Likes? Facebook comment sections? If the EU is arguing that Google is "misleading customers" by unifying the data users submitted through Blogger, Youtube, Google Search and Gmail, the isn't FB similarly "misleading customers" by unifying the data users submitted through websites such as Engadget, Techcrunch or the Wall Street Journal? What's the distinguishing criteria for this decision?
>> if you opened up a browser and did a search for "Toni Collette in pink panties" on Google or Bing, would FB be able to put it into a data base and link 'Escogido' with 'Toni Collette' and 'pink panties'?
Straw man. Just switch Google and FB to see that's obviously not why the EU is investigating Google.
Ignorantia juris non excusat (or for our civil law country friends : nemo censetur ignorare legem).
So the state/EU/politicians are saying that they need to protect me from wilfully giving my information in exchange for a service, on that basis that I'm "ignorant"... And at the same time they believe I'm perfectly knowledgeable of every facet of law?
... When I first saw the article, I searched for "Alfaques camping" (camping is the spanish word for campsite, as well as quite a few other languages) on a "pure" Firefox install that I *only* use for compatibility (always in Incognito mode). The business' website was the first answer, and on the right hand side there was a map and five/six pictures of the campsite as it is *today*. I'm in France, so perhaps that affected the search, but my experience is quite simply the opposite of yours.
Sure the pictures of the accident, including photos of what seem to be charred corpses are also "above the fold" (I can't remember if they were 2nd or if they were 3rd and the wiki article about the disaster was 2nd). But given that it's the most important thing that has happened to the campsite ever, I'm not surprised. Hell, it even got a film 9 years ago.
*You* might want "slashdut", *I* am fine with Google suggesting answers for "slashdot" and offering me the option to cancel the correction. If Google didn't go beyond the very limited input you provide it, most searches would be tedious and unproductive. If you type in Tchernobyl, should Google not serve up a single result that mentions the nuclear plant nor nuclear disaster? I mean, after all, you're implying that if I *wanted* to know about the Tchernobyl disaster, I'd have appended "nuclear plant meltdown and graphite fire" to my initial search. The only results should be "current" or "up-to-date"... So what exactly should Google return for my initial search? The weather, a few websites that offer visits of the exclusion zone, perhaps the relevant tourist information bureau, the wikipedia article for the town... And that's it? What about articles in newspapers talking about the effects of the nuclear plant disaster? What about blog posts people made of visiting Tchernobyl where they talk extensively about the disaster?
I find the campsite's complaint understandable, but not valid. Sure, they don't want potential customers to be put off by the graphic images they are likely to see when searching for the campsite on Google. But that does not make it valid, even if they had nothing to do with the disaster. They had the opportunity in 1978 (or since) of suing the newspapers for calling the accident "El accidente del camping de Los Alfaques", something they declined to do. They were compensated by the transport company following court orders, and I assume part of that compensation was for brand/reputation damage. They are now asking for materials of public record to be made harder to find in order to facilitate their business. Effectively, this is asking the courts to be compensated a second time for the same event. In 1983, the courts decided that the campsite was the victim and that their business had been damaged, and awarded them compensation for lost business/brand value. Today, the campsite wants the courts to force other businesses to change how they operate to accommodate them. Understandable, but not valid.
Wikipedia's article and the photos in no way obstruct the view of the campsite's web-site. Yes, they are also present, but they are not limiting the view to people making absurdly precise search (which would be the equivalent of people being "not one door away"). If one searches for "Alfaquez", the campsite is still amongst the top views (1st for me, even in a "clean" copy of Firefox in incognito mode, despite Firefox not being my primary browser). Google isn't putting anything "on [their] lawn", as their website & metadata are completely clean. I even get a map and photos of the campsite today on the right hand side of the results if I search for "camping alfaquez". If anything, Google is doing the appropriate thing and giving me data that benefits the campsite, at no cost to them.
I can't really see the validity of the analogy between signs. The "biggest sign" (1st result) is still the campsite's. They're just pissed off that a smaller sign to the side, one that people can't help but see when they look at the set of signs, is of something unpleasant. Regarding the analogy I made, you've just shown that it was completely absurd to suggest that w77 could force me to "hide" my business. Sure, if I'm not in compliance with building code, etc. then the urban authority can take me to task. But as an individual business, unless w77 can prove I'm doing something illegal, there is nothing preventing me from setting up a business that sells photos of my kid's murder. Exclusively. Even if I lose money each year.
This is an interesting discussion, but I quite simply can't see how one can give free reign to a company to erase history, even when it's not their fault. Alfacs camping got paid money by the transport company. Perhaps they should have sued the Spanish newspapers for calling the disaster after the campsite? Perhaps they should change their name? Simply put, asking for history to be hidden isn't something I'm in favour of. If the ruling is that Google has to remove all references to the Alfaques disaster for the search queries "Alfaques", "camping alfaques", "alfacs", "holiday alfaques", and whatever other variations the campsite owners can imagine, then that's a great cost for society to bear. If someone wishes to know something about the disaster, they then have much more limited access to this information. Whilst I am aware of the slippery slope fallacy, it seems in a certain respect valid here. This campsite can claim that the disaster wasn't caused by them, that the search queries for people looking for the disaster can easily include "leak", "explosion", "disaster", etc. and that the burden is on the person looking for the information to make it clear they're looking for the disaster rather than a holiday. But what about cases where responsibility is harder to determine? What about cases that aren't 30 years old, but 20, 10 or 5? What about cases where the qualifiers required by the person looking for negative information become too few and too uncommon for someone who doesn't know about the event to be able to access it?
If I set up my business across the street from the site of the accident, I'm effectively doing the "defamation" you're claiming in person. If someone comes to his business, they have to see my memorial. They can still go to his business, just like they can still click through on the Google search page. I'm not talking about using their brand, but just using the fact that customers are likely to see my memorial and the facts I present if they wish to engage in business with webnut77. For all intents and purposes, I can genuinely not give a damn about webnut77's business (I just happened to be able to buy the place across the street to build my memorial), its location means webnut77's potential customers will see the facts I present. Should he be entitled to shut down my memorial (or have me build a "shop front" that hides the memorial from view in the street) because the facts I present might make some customers feel uneasy and therefore not patronise his business?
So if my child was the one killed in front of webnut77's business, you'd argue that I cannot purchase the store across the road and set up a museum/mausoleum dedicated to my child, with a large banner in the window saying "across the road from here, in front of webnut77's business, my child was brutally stabbed to death"? Can I petition the city to replace a piece of pavement with a plaque honouring my child's death? If I create an association aimed at preventing child murder, can I name it the address designated by the law as my child's place of death? If I maintain a website that has material dedicated to my child's murder, do I have to be "prevented" from being on the first page of Google's results unless there's the word "murder" or a variant thereof in the query?
It's not defamation to point out facts. The campsite is very unlucky that the name that caught on for the accident was that of the campsite. Perhaps they should have sued the media back then to get them to call it the "N-340 km159" disaster. The fact remains that 217 people died and 200 others were severely burnt, most of which were residing in that campsite. Asking for that to be "forgotten" is IMO ridiculous and extremely dangerous, since it opens up the door to whitewashing history. "That food poisoning accident we had a few years ago because of unsanitary practices? Don't worry about it, we've changed ownership." "That boat that capsized in Italy? That was a whole month ago! Google's insistence on bringing it up in searches about us is damaging our business."
So the best option is Lotus Notes, blocking Facebook and Gmail, as well as not allowing for Skype and Live Messenger installs?
I turned down a job with a big IT consulting company exactly because of that line of thought. I'm under-25, I had a very good first contract with them, but there was no way I was going to dick around losing ages each day because the company's IT system was so locked-down nobody really used it. 20Mb e-mail storage on server? My job involved collaborating on client presentations and analysis... receiving 4-5 10Mb reports in a day wasn't something rare, so I had to check pretty much constantly that I had transferred all my e-mails to local storage. Rather than enhancing my productivity, Lotus Notes completely threw my habits (I usually use Gmail, so tags, extensions and search are how I usually keep track of things) and I realised very quickly that few people in the company used anything else than the e-mail client -- I tried the integrated instant communication tool Sametime, there were not even 20 people in the entire company online, out of over 8000. Conference calls had to be placed through the company's Cisco system, which was good, except when something went wrong, and then nobody (not even the IT people) knew how to trouble-shoot it. "Just send an e-mail to Cisco explaining your problem, and in the meanwhile, use a colleague's ident to log in".
The IT department certainly had very good reasons for limiting access to some tools and resources (SOX, etc.), but it reached a point where combined with a corporate culture that generally rejected "not developed here" solutions, it meant that the tools we were using required various passwords -- no two tools could use the same login-pw combo, and each one had to be changed every two weeks, and couldn't be the same as any of the last 4 pws; so naturally either people were writing down their passwords, or they were forgetting them every few weeks and going through IT to get them re-set -- didn't really do anything, and worst of all, weren't used. Working with 5 other people on a customer document didn't involve having a central place to "dump" related documents, have a visible chat with other team members about the project, and keep the latest version of the document. On the contrary, it involved massive 6-way e-mail chains, where you had to dig through the entire archive you stored locally to find the related documents that had been sent, and the client document always had 3 or 4 "current" versions, as at one point or another, several people were working on local copies based on the version in different e-mails.
I didn't mind too much that I couldn't use my phone. I can get over that. But when the main tool I'm supposed to be using is crippled, it doesn't make me want to come to work each morning, no matter how interesting the job is in itself.
P.S. Before the job in question, I interned in a Chinese company where the "official" internal communications program was QQ. Main advantage? Everyone was always on it.
"Better yet, rather than testing the student with the question and just getting a boolean pass/fail - the teacher should ask the pupil around their thought processes when they look at the problem - "talk me through it". "
This is actually -partly- how it is done in France. During mandatory education, there are no standardized tests with multiple choice answers, and calculators were (I don't know if it's still the case) generally not allowed. Most tests consisted of 10 to 20 questions, of which a quarter or a third were obvious direct applications of what had been learnt "(47*75)/25=?", then most of the remaining part of the test involved putting these numbers in situation "Jane has 47 cows..." where the student had to determine what signs to use, as well as what information provided was relevant to solving the question. The last part of the test would be slightly more complex, asking students to build upon what they know and show understanding of more general rules "Jane wishes to know how many cows she should sell in order to make the most money...".
Each questions is not to be answered merely by a number, but the method of solving should be provided to the corrector/teacher. This can involve writing what the student is doing in mathematical notation or in plain writing. Part of the "credit" is for showing understanding of the method, although this is often only the case for the intermediary and advanced questions, whilst the basic questions are boolean right/wrong. This means that the teacher can point out where in the reasoning the student made a mistake, and judge if it was inattention or a mistake in understanding the question rather than in the actual mathematical process (i.e. a student who at one point mis-copies a 8 as a 9 can still be awarded full credit if the method used is correct, and had the copying error not occured, the correct answer provided).
However, I don't know if this has increased mathematical literacy in French youth compared to other countries.
For the first example, I did it in a similar manner : 47 is close to 50, and 75 is 3/4 of 100. 50 times 100 is 5000, three quarters of 5000 is 3750 (trivial because 4*1000+4*250 = 4000+1000), and since your dividing by more than 4, it can't be anything but the smallest answer. It's not as elegant, but if I'd re-written it in proper notation (with the divisor underneath), I'd have done it like you did. Again, how a question is written changes how you answer it.
I'm still flummoxed at how the person in the article has a friend who has two Master's degrees, is going towards a doctorate, and can't do basic maths like this... with a calculator.
Pretty sure the Groupon sales rep didn't, and even discouraged her from taking up that option saying that if the deal was limited to too few customers they wouldn't run it.
Sadly, Groupon doesn't care about the businesses that run the deals. As they continue to burn through their goodwill, promising "exposure" to a "new audience" that never translates into long-term sales increases, they'll eventually find it harder to con businesses into stupid deals. About that time, their stock will tank and they'll go bankrupt, exposing them for the Ponzi scheme they are.
Sadly, I believe he'd have probably have been turned in, since Sulzberger Jr. doesn't pack it like daddy did.
I wonder if all the people that call for Manning to wallow in prison believe that systematic and massive overclassification is conducive to proper democratic process in this country, and if they therefore believe that Ellsberg should share his shackles.
I was thinking about things more insidiously... Open the inlets to maximum, get the generator running as fast as it'll go, and then tell the transform equipment to shut down, stuff like that. Chances are, you could break the turbine and/or start a fire in the powerhouse. If the turbine breaks and blocks the water flow below the inlet, water will push the generator "out" into the powerhouse, changing the pressures the dam has to support. You could probably exacerbate problems by pushing other internal systems to their limits or stopping them (ventilation, repeated opening and closing of discharge valves...). If the reservoirs are already nearly full, then it might be "sufficient" to break small upstream dams in order to overflow major dams slightly downstream, despite their emergency spillways*.
Thank God things like dams are designed to be passively safe, but sadly, that doesn't mean they'll be safe if someone gains control over them, even if this control is only computerized.
*For instance : The Green River is dammed just south of La Barge, Wyoming by the Fontenelle Dam, which is an earth-filled dam built between '61 and '64. The Fontenelle Reservoir can hold up to a little over 0.4 cubic km of water. Downstream on the Green River is the Flaming Gorge Dam, with a reservoir that can hold also a little over 4,5 cubic km. Downstream, the Green River joins the Colorado River, which is dammed by the Hoover Dam. Lake Mead's capacity is just over 35 cubic km, 12 of which are in permanent use as inactive storage. Say all the reservoirs are above 85% full (not counting inactive storage). Fontenelle Dam suffers catastrophic failure (for whatever reason). That's about 0,35 cubic km that are going to hit the Flaming Gorge Reservoir and make it overflow much faster than the 820 cubic metre/second spillway will cope with. Chances are, the Flaming Gorge Dam will also suffer catastrophic failure. So now you've got roughly 4,5 cubic km heading the way of Lake Mead, collecting debris along the way. As the water enters the lake, it's going to put high pressure on the Hoover Dam, which could cause structural integrity to be compromised. If the Hoover Dam holds strong as Lake Mead fills up at an outrageous pace, it's still got to put 4,5 cubic km in where it already has at least 31,5 cubic km in it... That's going to put it above maximum capacity, and even with 11,000 cubic metre/second spillways it's unlikely the dam won't overflow massively, possibly causing huge erosion at the base of the dam and... You guessed it. I'm not a hydrological engineer, nor a specialist of dams, so it's very possible someone who knows more about the specifics will be able to point out elements I have missed that would stop a "cascade" event like this even without co-ordination on behalf of downstream dams. Thing is, I just can't shrug the idea that there is - something - hostile people with enough knowledge to take control of a large number of dams in a remote manner would be able to do with that control that could cause massive damage.
Whilst it wouldn't inform everyone, in the first two cases the emergency message could be sufficiently precise to give precise indications as to the procedure to follow. Even for the cases where information needs to vary depending on the local information, it would still be useful.
For instance, in the case of massive loss of control over dams there would be an immediate need to start electricity rationing. On a nation-wide basis. Hydro electricity represents 10% of total US electricity production, and it's not sure that the capacity is there to produce enough electricity for peak demand without hydro. Even if the emergency alert system only reaches 40% of all people, and only 60% of them reduce their current demand by 30% (people turning off the A/C, stopping dishwashers/washing machines, turning off stand-by electric appliances...), that's probably enough for immediate demand to be managed with the loss of hydro, without causing too many blackouts. The emergency message could likely also be used to mobilize people to help with evacuation and flooding, by reaching massive numbers of IRR and US National Guard members, even those for whom contact information was erroneous, and asking them to report to their base for active duty. For communities that know they are susceptible to flooding or those that live a short distance downstream from a large dam the emergency message alone wouldn't have information regarding evacuation, but it could encourage people who are dependant or don't have means of transportation to prepare for evacuation (assemble medicine, one 20lb bag of clothes, etc. and make your presence as well as your condition known to evacuation teams).
Of course, the initial nation-wide emergency alert would need to be followed by state-wide emergency alerts within seconds, so as to provide more detailed information on how the evacuation will proceed, and even then, it'd need to be completed by a method of county or even city/town-wide evacuation warnings so each town can be given precise information about how to prepare and evacuate, how to contact the authorities without overwhelming them, and so forth.
But I do think that the nation-wide alert system does have a use. To use the same example again, if at 1200h it's observed that all control over a large number of dams in the USA has been lost, the information about reducing electricity consumption, risk of widespread flooding and evacuation is "available" at 1203h. How long will it be until the specifics for which branch of the military will assist in evacuating which area, evacuating to where, how water will be distributed, food rationing and so forth are laid out? I'm pretty sure just to compile the several thousand evacuation plans that exist (supposing every at-risk town has a realistic and up-to-date evacuation plan) and assigning responsibility for overseeing each one will take at the very least until 1230h. So what to do in the mean time? Get each state to launch a plea to limit electricity consumption? Get the phones working at National Guard of the US call centre? If the president takes 5 minutes to lay down the specifics of the situation from 1210h to 1215h, those minutes each increase the chance of electricity consumption being managed and avoiding massive network failure that would worsen the situation, by slowing down information spread. They also make pretty much every member of the federal military reserve aware of the problem before 1230h, since it would be major news and chances are overwhelming either a family member, a co-worker or another member in the reserves would be in touch with reservists that didn't hear/see the nationwide emergency alert. By the times the states get their alerts going with evacuation plans it could be 1245h, and as late as 1300h by the time the last area/town/county has necessary evacuation information. That's a whole hour. In a situation where there is impending catastrophic failure, that's a long time. If the states also had to give information about rationing, reserve call-up was slower, and info
Let's say that for X reason, all control over pumping and emptying mechanisms had been lost for 6,000 of the 8,100 "major dams" in the USA, with as a result the real risk of flooding due to catastrophic failure on all 6,000 concerned dams.
Instantly, people around the country would experience electricity problems, and electric rationing would likely need to be established. Second, flooding would be a major risk to more than just a few thousand people across the country. Towns like New Orleans would need to be prepared for immediate evacuation, and others like Havasu Lake City would need to be evacuated immediately, meaning the number of evacuees could be in the millions or tens of millions. Third, water supply and irrigation would be put on a very short countdown until water rationing would be necessary, as well as food rationing with the prospect of huge crop losses. If flooding happened, it could flood parts of the great plains and cause shortages in basic foodstuffs like wheat and corn, as well as massively increasing the risk of diseases spreading in their wake, with decaying wildlife and putrefying flora.
I'm sure there are other consequences I am unaware of or simply didn't consider, but I do think that the risk of imminent catastrophic failure to a large number of major dams would be an emergency that would effect the entire country.
- Terrorists have managed to place a highly toxic substance (cyanide, sarin gas, anthrax...) in common household goods that have been distributed across the country.
- Hackers have gained control of the entire network of computers that control prison facilities/judiciary records, and as a result an immense number of prisoners have escaped.
- Widespread failure of dam control systems that risk flooding large parts of the country.
I'm pretty sure there are other cases, but hell, if I can think of three in a few minutes, I'm sure people who spend their waking hours dreaming of destroying the USA and all it stands for can think of emergencies that would effect the entire country.
He told Apple about the flaw on the 14th of October, please dis-engage reality distortion field.
To prove his point, he wrote & submitted an application to the App Store that was approved.
Why should he tell Apple his app is abusing this flaw? Shouldn't Apple be creating a tool/procedure to block the flaw or detect it during the vetting process (to which all apps will have to retroactively be submitted)?
Voluntarily pulling his app from the App Store wouldn't have done any good. The risk exists, and it's not by telling people to not look that it'll go away. He wrote InstaStock AFTER the 14th of October, when he had already detailed a proof-of-concept and sent it to Apple. Chances are just as good that he wasn't the first person to think of this flaw, and that there are already apps out there that abuse this vulnerability.
The onus is on people like Charlie Miller to -prove- the flaws they say exist in IT software or configurations. To do that they need to show there is a real risk to customers/users, and share the information with the company that produces the IT solution first, and later if the company does not resolve the issue, with the wider population of users so they can be aware of the risk and take whatever measures they deem necessary to counter the threat. Otherwise, what accountability does a company have to solve flaws that have been disclosed to them? Oh yes, none. Nobody will know, nobody will tell, so it doesn't exist might work in your world, but that's not the real world.
Apple should have/be scrambling to find a way to identify this vulnerability in apps that have already been approved, and be able to remove them from the App Store and remotely delete them from users' iPhones & iPads. Being able to identify InstaStock as rogue would have shown progress in that regard. Another solution would have been to close the exception on how code is signed, and thus render InstaStock & other rogue applications' use of this vulnerability null.
Apple only knew about InstaStock because Charlie Miller showed it to Forbes as part of an interview regarding this vulnerability. Telling him to remove it now that the app's name is widely known means they believe he is a security risk to iPhone/iPad users out there... But if he was, he wouldn't have told Apple about the vulnerability in the first place, would he? Banning him from the App Dev Program increases the chance that future vulnerabilities will be discovered/exploited by people who will not disclose them to Apple, and thus directly increases the security and privacy risk taken by all App Store customers/users.
Apple might be well within their rights to remove him and his app from their view. But that's only as good as a restaurant chain refusing entry to a customer because he identified a health risk (contaminated goods) and highlighted it by selling them food that has been laced with food colouring, then giving an interview showing the coloured food being served. Sure, banning the guy from entering the stores/talking to people in the company means he's not going to sell them coloured food again. But it also means there's one whistle-blower less looking out for that company's clients' health, and increases the risk that the next "problem" isn't just food colouring, but anthrax, salmonella or streptococcus.
For 3. you could add a "TradeRank" : Each person* on the market receives "points" for each trade they make for successive 24 hours of trading. When the trades are listed, they are broken up into "groups" that represent 10% on both the buying and selling side. Added to the ranking by price (and time if there are "joint" bits) you'll have an order in which the buys and sells are chosen. The "lowest" 10% of the buyers go first, each in order securing the lowest price from all sellers. Then the "lowest" 10% of the sellers go, and secure in order the highest price from all remaining buyers. And so forth. Once there are no more buyers or sellers, all other trades remain uncompleted, and the person does not receive any "points" for it.
Quick example : 20 buyers (A to T) and 10 sellers (0 to 9). Buyers E, F, N, O and P have 70 "points", whilst sellers 2, 5 and 6 have 80 "points". All other buyers and sellers have 100 "points". Since bids were received in alphabetical/numerical order, E and F are the "lowest 10%" buyers, followed by N and O in the second group of buyers, with P being in the third group with B, in the same way, 2 and 5 are the "lowest 10%" sellers, etc.
E goes first, and bid 2.30$. So he "makes" the buy from 1 who was selling for 1.80$. E is debited 1.80$+fees, 1 receives 1.80$. Then F who bid 2.50$ buys from 6 who was selling for 1.83$. Since the "lowest 10%" of buyers has finished, the "lowest 10%" of sellers are next. 2 bid 1.97$, and "secures" the sale from A (2.76$), whilst 5 (1.85$) sells to T (2.66$)... And so forth.
This system gives the advantage to people who make limited moves, and means that "low-frequency" traders will get higher sales/lower buying prices for their shares than "high-frequency" traders.
*I'm not entirely clear with myself what a "person" on the market is... An individual trader? An account/company? Another definition? IDK.
First, he -did- notify Apple on Oct. 14th. He gave them all the technical details, the "proof" and so forth of the vulnerability. Now, whilst he's a famous white hat Apple hacker, it's still reasonable to believe that he is not the first person to identify or exploit this vulnerability (black hat hackers just don't talk about when they've got exploits). He gave the interview on the 7th of November, with no technical information divulged as to how to exploit the vulnerability, but demonstrating its existance to the greater public. On the 8th he's BANNED from the App Store.
Now, how long should he have held his tongue? Apparently, 3 weeks isn't enough. Given that the technical side would only be shown on the 14th of November, probably 1 month isn't enough. How about 2 months? 3 months? 6 months? However long it takes Apple to solve the problem? What if Apple never solve it? Should he just "take one for the team" and shut up?
It's completely illogical to believe that only Charlie Miller can and will ever find this vulnerability. There could be hundreds of apps by a rogue developer out there that do the same thing. Except they don't talk about it, so they're OK? The onus cannot be on security researchers to stay quiet until the company solves the vulnerability. Sure, it's bad form for the researcher to divulge information to the public before the company has the information, but divulging the information is CMiller's bargaining chip. If he's going to shut up forever unless Apple solve it, what incentive do Apple have to close the vuln? Chances are if someone else finds out about it, they'll just use it to make rogue apps & sell the information gleaned. Much more fiscally rewarding than an interview with Forbes/WSJ/???
Booting Charlie Miller out of the game is also a completely retarded move. Making it harder for him to find vulnerabilities doesn't mean they'll dissappear. It just increases the chance that they'll be found by someone else, and that means greater risk of the "discoverer" being a black hat who won't tell Apple about it, and just abuse it.
Although this might fall under "cultural drift", if I say to my phone (FRA) : "A quoi ressemble aujourd'hui?" (What does today look like?), I'd be expecting the weather forecast. If I wanted my appointments I'd say "A quoi ressemble ma journée?" (What does my day look like?). And that's only because I'm from Paris. If I were from south France, for instance Marseille, it's more likely that "C'est comment aujourd'hui?" (What is it like today?) would be asking for the weather, and "A quoi je m'attends aujourd'hui?" (What am I expecting today?) is for appointments... Were I from north France, local idioms are different again!
I don't know how Siri works in French, but however it works, there will need to be a period of localization/user learning. To the same question "Ou est-ce que je peux acheter les meilleurs chocolatines près d'ici?" (Where can I buy the best "chocolatines" around here?) Siri will need to learn that in south France, a "chocolatine" is a basic pastry that any good baker will sell, a pain au chocolat, whilst in north France, it's a type of large cake...
I can see AI personal assistants being a "big thing" as they integrate deeper with various functions, but right now, I can't see many features Siri brings that aren't better served by widgets or a simple voice search. However, I do see it leading to many obnoxious "Look-at-me" people talking to their phone all day long.
Or would walk around the store with the phone at their ear, talking to it, whilst actually recording/taking photos at a regular interval.
If higher quality was required, social engineering : "Hi, I've been sent by HQ/Regional Management/Markeing & Sales Advisory/OHSA to check that you're following best-in-class store organization principles. Please sign here to notify that you were present when I made this visit, thank you, and now I'll go around and fill out my checklist. I'll need to take some photos too. Thanks".
If Google "indoor" images are as precise and updated as frequently as Google streetview images, neither of those will be a concern. The abseiling, chute-dropping, motion detection-avoiding criminals will be a good 20 feet away from where they thought they'd be, and the trip & fall lawyer will be readying a case about some feature that was changed 9 months ago.
I think you might have some mis-understanding about what "worse than ever" means. Life expectancy rose from 35 to 40 in England between 1781 and 1851. That's a 15% increase, which is as fast a rise as between the end of WW2 and today in the USA. Pretty much anybody who has studied the period agrees that between 1820 and 1850 there was massive growth in quality of life, with real wages (purchasing power) doubling in as little as 32 years.
All this despite massive population boom : the population of England doubled between 1801 and 1851, as well as massive emigration to Canada, the USA, Australia and South Africa (oh, and a few little things called the Napoleonic Wars, colonial conquest wars, the Opium war, and of course the war of 1812...).
Living conditions didn't rise to great heights, but they were rising. We look at the living conditions in cities of the early years of the 19th century with the eyes of people with central heating, convenience stores, electricity and running water, amongst other amenities. They looked at them with the eyes of people who lived in a time when famine was pretty much a yearly bullet to dodge, how much pitch and dung could be burnt to keep warm and cook the main concern in day-to-day life, and all the other joys of living in the countryside at the end of the 18th century.
Slashdot Mirror
>>Does FB collect data on you
YES. Even when you're not actively using the website. It will create "pre-profiles" based on e-mail addresses people put in the "look for friends" function, so that when you create an account it can instantly suggest "friends". If you have an account, and a friend tags you in a photo they uploaded, how is that not collecting data on *you*?
>>your searches
It's slightly unclear, but it seems that does collect data on what you put into the FB "search bar" at the top of the page as part of their "Realtime Activities" data.
>>and what you're reading outside of FB?
Facebook connect? Likes? Facebook comment sections? If the EU is arguing that Google is "misleading customers" by unifying the data users submitted through Blogger, Youtube, Google Search and Gmail, the isn't FB similarly "misleading customers" by unifying the data users submitted through websites such as Engadget, Techcrunch or the Wall Street Journal? What's the distinguishing criteria for this decision?
>> if you opened up a browser and did a search for "Toni Collette in pink panties" on Google or Bing, would FB be able to put it into a data base and link 'Escogido' with 'Toni Collette' and 'pink panties'?
Straw man. Just switch Google and FB to see that's obviously not why the EU is investigating Google.
Ignorantia juris non excusat (or for our civil law country friends : nemo censetur ignorare legem).
So the state/EU/politicians are saying that they need to protect me from wilfully giving my information in exchange for a service, on that basis that I'm "ignorant"... And at the same time they believe I'm perfectly knowledgeable of every facet of law?
... When I first saw the article, I searched for "Alfaques camping" (camping is the spanish word for campsite, as well as quite a few other languages) on a "pure" Firefox install that I *only* use for compatibility (always in Incognito mode). The business' website was the first answer, and on the right hand side there was a map and five/six pictures of the campsite as it is *today*. I'm in France, so perhaps that affected the search, but my experience is quite simply the opposite of yours.
Sure the pictures of the accident, including photos of what seem to be charred corpses are also "above the fold" (I can't remember if they were 2nd or if they were 3rd and the wiki article about the disaster was 2nd). But given that it's the most important thing that has happened to the campsite ever, I'm not surprised. Hell, it even got a film 9 years ago.
*You* might want "slashdut", *I* am fine with Google suggesting answers for "slashdot" and offering me the option to cancel the correction. If Google didn't go beyond the very limited input you provide it, most searches would be tedious and unproductive. If you type in Tchernobyl, should Google not serve up a single result that mentions the nuclear plant nor nuclear disaster? I mean, after all, you're implying that if I *wanted* to know about the Tchernobyl disaster, I'd have appended "nuclear plant meltdown and graphite fire" to my initial search. The only results should be "current" or "up-to-date"... So what exactly should Google return for my initial search? The weather, a few websites that offer visits of the exclusion zone, perhaps the relevant tourist information bureau, the wikipedia article for the town... And that's it? What about articles in newspapers talking about the effects of the nuclear plant disaster? What about blog posts people made of visiting Tchernobyl where they talk extensively about the disaster?
I find the campsite's complaint understandable, but not valid. Sure, they don't want potential customers to be put off by the graphic images they are likely to see when searching for the campsite on Google. But that does not make it valid, even if they had nothing to do with the disaster. They had the opportunity in 1978 (or since) of suing the newspapers for calling the accident "El accidente del camping de Los Alfaques", something they declined to do. They were compensated by the transport company following court orders, and I assume part of that compensation was for brand/reputation damage. They are now asking for materials of public record to be made harder to find in order to facilitate their business. Effectively, this is asking the courts to be compensated a second time for the same event. In 1983, the courts decided that the campsite was the victim and that their business had been damaged, and awarded them compensation for lost business/brand value. Today, the campsite wants the courts to force other businesses to change how they operate to accommodate them. Understandable, but not valid.
Wikipedia's article and the photos in no way obstruct the view of the campsite's web-site. Yes, they are also present, but they are not limiting the view to people making absurdly precise search (which would be the equivalent of people being "not one door away"). If one searches for "Alfaquez", the campsite is still amongst the top views (1st for me, even in a "clean" copy of Firefox in incognito mode, despite Firefox not being my primary browser). Google isn't putting anything "on [their] lawn", as their website & metadata are completely clean. I even get a map and photos of the campsite today on the right hand side of the results if I search for "camping alfaquez". If anything, Google is doing the appropriate thing and giving me data that benefits the campsite, at no cost to them.
I can't really see the validity of the analogy between signs. The "biggest sign" (1st result) is still the campsite's. They're just pissed off that a smaller sign to the side, one that people can't help but see when they look at the set of signs, is of something unpleasant. Regarding the analogy I made, you've just shown that it was completely absurd to suggest that w77 could force me to "hide" my business. Sure, if I'm not in compliance with building code, etc. then the urban authority can take me to task. But as an individual business, unless w77 can prove I'm doing something illegal, there is nothing preventing me from setting up a business that sells photos of my kid's murder. Exclusively. Even if I lose money each year.
This is an interesting discussion, but I quite simply can't see how one can give free reign to a company to erase history, even when it's not their fault. Alfacs camping got paid money by the transport company. Perhaps they should have sued the Spanish newspapers for calling the disaster after the campsite? Perhaps they should change their name? Simply put, asking for history to be hidden isn't something I'm in favour of. If the ruling is that Google has to remove all references to the Alfaques disaster for the search queries "Alfaques", "camping alfaques", "alfacs", "holiday alfaques", and whatever other variations the campsite owners can imagine, then that's a great cost for society to bear. If someone wishes to know something about the disaster, they then have much more limited access to this information. Whilst I am aware of the slippery slope fallacy, it seems in a certain respect valid here. This campsite can claim that the disaster wasn't caused by them, that the search queries for people looking for the disaster can easily include "leak", "explosion", "disaster", etc. and that the burden is on the person looking for the information to make it clear they're looking for the disaster rather than a holiday. But what about cases where responsibility is harder to determine? What about cases that aren't 30 years old, but 20, 10 or 5? What about cases where the qualifiers required by the person looking for negative information become too few and too uncommon for someone who doesn't know about the event to be able to access it?
If I set up my business across the street from the site of the accident, I'm effectively doing the "defamation" you're claiming in person. If someone comes to his business, they have to see my memorial. They can still go to his business, just like they can still click through on the Google search page. I'm not talking about using their brand, but just using the fact that customers are likely to see my memorial and the facts I present if they wish to engage in business with webnut77. For all intents and purposes, I can genuinely not give a damn about webnut77's business (I just happened to be able to buy the place across the street to build my memorial), its location means webnut77's potential customers will see the facts I present. Should he be entitled to shut down my memorial (or have me build a "shop front" that hides the memorial from view in the street) because the facts I present might make some customers feel uneasy and therefore not patronise his business?
So if my child was the one killed in front of webnut77's business, you'd argue that I cannot purchase the store across the road and set up a museum/mausoleum dedicated to my child, with a large banner in the window saying "across the road from here, in front of webnut77's business, my child was brutally stabbed to death"? Can I petition the city to replace a piece of pavement with a plaque honouring my child's death? If I create an association aimed at preventing child murder, can I name it the address designated by the law as my child's place of death? If I maintain a website that has material dedicated to my child's murder, do I have to be "prevented" from being on the first page of Google's results unless there's the word "murder" or a variant thereof in the query? It's not defamation to point out facts. The campsite is very unlucky that the name that caught on for the accident was that of the campsite. Perhaps they should have sued the media back then to get them to call it the "N-340 km159" disaster. The fact remains that 217 people died and 200 others were severely burnt, most of which were residing in that campsite. Asking for that to be "forgotten" is IMO ridiculous and extremely dangerous, since it opens up the door to whitewashing history. "That food poisoning accident we had a few years ago because of unsanitary practices? Don't worry about it, we've changed ownership." "That boat that capsized in Italy? That was a whole month ago! Google's insistence on bringing it up in searches about us is damaging our business."
So the best option is Lotus Notes, blocking Facebook and Gmail, as well as not allowing for Skype and Live Messenger installs?
I turned down a job with a big IT consulting company exactly because of that line of thought. I'm under-25, I had a very good first contract with them, but there was no way I was going to dick around losing ages each day because the company's IT system was so locked-down nobody really used it. 20Mb e-mail storage on server? My job involved collaborating on client presentations and analysis... receiving 4-5 10Mb reports in a day wasn't something rare, so I had to check pretty much constantly that I had transferred all my e-mails to local storage. Rather than enhancing my productivity, Lotus Notes completely threw my habits (I usually use Gmail, so tags, extensions and search are how I usually keep track of things) and I realised very quickly that few people in the company used anything else than the e-mail client -- I tried the integrated instant communication tool Sametime, there were not even 20 people in the entire company online, out of over 8000. Conference calls had to be placed through the company's Cisco system, which was good, except when something went wrong, and then nobody (not even the IT people) knew how to trouble-shoot it. "Just send an e-mail to Cisco explaining your problem, and in the meanwhile, use a colleague's ident to log in".
The IT department certainly had very good reasons for limiting access to some tools and resources (SOX, etc.), but it reached a point where combined with a corporate culture that generally rejected "not developed here" solutions, it meant that the tools we were using required various passwords -- no two tools could use the same login-pw combo, and each one had to be changed every two weeks, and couldn't be the same as any of the last 4 pws; so naturally either people were writing down their passwords, or they were forgetting them every few weeks and going through IT to get them re-set -- didn't really do anything, and worst of all, weren't used. Working with 5 other people on a customer document didn't involve having a central place to "dump" related documents, have a visible chat with other team members about the project, and keep the latest version of the document. On the contrary, it involved massive 6-way e-mail chains, where you had to dig through the entire archive you stored locally to find the related documents that had been sent, and the client document always had 3 or 4 "current" versions, as at one point or another, several people were working on local copies based on the version in different e-mails.
I didn't mind too much that I couldn't use my phone. I can get over that. But when the main tool I'm supposed to be using is crippled, it doesn't make me want to come to work each morning, no matter how interesting the job is in itself.
P.S. Before the job in question, I interned in a Chinese company where the "official" internal communications program was QQ. Main advantage? Everyone was always on it.
"Better yet, rather than testing the student with the question and just getting a boolean pass/fail - the teacher should ask the pupil around their thought processes when they look at the problem - "talk me through it". "
This is actually -partly- how it is done in France. During mandatory education, there are no standardized tests with multiple choice answers, and calculators were (I don't know if it's still the case) generally not allowed. Most tests consisted of 10 to 20 questions, of which a quarter or a third were obvious direct applications of what had been learnt "(47*75)/25=?", then most of the remaining part of the test involved putting these numbers in situation "Jane has 47 cows..." where the student had to determine what signs to use, as well as what information provided was relevant to solving the question. The last part of the test would be slightly more complex, asking students to build upon what they know and show understanding of more general rules "Jane wishes to know how many cows she should sell in order to make the most money...".
Each questions is not to be answered merely by a number, but the method of solving should be provided to the corrector/teacher. This can involve writing what the student is doing in mathematical notation or in plain writing. Part of the "credit" is for showing understanding of the method, although this is often only the case for the intermediary and advanced questions, whilst the basic questions are boolean right/wrong. This means that the teacher can point out where in the reasoning the student made a mistake, and judge if it was inattention or a mistake in understanding the question rather than in the actual mathematical process (i.e. a student who at one point mis-copies a 8 as a 9 can still be awarded full credit if the method used is correct, and had the copying error not occured, the correct answer provided).
However, I don't know if this has increased mathematical literacy in French youth compared to other countries.
For the first example, I did it in a similar manner : 47 is close to 50, and 75 is 3/4 of 100. 50 times 100 is 5000, three quarters of 5000 is 3750 (trivial because 4*1000+4*250 = 4000+1000), and since your dividing by more than 4, it can't be anything but the smallest answer. It's not as elegant, but if I'd re-written it in proper notation (with the divisor underneath), I'd have done it like you did. Again, how a question is written changes how you answer it.
I'm still flummoxed at how the person in the article has a friend who has two Master's degrees, is going towards a doctorate, and can't do basic maths like this... with a calculator.
There's an app for that!
Pretty sure the Groupon sales rep didn't, and even discouraged her from taking up that option saying that if the deal was limited to too few customers they wouldn't run it.
Sadly, Groupon doesn't care about the businesses that run the deals. As they continue to burn through their goodwill, promising "exposure" to a "new audience" that never translates into long-term sales increases, they'll eventually find it harder to con businesses into stupid deals. About that time, their stock will tank and they'll go bankrupt, exposing them for the Ponzi scheme they are.
Sadly, I believe he'd have probably have been turned in, since Sulzberger Jr. doesn't pack it like daddy did.
I wonder if all the people that call for Manning to wallow in prison believe that systematic and massive overclassification is conducive to proper democratic process in this country, and if they therefore believe that Ellsberg should share his shackles.
Isn't that why the Genius Bar was invented in the first place?
Cue "organic" and "wholesome" varieties of in-vitro meat that were cultured in "fair trade" nutrient mediums.
I was thinking about things more insidiously... Open the inlets to maximum, get the generator running as fast as it'll go, and then tell the transform equipment to shut down, stuff like that. Chances are, you could break the turbine and/or start a fire in the powerhouse. If the turbine breaks and blocks the water flow below the inlet, water will push the generator "out" into the powerhouse, changing the pressures the dam has to support. You could probably exacerbate problems by pushing other internal systems to their limits or stopping them (ventilation, repeated opening and closing of discharge valves...). If the reservoirs are already nearly full, then it might be "sufficient" to break small upstream dams in order to overflow major dams slightly downstream, despite their emergency spillways*.
Thank God things like dams are designed to be passively safe, but sadly, that doesn't mean they'll be safe if someone gains control over them, even if this control is only computerized.
*For instance : The Green River is dammed just south of La Barge, Wyoming by the Fontenelle Dam, which is an earth-filled dam built between '61 and '64. The Fontenelle Reservoir can hold up to a little over 0.4 cubic km of water. Downstream on the Green River is the Flaming Gorge Dam, with a reservoir that can hold also a little over 4,5 cubic km. Downstream, the Green River joins the Colorado River, which is dammed by the Hoover Dam. Lake Mead's capacity is just over 35 cubic km, 12 of which are in permanent use as inactive storage. Say all the reservoirs are above 85% full (not counting inactive storage). Fontenelle Dam suffers catastrophic failure (for whatever reason). That's about 0,35 cubic km that are going to hit the Flaming Gorge Reservoir and make it overflow much faster than the 820 cubic metre/second spillway will cope with. Chances are, the Flaming Gorge Dam will also suffer catastrophic failure. So now you've got roughly 4,5 cubic km heading the way of Lake Mead, collecting debris along the way. As the water enters the lake, it's going to put high pressure on the Hoover Dam, which could cause structural integrity to be compromised. If the Hoover Dam holds strong as Lake Mead fills up at an outrageous pace, it's still got to put 4,5 cubic km in where it already has at least 31,5 cubic km in it... That's going to put it above maximum capacity, and even with 11,000 cubic metre/second spillways it's unlikely the dam won't overflow massively, possibly causing huge erosion at the base of the dam and... You guessed it. I'm not a hydrological engineer, nor a specialist of dams, so it's very possible someone who knows more about the specifics will be able to point out elements I have missed that would stop a "cascade" event like this even without co-ordination on behalf of downstream dams. Thing is, I just can't shrug the idea that there is - something - hostile people with enough knowledge to take control of a large number of dams in a remote manner would be able to do with that control that could cause massive damage.
Whilst it wouldn't inform everyone, in the first two cases the emergency message could be sufficiently precise to give precise indications as to the procedure to follow. Even for the cases where information needs to vary depending on the local information, it would still be useful.
For instance, in the case of massive loss of control over dams there would be an immediate need to start electricity rationing. On a nation-wide basis. Hydro electricity represents 10% of total US electricity production, and it's not sure that the capacity is there to produce enough electricity for peak demand without hydro. Even if the emergency alert system only reaches 40% of all people, and only 60% of them reduce their current demand by 30% (people turning off the A/C, stopping dishwashers/washing machines, turning off stand-by electric appliances...), that's probably enough for immediate demand to be managed with the loss of hydro, without causing too many blackouts. The emergency message could likely also be used to mobilize people to help with evacuation and flooding, by reaching massive numbers of IRR and US National Guard members, even those for whom contact information was erroneous, and asking them to report to their base for active duty. For communities that know they are susceptible to flooding or those that live a short distance downstream from a large dam the emergency message alone wouldn't have information regarding evacuation, but it could encourage people who are dependant or don't have means of transportation to prepare for evacuation (assemble medicine, one 20lb bag of clothes, etc. and make your presence as well as your condition known to evacuation teams).
Of course, the initial nation-wide emergency alert would need to be followed by state-wide emergency alerts within seconds, so as to provide more detailed information on how the evacuation will proceed, and even then, it'd need to be completed by a method of county or even city/town-wide evacuation warnings so each town can be given precise information about how to prepare and evacuate, how to contact the authorities without overwhelming them, and so forth.
But I do think that the nation-wide alert system does have a use. To use the same example again, if at 1200h it's observed that all control over a large number of dams in the USA has been lost, the information about reducing electricity consumption, risk of widespread flooding and evacuation is "available" at 1203h. How long will it be until the specifics for which branch of the military will assist in evacuating which area, evacuating to where, how water will be distributed, food rationing and so forth are laid out? I'm pretty sure just to compile the several thousand evacuation plans that exist (supposing every at-risk town has a realistic and up-to-date evacuation plan) and assigning responsibility for overseeing each one will take at the very least until 1230h. So what to do in the mean time? Get each state to launch a plea to limit electricity consumption? Get the phones working at National Guard of the US call centre? If the president takes 5 minutes to lay down the specifics of the situation from 1210h to 1215h, those minutes each increase the chance of electricity consumption being managed and avoiding massive network failure that would worsen the situation, by slowing down information spread. They also make pretty much every member of the federal military reserve aware of the problem before 1230h, since it would be major news and chances are overwhelming either a family member, a co-worker or another member in the reserves would be in touch with reservists that didn't hear/see the nationwide emergency alert. By the times the states get their alerts going with evacuation plans it could be 1245h, and as late as 1300h by the time the last area/town/county has necessary evacuation information. That's a whole hour. In a situation where there is impending catastrophic failure, that's a long time. If the states also had to give information about rationing, reserve call-up was slower, and info
Sure of that?
Let's say that for X reason, all control over pumping and emptying mechanisms had been lost for 6,000 of the 8,100 "major dams" in the USA, with as a result the real risk of flooding due to catastrophic failure on all 6,000 concerned dams.
Instantly, people around the country would experience electricity problems, and electric rationing would likely need to be established. Second, flooding would be a major risk to more than just a few thousand people across the country. Towns like New Orleans would need to be prepared for immediate evacuation, and others like Havasu Lake City would need to be evacuated immediately, meaning the number of evacuees could be in the millions or tens of millions. Third, water supply and irrigation would be put on a very short countdown until water rationing would be necessary, as well as food rationing with the prospect of huge crop losses. If flooding happened, it could flood parts of the great plains and cause shortages in basic foodstuffs like wheat and corn, as well as massively increasing the risk of diseases spreading in their wake, with decaying wildlife and putrefying flora.
I'm sure there are other consequences I am unaware of or simply didn't consider, but I do think that the risk of imminent catastrophic failure to a large number of major dams would be an emergency that would effect the entire country.
Hmm... Let's see...
- Terrorists have managed to place a highly toxic substance (cyanide, sarin gas, anthrax...) in common household goods that have been distributed across the country.
- Hackers have gained control of the entire network of computers that control prison facilities/judiciary records, and as a result an immense number of prisoners have escaped.
- Widespread failure of dam control systems that risk flooding large parts of the country.
I'm pretty sure there are other cases, but hell, if I can think of three in a few minutes, I'm sure people who spend their waking hours dreaming of destroying the USA and all it stands for can think of emergencies that would effect the entire country.
He told Apple about the flaw on the 14th of October, please dis-engage reality distortion field.
To prove his point, he wrote & submitted an application to the App Store that was approved.
Why should he tell Apple his app is abusing this flaw? Shouldn't Apple be creating a tool/procedure to block the flaw or detect it during the vetting process (to which all apps will have to retroactively be submitted)?
Voluntarily pulling his app from the App Store wouldn't have done any good. The risk exists, and it's not by telling people to not look that it'll go away. He wrote InstaStock AFTER the 14th of October, when he had already detailed a proof-of-concept and sent it to Apple. Chances are just as good that he wasn't the first person to think of this flaw, and that there are already apps out there that abuse this vulnerability.
The onus is on people like Charlie Miller to -prove- the flaws they say exist in IT software or configurations. To do that they need to show there is a real risk to customers/users, and share the information with the company that produces the IT solution first, and later if the company does not resolve the issue, with the wider population of users so they can be aware of the risk and take whatever measures they deem necessary to counter the threat. Otherwise, what accountability does a company have to solve flaws that have been disclosed to them? Oh yes, none. Nobody will know, nobody will tell, so it doesn't exist might work in your world, but that's not the real world.
Apple should have/be scrambling to find a way to identify this vulnerability in apps that have already been approved, and be able to remove them from the App Store and remotely delete them from users' iPhones & iPads. Being able to identify InstaStock as rogue would have shown progress in that regard. Another solution would have been to close the exception on how code is signed, and thus render InstaStock & other rogue applications' use of this vulnerability null.
Apple only knew about InstaStock because Charlie Miller showed it to Forbes as part of an interview regarding this vulnerability. Telling him to remove it now that the app's name is widely known means they believe he is a security risk to iPhone/iPad users out there... But if he was, he wouldn't have told Apple about the vulnerability in the first place, would he? Banning him from the App Dev Program increases the chance that future vulnerabilities will be discovered/exploited by people who will not disclose them to Apple, and thus directly increases the security and privacy risk taken by all App Store customers/users.
Apple might be well within their rights to remove him and his app from their view. But that's only as good as a restaurant chain refusing entry to a customer because he identified a health risk (contaminated goods) and highlighted it by selling them food that has been laced with food colouring, then giving an interview showing the coloured food being served. Sure, banning the guy from entering the stores/talking to people in the company means he's not going to sell them coloured food again. But it also means there's one whistle-blower less looking out for that company's clients' health, and increases the risk that the next "problem" isn't just food colouring, but anthrax, salmonella or streptococcus.
This is an interesting proposition.
For 3. you could add a "TradeRank" : Each person* on the market receives "points" for each trade they make for successive 24 hours of trading. When the trades are listed, they are broken up into "groups" that represent 10% on both the buying and selling side. Added to the ranking by price (and time if there are "joint" bits) you'll have an order in which the buys and sells are chosen. The "lowest" 10% of the buyers go first, each in order securing the lowest price from all sellers. Then the "lowest" 10% of the sellers go, and secure in order the highest price from all remaining buyers. And so forth. Once there are no more buyers or sellers, all other trades remain uncompleted, and the person does not receive any "points" for it.
Quick example : 20 buyers (A to T) and 10 sellers (0 to 9). Buyers E, F, N, O and P have 70 "points", whilst sellers 2, 5 and 6 have 80 "points". All other buyers and sellers have 100 "points". Since bids were received in alphabetical/numerical order, E and F are the "lowest 10%" buyers, followed by N and O in the second group of buyers, with P being in the third group with B, in the same way, 2 and 5 are the "lowest 10%" sellers, etc.
E goes first, and bid 2.30$. So he "makes" the buy from 1 who was selling for 1.80$. E is debited 1.80$+fees, 1 receives 1.80$. Then F who bid 2.50$ buys from 6 who was selling for 1.83$. Since the "lowest 10%" of buyers has finished, the "lowest 10%" of sellers are next. 2 bid 1.97$, and "secures" the sale from A (2.76$), whilst 5 (1.85$) sells to T (2.66$)... And so forth.
This system gives the advantage to people who make limited moves, and means that "low-frequency" traders will get higher sales/lower buying prices for their shares than "high-frequency" traders.
*I'm not entirely clear with myself what a "person" on the market is... An individual trader? An account/company? Another definition? IDK.
Sorry, but that's patently ridiculous.
First, he -did- notify Apple on Oct. 14th. He gave them all the technical details, the "proof" and so forth of the vulnerability. Now, whilst he's a famous white hat Apple hacker, it's still reasonable to believe that he is not the first person to identify or exploit this vulnerability (black hat hackers just don't talk about when they've got exploits).
He gave the interview on the 7th of November, with no technical information divulged as to how to exploit the vulnerability, but demonstrating its existance to the greater public.
On the 8th he's BANNED from the App Store.
Now, how long should he have held his tongue? Apparently, 3 weeks isn't enough. Given that the technical side would only be shown on the 14th of November, probably 1 month isn't enough. How about 2 months? 3 months? 6 months? However long it takes Apple to solve the problem? What if Apple never solve it? Should he just "take one for the team" and shut up?
It's completely illogical to believe that only Charlie Miller can and will ever find this vulnerability. There could be hundreds of apps by a rogue developer out there that do the same thing. Except they don't talk about it, so they're OK? The onus cannot be on security researchers to stay quiet until the company solves the vulnerability. Sure, it's bad form for the researcher to divulge information to the public before the company has the information, but divulging the information is CMiller's bargaining chip. If he's going to shut up forever unless Apple solve it, what incentive do Apple have to close the vuln? Chances are if someone else finds out about it, they'll just use it to make rogue apps & sell the information gleaned. Much more fiscally rewarding than an interview with Forbes/WSJ/???
Booting Charlie Miller out of the game is also a completely retarded move. Making it harder for him to find vulnerabilities doesn't mean they'll dissappear. It just increases the chance that they'll be found by someone else, and that means greater risk of the "discoverer" being a black hat who won't tell Apple about it, and just abuse it.
Although this might fall under "cultural drift", if I say to my phone (FRA) : "A quoi ressemble aujourd'hui?" (What does today look like?), I'd be expecting the weather forecast. If I wanted my appointments I'd say "A quoi ressemble ma journée?" (What does my day look like?). And that's only because I'm from Paris. If I were from south France, for instance Marseille, it's more likely that "C'est comment aujourd'hui?" (What is it like today?) would be asking for the weather, and "A quoi je m'attends aujourd'hui?" (What am I expecting today?) is for appointments... Were I from north France, local idioms are different again!
I don't know how Siri works in French, but however it works, there will need to be a period of localization/user learning. To the same question "Ou est-ce que je peux acheter les meilleurs chocolatines près d'ici?" (Where can I buy the best "chocolatines" around here?) Siri will need to learn that in south France, a "chocolatine" is a basic pastry that any good baker will sell, a pain au chocolat, whilst in north France, it's a type of large cake...
I can see AI personal assistants being a "big thing" as they integrate deeper with various functions, but right now, I can't see many features Siri brings that aren't better served by widgets or a simple voice search. However, I do see it leading to many obnoxious "Look-at-me" people talking to their phone all day long.
Or would walk around the store with the phone at their ear, talking to it, whilst actually recording/taking photos at a regular interval.
If higher quality was required, social engineering : "Hi, I've been sent by HQ/Regional Management/Markeing & Sales Advisory/OHSA to check that you're following best-in-class store organization principles. Please sign here to notify that you were present when I made this visit, thank you, and now I'll go around and fill out my checklist. I'll need to take some photos too. Thanks".
If Google "indoor" images are as precise and updated as frequently as Google streetview images, neither of those will be a concern. The abseiling, chute-dropping, motion detection-avoiding criminals will be a good 20 feet away from where they thought they'd be, and the trip & fall lawyer will be readying a case about some feature that was changed 9 months ago.
I think you might have some mis-understanding about what "worse than ever" means. Life expectancy rose from 35 to 40 in England between 1781 and 1851. That's a 15% increase, which is as fast a rise as between the end of WW2 and today in the USA. Pretty much anybody who has studied the period agrees that between 1820 and 1850 there was massive growth in quality of life, with real wages (purchasing power) doubling in as little as 32 years.
All this despite massive population boom : the population of England doubled between 1801 and 1851, as well as massive emigration to Canada, the USA, Australia and South Africa (oh, and a few little things called the Napoleonic Wars, colonial conquest wars, the Opium war, and of course the war of 1812...).
Living conditions didn't rise to great heights, but they were rising. We look at the living conditions in cities of the early years of the 19th century with the eyes of people with central heating, convenience stores, electricity and running water, amongst other amenities. They looked at them with the eyes of people who lived in a time when famine was pretty much a yearly bullet to dodge, how much pitch and dung could be burnt to keep warm and cook the main concern in day-to-day life, and all the other joys of living in the countryside at the end of the 18th century.