The general problem is still unsolved. If your iris and your fingerprint id are broken, how do you replace them with new ones?
This statement indicates that you erroneously believe that biometric authentication security (such as it is) is based on secrecy of the biometric patterns. This is not the case, and cannot be the case. Since the security (such as it is) does not derive from secrecy, rotation is useless and irrelevant. Your biometrics are public information; fingerprints are left everywhere and your iris structure can be extracted from any decent photograph. Given that, supposing you could rotate your biometrics, the new values would also be public information.
Biometric security (such as it is) derives from the difficulty of presenting a fake body part for scanning, or otherwise injecting known data which is not the attacker's body structure. In some cases (like this one, obviously), that bar is extremely low. Uselessly low for many contexts, but not all.
Alternative theories are obviously very appropriate. My understanding (from nothing more than the summary, of course, this is/.) is that competent astronomers have spent time thinking about it and haven't yet found any alternative explanations that fit the facts. That makes aliens -- at the moment -- not only a viable theory, but the best theory.
The knee-jerk reflexive dismissal of the idea is unscientific, especially given the fact that we know that intelligent, technology-producing life has arisen on at least one planet, and that life has invented the notion of a Dyson sphere, although it presently lacks the technology to build one.
Then there is that third group who is willing to admit that we simply don’t know the answer yet, without jumping to extraordinary conclusions.
And the subset of that group which is willing to accept that aliens may be the most likely answer, based on current knowledge and theories. If the only theory you can find that is consistent with observations is one that goes against your prejudices, it is still your best theory. You should seek to apply it to generate predictions, then test them. You should also keep looking for other theories that fit.
Here's the problem. All our good "mundane" explanations were all conclusively disproved.
Now what?
Now we put it in the "don't know" file until we come up with a good explanation. Any explanation which is not testable isn't science, it's just imagination.
There's nothing inherently untestable about the theory. Perhaps we don't know to test it, and perhaps we lack technology needed to test some aspects of it, but those don't make it untestable. There are predictions of modern physics which we either don't know how to test, or know how but lack the technology to perform the tests. That doesn't make those aspects unscientific.
In this case, I think we do have some ideas about how to test. We can identify ways in which dimming would be different if caused by a partially-constructed Dyson sphere vs other sorts of astronomical phenomena, then observe and analyze to see which hypotheses hold up. We could potentially find a way to construct a telescope capable of letting us see sufficient detail at 1300 light years' distance to more directly observe the occlusion. Such a "telescope" might consist of exploiting gravitational lensing of light passing distant stars, coupled with massive computation. Though it would take a very long time, we might even test it by sending a spacecraft. There are lots of ways to test, even though many of them are not currently practical, and undoubtedly there are many ways of testing which no one has yet thought of.
The only truly untestable theories are those which either make no specific predictions or which can predict anything at all.
Extraordinary claims require extraordinary proof... and you've just made a whopper of a claim.
Specifically, you're claiming that it's absolutely impossible that there is an intelligent race elsewhere in the universe which is a few hundred years technologically more advanced than we are? Care to try to back that up?
Now, if the headline had asked "Are giant alien structures dimming a far-away star?", I'd have had to agree that "maybe, maybe not" was a reasonable answer, and "probably not" is a reasonable reflex response, until you think about it. But the headline asked if it could be a giant alien structure, and the answer to that -- based on everything that we currently know about the universe -- is a resounding yes.
We have no evidence to indicate that Earth is the only place that intelligent life has arisen. We have no evidence to indicate that it has arisen elsewhere, either, but logically it seems clear that if it could happen here, it could also happen somewhere else. And there is absolutely no reason to believe that if intelligent life does exist elsewhere that it couldn't develop technology roughly analogous to our own. And there is absolutely no reason to believe that if intelligent, technology-producing life exists elsewhere that it can't be more advanced than us.
So, unless you have some really compelling evidence that I've never seen, there is no way the headline can be answered any other way than "Yes". That would be true even if we hadn't seen this intermittent, irregular dimming.
Having seen the dimming, we can discuss to what degree we believe that this particular observation is due to technology-producing intelligent life or some other astronomical phenomenon. Given that we have no other theory capable of explaining the phenomenon, right now the smart money is on aliens. More information and more theories will change that evaluation, either offering other alternatives, or firming up the one workable explanation we have at present. If you feel like you know which way that change is going to go you're fooling yourself, because you have no rational basis on which to make that judgement.
You can actually look at the Gosling source code here. It was a library for drawing updates to the screen (with a dynamic programming library), and actually the source code got shared and was being used in a lot of places, not just emacs. That was the main thing Stallman had to rewrite, and when he did, he ended up making it more efficient.
This description understates the EMACS-related achievements of both.
RMS was the primary creator of the original EMACS, written in TECO macros and PDP-10 assembly (though note that EMACS itself was an extension of earlier work by others, and Guy Steele also contributed a huge amount to EMACS). Gosling reimplemented EMACS in C, including his own extension language called Mocklisp, which looked like LISP, but lacked key features of LISP, like lists.
The most clever part of Gosling EMACS (Gosmacs) was the drawing library, but calling it a "drawing library" kind of trivializes it. At the time, "drawing" meant updating a display terminal's character display. Because data connections to terminals were often slow, it was important to do this in the most efficient way possible. So this was an instance of the classic "string to string" problem, which is taking string A (what's already in the terminal display buffer) and string B (what needs to be displayed) and find the most efficient way of changing A into B with a sequence of cursor movement and write commands. These days, of course, it would never occur to us even to care; we're just rewrite the entire display 120 times per second. Oh, and because computers were slow, finding the efficient edit sequence had to be done efficiently. Gosling's implementation was clever, and novel, and very complex, so much so that he put a skull and crossbones in the comment and warned people against changing it because they probably didn't understand it, even after they thought they did. That displays some hubris, but it was an impressive piece of work. Go read the code and see if you understand it.
RMS wrote GNU EMACS. He did use Gosmacs as a starting point but he replaced Mocklisp with a proper(ish) LISP interpreter, which required essentially a full rewrite of the editor, though some bits of Gosmacs stuck around, including the clever drawing functions. Gosling sold Gosmacs to Unipress, who commercialized it and attempted to stop all other use of the code they had purchased, which caused Stallman to rewrite the remaining bits of Gosmacs, including the scary display routines. In the process he made the already very-efficient code more efficient as well as simpler and cleaner.
The experience with Unipress, along with similar experiences with Symbolics, led RMS to invent the notion of copyleft as a sort of legal judo to prevent copyright being used to restrict access to GNU software.
I fully realize that everything we think we know about exo-planets may be complete bullshit. There's no way of really knowing until we actually go out there.
Nonsense. Empiricism and experimentalism are thoroughly dead and debunked philosophies of science. Popper explained this quite clearly decades ago.
The way science works is though theories which attempt to provide explanations for observed data. Theories are tested by comparing them to what we've already observed, and by making predictions which we can test. It is in no way necessary that the testing process be experimental, only that the theory be falsifiable (actually, there are a few more requirements of a scientific theory, but I won't get into them).
For example, relativity makes many predictions that we cannot test experimentally, but only observationally. Indeed, the first really big confirmation of Einstein's hypothesis was based on the fact that relativity predicted that the gravitational lensing effect, light being bent by passing near a large gravity well such as a star, was roughly twice as strong as that predicted by Newtonian mechanics. There was absolutely no way for anyone to test this difference in a laboratory, you need a huge gravity well to produce observable effects. Luckily, we have a huge gravity well nearby (our sun) and during a total eclipse it was possible with early 20th-century technology to measure the deflection of light of distant stars that passed near the sun.
No one "actually went out there" to conduct that test of the theory. We just evaluated data that was falling on the Earth in the form of starlight, without our doing anything to create or control it. There's a great deal of science, both on the hard sciences like fundamental physics, and the squishier social science, that can be done only observationally, and that's just fine. Scientists working in those areas have to think a bit harder in order to rigorously test their theories than those who can craft exquisitely controlled experiments.
The first thing you need to be willing to embrace is the fact that we might be wrong about everything. It's not religion.
This is the core truth that makes science work. Science has nothing to do with experimentation, except that experimentation is a useful tool in the areas where it works. The fact that social sciences, climatology and astronomy often can't use experimental methods means nothing about whether they are real sciences.
No, actually most of these just aren't "scientific issues". Scientists, of course, can and even should have opinions on these subjects, but, really, these aren't scientific issues-- these are social issues.
They are issues for social scientists to study. AFAICT, social scientists are studying them, so I don't see the problem. Perhaps the argument is that social science is inadequately funded, but if so the point was not well made.
So only allow pairing a new scanner when the device is unlocked.
That sounds good, and I actually typed a long paragraph agreeing with you but pointing out concerns about complexity and the difficulty of getting such a complicated solution that must touch several layers of hardware and software right... until I noticed the fatal flaw. The basic problem is that you're assuming that everything will work correctly, but that is what security engineers specifically must *not* assume, except when and where it can be adequately justified. In this case, you neglected to consider what could happen if iOS were compromised. Sufficiently-privileged malware could install its own key in the scanner when the device is unlocked, providing a way to remotely obtain a copy of the user's fingerprint. That's not a security problem (fingerprints are not secrets), but it is a pretty serious privacy problem. Not for most people, since malware that can exploit vulnerabilities to obtain root can already extract all sorts of personally-identifying information (PII), but there are people who have good reason to keep PII off their device, and enabling remote access to their fingerprints would be very bad. There are some other, less serious, problems as well, such as enabling a remote DoS of fingerprint auth functionality.
For this sort of system, we really need mutual authentication. The matching hardware cannot trust livescans from any device other than the correct scanner, or you have a security problem. The scanner must encrypt livescans so no device other than the correct matching hardware can decrypt, or you have a privacy problem. It must not be possible for an attacker to violate these guarantees, especially not in a remote, software-only attack. In a local attack we worry less about privacy because the atttacker almost certainly has access to the user's fingerprints.
Mutual authentication is very easy to bootstrap from a shared secret. It's also possible to bootstrap it using PKI but this adds complexity which the scanner probably cannot handle, as well as opening potential security holes; an attacker who can extract the relevant key from any device can pretend to be that device to any other. So an attacker that uses electron force microscopy to extract secrets from one phone could use those secrets to compromise any other phone. That could be mitigated by batch-level PKI (different root keys per batch), but that creates a lot of supply chain management problems -- and still doesn't really make the devices replaceable by third party repair shops.
Personally, I'd probably take a different approach based on bootloader-coordinated key agreement at each boot. As long as there's a way for the scanner to securely know when the device is booting, which can be done -- though it's a *lot* harder than it appears -- this provides a basis for establishing a shared secret that is secure against a remote attacker (there are good reasons to assume the bootloader cannot be remotely compromised). Against a local attacker, we don't worry about preserving the privacy of scans. This reduces the problem to one of ensuring that the matching hardware will only accept scans from authentic scanner hardware. PKI is probably a reasonable solution to that; the scanner only has to sign one message with a factory-burned private key, and deliver a public key cert. An attacker who extracts the private key from one scanner can fake it to other devices, but only in a local attack. This isn't quite as secure against local compromise as Apple's, because in Apple's the attacker would need to extract the secret from the scanner of every device they wish to unlock, which is expensive. But it's a reasonable middle path that allows third-party repair.
In the Android world, my approach would be preferable even ignoring third-party repair issues (which, honestly, I would probably not consider), because it would eliminate the need for every OEM to securely manage the keys needed to authorize pairing. Apple can do th
I always like a good discussion about security. But since you state you are prejudiced, I'm not going to waste my time at writing a response.
I did not state that I'm prejudiced. I said I suspect your counterarguments are flawed. You apparently agree since you aren't even bothering to make them.
That's the plain and simple truth. Nuclear Fission only looks like it works if it is cross-funded by obscene truckloads of taxpayers money
That's true now. It wasn't true forty years ago. Oh, nuclear fission was never the "too cheap to meter" dream originally touted, but it actually was extremely economical for a couple of decades. If you'd like to understand what changed, read this.
I don't get why people care so much about wage disparity. What does it matter how much richer than you the richest are? What matters is how you live, and the average -- or even bottom tier -- person in the 2010s lives longer, eats better, is less likely to suffer violence, has a larger home, has cleaner air and water, etc., etc., etc., for almost any variable you can name than someone in the same position 40 years earlier.
Why the focus on comparing your position to that of others, rather than appreciating what you have?
Because the person who can use the language today is more valuable than the person who can use the language in three months.
Both can use the language now, the former will just be faster at first. Within three months, any difference in effectiveness will arise from cognitive ability, work habits and background knowledge -- especially domain knowledge. Unless those are exactly equal (and they never are), by the end of a year, total productivity for that year will depend entirely on those things; which one came in knowing the language will be irrelevant.
Unless you're hiring for short term contracts, "languages known" is generally among the least important elements to consider when hiring.
And they will be until you can pull your basket up and simply load the products onto the belt and it processes them without manual intervention.
I think the scanning process will move to the cart, eliminating the belt, etc. Ultimately this may be done by a system of cameras that simply watch what you take off the shelves and place in your cart, without you having to do anything at all in particular. That would eliminate shoplifting. Checkout can be done by sending the bill to your smartphone, or a screen integrated into the cart, or perhaps the "checkout" stations will simply become "payment" stations. Probably the cart screen, since it will provide a nice way to upsell.
Or perhaps we'll simply move to buying everything online, and robot pickers will make our selections at warehouses, then self-driving delivery vehicles and delivery bots will bring the stuff to our houses. Need to see/feel stuff before buying? No problem, the robots can bring the stuff to your house and then let you decide whether you want it. If not, they'll take it back right away, or maybe pick it up the next day (for non-perishables).
Cyclists should be able to treat stop signs as yield signs. Studies show that this increases safety, resulting in both fewer crashes and milder crashs. https://en.wikipedia.org/wiki/...
Stop trying to play "Frogger" with my daily commute asshat.
Cyclists should be able to treat stop signs as yield signs. Studies show that this increases safety, resulting in both fewer crashes and milder crashs. https://en.wikipedia.org/wiki/...
The iPhones are now being cryptographically paired on an internal component level. This is being done in the name of "security", which is bullshit
If you're talking about the fingerprint scanner, it's not bullshit, it really is for a very good security reason.
I work on Android Security, at Google, and this is something that we want to do as well, but for complicated reasons haven't been able to do, not even in the Pixel devices. And we want to do it not because we're copying Apple but because it's addresses a real security issue. Let me explain:
The security of fingerprints derives not from the secrecy of fingerpints (they're not secret, you leave them everywhere, including all over the surface of your phone, which is very convenient for phone thieves), but from the difficulty of preventing a fake fingerprint from being "scanned".
The simplest way to fake a fingerprint scan is to disconnect the scanner and feed the digital fingerprint data in directly. This is really, really easy to do, given a little expertise and some very inexpensive equipment. The fingerprint scanner connects to the device via a standard SPI bus, so you just have to connect some other processor to the bus and feed in the bitmap of the fingerprint (which you photographed from the surface of the phone).
The way to defeat this attack is to have the fingerprint scanner attach a cryptographic message authentication code (signature, if you will) which is produced with a key known to the CPU that will do the matching. This requires that the scanner and CPU be "paired" by arranging to share a key between them for producing and verifying these MACs. Further, it can't be too easy to pair a different scanner because then the attacker could just do that.
So, the pairing of fingerprint scanners to SoCs really is for security. I have no idea what the motivation for fighting this bill is, and it may well be the brazen attempt to extract more money by disallowing third party repair that you claim it is, but that's not the case for the fingerprint scanner pairing.
What you're talking about is a pragmatic problem, not a legal problem. Legally, there's little question that the president can be prosecuted. No, the Supreme Court didn't quite say so, but if you read US v Nixon, the arguments are clear. Judicial restraint prevented them from making that finding because it wasn't needed in the case at hand, but they laid out the groundwork quite thoroughly. Basically, they wanted to make that finding but had no justifiable reason to do so, so instead they just laid out all the arguments for when the question came up later.
The pragmatic problem is that although the legal road to prosecuting the president is relatively clear, there's no legal basis for appointing a truly independent prosecutor, like Kenneth Starr was for Bill Clinton. The Watergate-era law that created that position was allowed to expire in 1999. There are various other options, but none of them are truly independent, which leaves open the possibility that Trump could fire any investigator who pushes too hard. Well, to be precise, Trump can't fire Mueller, but he can tell Rosenstein to fire Mueller and if Rosenstein refuses Trump can fire Rosenstein.
King George had complete and total immunity, even if the opposition had a smoking gun. Trump has some ability to interfere with investigation. In no universe is the latter worse than the former, though it's not ideal.
Also, consider the fact that until Rosenstein does fire Mueller, Mueller can issue subpoenas and force testimony, on the record. Trump/Rosenstein can't really interfere with the investigation directly. It's possible that they picked Mueller because he was willing to pretend to do an investigation but steer clear of anything damaging, but that seems completely inconsistent with Mueller's character. If they wanted to do that, I think they picked the wrong guy.
Finally, it should be pointed out that Trump has absolutely no way to prevent investigation by private parties, such as journalists. Journalists lack subpoena power, of course, but they can often dig up substantial evidence anyway. And if someone does find damning evidence, Trump will be prosecuted, whether the House will impeach and open that door, or whether we'll take a trip to the Supreme Court to finally get that ruling, Trump will not be able to stop it.
Have you landed from an international flight in New York or Los Angeles, recently, with a connecting flight? I've only done Atlanta myself, but if I recall correctly, you have to go through both customs and security.
I've done this at NYC, LAX, SFO, ATL, MSP, DEN, MIA and probably others. Yes, unless you went through US immigration, customs and security in the other country (the US has arrangements with some countries to do those in the foreign airport, allowing the international flight to then proceed as though it were a domestic US flight), you always go through immigration, customs and then security upon arrival in the US.
Which is exactly what makes it possible to do what bluegutang said. He said (with some clarifying additions added by me):
a terrorist could put an undetectable-laptop-bomb in their [checked] luggage from Paris to New York, then pick up their luggage[, take the laptop out before rechecking the luggage], board a flight from New York to Los Angeles with the laptop in hand, and blow the plane up.
Do you agree, or not, that Russia, Israel, Syria, and now possibly the US of A are fighting on the same side?
Absolutely not. The conflict in Syria is multi-lateral. Often, different parties end up attacking the same party, but that in no way makes them allies, it just means they're attacking the same party. "The enemy of my enemy is my friend" is rarely true, and it's clearly false in several ways in this case.
The situation in Syria is more like a barroom brawl than a typical war.
Slashdot Mirror
The general problem is still unsolved. If your iris and your fingerprint id are broken, how do you replace them with new ones?
This statement indicates that you erroneously believe that biometric authentication security (such as it is) is based on secrecy of the biometric patterns. This is not the case, and cannot be the case. Since the security (such as it is) does not derive from secrecy, rotation is useless and irrelevant. Your biometrics are public information; fingerprints are left everywhere and your iris structure can be extracted from any decent photograph. Given that, supposing you could rotate your biometrics, the new values would also be public information.
Biometric security (such as it is) derives from the difficulty of presenting a fake body part for scanning, or otherwise injecting known data which is not the attacker's body structure. In some cases (like this one, obviously), that bar is extremely low. Uselessly low for many contexts, but not all.
Alternative theories are obviously very appropriate. My understanding (from nothing more than the summary, of course, this is /.) is that competent astronomers have spent time thinking about it and haven't yet found any alternative explanations that fit the facts. That makes aliens -- at the moment -- not only a viable theory, but the best theory.
The knee-jerk reflexive dismissal of the idea is unscientific, especially given the fact that we know that intelligent, technology-producing life has arisen on at least one planet, and that life has invented the notion of a Dyson sphere, although it presently lacks the technology to build one.
No, this is what you're not getting: he isn't seriously claiming anything.
He's providing an answer to the question. That's a claim.
Then there is that third group who is willing to admit that we simply don’t know the answer yet, without jumping to extraordinary conclusions.
And the subset of that group which is willing to accept that aliens may be the most likely answer, based on current knowledge and theories. If the only theory you can find that is consistent with observations is one that goes against your prejudices, it is still your best theory. You should seek to apply it to generate predictions, then test them. You should also keep looking for other theories that fit.
Here's the problem. All our good "mundane" explanations were all conclusively disproved. Now what?
Now we put it in the "don't know" file until we come up with a good explanation. Any explanation which is not testable isn't science, it's just imagination.
There's nothing inherently untestable about the theory. Perhaps we don't know to test it, and perhaps we lack technology needed to test some aspects of it, but those don't make it untestable. There are predictions of modern physics which we either don't know how to test, or know how but lack the technology to perform the tests. That doesn't make those aspects unscientific.
In this case, I think we do have some ideas about how to test. We can identify ways in which dimming would be different if caused by a partially-constructed Dyson sphere vs other sorts of astronomical phenomena, then observe and analyze to see which hypotheses hold up. We could potentially find a way to construct a telescope capable of letting us see sufficient detail at 1300 light years' distance to more directly observe the occlusion. Such a "telescope" might consist of exploiting gravitational lensing of light passing distant stars, coupled with massive computation. Though it would take a very long time, we might even test it by sending a spacecraft. There are lots of ways to test, even though many of them are not currently practical, and undoubtedly there are many ways of testing which no one has yet thought of.
The only truly untestable theories are those which either make no specific predictions or which can predict anything at all.
Glad that I cleared that up for you.
Extraordinary claims require extraordinary proof... and you've just made a whopper of a claim.
Specifically, you're claiming that it's absolutely impossible that there is an intelligent race elsewhere in the universe which is a few hundred years technologically more advanced than we are? Care to try to back that up?
Now, if the headline had asked "Are giant alien structures dimming a far-away star?", I'd have had to agree that "maybe, maybe not" was a reasonable answer, and "probably not" is a reasonable reflex response, until you think about it. But the headline asked if it could be a giant alien structure, and the answer to that -- based on everything that we currently know about the universe -- is a resounding yes.
We have no evidence to indicate that Earth is the only place that intelligent life has arisen. We have no evidence to indicate that it has arisen elsewhere, either, but logically it seems clear that if it could happen here, it could also happen somewhere else. And there is absolutely no reason to believe that if intelligent life does exist elsewhere that it couldn't develop technology roughly analogous to our own. And there is absolutely no reason to believe that if intelligent, technology-producing life exists elsewhere that it can't be more advanced than us.
So, unless you have some really compelling evidence that I've never seen, there is no way the headline can be answered any other way than "Yes". That would be true even if we hadn't seen this intermittent, irregular dimming.
Having seen the dimming, we can discuss to what degree we believe that this particular observation is due to technology-producing intelligent life or some other astronomical phenomenon. Given that we have no other theory capable of explaining the phenomenon, right now the smart money is on aliens. More information and more theories will change that evaluation, either offering other alternatives, or firming up the one workable explanation we have at present. If you feel like you know which way that change is going to go you're fooling yourself, because you have no rational basis on which to make that judgement.
All I can conclude is that you have no real counterarguments to offer. Too bad.
You can actually look at the Gosling source code here. It was a library for drawing updates to the screen (with a dynamic programming library), and actually the source code got shared and was being used in a lot of places, not just emacs. That was the main thing Stallman had to rewrite, and when he did, he ended up making it more efficient.
This description understates the EMACS-related achievements of both.
RMS was the primary creator of the original EMACS, written in TECO macros and PDP-10 assembly (though note that EMACS itself was an extension of earlier work by others, and Guy Steele also contributed a huge amount to EMACS). Gosling reimplemented EMACS in C, including his own extension language called Mocklisp, which looked like LISP, but lacked key features of LISP, like lists.
The most clever part of Gosling EMACS (Gosmacs) was the drawing library, but calling it a "drawing library" kind of trivializes it. At the time, "drawing" meant updating a display terminal's character display. Because data connections to terminals were often slow, it was important to do this in the most efficient way possible. So this was an instance of the classic "string to string" problem, which is taking string A (what's already in the terminal display buffer) and string B (what needs to be displayed) and find the most efficient way of changing A into B with a sequence of cursor movement and write commands. These days, of course, it would never occur to us even to care; we're just rewrite the entire display 120 times per second. Oh, and because computers were slow, finding the efficient edit sequence had to be done efficiently. Gosling's implementation was clever, and novel, and very complex, so much so that he put a skull and crossbones in the comment and warned people against changing it because they probably didn't understand it, even after they thought they did. That displays some hubris, but it was an impressive piece of work. Go read the code and see if you understand it.
RMS wrote GNU EMACS. He did use Gosmacs as a starting point but he replaced Mocklisp with a proper(ish) LISP interpreter, which required essentially a full rewrite of the editor, though some bits of Gosmacs stuck around, including the clever drawing functions. Gosling sold Gosmacs to Unipress, who commercialized it and attempted to stop all other use of the code they had purchased, which caused Stallman to rewrite the remaining bits of Gosmacs, including the scary display routines. In the process he made the already very-efficient code more efficient as well as simpler and cleaner.
The experience with Unipress, along with similar experiences with Symbolics, led RMS to invent the notion of copyleft as a sort of legal judo to prevent copyright being used to restrict access to GNU software.
Sure. Next time, communicate in a more constructive way. It will help...
I said I'd be very interested to hear the flaws you see in my argument. How much more constructive can I be?
I fully realize that everything we think we know about exo-planets may be complete bullshit. There's no way of really knowing until we actually go out there.
Nonsense. Empiricism and experimentalism are thoroughly dead and debunked philosophies of science. Popper explained this quite clearly decades ago.
The way science works is though theories which attempt to provide explanations for observed data. Theories are tested by comparing them to what we've already observed, and by making predictions which we can test. It is in no way necessary that the testing process be experimental, only that the theory be falsifiable (actually, there are a few more requirements of a scientific theory, but I won't get into them).
For example, relativity makes many predictions that we cannot test experimentally, but only observationally. Indeed, the first really big confirmation of Einstein's hypothesis was based on the fact that relativity predicted that the gravitational lensing effect, light being bent by passing near a large gravity well such as a star, was roughly twice as strong as that predicted by Newtonian mechanics. There was absolutely no way for anyone to test this difference in a laboratory, you need a huge gravity well to produce observable effects. Luckily, we have a huge gravity well nearby (our sun) and during a total eclipse it was possible with early 20th-century technology to measure the deflection of light of distant stars that passed near the sun.
No one "actually went out there" to conduct that test of the theory. We just evaluated data that was falling on the Earth in the form of starlight, without our doing anything to create or control it. There's a great deal of science, both on the hard sciences like fundamental physics, and the squishier social science, that can be done only observationally, and that's just fine. Scientists working in those areas have to think a bit harder in order to rigorously test their theories than those who can craft exquisitely controlled experiments.
The first thing you need to be willing to embrace is the fact that we might be wrong about everything. It's not religion.
This is the core truth that makes science work. Science has nothing to do with experimentation, except that experimentation is a useful tool in the areas where it works. The fact that social sciences, climatology and astronomy often can't use experimental methods means nothing about whether they are real sciences.
No, actually most of these just aren't "scientific issues". Scientists, of course, can and even should have opinions on these subjects, but, really, these aren't scientific issues-- these are social issues.
They are issues for social scientists to study. AFAICT, social scientists are studying them, so I don't see the problem. Perhaps the argument is that social science is inadequately funded, but if so the point was not well made.
So only allow pairing a new scanner when the device is unlocked.
That sounds good, and I actually typed a long paragraph agreeing with you but pointing out concerns about complexity and the difficulty of getting such a complicated solution that must touch several layers of hardware and software right... until I noticed the fatal flaw. The basic problem is that you're assuming that everything will work correctly, but that is what security engineers specifically must *not* assume, except when and where it can be adequately justified. In this case, you neglected to consider what could happen if iOS were compromised. Sufficiently-privileged malware could install its own key in the scanner when the device is unlocked, providing a way to remotely obtain a copy of the user's fingerprint. That's not a security problem (fingerprints are not secrets), but it is a pretty serious privacy problem. Not for most people, since malware that can exploit vulnerabilities to obtain root can already extract all sorts of personally-identifying information (PII), but there are people who have good reason to keep PII off their device, and enabling remote access to their fingerprints would be very bad. There are some other, less serious, problems as well, such as enabling a remote DoS of fingerprint auth functionality.
For this sort of system, we really need mutual authentication. The matching hardware cannot trust livescans from any device other than the correct scanner, or you have a security problem. The scanner must encrypt livescans so no device other than the correct matching hardware can decrypt, or you have a privacy problem. It must not be possible for an attacker to violate these guarantees, especially not in a remote, software-only attack. In a local attack we worry less about privacy because the atttacker almost certainly has access to the user's fingerprints.
Mutual authentication is very easy to bootstrap from a shared secret. It's also possible to bootstrap it using PKI but this adds complexity which the scanner probably cannot handle, as well as opening potential security holes; an attacker who can extract the relevant key from any device can pretend to be that device to any other. So an attacker that uses electron force microscopy to extract secrets from one phone could use those secrets to compromise any other phone. That could be mitigated by batch-level PKI (different root keys per batch), but that creates a lot of supply chain management problems -- and still doesn't really make the devices replaceable by third party repair shops.
Personally, I'd probably take a different approach based on bootloader-coordinated key agreement at each boot. As long as there's a way for the scanner to securely know when the device is booting, which can be done -- though it's a *lot* harder than it appears -- this provides a basis for establishing a shared secret that is secure against a remote attacker (there are good reasons to assume the bootloader cannot be remotely compromised). Against a local attacker, we don't worry about preserving the privacy of scans. This reduces the problem to one of ensuring that the matching hardware will only accept scans from authentic scanner hardware. PKI is probably a reasonable solution to that; the scanner only has to sign one message with a factory-burned private key, and deliver a public key cert. An attacker who extracts the private key from one scanner can fake it to other devices, but only in a local attack. This isn't quite as secure against local compromise as Apple's, because in Apple's the attacker would need to extract the secret from the scanner of every device they wish to unlock, which is expensive. But it's a reasonable middle path that allows third-party repair.
In the Android world, my approach would be preferable even ignoring third-party repair issues (which, honestly, I would probably not consider), because it would eliminate the need for every OEM to securely manage the keys needed to authorize pairing. Apple can do th
I always like a good discussion about security. But since you state you are prejudiced, I'm not going to waste my time at writing a response.
I did not state that I'm prejudiced. I said I suspect your counterarguments are flawed. You apparently agree since you aren't even bothering to make them.
That's the plain and simple truth. Nuclear Fission only looks like it works if it is cross-funded by obscene truckloads of taxpayers money
That's true now. It wasn't true forty years ago. Oh, nuclear fission was never the "too cheap to meter" dream originally touted, but it actually was extremely economical for a couple of decades. If you'd like to understand what changed, read this.
Has that quote been through google translate to Japanese and back?
https://www.youtube.com/watch?v=Elhyo-_fR0E
That's right, and let me quote the President of the United States of America in further support of nuclear
Link for anyone who wonders if that's more comprehensible when spoken, or mis-transcribed to make it less coherent. (Spoiler: No, and no).
If wage disparity were reduced to 1970's levels
I don't get why people care so much about wage disparity. What does it matter how much richer than you the richest are? What matters is how you live, and the average -- or even bottom tier -- person in the 2010s lives longer, eats better, is less likely to suffer violence, has a larger home, has cleaner air and water, etc., etc., etc., for almost any variable you can name than someone in the same position 40 years earlier.
Why the focus on comparing your position to that of others, rather than appreciating what you have?
Because the person who can use the language today is more valuable than the person who can use the language in three months.
Both can use the language now, the former will just be faster at first. Within three months, any difference in effectiveness will arise from cognitive ability, work habits and background knowledge -- especially domain knowledge. Unless those are exactly equal (and they never are), by the end of a year, total productivity for that year will depend entirely on those things; which one came in knowing the language will be irrelevant.
Unless you're hiring for short term contracts, "languages known" is generally among the least important elements to consider when hiring.
And they will be until you can pull your basket up and simply load the products onto the belt and it processes them without manual intervention.
I think the scanning process will move to the cart, eliminating the belt, etc. Ultimately this may be done by a system of cameras that simply watch what you take off the shelves and place in your cart, without you having to do anything at all in particular. That would eliminate shoplifting. Checkout can be done by sending the bill to your smartphone, or a screen integrated into the cart, or perhaps the "checkout" stations will simply become "payment" stations. Probably the cart screen, since it will provide a nice way to upsell.
Or perhaps we'll simply move to buying everything online, and robot pickers will make our selections at warehouses, then self-driving delivery vehicles and delivery bots will bring the stuff to our houses. Need to see/feel stuff before buying? No problem, the robots can bring the stuff to your house and then let you decide whether you want it. If not, they'll take it back right away, or maybe pick it up the next day (for non-perishables).
Cyclists should be able to treat stop signs as yield signs. Studies show that this increases safety, resulting in both fewer crashes and milder crashs. https://en.wikipedia.org/wiki/...
Stop trying to play "Frogger" with my daily commute asshat.
Reading isn't your strong suit, I see.
ticket them driving through stops signs
Cyclists should be able to treat stop signs as yield signs. Studies show that this increases safety, resulting in both fewer crashes and milder crashs. https://en.wikipedia.org/wiki/...
The iPhones are now being cryptographically paired on an internal component level. This is being done in the name of "security", which is bullshit
If you're talking about the fingerprint scanner, it's not bullshit, it really is for a very good security reason.
I work on Android Security, at Google, and this is something that we want to do as well, but for complicated reasons haven't been able to do, not even in the Pixel devices. And we want to do it not because we're copying Apple but because it's addresses a real security issue. Let me explain:
The security of fingerprints derives not from the secrecy of fingerpints (they're not secret, you leave them everywhere, including all over the surface of your phone, which is very convenient for phone thieves), but from the difficulty of preventing a fake fingerprint from being "scanned".
The simplest way to fake a fingerprint scan is to disconnect the scanner and feed the digital fingerprint data in directly. This is really, really easy to do, given a little expertise and some very inexpensive equipment. The fingerprint scanner connects to the device via a standard SPI bus, so you just have to connect some other processor to the bus and feed in the bitmap of the fingerprint (which you photographed from the surface of the phone).
The way to defeat this attack is to have the fingerprint scanner attach a cryptographic message authentication code (signature, if you will) which is produced with a key known to the CPU that will do the matching. This requires that the scanner and CPU be "paired" by arranging to share a key between them for producing and verifying these MACs. Further, it can't be too easy to pair a different scanner because then the attacker could just do that.
So, the pairing of fingerprint scanners to SoCs really is for security. I have no idea what the motivation for fighting this bill is, and it may well be the brazen attempt to extract more money by disallowing third party repair that you claim it is, but that's not the case for the fingerprint scanner pairing.
What you're talking about is a pragmatic problem, not a legal problem. Legally, there's little question that the president can be prosecuted. No, the Supreme Court didn't quite say so, but if you read US v Nixon, the arguments are clear. Judicial restraint prevented them from making that finding because it wasn't needed in the case at hand, but they laid out the groundwork quite thoroughly. Basically, they wanted to make that finding but had no justifiable reason to do so, so instead they just laid out all the arguments for when the question came up later.
The pragmatic problem is that although the legal road to prosecuting the president is relatively clear, there's no legal basis for appointing a truly independent prosecutor, like Kenneth Starr was for Bill Clinton. The Watergate-era law that created that position was allowed to expire in 1999. There are various other options, but none of them are truly independent, which leaves open the possibility that Trump could fire any investigator who pushes too hard. Well, to be precise, Trump can't fire Mueller, but he can tell Rosenstein to fire Mueller and if Rosenstein refuses Trump can fire Rosenstein.
King George had complete and total immunity, even if the opposition had a smoking gun. Trump has some ability to interfere with investigation. In no universe is the latter worse than the former, though it's not ideal.
Also, consider the fact that until Rosenstein does fire Mueller, Mueller can issue subpoenas and force testimony, on the record. Trump/Rosenstein can't really interfere with the investigation directly. It's possible that they picked Mueller because he was willing to pretend to do an investigation but steer clear of anything damaging, but that seems completely inconsistent with Mueller's character. If they wanted to do that, I think they picked the wrong guy.
Finally, it should be pointed out that Trump has absolutely no way to prevent investigation by private parties, such as journalists. Journalists lack subpoena power, of course, but they can often dig up substantial evidence anyway. And if someone does find damning evidence, Trump will be prosecuted, whether the House will impeach and open that door, or whether we'll take a trip to the Supreme Court to finally get that ruling, Trump will not be able to stop it.
Have you landed from an international flight in New York or Los Angeles, recently, with a connecting flight? I've only done Atlanta myself, but if I recall correctly, you have to go through both customs and security.
I've done this at NYC, LAX, SFO, ATL, MSP, DEN, MIA and probably others. Yes, unless you went through US immigration, customs and security in the other country (the US has arrangements with some countries to do those in the foreign airport, allowing the international flight to then proceed as though it were a domestic US flight), you always go through immigration, customs and then security upon arrival in the US.
Which is exactly what makes it possible to do what bluegutang said. He said (with some clarifying additions added by me):
Do you agree, or not, that Russia, Israel, Syria, and now possibly the US of A are fighting on the same side?
Absolutely not. The conflict in Syria is multi-lateral. Often, different parties end up attacking the same party, but that in no way makes them allies, it just means they're attacking the same party. "The enemy of my enemy is my friend" is rarely true, and it's clearly false in several ways in this case.
The situation in Syria is more like a barroom brawl than a typical war.