Seriously....a watch that goes toes up if you don't charge it daily? I know you've got the contingent of folks that buy stuff because "it's cool," but a watch that can't go a couple of days without charging it?
Go through slashdot comments of a few years ago, and you'll find large numbers of people saying the same thing about phones.
I don't mind putting my watch on its charger at night. I don't like wearing it while I sleep anyway. I'd rather not have to charge it every night but it's really not that much of a hardship -- and well worth it for the functionality of the watch.
IMO, a normal timepiece isn't worth the effort of strapping onto my wrist every morning, but a smartwatch is. Especially since mine (LG Sport Watch) has LTE, so I occasionally don't even bother to carry my phone. I can receive and respond to text messages, check my calendar, get navigation directions, play music (via bluetooth), make NFC purchases, track my bike rides/runs, and much more, all without my phone. I can't make calls because I have a data-only SIM in the watch, plus it's weird and uncomfortable talking to your wrist (I tried it), but I don't make many phone calls anyway. The phone does most of those things better of course, but it's not always convenient to carry it, and even when I have it it's not always convenient to pull it out of my pocket.
IMO, a smartwatch does enough more than a watch to justify charging it nightly, just like a smartphone does enough more than a phone to justify charging it nightly.
Google tries to keep malware out of the play store but malware does make it's way into the play store.
Not much, not often. 0.15% of devices that only use Google Play have any "potentially harmful apps", which is actually a broader category than "malware".
And if you have Verified Apps enabled, you'll be warned if you have malware installed.
You remember a link? I just type "where is my phone" into Google. Providing you're actually logged into Google it will offer the device manager right in the search results.
It's better than calling because when you use the device manager to ring the phone, it rings max volume, even if the ringer was turned down or silenced, and it rings for five minutes so you don't have to keep calling while you trace the sound.
Both of these companies may have perfectly valid complaints, but even if they don't I could see them deciding to give it a shot anyway. Suing the deepest (non-governmental) pocket in the world has to be pretty high on any aggressive corporate attorney's bucket list, and it's probably pretty easy to convince the C suite that throwing a few million into legal fees is a good bet, since the odds of convincing Apple to settle just to shut down the negative PR are probably pretty good.
And it makes even more sense to be the second company to do this, since the first has already got the negative buzz going. Or maybe they have an ironclad case. I'm just saying that the suit would make sense either way.
And that's the rationale underlying the 5th Amendment: torture is the only method to physically compel someone to give up access to the contents of their mind, and (aside from the fact that torture generally doesn't work) we don't want the government torturing suspects because, regardless of your feelings on torture, they frequently guess wrong as to who's a suspect.
Torture isn't the only way; any form of punishment can work. The one courts actually use is to jail the suspect for contempt of court until they cough up the information. You're right that there are real limits, though. If I committed a crime that would get me executed, I may prefer to stay in jail for the rest of my life rather than give the prosecutor evidence that would convict me. And I don't even have to do that; higher courts have held that once it's clear that being jailed won't convince the suspect to reveal the information he or she has to be released. So if I committed a serious crime, I'd be wise to steadfastly refuse to cough up the info. I might spend a few years in holding (note: most likely in jail not prison, which in most cases is also an improvement) until I'd convinced the judge that I was willing to take the secret to my grave, and then I'd be free. Not just free, but I'd also have escaped conviction which tremendously improves my prospects for resuming a normal life after I walk.
So you're right that I fundamentally cannot be compelled... but that doesn't mean that, given sufficient evidence, the courts can't try to compel me.
So, no, what the problem is is not the encryption. It's the intended use. You give EVERY DEVICE MANUFACTURER a decryption key.
Yeah, I'm sure that what's happened here is that someone extracted a device key and used it to decrypt the movie. I'm shocked that this is the first time it's been done. Actually, I doubt that it is.
Which you can revoke. But which millions of people share.
Actually, no. AACS provides a unique set of decryption keys to every individual device. Not model, but individual piece of hardware. Through a complicated (and rather cool, actually) sequence of derivations, every device can derive the keys needed for each disk, but if a player's keys are found to be compromised they can be revoked, and that player will be unable to decrypt any disks made in the future.
AACS was a little bit more complicated, with all kinds of virtual machines checking state, and things like keys that were generically derivable if you have enough device keys (which means that nobody can trace who actually broke it or blacklist them).
Again, no. AACS includes a traitor tracing scheme. I don't know if it's actually in use (but if we start seeing lots of UHD torrents, you can bet they'll start using it), but it allows the identification of the specific device that decrypted a movie, from the decrypted video stream. The way this works is that they encrypt some portions of the video twice, with keys chosen so that any given device can only decrypt one of the two copies. Then they apply different digital watermarks to each of the duplicate blocks. With n duplicated blocks they examine the decrypted output and identify which of 2^n devices decrypted.
But those are security-by-obscurity and inherent flaws of using encryption as DRM instead of its intended use.
True, but AACS gets about as close as you can get, I think, to a secure DRM solution that doesn't include a real-time, two-way negotiation.
Where it breaks down is that because "revocation" only affects future movies, an attacker who extracts the keys from a device on May 4, 2017 can use those keys to decrypt every Blu-Ray Disk pressed before that date (actually, probably before that date plus a few months). In addition, Blu-Ray players are dirt cheap. At the low end, they cost about the same as a disk. Given a cheap way to extract the key from one, it would be perfectly feasible to buy a new player for each movie you want to decrypt. But you don't even have to do that. Buy one per month and you can decrypt all the movies that come out -- at least until the AACS LA realizes that one model of player can be cheaply broken and pushes the manufacturer to tighten security to make it harder. They can make you work hard to keep up with changes in their security-by-obscurity.
Except they can't win that way, either. The trick is to break a set of devices and get all of their keys. Then identify the traitor tracing blocks in a movie and decrypt them with multiple players' keys, so you end up with both copies of many of the blocks. Then, when you construct the output to publish, choose among the traitor tracing blocks so that your output is different from any of the individual devices that you've broken. Examination of the published stream may finger some device in the world, but it will definitely not finger any of the ones you broke. You may cause some random individual's player to stop working (on future movies), but your keys will stay good.
At the end of the day, DRM is always breakable, because you have to distribute the keys. But it can be made pretty hard, and AACS is an incredibly good scheme, given the context in which it has to operate.
>You're not providing any information about the crime
Yes you are. Given that passwords are supposed to be secrets kept by you and only you, by supplying the password you are testifying that you indeed have control over that phone; that it is your phone and the contents are yours. You are linking the evidence in that phone to yourself.
Presupposing that the police didn't already have solid evidence that the phone is yours, I agree.
Tell that to all the murderers who have failed to disclose where they have disposed of bodies, weapons, and other bits of evidence.
Being compelled to tell the authorities where you disposed of the body would constitute testifying against yourself. But if the authorities already know where the body is, and have sufficient evidence to constitute probable cause for a warrant, you can be compelled to provide them with access to the location (if they need your help, which they generally wouldn't).
Apple is legally bound to pay. See Italy, and every single other country apart where Apple has sales.
Yep, and Apple does pay taxes in those countries. Then the US wants to tax what's left -- which is a rather weird thing to do, actually. The United States and Eritrea are the only countries in the world that do this.
This excludes only the USA due to cheap corruption.
Umm, it's simply not an issue for companies in any other first-world country, because other countries don't try to tax foreign profits. They leave that to the countries where those profits are earned.
If there were a sensible separation between those megacorps and policymakers, I'd agree with you. But since it's possible for the very rich to buy/extort their laws, no.
Then why hasn't Apple changed the law to allow them to bring their big pile of cash back to the US, rather than having to keep it parked uselessly offshore?
That's called obstruction of justice and tampering with evidence.
What evidence? We're assuming there is evidence to be found on the device already? We only have suspicion and the power to compel a person to action against themselves by revealing knowledge stored in their heads.
We're assuming there is enough evidence that there is evidence on the device to constitute probable cause for issuing a warrant. And, yes, in that case use of a duress password to wipe the device would constitute destruction of evidence. If the police arrive at your house with a search warrant and you set the house on fire to prevent it from being searched, that's obstruction and destruction of evidence.
Of course, if obstruction and destruction of evidence are lesser crimes that what you committed and know will be proven, you would be wise to commit those lesser crimes to protect yourself against conviction for the greater.
The constitution is razor sharp on this issue. You cannot ever be compelled to say anything in your defense, whether it's a password, a location, a date, an apology, the number of languages you speak, or your favorite color.
It doesn't, actually. It says you can't be compelled to be a witness against yourself, which in no way implies that you can't be compelled to provide access to locations, documents, etc., that may incriminate you. This is very, very well-established law. The fact that in this case the key is information rather than a physical object doesn't fundamentally change anything. The one exception, I think, is if the password itself is incriminating. In that case providing it would be witnessing against yourself.
What're they gonna do - torture them for the info?
No, but they can be held in jail indefinitely for refusing to obey the judge's order.
Not indefinitely. I don't remember the case exactly, but a few years ago it was ruled (in one of the federal appellate courts, and SCOTUS let it stand, IIRC) that once it is clear that you are never going to provide the information, that you prefer to stay in jail forever, then the detention no longer serves any legitimate purpose and you must be released. But that could be years, and you will rot there until the judge (or an appellate judge) is convinced that you're willing to take the secret to your grave.
A search warrant is different from a compel-you-to-incriminate-yourself warrant.
A search warrant cannot compel you to testify against yourself, but it absolutely can, and very often does, compel you to give police access to locations, items or data that can incriminate you. You can be compelled to give your breath, your fingerprints, your blood, your saliva. You can be compelled to provide access to your house, your car, the contents of your safe, or safe deposit box. You can be compelled to find and provide the (physical) keys to your stuff.
What the 5th amendment says is:
No person [...] shall be compelled in any criminal case to be a witness against himself
That's it. You cannot be compelled to be a witness against yourself. But you can be compelled to provide access to physical evidence, documentation (paper or electronic), biometric data or virtually anything else, even if you know full well that doing so will incriminate you.
A lot of people have theorized that passwords provide a loophole to this otherwise well-established case law, that because a password is information, that being required to give it is somehow being required to testify against yourself, that a password, an "information key" is different from a physical key because it's information. But that's a pretty weak argument. It's very hard to see how telling your password constitutes "being a witness". You're not providing any information about the crime, you're just handing over a key.
I suppose the one exception is if you can argue that the password itself, not the data on the systems it unlocks, or the data that it decrypts, actually incriminates you. If your password is "I killed sarah and dumped her body behind my grandmas old barn", then you can probably plead the 5th. Maybe. The prosecutor could just offer to immunize you from any incrimination that arises from the password itself, or anything that might be inferred or discovered from it (like Sarah's body) other than what is contained in the data it unlocks.
In general, though, I don't think that being compelled to provide your password is inconsistent with either the letter or the spirit of the 5th amendment. I think it'll take some more rulings, and it will be appealed up to the Supreme Court, but I'm pretty sure that's how it's going to shake out.
So Uber's lawyers have checked those documents over and determined there is nothing in there, trust them!
That's not what they said. They didn't say there isn't anything incriminating in those documents, they said that they have a right to withhold them because they're protected by attorney-client privilege. The "we're not hiding anything" just means that they believe they have a legal right to withhold the documents, not that there's nothing in them.
Wasn't that obvious for years now? "The law doesn't apply to us" sounds dishonest to me.
I don't think they ever took that position. The position they took was "The law is wrong. We'll charge ahead and show there's a better way, and it will be changed." And I think they're right about that. It appears to be about the only thing they're on the right side of, though.
With a 64-bit address space, odds are a random jump won't even hit a valid memory address.
People often don't get just how big 2^64 is. It's on the order of the number of grains of sand in all the beaches and all the deserts on Earth. More importantly it's vastly larger than the addressable RAM in your computer... and a 32-bit address space is actually smaller than the amount of RAM in many (most?) computers today, since 32 bits can only address 4 GiB.
If you have 16 GiB of RAM, and if all of it is mapped into a single process space, that's 2^34 bytes of RAM. So, picking an address at random gives you a 1/2^30 chance of hitting a valid address. That's one in 1,073,741,824; one in a billion. An attacker who can try a million random addresses still only has a roughly one in one thousand chance of hitting something at all... and the odds of finding something *useful* are quite a bit lower, since most of the mapped memory is non-executable.
Because welfare is (barely) good enough and moving seems like such a risky endeavor, people stay put and get by on welfare.
Moving isn't easy but it's not that hard. Either your argument is that poor people are trapped in ignorance (like someone blinded by smoke in a burning building who can't see the open door to safety)
It doesn't have to be ignorance. It can also be apathy, or fear of the unknown, or any of a dozen other reasons. Note that I'm not actually claiming that any of this is the case, just that it's possible and the possibility shouldn't be ignored when trying to understand why people stay in bad situations.
Slashdot Mirror
Well, funny. Except that you did not read (or maybe did not understand) what I wrote. For example, I nowhere advocate a "vigilante approach".
What you said was:
How were proposing to remove them from the planet? Or in what other way were you suggesting we not tolerate them?
Seriously....a watch that goes toes up if you don't charge it daily? I know you've got the contingent of folks that buy stuff because "it's cool," but a watch that can't go a couple of days without charging it?
Go through slashdot comments of a few years ago, and you'll find large numbers of people saying the same thing about phones.
I don't mind putting my watch on its charger at night. I don't like wearing it while I sleep anyway. I'd rather not have to charge it every night but it's really not that much of a hardship -- and well worth it for the functionality of the watch.
IMO, a normal timepiece isn't worth the effort of strapping onto my wrist every morning, but a smartwatch is. Especially since mine (LG Sport Watch) has LTE, so I occasionally don't even bother to carry my phone. I can receive and respond to text messages, check my calendar, get navigation directions, play music (via bluetooth), make NFC purchases, track my bike rides/runs, and much more, all without my phone. I can't make calls because I have a data-only SIM in the watch, plus it's weird and uncomfortable talking to your wrist (I tried it), but I don't make many phone calls anyway. The phone does most of those things better of course, but it's not always convenient to carry it, and even when I have it it's not always convenient to pull it out of my pocket.
IMO, a smartwatch does enough more than a watch to justify charging it nightly, just like a smartphone does enough more than a phone to justify charging it nightly.
Google tries to keep malware out of the play store but malware does make it's way into the play store.
Not much, not often. 0.15% of devices that only use Google Play have any "potentially harmful apps", which is actually a broader category than "malware".
And if you have Verified Apps enabled, you'll be warned if you have malware installed.
See: https://source.android.com/sec...
The 2016 report will be out soon, I expect.
I wasn't trying to say your way isn't better. It is. Thanks!
Scary...
How so?
You remember a link? I just type "where is my phone" into Google. Providing you're actually logged into Google it will offer the device manager right in the search results.
Actually, I search for "Android Device Manager".
I still have a landline. I need it so that when I can't find my cellphone, I can call it and search for the ringing sound.
If your phone is an Android device, try https://www.google.com/android...
It's better than calling because when you use the device manager to ring the phone, it rings max volume, even if the ringer was turned down or silenced, and it rings for five minutes so you don't have to keep calling while you trace the sound.
Both of these companies may have perfectly valid complaints, but even if they don't I could see them deciding to give it a shot anyway. Suing the deepest (non-governmental) pocket in the world has to be pretty high on any aggressive corporate attorney's bucket list, and it's probably pretty easy to convince the C suite that throwing a few million into legal fees is a good bet, since the odds of convincing Apple to settle just to shut down the negative PR are probably pretty good.
And it makes even more sense to be the second company to do this, since the first has already got the negative buzz going. Or maybe they have an ironclad case. I'm just saying that the suit would make sense either way.
My friend has one of these. I can't take a fart without Alexa making comment.
Solution: https://xkcd.com/1807/
And that's the rationale underlying the 5th Amendment: torture is the only method to physically compel someone to give up access to the contents of their mind, and (aside from the fact that torture generally doesn't work) we don't want the government torturing suspects because, regardless of your feelings on torture, they frequently guess wrong as to who's a suspect.
Torture isn't the only way; any form of punishment can work. The one courts actually use is to jail the suspect for contempt of court until they cough up the information. You're right that there are real limits, though. If I committed a crime that would get me executed, I may prefer to stay in jail for the rest of my life rather than give the prosecutor evidence that would convict me. And I don't even have to do that; higher courts have held that once it's clear that being jailed won't convince the suspect to reveal the information he or she has to be released. So if I committed a serious crime, I'd be wise to steadfastly refuse to cough up the info. I might spend a few years in holding (note: most likely in jail not prison, which in most cases is also an improvement) until I'd convinced the judge that I was willing to take the secret to my grave, and then I'd be free. Not just free, but I'd also have escaped conviction which tremendously improves my prospects for resuming a normal life after I walk.
So you're right that I fundamentally cannot be compelled... but that doesn't mean that, given sufficient evidence, the courts can't try to compel me.
So, no, what the problem is is not the encryption. It's the intended use. You give EVERY DEVICE MANUFACTURER a decryption key.
Yeah, I'm sure that what's happened here is that someone extracted a device key and used it to decrypt the movie. I'm shocked that this is the first time it's been done. Actually, I doubt that it is.
Which you can revoke. But which millions of people share.
Actually, no. AACS provides a unique set of decryption keys to every individual device. Not model, but individual piece of hardware. Through a complicated (and rather cool, actually) sequence of derivations, every device can derive the keys needed for each disk, but if a player's keys are found to be compromised they can be revoked, and that player will be unable to decrypt any disks made in the future.
AACS was a little bit more complicated, with all kinds of virtual machines checking state, and things like keys that were generically derivable if you have enough device keys (which means that nobody can trace who actually broke it or blacklist them).
Again, no. AACS includes a traitor tracing scheme. I don't know if it's actually in use (but if we start seeing lots of UHD torrents, you can bet they'll start using it), but it allows the identification of the specific device that decrypted a movie, from the decrypted video stream. The way this works is that they encrypt some portions of the video twice, with keys chosen so that any given device can only decrypt one of the two copies. Then they apply different digital watermarks to each of the duplicate blocks. With n duplicated blocks they examine the decrypted output and identify which of 2^n devices decrypted.
But those are security-by-obscurity and inherent flaws of using encryption as DRM instead of its intended use.
True, but AACS gets about as close as you can get, I think, to a secure DRM solution that doesn't include a real-time, two-way negotiation.
Where it breaks down is that because "revocation" only affects future movies, an attacker who extracts the keys from a device on May 4, 2017 can use those keys to decrypt every Blu-Ray Disk pressed before that date (actually, probably before that date plus a few months). In addition, Blu-Ray players are dirt cheap. At the low end, they cost about the same as a disk. Given a cheap way to extract the key from one, it would be perfectly feasible to buy a new player for each movie you want to decrypt. But you don't even have to do that. Buy one per month and you can decrypt all the movies that come out -- at least until the AACS LA realizes that one model of player can be cheaply broken and pushes the manufacturer to tighten security to make it harder. They can make you work hard to keep up with changes in their security-by-obscurity.
Except they can't win that way, either. The trick is to break a set of devices and get all of their keys. Then identify the traitor tracing blocks in a movie and decrypt them with multiple players' keys, so you end up with both copies of many of the blocks. Then, when you construct the output to publish, choose among the traitor tracing blocks so that your output is different from any of the individual devices that you've broken. Examination of the published stream may finger some device in the world, but it will definitely not finger any of the ones you broke. You may cause some random individual's player to stop working (on future movies), but your keys will stay good.
At the end of the day, DRM is always breakable, because you have to distribute the keys. But it can be made pretty hard, and AACS is an incredibly good scheme, given the context in which it has to operate.
>You're not providing any information about the crime
Yes you are. Given that passwords are supposed to be secrets kept by you and only you, by supplying the password you are testifying that you indeed have control over that phone; that it is your phone and the contents are yours. You are linking the evidence in that phone to yourself.
Presupposing that the police didn't already have solid evidence that the phone is yours, I agree.
Tell that to all the murderers who have failed to disclose where they have disposed of bodies, weapons, and other bits of evidence.
Being compelled to tell the authorities where you disposed of the body would constitute testifying against yourself. But if the authorities already know where the body is, and have sufficient evidence to constitute probable cause for a warrant, you can be compelled to provide them with access to the location (if they need your help, which they generally wouldn't).
Apple is legally bound to pay. See Italy, and every single other country apart where Apple has sales.
Yep, and Apple does pay taxes in those countries. Then the US wants to tax what's left -- which is a rather weird thing to do, actually. The United States and Eritrea are the only countries in the world that do this.
This excludes only the USA due to cheap corruption.
Umm, it's simply not an issue for companies in any other first-world country, because other countries don't try to tax foreign profits. They leave that to the countries where those profits are earned.
If there were a sensible separation between those megacorps and policymakers, I'd agree with you. But since it's possible for the very rich to buy/extort their laws, no.
Then why hasn't Apple changed the law to allow them to bring their big pile of cash back to the US, rather than having to keep it parked uselessly offshore?
That's called obstruction of justice and tampering with evidence.
What evidence? We're assuming there is evidence to be found on the device already? We only have suspicion and the power to compel a person to action against themselves by revealing knowledge stored in their heads.
We're assuming there is enough evidence that there is evidence on the device to constitute probable cause for issuing a warrant. And, yes, in that case use of a duress password to wipe the device would constitute destruction of evidence. If the police arrive at your house with a search warrant and you set the house on fire to prevent it from being searched, that's obstruction and destruction of evidence.
Of course, if obstruction and destruction of evidence are lesser crimes that what you committed and know will be proven, you would be wise to commit those lesser crimes to protect yourself against conviction for the greater.
The constitution is razor sharp on this issue. You cannot ever be compelled to say anything in your defense, whether it's a password, a location, a date, an apology, the number of languages you speak, or your favorite color.
It doesn't, actually. It says you can't be compelled to be a witness against yourself, which in no way implies that you can't be compelled to provide access to locations, documents, etc., that may incriminate you. This is very, very well-established law. The fact that in this case the key is information rather than a physical object doesn't fundamentally change anything. The one exception, I think, is if the password itself is incriminating. In that case providing it would be witnessing against yourself.
What're they gonna do - torture them for the info?
No, but they can be held in jail indefinitely for refusing to obey the judge's order.
Not indefinitely. I don't remember the case exactly, but a few years ago it was ruled (in one of the federal appellate courts, and SCOTUS let it stand, IIRC) that once it is clear that you are never going to provide the information, that you prefer to stay in jail forever, then the detention no longer serves any legitimate purpose and you must be released. But that could be years, and you will rot there until the judge (or an appellate judge) is convinced that you're willing to take the secret to your grave.
A search warrant is different from a compel-you-to-incriminate-yourself warrant.
A search warrant cannot compel you to testify against yourself, but it absolutely can, and very often does, compel you to give police access to locations, items or data that can incriminate you. You can be compelled to give your breath, your fingerprints, your blood, your saliva. You can be compelled to provide access to your house, your car, the contents of your safe, or safe deposit box. You can be compelled to find and provide the (physical) keys to your stuff.
What the 5th amendment says is:
That's it. You cannot be compelled to be a witness against yourself. But you can be compelled to provide access to physical evidence, documentation (paper or electronic), biometric data or virtually anything else, even if you know full well that doing so will incriminate you.
A lot of people have theorized that passwords provide a loophole to this otherwise well-established case law, that because a password is information, that being required to give it is somehow being required to testify against yourself, that a password, an "information key" is different from a physical key because it's information. But that's a pretty weak argument. It's very hard to see how telling your password constitutes "being a witness". You're not providing any information about the crime, you're just handing over a key.
I suppose the one exception is if you can argue that the password itself, not the data on the systems it unlocks, or the data that it decrypts, actually incriminates you. If your password is "I killed sarah and dumped her body behind my grandmas old barn", then you can probably plead the 5th. Maybe. The prosecutor could just offer to immunize you from any incrimination that arises from the password itself, or anything that might be inferred or discovered from it (like Sarah's body) other than what is contained in the data it unlocks.
In general, though, I don't think that being compelled to provide your password is inconsistent with either the letter or the spirit of the 5th amendment. I think it'll take some more rulings, and it will be appealed up to the Supreme Court, but I'm pretty sure that's how it's going to shake out.
So Uber's lawyers have checked those documents over and determined there is nothing in there, trust them!
That's not what they said. They didn't say there isn't anything incriminating in those documents, they said that they have a right to withhold them because they're protected by attorney-client privilege. The "we're not hiding anything" just means that they believe they have a legal right to withhold the documents, not that there's nothing in them.
Wasn't that obvious for years now? "The law doesn't apply to us" sounds dishonest to me.
I don't think they ever took that position. The position they took was "The law is wrong. We'll charge ahead and show there's a better way, and it will be changed." And I think they're right about that. It appears to be about the only thing they're on the right side of, though.
How anyone can think a company manipulating software on your machine, without your permission is acceptable is beyond me.
From the article:
With a 64-bit address space, odds are a random jump won't even hit a valid memory address.
People often don't get just how big 2^64 is. It's on the order of the number of grains of sand in all the beaches and all the deserts on Earth. More importantly it's vastly larger than the addressable RAM in your computer... and a 32-bit address space is actually smaller than the amount of RAM in many (most?) computers today, since 32 bits can only address 4 GiB.
If you have 16 GiB of RAM, and if all of it is mapped into a single process space, that's 2^34 bytes of RAM. So, picking an address at random gives you a 1/2^30 chance of hitting a valid address. That's one in 1,073,741,824; one in a billion. An attacker who can try a million random addresses still only has a roughly one in one thousand chance of hitting something at all... and the odds of finding something *useful* are quite a bit lower, since most of the mapped memory is non-executable.
Indeed. No, Google, I don't need to know anything about clams today; I actually meant to type "clamd" when I typed "clamd."
Hmm. I just searched for "clamd", and got a bunch of stuff about clamd. Personalized search FTW?
Because welfare is (barely) good enough and moving seems like such a risky endeavor, people stay put and get by on welfare.
Moving isn't easy but it's not that hard. Either your argument is that poor people are trapped in ignorance (like someone blinded by smoke in a burning building who can't see the open door to safety)
It doesn't have to be ignorance. It can also be apathy, or fear of the unknown, or any of a dozen other reasons. Note that I'm not actually claiming that any of this is the case, just that it's possible and the possibility shouldn't be ignored when trying to understand why people stay in bad situations.