They still have them here. And yes I agree, they're much easier to handle when going by car. I do prefer them when I forgot my shopping bags, especially since I recycle them with the other waste paper I have
I prefer the thin plastic bags for the exact reason that it's easier to carry more in fewer trips. They have loop handles and the way they're designed it ends up being very easy to thread my fingers through the loops of a dozen or more bags. The limit on the amount I can carry in one trip from the car to the pantry is dictated more by arm strength than anything else, because I can load up both hands to the point that I can't lift either of them above my waist. I'm not a weightlifter, but neither am I particularly weak.
Heftier bags with handles with enough slack in them would work as well this way, I think. Boxes would take more trips unless they were closed so I could stack them.
The Fermi Paradox is an utterly useless test. It takes variables you have no data on and then says to compute their probability.
You mean the Drake equation, not the Fermi Paradox, and you're wrong about its usefulness, as you'd know if you bothered to read the paper. The authors make a very convincing statistical argument that the Drake equation actually resolves the Fermi Paradox.
Statistical probability, to be of any use in the real world at all, must by definition be based off already measurable data.
True
That we have basically no measurement of any of this data
False. As the paper points out, we can estimate the distribution of many of the astrophysical numbers with relatively low uncertainty -- a few orders of magnitude. And while the others are much more difficult, when we don't know how to estimate a parameter, it is often feasible to bound the parameter and estimate the degree of uncertainty. In this case, the authors construct plausible estimates for the uncertainty of the really difficult parameters. The uncertainties are enormous precisely because we know so little. For example, they estimate that our best estimate of f_l ranges over 200 orders of magnitude. They note that this is a conservative estimate, that the actual uncertainty may be much larger, but that larger uncertainties merely strengthen their result.
The authors assume that the parameter values are uniformly distributed, calculate the resulting PDF of N and conclude that based on our best knowledge (which is very poor -- that's the whole point of the paper, to make sure the paucity of data is properly considered), there is a significant probability that we are alone in the galaxy, and in the observable universe. Their PDF also shows that there is a significant probability that we are not alone. In fact the probabilities of being alone and not being alone are close to equal.
Thus, the paper rigorously demonstrates that the Fermi Paradox is not paradoxical, precisely because we cannot estimate the parameters to Drake's equation. They show that because our knowledge is so poor, universes that are both empty and teeming with intelligent life fall well within the bounds of a careful, rational, and mathematical analysis based on our best knowledge.
In short, they rigorously demonstrated that your intuition about Drake's equation is correct, that our knowledge of the parameters is so weak that the resulting equation does not allow us to predict anything.
However, they also note that the amount of effort we've put into SETI provides us with actual data we can use to revise our estimates of the Drake Equation parameters, albeit only a little bit. They apply Bayes Theorem under a few different models to update their uncertainty estimates, and use the updated parameters to recalculate the probability that we're alone. This is a process that we can continue over time, updating the parameter PDFs based on observations (of various kind, not just SETI null results), gradually narrowing the uncertainty.
That a paper from Oxford uses it is, one would hope, a joke from a couple drunk frat students hoping to get an easily published paper out to boos their careers.
You should read the paper. It's actually quite carefully reasoned and interesting.
Define "gone". If your definition is "zero", then no app distribution channel of any size will ever reach it. Google Play has extremely low rates of PHA (potentially-harmful apps -- a somewhat broader category than "malware") now, and it's being driven down year by year.
I'd start by defining "gone" as the probability of encountering a PHA on Google Play Store being less than that on Apple's App Store during the same month.
Do you have evidence that it is not? Serious question. AFAIK, both stores regularly have PHA, but I'm not aware of any good anlayses of the relative frequency.
The article is dismissive of the direction this is heading, but in a world where 99% of the people using a mobile device simply have no ability to manage digital security, you just can't continue to allow people to install something from anywhere.
Of course you can. It's done by creating operating systems not full of swiss cheese escalation vulnerabilities
So, step one is to do what no one has ever managed to do in the history of widely-used consumer operating systems. You have an extraordinarily high opinion of Google's engineers. Thank you, but we're not that good. If you are, please send me your resume.
and giving users meaningful access controls that never devolve into take it or leave it demands of software.
That was done in Android 6.0, in 2015. Unfortunately, Android fragmentation means that it's not yet possible to force all apps to use it, because there are still too many older OS versions in active use. I think we should be able to do that in the next year or two, but that's only my guess, and it's not my area of expertise.
God forbid a user is able to feed fake location, address book and phone data
For address book data, I think the better solution is not to give apps access to the address book at all. Instead, give them a system API that allows them to request that the system throw up an address selection dialog, and then give them only the data the user chose. Unfortunately, that would be a huge change for the app ecosystem, so it would have to be done carefully, and even when done it would take time to roll out and convince app developers to adopt it. Also, users won't want to be restricted to only default address book management tools, so we'll still have to provide a permission that allows unlimited access, though hardly any of the apps that have address book access now would need it under this notional model.
As for fake data... I don't know. There's a lot of debate about that. I don't think anyone is philosophically opposed (and no one cares about the alleged financial considerations that you're so certain drive us), but no one really believes it will work, either. It'll just produce an arms race between fake data generators and fake data detectors. And it would also make spoofing of location-based games, etc., completely trivial, which negatively impacts the users of those games, as well as the developers. All in all, it seems like a lot of effort for little net gain, if any.
App developers would riot. Owning users is the business model of the everything must be FREE app store market.
Overstated, but not fundamentally wrong. It definitely is true that the Android team wants to serve developers as well as users, because a platform has to have both to exist. And device makers, too.
Damn straight!! The peasant class doesn't deserve no stinking freedom. They can't handle it. All Hail King Alphabet ruler of all teh Intertubes.
This is isn't the Android team's approach or perspective at all. There's a reason that Nexus and PIxel devices have always had unlockable bootloaders. It's because Google believes that technical users should have control of their devices. With Project Treble new devices are now in a state where you can flash a custom AOSP build onto any device you can unlock, without needing to worry about vendor binaries... it's taken a huge amount of work to get to that point, and while most of the reason for doing it is to fix the upgradability problem (and resulting fragmentation problem), making life easy for modders and makers of custom ROMs is part of it, too.
I host a regular conference call for talking to key players in the modding and rooting community, which the specific goal of helping my team to understand how we should best design to make their lives easier. I love to see technical users doing interesting thi
As the article says, there are plenty of alternatives waiting in the wings. Github got big because of network effects; everyone used it because everyone else used it. But the effect is weak in this case. If a competing service can offer some moderately-significant advantage, projects will move. If Microsoft makes Github harder for non-Windows projects to use, or even just stops improving it, another service will become the default home for open source projects.
Now that they've identified that the elimination of that particular gene will produce immunity, they need to develop a quick way to test for it. Then test all the pigs they can find who aren't obviously infected. What are the odds of some pigs already having this trait? If they can find it as a mutation, then they can bypass all the GMO restrictions.
Which, of course, just highlights how utterly ridiculous the GMO restrictions are.
Really, which is better, a targeted, narrowly-focused engineered "mutation" or one that arose from pure random chance, along with who knows how many other utterly random changes? It's like the choice between having your appendectomy performed using a scalpel or a shotgun -- and believing that the shotgun approach is safer/better!
What it boils down to is that the vast majority of humanity does not understand evolution. As a "natural" process, they believe that there is some evolution fairy that ensures that mutations are beneficial and somehow "well-designed". But this is completely wrong. Evolution works by throwing mud at the wall and seeing what sticks. It can and does happen that a species evolves to extinction, because selection pressures cause domination by genes which are more successful in the short term at replicating themselves but are ultimately destructive to the species.
The only true advantage to non-GMO foods is that mutation is rare enough and slow enough that we can reasonably assume that non-GMO species have a track record of seeming reasonably safe. But we should keep in mind that all of our common food species have been heavily optimized via interbreeding, often with the addition of mutagenic chemicals or radiation to accelerate the rate of change in the breeding process. None of our major food species are the same today as they were a couple of centuries ago, and most of them are fairly different than they were even 50 years ago. So this one, thin, advantage of non-GMO species is also quite shallow.
As to the question of this particular change, unless it's an extremely simple one your notional screening test would find zero animals in the best case, because complex mutations take a very, very long time to develop into a fully effective form. In practice, we already know even without doing the test that there are no pigs that acquired this mutation randomly. How? Think about it. If some pig had a heritable resistance to the disease, pig farmers would have noticed that a particular line of pigs never got sick... and they'd have immediately bred for that trait, since it's so valuable.
The court decision will have no immediate effect, but it will eventually lead to a completely untenable situation for all but the largest of businesses.
More likely, it would just create a new class of service provider that handles the calculation of the correct sales taxes based on location of seller, location of buyer, category of product, phase of the moon, etc. and of paying the right entity with the right documentation. Companies that already have departments to do this will probably spin up a new service business.
And RF range detecting the fob IN the car? That's dubious.
Not at all. It's quite common. My Nissan does it. If you have a fob in the car and a fob in your hand, you can lock the doors. If you have no fob in either place, you can lock the doors (there are lock/unlock buttons on the door handles). If you have a fob in the car and none in your hand, you can't lock the doors.
My Tesla seems to be able to tell which key fob is in the driver's seat, and can also distinguish between fobs inside or outside the car. It also unlocks when the fob nears the car, and locks when the fob leaves the vicinity, which is the optimal behavior from a convenience perspective; you just leave the fob in your pocket and get in and out at your convenience. Now I want the same without having to carry the fob, since I always have my phone.
"A complete non-problem. Cryptography. Relay attacks are an issue, though."
Contradictory in itself.
You mentioned sniffing, which is a completely different thing than relay attacks. Sniffing is easily solved. Relay is harder, but it's solvable.
I think the best candidate is WiFI UWB, which has built-in secure, precise time-based ranging. The ranging process produces a shared session key with bits provided by both radios. So if you have an eSE connected directly to the WiFi radio it can kick off the process and get the measurement and session key back, and the car can get the session key from its radio. Both sides can then use the session key along with a previously-shared secret (the actual "unlock and drive key") to derive a session-unique shared secret that is bound to the ranging protocol.
The upshot of this is that a simple relay attack must become a MITM attack... and that is impossible, because although the attacker can complete the ranging protocol at each end (between phone and attacker transceiver 1 and between car and attacker transceiver 2) and will know the session keys produced by both processes, but because phone and car will be using different session keys to derive the session unlock key, they'll get different results and relaying the phones message to the car will do no good.
Plus, cryptography has a very limited lifespan
Ciphers and protocols easily last multiple decades... and this is all software, so it can be upgraded when needed.
I'm not sure there's a single cryptographically secure car entry system out there.
That's not true, but even if it were it it in no way implies that it can't be done.
Phone viruses. Er... are you suggesting it somehow magically works without integration with the phone?
No magic involved. The phone's CPU will be at most involved in shuffling encrypted bits between secure element and radio. Even that much involvement isn't actually necessary, and there are several good arguments for minimizing the application processor's (that's the main CPU) participation, mostly for corner cases like when the phone battery is very low (they're never actually dead). If you only have to power the eSE and a relatively low-power radio you can operate at much lower battery levels.
Pay-by-bonk technology is in phones and is rarely isolated from core NFC functionality.
Yes and no. I worked on the first incarnation of Google Wallet, as well as on some pre-smartphone payment stuff. In Google Wallet 1.0, the AP had almost nothing to do with the transaction; the eSE was connected directly to the NFC controller and did everything. Because carriers fought Google over use of the eSE (and OEMs didn't want to have to install one), Google finally moved to HCE which does, as you say, do the transaction on the AP. The latest incarnation is moving towards using the TEE or eSE for key storage and crypto operations, where available.
The work on phone-based car keys is starting where Google Wallet did, using the eS
A good manual filter would be to ignore any post that contains "Trump" in the subject. That filter will have lots of false negatives, but very few false positives.
Not least "your battery runs flat, but you need to open it to jump-start it" (so either all the doors open, or you can't get into it at all)
This is a problem with lots of new cars, not really related to this digital key question.
Most if not all the smart key solutions I've seen have a mechanical key hidden in the fob, so you can always at least open the car.
Definitely not all. I've had a couple of rental cars recently which didn't (Toyota or Nissan, I believe -- I don't pay much attention to my rentals) and my Tesla's key fob doesn't. The Tesla doesn't even have a keyhole; I didn't bother looking at the rental car doors, so I can't say about those.
With the Tesla, if your key fob battery is dead, you can still unlock the car by placing it in a particular spot at the base of the windshield, and you an still drive it by placing the key at a particular spot inside. Of course, with a Tesla the car battery will basically never be dead. Even after it won't drive any more the dregs of the giant battery are more than enough to power stuff like door locks for a very long time... and if the battery ever does go completely dead, you've got far bigger problems because that's very bad for that very expensive battery.
A president is president of the entire country. This behaviour, that of trying to stoke hatred and rage is not the sign of a leader, unless your talking the leader of some rabid cult.
Coming from a likely Democrat that is just so rich. Stoking racial divide and general victimhood is the hallmark of the Democratic party and Obama & Clinton are masters of the art.
Nah, they're amateurs, Trump took them to school. Of course, maybe that supports your argument, since he was a Democrat for nearly all of his life, until it became clear that the Republican party was easier to hack.
Not least "your battery runs flat, but you need to open it to jump-start it" (so either all the doors open, or you can't get into it at all)
This is a problem with lots of new cars, not really related to this digital key question.
"I locked my phone in the car"
As with RF key fobs, the car should refuse to lock unless the phone is outside the car.
"Someone sniffed the NFC transaction from across the street- NFC is short-range-powered, but long-range-ordinary-radio-signal"
A complete non-problem. Cryptography. Relay attacks are an issue, though.
"Every garage has a way to open that car if the system should fail and you can buy the kit to open any car for $20k"
That's already true.
"My phone got a virus and now anyone can open my car"
Your phone having a virus can't affect it in any way, since it's not the phone's main processor or OS that do the unlocking, it's a separate secure element.
"Previous owners of the car can just walk up to it with their phone to unlock it"
No, this is a huge advantage of digital keys. It will be trivial to invalidate previous keys. That can't be done with physical keys without physically changing the locks (have you ever changed the locks on your car?), and can't be easily done with current RF key fobs.
The smartphone isn't the weak link here - it's car manufacturer's "existing trusted system." I suspect it'll be much easier for a bad actor to trick the manufacturer into sending a key to their smartphone than it would be for them to walk into a dealership and convince them to make a copy of a key that isn't already in their possession.
Tesla's process requires you to send a copy of your registration and ID to get your vehicle associated with your Tesla account, which allows your phone to unlock and even drive the car without a key. The documentation is sent via email (assuming you're not buying from Tesla directly, in which case it would be easier), but I'm told they also validate the information against the public data from the state (at least in the US), so it seems reasonably good. The same paperwork would get a dealership to make a key for you, and last time I did this (about five years ago) they didn't check the state database. I'd guess they still don't.
Given your VIN, I'll bet I could create a fake registration and take it to a dealership and get a key for your car. And your VIN is easily visible from the outside of your car.
Hmm. I'm curious enough about this that I think I may try it... my son has lost one of the keys to his car, maybe I'll fake a registration in my name and see if a dealership will make me a key. I need to look into the law and make sure that they don't make creating a fake document a crime, though. It probably is a crime, actually, and if so I won't do it. I mean, I can get my son to write and sign a letter giving me permission to get a key made for his car just in case it turns out they do check the validity of the documentation and discover my attempt at pseudo fraud, but that won't help if merely making the fake document is a crime.
Actual thieves, of course, would probably just bribe someone who works in a dealership.
Except having a physical key requires actually having the key in your posession.
Not the case with lots of new cars. Increasingly, they're all moving to RF keys, as AmiMoJo said. This is super convenient, since it means that you just have to have the key in your pocket and to be able to open the door and drive. But it also opens the keys up to relay attacks, where the key may be miles away from the car but a pair of transceivers relays the signal.
FWIW, I'm working on digital car keys for Android as well. I own most of "hardware-backed security" for Android at Google, which means most anything that relies on Trusted Execution Environments (e.g. ARM TrustZone) or embedded security chips. I won't say much about it here because I'm not sure how much I can share publicly, yet, but I will say that there's an intensive focus on security, including protection against relay attacks.
"Actually, I do RTFA" is not suggesting cutting the military. He's saying that we can fund 1/3 of a national UBI without cutting the military, and without raising our very low (by rich country standards) taxes.
To fund the other 2/3 we'd need to raise taxes. However a lot of that additional taxation would be a wash for the taxpayers, since middle-income taxpayers would see their taxes increase by about the same amount as their UBI check. The upper middle class and the upper class would likely see a heavier tax burden, but they (we, I should say, since I'm in the upper middle class) can afford it.
Then change the law. This is a republic of laws, after all.
In general, I agree. Leaving bad law on the books for selective enforcement gives way too much power to those who make the selective enforcement decitions. But there are times when civil disobedience -- even on the part of the executive branch of the government -- is the only moral thing to do.
And if the detainee claims asylum that kicks in an entirely new process with a series of interviews and investigations to validate the claim. That takes time, and while it is going on the children will be separated.
Non sequitur. There is no legal requirement to separate families while asylum claims are investigated.
The law is immoral and wrong -- and most of the people in question are seeking asylum which means they haven't actually broken it. Previous administrations (plural -- this is not just about Obama) recognized this and were careful to err on the side of believing asylum seekers until they had their claims evaluated, rather than assuming they were lying and processing them as criminals.
The Obama Catch and release program is a failure with over 80% of those caught and released failing to show up for their court dates.
There are many, many other options, including detaining families together, as previous administrations going back to at least Reagan did, or using ankle bracelets or other methods of monitoring. And, no, ICE is not required to separate them, because ICE is not required to treat them as criminals. That decision is totally on Trump and Sessions, no matter how much they claim otherwise.
Also, your argument ignores the fact that the United States in large part actually created the violent and dangerous Central American conditions that are pushing most of these people to seek refuge here. That doesn't mean we owe them all a place, but it does mean that we should acknowledge our debt at least by giving their claims a fair hearing, and not treating them like criminals, or worse.
If you really want to stop illegal immigration, it's actually very easy, and doesn't require any of these human rights abuses. In just two steps, we could fix it:
1. Enact heavy penalties for any American caught employing illegal immigrants, including criminal penalties for those who do it knowingly and repeatedly. This would choke off the economic incentive for illegal immigration. If you want to make it really effective, establish a policy of offering permanent residency to any illegal immigrant who rats out their employer.
2. Stop the war on drugs. Drug abuse should be handled primarily as a medical issue. Divert all DEA funding (and funding given to state and local police for the drug war) to the establishment of treatment centers and supporting infrastructure. Decriminalization should also be considered, but its not as important as simply stepping back from the utterly ineffective and counter-productive enforcement we've been attempting.
It would take a few years, and things in Central and South America would briefly get worse, but ending the war on drugs would destroy the violent gangs which are making parts of those regions hellish by removing their lifeblood: our drug money.
But for some reason there's a big part of this nation that refuses to see that the solution to this set of problems is to fix our own internal brokenness, rather beating down brown people.
There seems to be a lot more caveat emptor in the Android app marketplace, and I really don't want to be bothered with it.
Then don't bother with it. You can continue using only Apple's store, no one will force you to use other stores, should they be allowed. But you obviously don't speak for all iDevice owners, at least some of whom would like more options.
Slashdot Mirror
They still have them here. And yes I agree, they're much easier to handle when going by car. I do prefer them when I forgot my shopping bags, especially since I recycle them with the other waste paper I have
I prefer the thin plastic bags for the exact reason that it's easier to carry more in fewer trips. They have loop handles and the way they're designed it ends up being very easy to thread my fingers through the loops of a dozen or more bags. The limit on the amount I can carry in one trip from the car to the pantry is dictated more by arm strength than anything else, because I can load up both hands to the point that I can't lift either of them above my waist. I'm not a weightlifter, but neither am I particularly weak.
Heftier bags with handles with enough slack in them would work as well this way, I think. Boxes would take more trips unless they were closed so I could stack them.
The Fermi Paradox is an utterly useless test. It takes variables you have no data on and then says to compute their probability.
You mean the Drake equation, not the Fermi Paradox, and you're wrong about its usefulness, as you'd know if you bothered to read the paper. The authors make a very convincing statistical argument that the Drake equation actually resolves the Fermi Paradox.
Statistical probability, to be of any use in the real world at all, must by definition be based off already measurable data.
True
That we have basically no measurement of any of this data
False. As the paper points out, we can estimate the distribution of many of the astrophysical numbers with relatively low uncertainty -- a few orders of magnitude. And while the others are much more difficult, when we don't know how to estimate a parameter, it is often feasible to bound the parameter and estimate the degree of uncertainty. In this case, the authors construct plausible estimates for the uncertainty of the really difficult parameters. The uncertainties are enormous precisely because we know so little. For example, they estimate that our best estimate of f_l ranges over 200 orders of magnitude. They note that this is a conservative estimate, that the actual uncertainty may be much larger, but that larger uncertainties merely strengthen their result.
The authors assume that the parameter values are uniformly distributed, calculate the resulting PDF of N and conclude that based on our best knowledge (which is very poor -- that's the whole point of the paper, to make sure the paucity of data is properly considered), there is a significant probability that we are alone in the galaxy, and in the observable universe. Their PDF also shows that there is a significant probability that we are not alone. In fact the probabilities of being alone and not being alone are close to equal.
Thus, the paper rigorously demonstrates that the Fermi Paradox is not paradoxical, precisely because we cannot estimate the parameters to Drake's equation. They show that because our knowledge is so poor, universes that are both empty and teeming with intelligent life fall well within the bounds of a careful, rational, and mathematical analysis based on our best knowledge.
In short, they rigorously demonstrated that your intuition about Drake's equation is correct, that our knowledge of the parameters is so weak that the resulting equation does not allow us to predict anything.
However, they also note that the amount of effort we've put into SETI provides us with actual data we can use to revise our estimates of the Drake Equation parameters, albeit only a little bit. They apply Bayes Theorem under a few different models to update their uncertainty estimates, and use the updated parameters to recalculate the probability that we're alone. This is a process that we can continue over time, updating the parameter PDFs based on observations (of various kind, not just SETI null results), gradually narrowing the uncertainty.
That a paper from Oxford uses it is, one would hope, a joke from a couple drunk frat students hoping to get an easily published paper out to boos their careers.
You should read the paper. It's actually quite carefully reasoned and interesting.
Define "gone". If your definition is "zero", then no app distribution channel of any size will ever reach it. Google Play has extremely low rates of PHA (potentially-harmful apps -- a somewhat broader category than "malware") now, and it's being driven down year by year.
I'd start by defining "gone" as the probability of encountering a PHA on Google Play Store being less than that on Apple's App Store during the same month.
Do you have evidence that it is not? Serious question. AFAIK, both stores regularly have PHA, but I'm not aware of any good anlayses of the relative frequency.
Malicious apps are launching them from the background
If you know of any such apps, please report them.
The article is dismissive of the direction this is heading, but in a world where 99% of the people using a mobile device simply have no ability to manage digital security, you just can't continue to allow people to install something from anywhere.
Of course you can. It's done by creating operating systems not full of swiss cheese escalation vulnerabilities
So, step one is to do what no one has ever managed to do in the history of widely-used consumer operating systems. You have an extraordinarily high opinion of Google's engineers. Thank you, but we're not that good. If you are, please send me your resume.
and giving users meaningful access controls that never devolve into take it or leave it demands of software.
That was done in Android 6.0, in 2015. Unfortunately, Android fragmentation means that it's not yet possible to force all apps to use it, because there are still too many older OS versions in active use. I think we should be able to do that in the next year or two, but that's only my guess, and it's not my area of expertise.
God forbid a user is able to feed fake location, address book and phone data
For address book data, I think the better solution is not to give apps access to the address book at all. Instead, give them a system API that allows them to request that the system throw up an address selection dialog, and then give them only the data the user chose. Unfortunately, that would be a huge change for the app ecosystem, so it would have to be done carefully, and even when done it would take time to roll out and convince app developers to adopt it. Also, users won't want to be restricted to only default address book management tools, so we'll still have to provide a permission that allows unlimited access, though hardly any of the apps that have address book access now would need it under this notional model.
As for fake data... I don't know. There's a lot of debate about that. I don't think anyone is philosophically opposed (and no one cares about the alleged financial considerations that you're so certain drive us), but no one really believes it will work, either. It'll just produce an arms race between fake data generators and fake data detectors. And it would also make spoofing of location-based games, etc., completely trivial, which negatively impacts the users of those games, as well as the developers. All in all, it seems like a lot of effort for little net gain, if any.
App developers would riot. Owning users is the business model of the everything must be FREE app store market.
Overstated, but not fundamentally wrong. It definitely is true that the Android team wants to serve developers as well as users, because a platform has to have both to exist. And device makers, too.
Damn straight!! The peasant class doesn't deserve no stinking freedom. They can't handle it. All Hail King Alphabet ruler of all teh Intertubes.
This is isn't the Android team's approach or perspective at all. There's a reason that Nexus and PIxel devices have always had unlockable bootloaders. It's because Google believes that technical users should have control of their devices. With Project Treble new devices are now in a state where you can flash a custom AOSP build onto any device you can unlock, without needing to worry about vendor binaries... it's taken a huge amount of work to get to that point, and while most of the reason for doing it is to fix the upgradability problem (and resulting fragmentation problem), making life easy for modders and makers of custom ROMs is part of it, too.
I host a regular conference call for talking to key players in the modding and rooting community, which the specific goal of helping my team to understand how we should best design to make their lives easier. I love to see technical users doing interesting thi
As the article says, there are plenty of alternatives waiting in the wings. Github got big because of network effects; everyone used it because everyone else used it. But the effect is weak in this case. If a competing service can offer some moderately-significant advantage, projects will move. If Microsoft makes Github harder for non-Windows projects to use, or even just stops improving it, another service will become the default home for open source projects.
I think Microsoft understands this.
Now that they've identified that the elimination of that particular gene will produce immunity, they need to develop a quick way to test for it. Then test all the pigs they can find who aren't obviously infected. What are the odds of some pigs already having this trait? If they can find it as a mutation, then they can bypass all the GMO restrictions.
Which, of course, just highlights how utterly ridiculous the GMO restrictions are.
Really, which is better, a targeted, narrowly-focused engineered "mutation" or one that arose from pure random chance, along with who knows how many other utterly random changes? It's like the choice between having your appendectomy performed using a scalpel or a shotgun -- and believing that the shotgun approach is safer/better!
What it boils down to is that the vast majority of humanity does not understand evolution. As a "natural" process, they believe that there is some evolution fairy that ensures that mutations are beneficial and somehow "well-designed". But this is completely wrong. Evolution works by throwing mud at the wall and seeing what sticks. It can and does happen that a species evolves to extinction, because selection pressures cause domination by genes which are more successful in the short term at replicating themselves but are ultimately destructive to the species.
The only true advantage to non-GMO foods is that mutation is rare enough and slow enough that we can reasonably assume that non-GMO species have a track record of seeming reasonably safe. But we should keep in mind that all of our common food species have been heavily optimized via interbreeding, often with the addition of mutagenic chemicals or radiation to accelerate the rate of change in the breeding process. None of our major food species are the same today as they were a couple of centuries ago, and most of them are fairly different than they were even 50 years ago. So this one, thin, advantage of non-GMO species is also quite shallow.
As to the question of this particular change, unless it's an extremely simple one your notional screening test would find zero animals in the best case, because complex mutations take a very, very long time to develop into a fully effective form. In practice, we already know even without doing the test that there are no pigs that acquired this mutation randomly. How? Think about it. If some pig had a heritable resistance to the disease, pig farmers would have noticed that a particular line of pigs never got sick... and they'd have immediately bred for that trait, since it's so valuable.
The court decision will have no immediate effect, but it will eventually lead to a completely untenable situation for all but the largest of businesses.
More likely, it would just create a new class of service provider that handles the calculation of the correct sales taxes based on location of seller, location of buyer, category of product, phase of the moon, etc. and of paying the right entity with the right documentation. Companies that already have departments to do this will probably spin up a new service business.
And RF range detecting the fob IN the car? That's dubious.
Not at all. It's quite common. My Nissan does it. If you have a fob in the car and a fob in your hand, you can lock the doors. If you have no fob in either place, you can lock the doors (there are lock/unlock buttons on the door handles). If you have a fob in the car and none in your hand, you can't lock the doors.
My Tesla seems to be able to tell which key fob is in the driver's seat, and can also distinguish between fobs inside or outside the car. It also unlocks when the fob nears the car, and locks when the fob leaves the vicinity, which is the optimal behavior from a convenience perspective; you just leave the fob in your pocket and get in and out at your convenience. Now I want the same without having to carry the fob, since I always have my phone.
"A complete non-problem. Cryptography. Relay attacks are an issue, though."
Contradictory in itself.
You mentioned sniffing, which is a completely different thing than relay attacks. Sniffing is easily solved. Relay is harder, but it's solvable.
I think the best candidate is WiFI UWB, which has built-in secure, precise time-based ranging. The ranging process produces a shared session key with bits provided by both radios. So if you have an eSE connected directly to the WiFi radio it can kick off the process and get the measurement and session key back, and the car can get the session key from its radio. Both sides can then use the session key along with a previously-shared secret (the actual "unlock and drive key") to derive a session-unique shared secret that is bound to the ranging protocol.
The upshot of this is that a simple relay attack must become a MITM attack... and that is impossible, because although the attacker can complete the ranging protocol at each end (between phone and attacker transceiver 1 and between car and attacker transceiver 2) and will know the session keys produced by both processes, but because phone and car will be using different session keys to derive the session unlock key, they'll get different results and relaying the phones message to the car will do no good.
Plus, cryptography has a very limited lifespan
Ciphers and protocols easily last multiple decades... and this is all software, so it can be upgraded when needed.
I'm not sure there's a single cryptographically secure car entry system out there.
That's not true, but even if it were it it in no way implies that it can't be done.
Phone viruses. Er... are you suggesting it somehow magically works without integration with the phone?
No magic involved. The phone's CPU will be at most involved in shuffling encrypted bits between secure element and radio. Even that much involvement isn't actually necessary, and there are several good arguments for minimizing the application processor's (that's the main CPU) participation, mostly for corner cases like when the phone battery is very low (they're never actually dead). If you only have to power the eSE and a relatively low-power radio you can operate at much lower battery levels.
Pay-by-bonk technology is in phones and is rarely isolated from core NFC functionality.
Yes and no. I worked on the first incarnation of Google Wallet, as well as on some pre-smartphone payment stuff. In Google Wallet 1.0, the AP had almost nothing to do with the transaction; the eSE was connected directly to the NFC controller and did everything. Because carriers fought Google over use of the eSE (and OEMs didn't want to have to install one), Google finally moved to HCE which does, as you say, do the transaction on the AP. The latest incarnation is moving towards using the TEE or eSE for key storage and crypto operations, where available.
The work on phone-based car keys is starting where Google Wallet did, using the eS
A good manual filter would be to ignore any post that contains "Trump" in the subject. That filter will have lots of false negatives, but very few false positives.
Not least "your battery runs flat, but you need to open it to jump-start it" (so either all the doors open, or you can't get into it at all)
This is a problem with lots of new cars, not really related to this digital key question.
Most if not all the smart key solutions I've seen have a mechanical key hidden in the fob, so you can always at least open the car.
Definitely not all. I've had a couple of rental cars recently which didn't (Toyota or Nissan, I believe -- I don't pay much attention to my rentals) and my Tesla's key fob doesn't. The Tesla doesn't even have a keyhole; I didn't bother looking at the rental car doors, so I can't say about those.
With the Tesla, if your key fob battery is dead, you can still unlock the car by placing it in a particular spot at the base of the windshield, and you an still drive it by placing the key at a particular spot inside. Of course, with a Tesla the car battery will basically never be dead. Even after it won't drive any more the dregs of the giant battery are more than enough to power stuff like door locks for a very long time... and if the battery ever does go completely dead, you've got far bigger problems because that's very bad for that very expensive battery.
A president is president of the entire country. This behaviour, that of trying to stoke hatred and rage is not the sign of a leader, unless your talking the leader of some rabid cult.
Coming from a likely Democrat that is just so rich. Stoking racial divide and general victimhood is the hallmark of the Democratic party and Obama & Clinton are masters of the art.
Nah, they're amateurs, Trump took them to school. Of course, maybe that supports your argument, since he was a Democrat for nearly all of his life, until it became clear that the Republican party was easier to hack.
So... we live out in a rural area where there is no cell service. Does this work without access to the net?
Yes.
What if the net goes down as has happened? Everyone's locked out of their cars?
It doesn't require -- or even use -- Internet.
Not least "your battery runs flat, but you need to open it to jump-start it" (so either all the doors open, or you can't get into it at all)
This is a problem with lots of new cars, not really related to this digital key question.
"I locked my phone in the car"
As with RF key fobs, the car should refuse to lock unless the phone is outside the car.
"Someone sniffed the NFC transaction from across the street- NFC is short-range-powered, but long-range-ordinary-radio-signal"
A complete non-problem. Cryptography. Relay attacks are an issue, though.
"Every garage has a way to open that car if the system should fail and you can buy the kit to open any car for $20k"
That's already true.
"My phone got a virus and now anyone can open my car"
Your phone having a virus can't affect it in any way, since it's not the phone's main processor or OS that do the unlocking, it's a separate secure element.
"Previous owners of the car can just walk up to it with their phone to unlock it"
No, this is a huge advantage of digital keys. It will be trivial to invalidate previous keys. That can't be done with physical keys without physically changing the locks (have you ever changed the locks on your car?), and can't be easily done with current RF key fobs.
The smartphone isn't the weak link here - it's car manufacturer's "existing trusted system." I suspect it'll be much easier for a bad actor to trick the manufacturer into sending a key to their smartphone than it would be for them to walk into a dealership and convince them to make a copy of a key that isn't already in their possession.
Tesla's process requires you to send a copy of your registration and ID to get your vehicle associated with your Tesla account, which allows your phone to unlock and even drive the car without a key. The documentation is sent via email (assuming you're not buying from Tesla directly, in which case it would be easier), but I'm told they also validate the information against the public data from the state (at least in the US), so it seems reasonably good. The same paperwork would get a dealership to make a key for you, and last time I did this (about five years ago) they didn't check the state database. I'd guess they still don't.
Given your VIN, I'll bet I could create a fake registration and take it to a dealership and get a key for your car. And your VIN is easily visible from the outside of your car.
Hmm. I'm curious enough about this that I think I may try it... my son has lost one of the keys to his car, maybe I'll fake a registration in my name and see if a dealership will make me a key. I need to look into the law and make sure that they don't make creating a fake document a crime, though. It probably is a crime, actually, and if so I won't do it. I mean, I can get my son to write and sign a letter giving me permission to get a key made for his car just in case it turns out they do check the validity of the documentation and discover my attempt at pseudo fraud, but that won't help if merely making the fake document is a crime.
Actual thieves, of course, would probably just bribe someone who works in a dealership.
Except having a physical key requires actually having the key in your posession.
Not the case with lots of new cars. Increasingly, they're all moving to RF keys, as AmiMoJo said. This is super convenient, since it means that you just have to have the key in your pocket and to be able to open the door and drive. But it also opens the keys up to relay attacks, where the key may be miles away from the car but a pair of transceivers relays the signal.
FWIW, I'm working on digital car keys for Android as well. I own most of "hardware-backed security" for Android at Google, which means most anything that relies on Trusted Execution Environments (e.g. ARM TrustZone) or embedded security chips. I won't say much about it here because I'm not sure how much I can share publicly, yet, but I will say that there's an intensive focus on security, including protection against relay attacks.
"Actually, I do RTFA" is not suggesting cutting the military. He's saying that we can fund 1/3 of a national UBI without cutting the military, and without raising our very low (by rich country standards) taxes.
To fund the other 2/3 we'd need to raise taxes. However a lot of that additional taxation would be a wash for the taxpayers, since middle-income taxpayers would see their taxes increase by about the same amount as their UBI check. The upper middle class and the upper class would likely see a heavier tax burden, but they (we, I should say, since I'm in the upper middle class) can afford it.
So, since option 1 doesn't have the results you like, you tear children from their parents and consider that an improvement?
It. Is. Not. You don't fix a problem by going full-on Third Reich.
You replied to my other post where I described the right ways to fix it. Please re-read that one.
The law is immoral and wrong
Then change the law. This is a republic of laws, after all.
In general, I agree. Leaving bad law on the books for selective enforcement gives way too much power to those who make the selective enforcement decitions. But there are times when civil disobedience -- even on the part of the executive branch of the government -- is the only moral thing to do.
Do not conflate immoral and illegal.
I'm not conflating them at all.
And if the detainee claims asylum that kicks in an entirely new process with a series of interviews and investigations to validate the claim. That takes time, and while it is going on the children will be separated.
Non sequitur. There is no legal requirement to separate families while asylum claims are investigated.
They both have broken the Law.
The law is immoral and wrong -- and most of the people in question are seeking asylum which means they haven't actually broken it. Previous administrations (plural -- this is not just about Obama) recognized this and were careful to err on the side of believing asylum seekers until they had their claims evaluated, rather than assuming they were lying and processing them as criminals.
The Obama Catch and release program is a failure with over 80% of those caught and released failing to show up for their court dates.
There are many, many other options, including detaining families together, as previous administrations going back to at least Reagan did, or using ankle bracelets or other methods of monitoring. And, no, ICE is not required to separate them, because ICE is not required to treat them as criminals. That decision is totally on Trump and Sessions, no matter how much they claim otherwise.
Also, your argument ignores the fact that the United States in large part actually created the violent and dangerous Central American conditions that are pushing most of these people to seek refuge here. That doesn't mean we owe them all a place, but it does mean that we should acknowledge our debt at least by giving their claims a fair hearing, and not treating them like criminals, or worse.
If you really want to stop illegal immigration, it's actually very easy, and doesn't require any of these human rights abuses. In just two steps, we could fix it:
1. Enact heavy penalties for any American caught employing illegal immigrants, including criminal penalties for those who do it knowingly and repeatedly. This would choke off the economic incentive for illegal immigration. If you want to make it really effective, establish a policy of offering permanent residency to any illegal immigrant who rats out their employer.
2. Stop the war on drugs. Drug abuse should be handled primarily as a medical issue. Divert all DEA funding (and funding given to state and local police for the drug war) to the establishment of treatment centers and supporting infrastructure. Decriminalization should also be considered, but its not as important as simply stepping back from the utterly ineffective and counter-productive enforcement we've been attempting.
It would take a few years, and things in Central and South America would briefly get worse, but ending the war on drugs would destroy the violent gangs which are making parts of those regions hellish by removing their lifeblood: our drug money.
But for some reason there's a big part of this nation that refuses to see that the solution to this set of problems is to fix our own internal brokenness, rather beating down brown people.
Still have an internet connection to the cable company?
Well, my Internet connection is through a microwave relay. There's a cord from the microwave antenna to my router, I suppose.
AC wins every time.
In his own mind, at least.
Completely fake. The topics were prearranged, and yes they were "assigned on the spot" but there was a predetermined list.
Cite? Do you know this or are you just guessing?
There seems to be a lot more caveat emptor in the Android app marketplace, and I really don't want to be bothered with it.
Then don't bother with it. You can continue using only Apple's store, no one will force you to use other stores, should they be allowed. But you obviously don't speak for all iDevice owners, at least some of whom would like more options.