Why would a largely ad-sponsored site want to help people seeking to block ads?
Because ads are annoying, and Slashdot should prefer sites that don't have annoying ones (IMO) and don't do obnoxious thing like try to block blockers that block annoying ads.
If Slashdot itself is profiting from ads from many people who often view without an Adblocker.... that's fine, so long as they aren't "annoying ones" such as pop-up style ones or floating ads that interrupt people
I would suggest Slashdot finding additional sources of revenue such as "Sponsored stories" that won't be taken out by adblockers.
My suggestion is that when a user submits a story with a link.... editors before finally deciding to post should first spend 5 minutes to click the link and see if the content is acceptable..... next do a quick search, and see if they can find a "higher quality" source for the same information.
For example: A source that provides more information. A source that posted the story earlier. A source that has high-academic repudity.... e.g. such as a major science journal's website on a breakthrough discovery over Bob's blog; if the subject is an academic one, that is. A source that does not contain a referral link profiting the submitter.
A source that is not paywalled when checking the link out.
If the government stops doing their job of providing a reliable currency for physical exchange,
then go back to trading gold nuggets and non-monetary coins containing actual specie....
A simple increase in lifespan won't cause more reproduction, unless it also makes people fertile for a longer number of years, and likely to reproduce more times.
Then there is the issue that evolution is like a simple hill climbing algorithm.
So evolution can get trapped at a local maxima and does not necessarily see that an increase in lifespan makes you more fit in the long run.
enough for your insurance adjuster to buy you a new house when your hoverboard burns it down.
Whether a house is burnt down by a UL-listed skateboard or a non-UL-listed skateboard has no bearing on insurance
coverage.... they have to pay for the new house (minus deductible), either way.
CE is basically an honor system. It is organized so that you can just claim you meet the standard.
By the way, if you go on eBay to buy stuff from China; it is likewise possible to but cheap-o knock-offs with a fake UL logo on them, or you might even get a cheap knockoff buying some product from a respected merchant whose supply lines were compromised, so someone upstream substituted counterfeit goods.
I think CE and UL badged products are likewise alright, provided you purchase from a reputed source with a secure supply chain.
UL should probably prohibit manufacturers from using the UL logo on the packaging or sales material for a consumer product, except internal packaging on the listed components, unless all components and the entire product are listed.
it's someone from UL trying to instill fear and drum up business for their private, for profit company.
Let's create a revised version then that isn't designed to drum up business:
Hoverboards (ESSENTIALLY All of them) are Unsafe. Don't buy one. If you have one, then return it if possible, but whatever you do: do not use it.
If you find one with a certification from a NRTL, then it may be less unsafe, but it is the exception to the rule that you will find this, so the prospective buyer is advised to research and consider very carefully, before proceeding with a purchase.
Ok, but then I just try it 10,000 times, on a machine that is faster than the little tiny crypto processor on there.
Seems like you're just trying to move the goalposts around by saying "What if you had an infinite amount of computing power?
To answer that, I will say that you can secure it through combination of two ways:
(1) Offload parts of the PBKDF2 algorithm, when it is legitimately being unlocked --- so the phone will calculate PBKDF2_HASH#1, and Apple's 5-billion node compute cloud will calculate PBKDF2_HASH#2, which will both be scaled to higher difficulty for shorter passcodes, AND
(2) Also have the computation for Hash#1 be NON-PORTABLE
The computation of PBKDF2 can be restricted to specific hardware: the input to the PBKDF2 hash will include the passphrase concatenated with an internal 5-Kbyte secret; a secret encoded on write-only memory which can be accessed only by the program on that chip which takes a SHA256 of the password as input, and uses PBKDF2 to generate the final hash used for decryption.
The PBKDF2 hash is just one of the inputs that will be used to generate the decryption key.
The piece of silicon that will yield the final key is tamper-resistant by POT'ing the electrical parts (so physically opening it up will permanently destroy it) and does not accept a PBKDF2 hash as input.
So you are forced to use that one and only phone's hardware to calculate the hash.
Also, that chip is designed with hardwire logic that after a certain number of operations, the performance of the crypto chip will intentionally scale down..... so supposing there has been no hash computation in the past 24 hours, the performance will be maximal, but after every calculated hash, the performance rate will decrease and an internal memory of that decrease, until the chip has been allowed to cool down for at least 24 hours to reset the state.
Thus, it is cryptographically securable to some degree.
Trying 3000 passcodes following a firmware update would take 750 days at a constant rate of 1 hash per 6 hours.
But if the physical characteristics halves the hashrate, allow for a further 4x decrease in the average rate, then you're talking about 3000 days, or 8 years, to attempt 30% of the possible 4-digit numerical passcodes, Or 0.02% of possible 4-character alphanumeric passwords.
The court that issued the order doesn't think it's unlawful.
The order is unconstitutional, for the same reason they cannot order Linus Torvalds
or other experts in the industry with unique talent to appear in court and provide a
special version of the open source LUKS which allows unlimited password attempts to explain
Android encryption, Because Apple is not a party to the case, and the order is not
to produce some form of evidence in their possession.
If they want to modify it to an order that might be lawful, then they should order Apple to deliver
the complete iOS source code, so they can engineer the modification themselves,
then order Apple to produce all the cryptographic signing keys in their possession.
As does ice cream" where the second sentence has no meaning independent of the first.
Still a valid sentence. It's not grammatically invalid to have sentences which are dependent on the context in which they appear. (Requiring another sentence before or after, to understand the meaning)
it is sometimes illegal to use do-it-yourself kits
No... it is NOT unlawful to use them. However, the results of using the kits, might not be as intended, due to the differences in the law, and the ways some jurisdictions will interpret the templated materials.
It is possible, for example, that your template Will might not work as it is supposed to, or might not meet requirements for enforceability on certain intended parts of the document in a jurisdiction the document was not designed for.
It only cares what your value is. It is the ONLY true colorblind system in the world.
Let's be clear: it only cares what your economic value is, which is your ability and willingness to produce goods or services for trade which are in demand.
Capitalism says nothing about your value as a person or as a living being..
For example: female gender-specific services in the sex business are in extremely high demand, but if I go prostitute myself; while I may generate a lot of cash and economic value for myself, society, culture, and religion, will tell me that I am absolute dirt if I do so,.
So a person generating economic value, or becoming more valuable economically can actually Lower your worth as a human being in your own eyes (or in the eyes of other people)
Thus.... while capitalism might be color blind, it does not derive the one true measure of value.
They didn't ASK for it, however, they had an unlawful order issued for it.
Apple could have helped them, perhaps, if they asked for it,
but Apple has a civic duty to fight the unlawful order, lest it become a precedent for further abuses.
There's no cryptographic way to secure a 4 digit passcode, or a 6 digit passcode. It's physically impossible.
You could use a key derived from a PBKDF2 hash with such a high number of rounds that it requires 6 hours to unlock the device, after you typed in the correct passcode.
You'll cache a "shortcut" in a special memory circuit that will reduce the time to 10 seconds to unlock, But during a firmware update that changes certain bits, the shortcut will be purged from RAM, after the update, but before the updated firmware starts executing.
security against your neighbor modifying the firmware in their wireless device in such a way that it negatively affects the performance of your wireless device
No.... that's just a possible explanation for a reasoning behind the rule, BUT it does a lot more collateral damage, AND it does not actually provide that security.
Your neighbor can still do the simplest possible thing imaginable, which is to attach an amplifier to their wireless device, and boost the signal power over the FCC PEP limits for unlicensed WiFi.
Your neighbor can also run their microwave or cell phone which legitimately uses the frequency and can trash your WiFi performance.
Besides, the FCC said this wasn't their intent. We thought they were lying
It doesn't matter if they were lying, now we have proof to take to the FCC, and write more complaints about the "clarified" rule.
This isn't the end.... we need to be on the watch for this kind of stuff, and bring it to the FCC as more examples and more proof that they are hurting people.
unless Apple invests more time and energy in creating new undue burden.
They should put a second lockout counter on a hardware chip, in addition to the OS attempts counter, Or put a "Virtual chip" implemented in the system, that is excluded from the normal firmware update process, and the virtual chip will self-destruct if its own code is changed (Due to a side-effect of losing something when Firmware changes, not a self-destruct process in the code itself); requirement to update the "Virtual Chip" image using a specialized Update process requiring the phone to be unlocked first.
The Chip whether Hardware or Virtual should contain some vital piece of information required to unlock the phone, which will be zapped and re-generated in case of too many attempts.
Also, the Chip never reveals the information it stores..... an obfuscated hash of the passcode requested has to be presented to the Chip every login attempt, and if it approves, then the Chip performs a crypto operation that generates one share of the crypto keys required to unlock everything.
Oh right.... to prevent a software Virtual Chip's firmware from being changed:
the module itself gets saved as a separate program on the phone.
It contains a digitally signed program portion, the execution stub, and a self-modifying portion,
which works like the Bytecode execution engine in the DVD or BlueRay DRM standards..... executes inside a sandbox and is initially all 000s in the firmware, But gets replaced when a passcode is set.
Receives the PIN number, modifies it to produce a challenge response (The challenge response will be incorrect iff the PIN number is incorrect), and updates
persistent memory registers occurs within the self-modifying portion.
The self-modifying program contains unpredictable elements, and is randomly generated bytecode that is created when the user first sets their passcode, so the program is dependent on the user, and its exact content is dependent on the PIN number. Also, this section is encrypted, gets decrypted only by the execution stub, and the encryption is specific to the device and e-mail address.
But for sure: A number of persistent registers are presented to the program
Some of the persistent registers are used to save values required to properly answer challenges and calculate the current secret value.
Some of the persistent registers are used to save 'canary' values to detect tampering
Some of the persistent registers are related to the number of failed PIN attempts since last success.
Some of the persistent registers will store hashes of the other persistent registers
Some of the persistent registers will store hashes of the self-generated code segment
Some of the persistent registers will contain random data
Some of the persistent registers will be based on the current timestamp, timestamp of last success, fail, etc.
Some of the code blocks inside the bytecode will detect for signs of tampering on any counter, or any section of the self-generated code area.
Distribute as an encrypted blob which loads a standard firmware, and then after loading, the device downloads another encrypted digitally signed blob from Apple's HTTPS URL, and it applies the second update in RAM only.
Apple's servers will only deliver the second blob to the correct Device ID, and only for the few months while the investigation is in progress.
They want to compel Apple to make a special digitally-signed version of iOS that has the "Wipe device after 10 incorrect PIN numbers" feature disabled and provide this to the authorities, to help them with their investigation of this case (But, of course, nothing blocks them from holding onto the code and making more use of it in other cases, or using it for other purposes that would not be worthy of the order).
If they manage to get Netflix to clamp down on out-of-region customers then those people will become former customers
The content creators want Netflix to PAY MORE to license the content in these extra countries.
Regional restrictions are about generating more $$$ by allowing the content to be priced higher in other areas according to their local market conditions and to force companies that need worldwide usage to jump through many hoops and pay a heck of a lot more.
Nobody can spoof FTL... It is impossible to move faster than light... everyone knows this
VPN environments will get replaced with VPC environments (Virtual-Private Compute)
They'll just move more and more elements of the protocol stack out to the external provider, until the spoofing can no longer be detected.
The next step above VPN is using an Application-Layer Proxy or Tunnel instead, such as Wingate or a HTTP proxy.
A step above that would be to run the web browser/software from the service provider's datacenter, and just
redirect the Keyboard/Screen output to the remote user.
Slashdot Mirror
Why would a largely ad-sponsored site want to help people seeking to block ads?
Because ads are annoying, and Slashdot should prefer sites that don't have annoying ones (IMO) and don't do obnoxious thing like try to block blockers that block annoying ads.
If Slashdot itself is profiting from ads from many people who often view without an Adblocker.... that's fine, so long as they aren't "annoying ones" such as pop-up style ones or floating ads that interrupt people
I would suggest Slashdot finding additional sources of revenue such as "Sponsored stories" that won't be taken out by adblockers.
My suggestion is that when a user submits a story with a link.... editors before finally deciding to post should first spend 5 minutes to click the link and see if the content is acceptable..... next do a quick search, and see if they can find a "higher quality" source for the same information.
For example: A source that provides more information. A source that posted the story earlier. A source that has high-academic repudity.... e.g. such as a major science journal's website on a breakthrough discovery over Bob's blog; if the subject is an academic one, that is. A source that does not contain a referral link profiting the submitter.
A source that is not paywalled when checking the link out.
If the government stops doing their job of providing a reliable currency for physical exchange, then go back to trading gold nuggets and non-monetary coins containing actual specie....
A simple increase in lifespan won't cause more reproduction, unless it also makes people fertile for a longer number of years, and likely to reproduce more times.
Then there is the issue that evolution is like a simple hill climbing algorithm.
So evolution can get trapped at a local maxima and does not necessarily see that an increase in lifespan makes you more fit in the long run.
enough for your insurance adjuster to buy you a new house when your hoverboard burns it down.
Whether a house is burnt down by a UL-listed skateboard or a non-UL-listed skateboard has no bearing on insurance coverage.... they have to pay for the new house (minus deductible), either way.
CE is basically an honor system. It is organized so that you can just claim you meet the standard.
By the way, if you go on eBay to buy stuff from China; it is likewise possible to but cheap-o knock-offs with a fake UL logo on them, or you might even get a cheap knockoff buying some product from a respected merchant whose supply lines were compromised, so someone upstream substituted counterfeit goods.
I think CE and UL badged products are likewise alright, provided you purchase from a reputed source with a secure supply chain.
The battery itself can also be "certified".
UL should probably prohibit manufacturers from using the UL logo on the packaging or sales material for a consumer product, except internal packaging on the listed components, unless all components and the entire product are listed.
it's someone from UL trying to instill fear and drum up business for their private, for profit company.
Let's create a revised version then that isn't designed to drum up business:
Hoverboards (ESSENTIALLY All of them) are Unsafe. Don't buy one. If you have one, then return it if possible, but whatever you do: do not use it.
If you find one with a certification from a NRTL, then it may be less unsafe, but it is the exception to the rule that you will find this, so the prospective buyer is advised to research and consider very carefully, before proceeding with a purchase.
Ok, but then I just try it 10,000 times, on a machine that is faster than the little tiny crypto processor on there.
Seems like you're just trying to move the goalposts around by saying "What if you had an infinite amount of computing power?
To answer that, I will say that you can secure it through combination of two ways: (1) Offload parts of the PBKDF2 algorithm, when it is legitimately being unlocked --- so the phone will calculate PBKDF2_HASH#1, and Apple's 5-billion node compute cloud will calculate PBKDF2_HASH#2, which will both be scaled to higher difficulty for shorter passcodes, AND
(2) Also have the computation for Hash#1 be NON-PORTABLE
The computation of PBKDF2 can be restricted to specific hardware: the input to the PBKDF2 hash will include the passphrase concatenated with an internal 5-Kbyte secret; a secret encoded on write-only memory which can be accessed only by the program on that chip which takes a SHA256 of the password as input, and uses PBKDF2 to generate the final hash used for decryption.
The PBKDF2 hash is just one of the inputs that will be used to generate the decryption key.
The piece of silicon that will yield the final key is tamper-resistant by POT'ing the electrical parts (so physically opening it up will permanently destroy it) and does not accept a PBKDF2 hash as input.
So you are forced to use that one and only phone's hardware to calculate the hash.
Also, that chip is designed with hardwire logic that after a certain number of operations, the performance of the crypto chip will intentionally scale down..... so supposing there has been no hash computation in the past 24 hours, the performance will be maximal, but after every calculated hash, the performance rate will decrease and an internal memory of that decrease, until the chip has been allowed to cool down for at least 24 hours to reset the state.
Thus, it is cryptographically securable to some degree.
Trying 3000 passcodes following a firmware update would take 750 days at a constant rate of 1 hash per 6 hours.
But if the physical characteristics halves the hashrate, allow for a further 4x decrease in the average rate, then you're talking about 3000 days, or 8 years, to attempt 30% of the possible 4-digit numerical passcodes, Or 0.02% of possible 4-character alphanumeric passwords.
The court that issued the order doesn't think it's unlawful.
The order is unconstitutional, for the same reason they cannot order Linus Torvalds or other experts in the industry with unique talent to appear in court and provide a special version of the open source LUKS which allows unlimited password attempts to explain Android encryption, Because Apple is not a party to the case, and the order is not to produce some form of evidence in their possession.
If they want to modify it to an order that might be lawful, then they should order Apple to deliver the complete iOS source code, so they can engineer the modification themselves, then order Apple to produce all the cryptographic signing keys in their possession.
As does ice cream" where the second sentence has no meaning independent of the first.
Still a valid sentence. It's not grammatically invalid to have sentences which are dependent on the context in which they appear. (Requiring another sentence before or after, to understand the meaning)
it is sometimes illegal to use do-it-yourself kits
No... it is NOT unlawful to use them. However, the results of using the kits, might not be as intended, due to the differences in the law, and the ways some jurisdictions will interpret the templated materials.
It is possible, for example, that your template Will might not work as it is supposed to, or might not meet requirements for enforceability on certain intended parts of the document in a jurisdiction the document was not designed for.
Try As [it] would also be with a world having a little attention to proper grammar.
It only cares what your value is. It is the ONLY true colorblind system in the world.
Let's be clear: it only cares what your economic value is, which is your ability and willingness to produce goods or services for trade which are in demand.
Capitalism says nothing about your value as a person or as a living being..
For example: female gender-specific services in the sex business are in extremely high demand, but if I go prostitute myself; while I may generate a lot of cash and economic value for myself, society, culture, and religion, will tell me that I am absolute dirt if I do so, .
So a person generating economic value, or becoming more valuable economically can actually Lower your worth as a human being in your own eyes (or in the eyes of other people)
Thus.... while capitalism might be color blind, it does not derive the one true measure of value.
That's all they are asking for.
They didn't ASK for it, however, they had an unlawful order issued for it.
Apple could have helped them, perhaps, if they asked for it, but Apple has a civic duty to fight the unlawful order, lest it become a precedent for further abuses.
There's no cryptographic way to secure a 4 digit passcode, or a 6 digit passcode. It's physically impossible.
You could use a key derived from a PBKDF2 hash with such a high number of rounds that it requires 6 hours to unlock the device, after you typed in the correct passcode.
You'll cache a "shortcut" in a special memory circuit that will reduce the time to 10 seconds to unlock, But during a firmware update that changes certain bits, the shortcut will be purged from RAM, after the update, but before the updated firmware starts executing.
security against your neighbor modifying the firmware in their wireless device in such a way that it negatively affects the performance of your wireless device
No.... that's just a possible explanation for a reasoning behind the rule, BUT it does a lot more collateral damage, AND it does not actually provide that security.
Your neighbor can still do the simplest possible thing imaginable, which is to attach an amplifier to their wireless device, and boost the signal power over the FCC PEP limits for unlicensed WiFi.
Your neighbor can also run their microwave or cell phone which legitimately uses the frequency and can trash your WiFi performance.
Besides, the FCC said this wasn't their intent. We thought they were lying
It doesn't matter if they were lying, now we have proof to take to the FCC, and write more complaints about the "clarified" rule.
This isn't the end.... we need to be on the watch for this kind of stuff, and bring it to the FCC as more examples and more proof that they are hurting people.
unless Apple invests more time and energy in creating new undue burden.
They should put a second lockout counter on a hardware chip, in addition to the OS attempts counter, Or put a "Virtual chip" implemented in the system, that is excluded from the normal firmware update process, and the virtual chip will self-destruct if its own code is changed (Due to a side-effect of losing something when Firmware changes, not a self-destruct process in the code itself); requirement to update the "Virtual Chip" image using a specialized Update process requiring the phone to be unlocked first.
The Chip whether Hardware or Virtual should contain some vital piece of information required to unlock the phone, which will be zapped and re-generated in case of too many attempts.
Also, the Chip never reveals the information it stores..... an obfuscated hash of the passcode requested has to be presented to the Chip every login attempt, and if it approves, then the Chip performs a crypto operation that generates one share of the crypto keys required to unlock everything.
Oh right.... to prevent a software Virtual Chip's firmware from being changed: the module itself gets saved as a separate program on the phone. It contains a digitally signed program portion, the execution stub, and a self-modifying portion, which works like the Bytecode execution engine in the DVD or BlueRay DRM standards..... executes inside a sandbox and is initially all 000s in the firmware, But gets replaced when a passcode is set.
Receives the PIN number, modifies it to produce a challenge response (The challenge response will be incorrect iff the PIN number is incorrect), and updates persistent memory registers occurs within the self-modifying portion.
The self-modifying program contains unpredictable elements, and is randomly generated bytecode that is created when the user first sets their passcode, so the program is dependent on the user, and its exact content is dependent on the PIN number. Also, this section is encrypted, gets decrypted only by the execution stub, and the encryption is specific to the device and e-mail address.
But for sure:
A number of persistent registers are presented to the program
Some of the persistent registers are used to save values required to properly answer challenges and calculate the current secret value.
Some of the persistent registers are used to save 'canary' values to detect tampering
Some of the persistent registers are related to the number of failed PIN attempts since last success.
Some of the persistent registers will store hashes of the other persistent registers
Some of the persistent registers will store hashes of the self-generated code segment
Some of the persistent registers will contain random data
Some of the persistent registers will be based on the current timestamp, timestamp of last success, fail, etc.
Some of the code blocks inside the bytecode will detect for signs of tampering on any counter, or any section of the self-generated code area.
Given the FBI would have that firmware
Distribute as an encrypted blob which loads a standard firmware, and then after loading, the device downloads another encrypted digitally signed blob from Apple's HTTPS URL, and it applies the second update in RAM only.
Apple's servers will only deliver the second blob to the correct Device ID, and only for the few months while the investigation is in progress.
is that it's going to cost them so much money.
Apple would be entitled to cost reimbursment for subpoena compliance.
Not if Apple hard-codes the firmware to boot on only a single device with a single set of hardware IDs.
They can reverse engineer the patch and remove the restriction.
thanks to the hardware requiring firmware by Apple's key, nobody but Apple has the ability to make such firmware work on other devices.
That's not a problem. The next writ will order Apple to digitally sign their blob of choice.
They want to compel Apple to make a special digitally-signed version of iOS that has the "Wipe device after 10 incorrect PIN numbers" feature disabled and provide this to the authorities, to help them with their investigation of this case (But, of course, nothing blocks them from holding onto the code and making more use of it in other cases, or using it for other purposes that would not be worthy of the order).
If they manage to get Netflix to clamp down on out-of-region customers then those people will become former customers
The content creators want Netflix to PAY MORE to license the content in these extra countries.
Regional restrictions are about generating more $$$ by allowing the content to be priced higher in other areas according to their local market conditions and to force companies that need worldwide usage to jump through many hoops and pay a heck of a lot more.
Nobody can spoof FTL... It is impossible to move faster than light... everyone knows this
VPN environments will get replaced with VPC environments (Virtual-Private Compute)
They'll just move more and more elements of the protocol stack out to the external provider, until the spoofing can no longer be detected.
The next step above VPN is using an Application-Layer Proxy or Tunnel instead, such as Wingate or a HTTP proxy.
A step above that would be to run the web browser/software from the service provider's datacenter, and just redirect the Keyboard/Screen output to the remote user.