I think you want to reply to the parent, as I have not suggested the time-based unlock is feasible in a secure smart phone. However, the issue of resetting the clock can be mitigated by requiring the phone to be unlocked to access those settings. Alternatively the "mechanism to unlock after 1 year" could require a digitally signed request that is also countersigned by multiple secure timestamping authorities possessiong X509 security certificates from trusted Root CAs holding the timestamping role trusted by the smartphone that agree that the 1yr unlocking request has been submitted to them at exactly Y time.
There are good reasons for Apple's practices of purging the decryption key from RAM and requiring a full key be entered after some hours --- assuming an adversary has hijacked physical possession of the powered on phone but not managed to gain access; keeping the key in RAM increases the risk that the decryption key could be stolen by tampering with the device and reading the RAM directly: as time progresses, the chance of discovering a previously unknown unpatched "Unlocking" vulnerability grows --- the vulnerabilities cannot be safely fixed when the owner is not in physical possession of their device to authorize a code update.
This is where careful selection of hardware comes.... For instance in the Android ZTE Axon7's fingerprint sensor they reportedly chose to use Goodix's solution that uses Infrared imaging of the print on tissue beneath the surface of the finger which verifies liveness of the finger, and that the print presented is not a simple cosmetic mockup or disembodied finger.
The only concern then is forced access..... Wouldn't TWO-Factor make sense? Option A quick access: FINGER + 4-digit PIN
Option B one-time per boot or after idle for 48 hours: 4-digit PIN then Long passphrase
In all cases, getting the 4-digit PIN wrong 6 times in a rough initiates automatic self-erasure.
Not only that.... but I would be happy to supply my passcode to an agent that would release it to only trusted individuals upon my death. If only such an agent could exist, and if only there were a place I could trust highly enough to secure my passcode with a strong assurance that the passcode could never be used against me or released prematurely, or against my wishes, or to anyone but highly-trustworthy individuals.....
It would be nice if these devices automatically unlocked after some time limit, like 1 year.
That would imply an application Logic-based lock, but instead, these phones use cryptography so the passcode is required to decrypt the data; "Fingerprint" access only works while the key derived from the passcode is still in volatile memory, and once the phone sleeps or reboots or something, that memory is purged, and the decryption key needs to be supplied again.
If they didn't encrypt the data ---- then everything on your phone could potentially be stolen by a criminal attacking either Apple's servers or the phone itself and finding a flaw in the Logic-based lock.
I think Dropbox is golden unless you're intending on Sharing malware to the public from DB, or something that will generate completes, they don't care --- they're what Google Drive should be like.
AWS, Dropbox, and a bunch of other services work work fine too -- Google's the only one known to be censorship-interfering with your private files and small scale one-to-one sharing.
If Google support won't budge, then I would suggest they file a lawsuit against Google then, and settle the matter in court.
Google's rule about "Do not publish sexually explicit or pornographic images or videos" --- doesn't say ANYTHING against using their storage service for Private, Non-Published storage of files and selective distribution or sharing between team members.
His results are going to be inconclusive no matter what.... (1) 1875 feet is NOTHING. We have commercial planes that fly at 30,000 feet -- what a waste.
(2) 1875 feet up is less than a mile; a very small section of the land will be visible from this height.... you need to be 6 or 7 miles up before you begin to see some interesting things, so this is a "safe" experiment in other words it's guaranteed to be inconclusive or at least can't disprove the flat earth theories.... you need to be many hundreds of miles up AND have a wide field of view to begin to see the shape of the earth.
I have over 3000 CDs/albums I purchased prior to 2012....
Having literally millions of albums available to me with a few clicks is huge
Found the addict. Even after building a massive 3000 CD collection, you would still be acquiring multiple CDs' worth a month?
Well, there are a few things to keep in mind here... (1) In spite of "millions" of tracks; I have Albums with songs that are not available available on CD, and i've CDs that are not available on any streaming service i've found --- so the ultimate music lover essentially has to buy both, if they want to not miss out on some music; I have no doubt that a streaming service provides quicker exploration and a larger fill for a true music addict ------ Versus the average person who buys a few CDs a year by default, and the streaming services are ultimately costly despite the "instant gratification" they offerd.
(2) It's actually physically impossible to not miss out on some music --- nobody can possibly listen to millions of albums in a year. If it takes one ~60 seconds to lookup an album, the most you could possibly view and consider playing in a year's time would be 525,600 if you spent 24x7x365 looking for albums; and if you spent 8 hours a day 365 days listening to songs assuming no repeats, gaps, or rest time --- the maximum number of 3 minute songs that can be fit in that time frame would be 58,400 songs; that's about 5.8% of 1 million. In other words, you'd need 17 years to consume what you're renting each year --- if you pay a whole year for such service.
You often have different groups of people in subreddits and not all of them agrees with the moderators so the issue you highlight also exists at lower levels.
That's true.... And if enough of them disagree, then they go form their own sub according to their different vision. But the idea is to be able to create a Community, and the rules of that community ought to be the rules, and shouldn't be able to be superceded by some other minority's rules within that community ---- Neither yours as an individual, nor some special elite cadre of "Super Moderators".
Ok, well the thing is not all people are exactly the same, and there is something to be said to occasionally buying buying a month of a streaming service to allow easy exploration of a large number of albums without buying them.
But buying music and obtaining permanent ownership seems to have the long-term major cost advantage.
Facebook's just going to add him to a list of developers to audit, probably! Look: He even said he still has the info!
I might still be able to; all the data is still there, stored on my private server, where Cow Clicker is still running
I'm pretty sure that retaining Facebook user details is specifically against the developer terms, and it was even back when Farmville was still all the rage.....
So for $120/Year you can play all the music you want.... The average CD cost about $10, so that's like buying 12 CDs a year....... However, MOST people listen to a few dozen artists or a few songs they'll want to listen to over and over again, and before the advent of streaming services might have purchased 2 or 3 CDs per year.... ~$20 or $30/Year in music tops.
So let me get this straight... the avg. subscriber will now pay 6 TIMES as much per year to listen to probably roughly the same amount of music, AND better yet.... after the year is over, you don't own anything for having subscribed, so next year you gotta pay again to listen to the same music.
The music companies should be THRILLED by this model. All they have to do is raise CD prices even more to ensure they become less popular and get a tighter lockdown on "higher fidelity versions" they can upsell later, then make sure they eventually get an 80% or 90% cut on all subscription services, and keep renegotiating royalty rates a few % higher every year to provide growth.
Why on earth should they be held to a higher standard? That's ridiculous.
For the same reason we can automatically assign some fault for an accident if we detect that a human driver has high blood alcohol content or was texting, on that basis alone. If the driver was operating below the maximum possible level of ability for that specific driver, then there is responsibility to be assigned to the driver.
Because.... we say every vehicle's driver has An absolute duty to prevent their vehicle from colliding with pedestrians, And they have some fault for an incident unless it is clearly impossible that they would have prevented it. That is: "Assuming the driver makes no errors -- this accident could still not possibly be prevented; would be an adequate defense", BUT for this case that doesn't hold..... The Self-Driving car COULD have prevented the accident and FAILED to prevent the accident, and it was ultimately caused by Unsafe driving and some defect in the Uber system that they have yet to determine.
Isn't this essentially what reddit already has? Community moderators on a per-subreddit basis?
Yes... Unfortunately reddit also has Site Admins who can exercise independent authority over any Post, Article, and can even destroy an entire Sub. And the unwanted censorship actions are coming from the Global Site Admins group, not the moderators.
What we need is Catered censors ---- In other words, censors who are Approved by the group they are censoring, For example:
in a "Gun Sales forum" --- the censors would act according to the wishes of THAT community and not be subject to the OVERALL Public opinion or scrutiny by a Corporate overlord, And then: effective means in place of monitoring the usage and cancelling or revoking the censorship powers in the event that one of the approved censors becomes rogue and starts going against the desires of THAT PARTICULAR community.
PROBABLY the idea would be to have a means of marking spam so it's hidden by default, But concerned citizens can turn on an advanced feature and see all the "Deleted" or "Censored" messages.
A 15-year-old programmer named Saleem Rashid discovered a flaw in the popular Ledger hardware wallet that allowed hackers to grab secret PINs....
The discoverer's age is irrelevent to the story. If he were 30, would we call him a "30-year-old programmer" I think not. Is the author trying to imply, that because the programmer was 15, the vulnerability was more obvious, or easily discovered by even a naive person?
That would be an invalid presumption. There are a whole lot of technically skilled 15 year olds in the world, so how about not trying to discredit them or use their age to imply they shouldn't have been able to do this? Ahem! "Expert programmer Saleem Rashid discovered a flaw...."
Yeah, but all Lightning really does is put the transactions back in the control of some gatekeepers.
No... the Lightning network is another decentralized system layered on top of the Bitcoin network with its nodes implemented in Lightning-enabled Bitcoin wallets which also does not rely on anyone trusting a central authority.
Are you unable to pass laws these days without threatening a government shutdown?
Pretty much.... the Democrats are basically determined to not allow the republican congress to come home with a single win or single success, even while the republicans have the majority ---- it turns out there are some very old rules and longstanding traditions within the bodies that limits what a majority can do And gives a large enough minority the ability to delay forever or almost forever and obstruct anything they want to obstruct by spreading out debate forever on each individual motion and point that has to be approved to progress a bill ---- OH, Except there are some special laws and special rules that apply to the specific Budgeting acts which prevent shenanigans such as filibustering, So long as very specific rules are followed regarding the method and nature of the legislation added: they can at least get them added to the bill with a 51% majority...
What do you think? The FBI wants tech companies like Apple to ship tech devices with government backdoors pre-installed to ensure they can access data.
Failing that, they apparently have no qualms against engaging 3rd party companies that would leverage undisclosed vulnerabilities capable of compromising ordinary citizens' devices en masse to come up with custom solutions, but pretend those don't exist when lobbying the government for more powers.
I'd bet they have 3 or more modernized/re-written versions of programs such as Carnivore that are even more insidious, and possibly even more poorly conceived and more frequently abused.
The EU privacy rules likely have exceptions for law enforcement access to data, so they could process the data request through their local LEO, then their LEO sends the information to the US law-enforcement body requesting the data after signing some forms, And, request fulfilled.
Slashdot Mirror
I think you want to reply to the parent, as I have not suggested the time-based unlock is feasible in a secure smart phone.
However, the issue of resetting the clock can be mitigated by requiring the phone to be unlocked to access those settings. Alternatively the "mechanism to unlock after 1 year" could require a digitally signed request that is also countersigned by multiple secure timestamping authorities possessiong X509 security certificates from trusted Root CAs holding the timestamping role trusted by the smartphone that agree that the 1yr unlocking request has been submitted to them at exactly Y time.
There are good reasons for Apple's practices of purging the decryption key from RAM and requiring a full key be entered after some hours --- assuming an adversary has hijacked physical possession of the powered on phone but not managed to gain access; keeping the key in RAM increases the risk that the decryption key could be stolen by tampering with the device and reading the RAM directly: as time progresses, the chance of discovering a previously unknown unpatched "Unlocking" vulnerability grows --- the vulnerabilities cannot be safely fixed when the owner is not in physical possession of their device to authorize a code update.
This is where careful selection of hardware comes.... For instance in the Android ZTE Axon7's fingerprint sensor they reportedly chose to use Goodix's solution that uses Infrared imaging of the print on tissue beneath the surface of the finger which verifies liveness of the finger, and that the print presented is not a simple cosmetic mockup or disembodied finger.
The only concern then is forced access..... Wouldn't TWO-Factor make sense?
Option A quick access: FINGER + 4-digit PIN
Option B one-time per boot or after idle for 48 hours: 4-digit PIN then Long passphrase
In all cases, getting the 4-digit PIN wrong 6 times in a rough initiates automatic self-erasure.
Not only that.... but I would be happy to supply my passcode to an agent that would release it to only trusted individuals upon my death.
If only such an agent could exist, and if only there were a place I could trust highly enough to secure my passcode with a strong assurance that the passcode could never be used against me or released prematurely, or against my wishes, or to anyone but highly-trustworthy individuals.....
It would be nice if these devices automatically unlocked after some time limit, like 1 year.
That would imply an application Logic-based lock, but instead, these phones use cryptography so the passcode is required to decrypt the data; "Fingerprint" access only works while the key derived from the passcode is still in volatile memory, and once the phone sleeps or reboots or something, that memory is purged, and the decryption key needs to be supplied again.
If they didn't encrypt the data ---- then everything on your phone could potentially be stolen by a criminal attacking either Apple's servers or the phone itself and finding a flaw in the Logic-based lock.
I think Dropbox is golden unless you're intending on Sharing malware to the public from DB, or something that will generate completes, they don't care --- they're what Google Drive should be like.
AWS, Dropbox, and a bunch of other services work work fine too -- Google's the only one known to be censorship-interfering with your private files and small scale one-to-one sharing.
If Google support won't budge, then I would suggest they file a lawsuit against Google then, and settle the matter in court.
Google's rule about "Do not publish sexually explicit or pornographic images or videos" --- doesn't say ANYTHING against using their storage service for Private, Non-Published storage of files and selective distribution or sharing between team members.
His results are going to be inconclusive no matter what.... (1) 1875 feet is NOTHING. We have commercial planes that fly at 30,000 feet -- what a waste.
(2) 1875 feet up is less than a mile; a very small section of the land will be visible from this height.... you need to be 6 or 7 miles up before you begin to see some interesting things, so this is a "safe" experiment in other words it's guaranteed to be inconclusive or at least can't disprove the flat earth theories.... you need to be many hundreds of miles up AND have a wide field of view to begin to see the shape of the earth.
I have over 3000 CDs/albums I purchased prior to 2012 ....
Having literally millions of albums available to me with a few clicks is huge
Found the addict. Even after building a massive 3000 CD collection, you would still be acquiring multiple CDs' worth a month?
Well, there are a few things to keep in mind here... (1) In spite of "millions" of tracks; I have Albums with songs that are not available available on CD, and i've CDs that are not available on any streaming service i've found --- so the ultimate music lover essentially has to buy both, if they want to not miss out on some music; I have no doubt that a streaming service provides quicker exploration and a larger fill for a true music addict ------ Versus the average person who buys a few CDs a year by default, and the streaming services are ultimately costly despite the "instant gratification" they offerd.
(2) It's actually physically impossible to not miss out on some music --- nobody can possibly listen to millions of albums in a year. If it takes one ~60 seconds to lookup an album, the most you could possibly view and consider playing in a year's time would be 525,600 if you spent 24x7x365 looking for albums; and if you spent 8 hours a day 365 days listening to songs assuming no repeats, gaps, or rest time --- the maximum number of 3 minute songs that can be fit in that time frame would be 58,400 songs; that's about 5.8% of 1 million. In other words, you'd need 17 years to consume what you're renting each year --- if you pay a whole year for such service.
You often have different groups of people in subreddits and not all of them agrees with the moderators so the issue you highlight also exists at lower levels.
That's true.... And if enough of them disagree, then they go form their own sub according to their different vision.
But the idea is to be able to create a Community, and the rules of that community ought to be the rules, and shouldn't be able to be superceded by some other minority's rules within that community ---- Neither yours as an individual, nor some special elite cadre of "Super Moderators".
Ok, well the thing is not all people are exactly the same, and there is something to be said to
occasionally buying buying a month of a streaming service to allow easy exploration of a large number of albums without buying them.
But buying music and obtaining permanent ownership seems to have the long-term major cost advantage.
Facebook's just going to add him to a list of developers to audit, probably! Look: He even said he still has the info!
I might still be able to; all the data is still there, stored on my private server, where Cow Clicker is still running
I'm pretty sure that retaining Facebook user details is specifically against the developer terms, and it was even back when Farmville was still all the rage.....
So for $120/Year you can play all the music you want.... The average CD cost about $10, so that's like buying 12 CDs a year....... However, MOST people listen to a few dozen artists or a few songs they'll want to listen to over and over again, and before the advent of streaming services might have purchased 2 or 3 CDs per year.... ~$20 or $30/Year in music tops.
So let me get this straight... the avg. subscriber will now pay 6 TIMES as much per year to listen to probably roughly the same amount of music, AND better yet.... after the year is over, you don't own anything for having subscribed, so next year you gotta pay again to listen to the same music.
The music companies should be THRILLED by this model. All they have to do is raise CD prices even more to ensure they become less popular and get a tighter lockdown on "higher fidelity versions" they can upsell later, then make sure they eventually get an 80% or 90% cut on all subscription services, and keep renegotiating royalty rates a few % higher every year to provide growth.
So basically you're saying that these cars are not ready to be deployed around the world with no safety driver.
This car was not ready for limited testing under these conditions WITH a safety driver.
The trouble is someone who is Not driving is going to automatically become fatigued watching and get distracted.
They'd be better off with a remote datacenter of staff watching the car's cameras 24x7 in 10-minute shifts.
Why on earth should they be held to a higher standard? That's ridiculous.
For the same reason we can automatically assign some fault for an accident if we detect that a human driver has high blood alcohol content or was texting, on that basis alone. If the driver was operating below the maximum possible level of ability for that specific driver, then there is responsibility to be assigned to the driver.
Because.... we say every vehicle's driver has An absolute duty to prevent their vehicle from colliding with pedestrians, And they have some fault for an incident unless it is clearly impossible that they would have prevented it. That is: "Assuming the driver makes no errors -- this accident could still not possibly be prevented; would be an adequate defense", BUT for this case that doesn't hold..... The Self-Driving car COULD have prevented the accident and FAILED to prevent the accident, and it was ultimately caused by Unsafe driving and some defect in the Uber system that they have yet to determine.
These days it's usually sending the video over a HTTPS connection, so just snagging the TCP stream isn't quite enough.
Isn't this essentially what reddit already has? Community moderators on a per-subreddit basis?
Yes... Unfortunately reddit also has Site Admins who can exercise independent authority over any Post, Article, and can even destroy an entire Sub. And the unwanted censorship actions are coming from the Global Site Admins group, not the moderators.
What we need is Catered censors ---- In other words, censors who are Approved by the group they are censoring, For example:
in a "Gun Sales forum" --- the censors would act according to the wishes of THAT community and not be subject to the OVERALL Public opinion or scrutiny by a Corporate overlord, And then: effective means in place of monitoring the usage and cancelling or revoking the censorship powers in the event that one of the approved censors becomes rogue and starts going against the desires of THAT PARTICULAR community.
PROBABLY the idea would be to have a means of marking spam so it's hidden by default, But concerned citizens can turn on an advanced feature and see all the "Deleted" or "Censored" messages.
A 15-year-old programmer named Saleem Rashid discovered a flaw in the popular Ledger hardware wallet that allowed hackers to grab secret PINs....
The discoverer's age is irrelevent to the story. If he were 30, would we call him a "30-year-old programmer" I think not. Is the author trying to imply, that because the programmer was 15, the vulnerability was more obvious, or easily discovered by even a naive person?
That would be an invalid presumption. There are a whole lot of technically skilled 15 year olds in the world, so how about not trying to discredit them or use their age to imply they shouldn't have been able to do this? Ahem!
"Expert programmer Saleem Rashid discovered a flaw...."
Yeah, but all Lightning really does is put the transactions back in the control of some gatekeepers.
No... the Lightning network is another decentralized system layered on top of the Bitcoin network with its nodes implemented in Lightning-enabled Bitcoin wallets which also does not rely on anyone trusting a central authority.
Are you unable to pass laws these days without threatening a government shutdown?
Pretty much.... the Democrats are basically determined to not allow the republican congress to come home with a single win or single success,
even while the republicans have the majority ---- it turns out there are some very old rules and longstanding traditions within the bodies that limits what a majority can do And gives a large enough minority the ability to delay forever or almost forever and obstruct anything they want to obstruct by spreading out debate forever on each individual motion and point that has to be approved to progress a bill ---- OH, Except there are some special laws and special rules that apply to the specific Budgeting acts which prevent shenanigans such as filibustering, So long as very specific rules are followed regarding the method and nature of the legislation added: they can at least get them added to the bill with a 51% majority...
What do you think? The FBI wants tech companies like Apple to ship tech devices with government backdoors pre-installed to ensure they can access data.
Failing that, they apparently have no qualms against engaging 3rd party companies that would leverage undisclosed vulnerabilities capable of compromising ordinary citizens' devices en masse to come up with custom solutions, but pretend those don't exist when lobbying the government for more powers.
I'd bet they have 3 or more modernized/re-written versions of programs such as Carnivore that are even more insidious,
and possibly even more poorly conceived and more frequently abused.
The EU privacy rules likely have exceptions for law enforcement access to data, so they could process the data request through their local LEO, then their LEO sends the information to the US law-enforcement body requesting the data after signing some forms, And, request fulfilled.
We could threaten to ship all of Boston back across the pond. That would make Ireland shape up in a hurry.
Ireland: We'll intercept the boats, put them all in chains and divert them to Uzbekistan's forced labor camps to work the cotton fields.
China+Russia say: "You want a piece of me, punk? I'm not afraid of you!"