I think this is not about patents, but about trade secrets.
So it seems like Google is a non-practicing entity, since they don't seem to be doing any trade or commerce, or selling anything based on their work; it's all research about hypothetical future concepts.... then can their work actually be considered a trade secret?
Seems like Google's the troll here. They talk a good game, but there's seems to be no Self-Driving car or Self-driving-car-based product Google's selling.
If you decide to manipulate the bitcoin market with a 100 million dollars it is possible to do it without any preventative measures from the SEC
100 million$$ would be a tiny fraction of the Bitcoin market's daily trading volume... So how do you propose that would be possible to do, anyways? Maybe a 100 million $$-costing smear campain would do it
you will need to go through an exchange and be identifiable and open to prosecution by the SEC.
To trade a significant amount of Bitcoin, you most likely will have to identify yourself as well. Just like some countries control stocks, basically all countries have controls on their currency and their banks, And you don't move $100 million into a Bitcoin exchange without being noticed.
Not necessarily with stocks. Particularly with international stocks, they may not be listed on an Exchange identifiable to the SEC. ETFs invest in those too. Some options buy options on stocks instead, which are even more manipulatable.
Price manipulation typically works by generating internet spam.... Pump and Dump, but plenty of people who sold the stock as it went up are not involved with the manipulation, so it's not inherently making the foul actors identifiable.
At the moment it is too easy for any individual or group of individuals with means to manipulate the market.
That's true of ordinary Stocks as well. As well as the Gold market; all subject to manipulation of the market by a small number of moneyed players.....
So why is the SEC unduly concerned about the fraud potential with Bitcoin?
Basically, the Right to be Forgotten is Only for those the liberals deem to be disadvantaged groups, such as people with prior criminal convictions; It's not for Corporate officers and other rich folks associated with shady businesses.
Turning citizens into informers by offering compensation or reward or immunity from past crimes Is hardly unique to the Soviets or Soviet era. It's a time-honored tradition to post Wanted posters with rewards.
Also, just because the Soviets used Tactic X, does not mean that it is Tactic X itself which was evil.
The evil was the ends they were trying to achieve and the tyranny and sacrifice of human life.
I think it's obvious..... Regulators need to change their tactics, such as by posting a reward for citizens providing evidence of violation of regulations.
Then they can increase the penalties, since they know Uber is taking actions to prevent the government itself from auditing.
why more people don't do this. It's easy to come up with a suitably long and random base password that you can then add minor variations to based on some algorithm to make it unique per website or service.
People DO do this. Research has shown that when implementing Password Expiration, in 80% of the time users created a new password which could be guessed by using a dictionary attack on the previous password and applying minor variations.
That means you need to consider an adversary with physical access (break-in or evil maid) as part of the far end of the threat model.
No way, because that's a basically impossible threat model to secure against. You need a physically secure space to keep the machine at all times (E.g. a Bank-vault grade storage location, with a high-security transport box), and a physically secure space in which to work (Area with entrances under lock and key and 24x7 CCTV + multiple armed guard security watch). If those aren't assumed, then the device won't be secure against the attacks that TPM system measurements, HDD Password, and Encryption do not protect against.
OP needs a multi-layered solution: the laptop needs all RF Tx/Rx hardware verifiably removed. I
Your laptop's monitor is Tx hardware. All it takes is the adversary to hide a camera, OR: If you include Physical attacks in your model, the attacker covertly opens your PC while you are not there and installs Inside the internals of the laptop A Snoop device to capture or re-Transmit your video lines' output, And a Keylogger on the USB bus, interposing the normal keyboard to record the kb and mouse actions.
Ideally all USB ports would be physically unplugged or epoxied shut or both.
This isn't a useful security measure against a phys attacker. A physical attacker can open the PC and install an internal PCI device with an option ROM. These are security measures to prevent abuse by end-users, In the context of an organization.
A client has given you confidential digital files containing a design for a not-yet-public consumer product.
In other words, you probably have a company laptop with a Client's confidential files, and nobody else except you shall ever touch it. You're not in the position of an Employer trying to prevent employees from stealing files by plugging in a USB stick. The difference is YOU can be trusted to follow your own procedures (Hopefully, maybe....)
If we assume the authorized user is not the espionage person, and follows procedures, then we don't need to worry about I/O ports, because they will not use any, and will not let anyone else touch the machine and not let the machine out of their site, until it is turned off physically locked up fully and securely in the Bank, or handcuffed to their wrist, while they are walking with their armed security detail to the vault location.
(if you try to send it a command while the receiver is powered off, nothing will happen)
Power on the receiver only briefly once every X minutes, and listen for a tone -- If there is no tone, then sleep the receiver for X more minutes.
If a tracker wants to locate the device, in order to access the tag, the tracker is required to transmit a Tone continuously on a specified frequency for X minutes to "capture" the receiver, Then, just before they stop sending the tone, they send something like a HMAC-Signed message containing List of Tag IDs to activate, And then a Sequential ID and current Timestamp to discourage replay attacks. The activated tag(s) will broadcast their location for X hours, before switching back into Listen/Sleep mode
As bad as it seems.... turn on Windows Firewall with Advanced security, and make sure the computer is not joined to a domain, And None of the firewall exceptions are turned on. Open Computer Management, make sure the only enabled users have strong passwords, and set a Setup Password, User Password, and Hard Drive Unlock password in the BIOS/CMOS, turn on the computer's TPM Function, and setup BitLocker drive encryption. Shutdown the PC fully when you are not physically present at the keyboard.
What reason in particular do you have to be concerned with 'Hacking over the wireless' again?
How about you Disable all Wireless NICs, then open Services.msc and set all Wireless-related services to Disabled, then reboot.
Seriously.... a major death trap.... you're going to pump a giant underwater sphere free of water?
Then when you release it, or if something breaks, That will be some SERIOUS... Delta-P Imagine all the potential energy build-up, and the impact of the sudden release on anything living happening to be anywhere near the input pipes.
There are other semiconductors (such as GaAs) which can operate reliably at higher frequencies, but they are absurdly expensive, produce too much heat, consume too much power, and so on
OK, then.... Obviously we need to find another material that will clock to a higher frequency Which is abundant enough that could become almost as cheap as silicon, given demand and economies of scale, which can be made efficient enough and won't inherently produce too much heat for high-computing needs.
And then entirely new processes need to be developed.....
but passing a test does not ensure morality. Morality is the problem, and I can tell you quite plainly that the immoral and moral in today's society are pretty evenly numbered.
It's not about 'ensuring morality'. It's about Restricting the population who can do it to a population that will not have Plausible deniability for improper actions, And then By making sure the people who can do this have something of Value which can be taken away for a long time as a consequence for abuse ---- providing a major disincentive for abuse.
An attempt to create a TCP connection to an Internet connected machine is not an attack
One attempt is not. But many attempts to create a TCP connection including randomized or incrementing destination attempts can be viewed as an attack. Either as a flood, or as an obvious invasive "probe" to attempt to gain reconnaissance for hacking the system.
"We thought they were the ones trying to hack us, see our logs? (cat log | sed -e 's/someip/theirip/g'
I would suggest formal Licensure for Cybersecurity professionals requiring Passing a practical Examination, also a Test, and committing to a code of conduct including No Espionage, Theft, or Disclosure of Data --- requiring any item of data unrelated to an attack be kept confidential and not shared, even with a boss, employer, or co-worker.
Then have the bill so the Active Defense argument is ONLY valid for an individual Response reviewed and directed by a Licensed professional, Regardless if the Professional is a member of Law Enforcement or working in private industry and Protects only the direct actions of the licensed professional, Not actions that automatically selected and committed a response without specified human judgement and scrutiny.
Also, modify the act so Law Enforcement professionals Otherwise excluded from the Act are Subject to prosecution for any Hacking, If they don't have the same license.
Any misbehavior such as Hacking an innocent system, will be brought before a board, and their license will be revoked or on a minor offense suspended for a minimum of 5, 6, or 7 years.
I'm waiting for him to declare that Linux has 20% market share on the desktop he lies so much.
How do you know that Linux DOESN'T have 20% market share? I've been around a while, and I've noticed that a lot of the people authoring reports suggesting Linux has a low market share turn out to be Windows users.
If You or your media outlet was one of the ones that defended or didn't criticize as a fatal flaw: Hillary Clinton and her most glaring case of using personal E-mail server to cause security exposures and Fail to deliver items ordered by the court, Then you already lost any right to criticize Pence, Etc, for lesser cases Of use of a personal e-mail account.
That seems to be pretty much All people and All the media outlets, by the way.
I don't agree, but For some reason we as a society decided it was all OK, At least for anything that was going on before 2016.
The question wasn't, "The power goes out. Does your bitcoin still exist?".
It was, "The power goes out. How much is your bitcoin worth then?".
It's worth just as much as your Credit card is after the power goes out. Also, your Checkbook and Debit card are worth the same amount after the power goes out which is $0. All the information is stored in computers, And if those computers are down, Then you have nothing.
No, the problem is in the freezing, fractures happen to samples bigger than 3cm across. It's why cryopreservation of dead humans is a farce
So.... How about putting the samples in a vacuum chamber, and reduce the air pressure in order to Make the freezing point of water lower, then super-chill the tissue under lower and lower pressures, until it is cold enough to preserve the tissue without freezing the water, causing it to become solid crystals.
Because will run into is in the future tense and he doesn't have a time machine.
No.... The suggestion is a technical interviewer, if they're expecting to make a test -- Should present such a problem and ask the Engineer to solve that. Give them an hour, let them try to use network resources and fail, rather than deny the use of network resources. It's actually more likely to be interesting, what progress a candidate makes.
By the way: If it is a Problem with no solution on Stack overflow, And it is not obvious and solvable just by knowing the basics of the programming language at hand, Then the Architect or senior Designers (Who should know the language capabilities and have more of a CS background than the coders or software engineers) have failed to do an important part of their job, so the SE could rightly contact the Designer and get a clarification/update regarding, "When you say this function needs to do X.... what basic algorithm steps are to be used to accomplish X ? .
If you're unable to find a meaningful problem whose answer is Not on the net; then that makes it a hypothetical theory that such thing exists, And a fairly unrealistic one at that. These are the kinds of problems engineers need a reasonable timeframe and all tools at their disposal to attack; Net resources ARE still useful, and pertinent, even if you would not find the answer to the exact question. The reality is that there is no such thing as "First principals" complicated problems can be broken down, or the engineer will remember a problem similar to a sub-problem of what is at hand and look the similar one up, then use that as a starting point to facilitate efficiently and effectively solving the problem at hand.
It's not a good test of an engineer's abilities to cramp their creative style and artificially limit what tools they can use to "The tools limited by what some other engineer or academic's personal opinion is about how the thought process should work like or by what some unqualified third party thinks the engineer should need", And if things are so elaborate there's nothing remotely similar to the whole problem on Stackoverflow.... then it's not something you solve in 10 minutes on a whiteboard.
In fact, Whiteboards are too limiting and mainly for creative folks, and many engineers find a Whiteboard not an effective place to solve a technical problem; A fat notebook with plenty of paper to jot down all pertinent facts works much better.
If the problem is so unique, that makes Network resources and Team collaboration even More critical in developing a good solution.
The point of having someone solve it without net resources is that when they are working they will run into problems where the answer is not on Stackoverflow and you need to be able to solve from first principles.
Why don't you ask them to whiteboard one of those, then, instead of Bubblesort?
Except that only a crusty old Unix geek like me will recognize that language.
As to the "implement a bubblesort on the whiteboard"
Hey..... Bubblesort is probably the one sorting algorithm I could potentially do on a Whiteboard. If they asked me to write working generic code for Quicksort, Mergesort, Dijkstra, or A* Search in a short whiteboard session; I'd be screwed.
Slashdot Mirror
I think this is not about patents, but about trade secrets.
So it seems like Google is a non-practicing entity, since they don't seem to be doing any trade or commerce, or selling anything based on their work; it's all research about hypothetical future concepts.... then can their work actually be considered a trade secret?
Seems like Google's the troll here. They talk a good game, but there's seems to be no Self-Driving car or Self-driving-car-based product Google's selling.
If you decide to manipulate the bitcoin market with a 100 million dollars it is possible to do it without any preventative measures from the SEC
100 million$$ would be a tiny fraction of the Bitcoin market's daily trading volume... So how do you propose that would be possible to do, anyways? Maybe a 100 million $$-costing smear campain would do it
you will need to go through an exchange and be identifiable and open to prosecution by the SEC.
To trade a significant amount of Bitcoin, you most likely will have to identify yourself as well. Just like some countries control stocks, basically all countries have controls on their currency and their banks, And you don't move $100 million into a Bitcoin exchange without being noticed.
Not necessarily with stocks. Particularly with international stocks, they may not be listed on an Exchange identifiable to the SEC.
ETFs invest in those too. Some options buy options on stocks instead, which are even more manipulatable.
Price manipulation typically works by generating internet spam.... Pump and Dump, but plenty of people who sold the stock as it went up are not involved with the manipulation, so it's not inherently making the foul actors identifiable.
At the moment it is too easy for any individual or group of individuals with means to manipulate the market.
That's true of ordinary Stocks as well. As well as the Gold market; all subject to manipulation of the market by a small number of moneyed players.....
So why is the SEC unduly concerned about the fraud potential with Bitcoin?
Basically, the Right to be Forgotten is Only for those the liberals deem to be disadvantaged groups, such as people with prior criminal convictions; It's not for Corporate officers and other rich folks associated with shady businesses.
Turning citizens into informers by offering compensation or reward or immunity from past crimes Is hardly unique to the Soviets or Soviet era. It's a time-honored tradition to post Wanted posters with rewards.
Also, just because the Soviets used Tactic X, does not mean that it is Tactic X itself which was evil.
The evil was the ends they were trying to achieve and the tyranny and sacrifice of human life.
I think it's obvious..... Regulators need to change their tactics, such as by posting a reward for citizens providing evidence of violation of regulations.
Then they can increase the penalties, since they know Uber is taking actions to prevent the government itself from auditing.
why more people don't do this. It's easy to come up with a suitably long and random base password that you can then add minor variations to based on some algorithm to make it unique per website or service.
People DO do this. Research has shown that when implementing Password Expiration, in 80% of the time users created a new password which could be guessed by using a dictionary attack on the previous password and applying minor variations.
That means you need to consider an adversary with physical access (break-in or evil maid) as part of the far end of the threat model.
No way, because that's a basically impossible threat model to secure against. You need a physically secure space to keep the machine at all times (E.g. a Bank-vault grade storage location, with a high-security transport box), and a physically secure space in which to work (Area with entrances under lock and key and 24x7 CCTV + multiple armed guard security watch). If those aren't assumed, then the device won't be secure against the attacks that TPM system measurements, HDD Password, and Encryption do not protect against.
OP needs a multi-layered solution: the laptop needs all RF Tx/Rx hardware verifiably removed. I
Your laptop's monitor is Tx hardware. All it takes is the adversary to hide a camera, OR: If you include Physical attacks in your model, the attacker covertly opens your PC while you are not there and installs Inside the internals of the laptop A Snoop device to capture or re-Transmit your video lines' output, And a Keylogger on the USB bus, interposing the normal keyboard to record the kb and mouse actions.
Ideally all USB ports would be physically unplugged or epoxied shut or both.
This isn't a useful security measure against a phys attacker. A physical attacker can open the PC and install an internal PCI device with an option ROM.
These are security measures to prevent abuse by end-users, In the context of an organization.
A client has given you confidential digital files containing a design for a not-yet-public consumer product.
In other words, you probably have a company laptop with a Client's confidential files, and nobody else except you shall ever touch it.
You're not in the position of an Employer trying to prevent employees from stealing files by plugging in a USB stick.
The difference is YOU can be trusted to follow your own procedures (Hopefully, maybe....)
If we assume the authorized user is not the espionage person, and follows procedures, then we don't need to worry about I/O ports, because they will not use any, and will not let anyone else touch the machine and not let the machine out of their site, until it is turned off physically locked up fully and securely in the Bank, or handcuffed to their wrist, while they are walking with their armed security detail to the vault location.
(if you try to send it a command while the receiver is powered off, nothing will happen)
Power on the receiver only briefly once every X minutes, and listen for a tone -- If there is no tone, then sleep the receiver for X more minutes.
If a tracker wants to locate the device, in order to access the tag, the tracker is required to transmit a Tone continuously on a specified frequency for X minutes to "capture" the receiver, Then, just before they stop sending the tone, they send something like a HMAC-Signed message containing List of Tag IDs to activate, And then a Sequential ID and current Timestamp to discourage replay attacks. The activated tag(s) will broadcast their location for X hours, before switching back into Listen/Sleep mode
As bad as it seems.... turn on Windows Firewall with Advanced security, and make sure the computer is not joined to a domain, And None of the firewall exceptions are turned on. Open Computer Management, make sure the only enabled users have strong passwords, and set a Setup Password, User Password, and Hard Drive Unlock password in the BIOS/CMOS,
turn on the computer's TPM Function, and setup BitLocker drive encryption. Shutdown the PC fully when you are not physically present at the keyboard.
What reason in particular do you have to be concerned with 'Hacking over the wireless' again?
How about you Disable all Wireless NICs, then open Services.msc and set all Wireless-related services to Disabled, then reboot.
How about putting a receiver on tracking devices, and programming so they send No signal unless they first receive a coded transmission?
Seriously.... a major death trap.... you're going to pump a giant underwater sphere free of water?
Then when you release it, or if something breaks,
That will be some SERIOUS... Delta-P
Imagine all the potential energy build-up, and the impact of the sudden release on anything living happening to be anywhere near the input pipes.
There are other semiconductors (such as GaAs) which can operate reliably at higher frequencies, but they are absurdly expensive, produce too much heat, consume too much power, and so on
OK, then.... Obviously we need to find another material that will clock to a higher frequency Which is abundant enough that could become almost as cheap as silicon, given demand and economies of scale,
which can be made efficient enough and won't inherently produce too much heat for high-computing needs.
And then entirely new processes need to be developed.....
but passing a test does not ensure morality. Morality is the problem, and I can tell you quite plainly that the immoral and moral in today's society are pretty evenly numbered.
It's not about 'ensuring morality'. It's about Restricting the population who can do it to a population that will not have Plausible deniability for improper actions, And then By making sure the people who can do this have something of Value which can be taken away for a long time as a consequence for abuse ---- providing a major disincentive for abuse.
An attempt to create a TCP connection to an Internet connected machine is not an attack
One attempt is not. But many attempts to create a TCP connection including randomized or incrementing destination attempts
can be viewed as an attack. Either as a flood, or as an obvious invasive "probe" to attempt to gain reconnaissance for hacking the system.
"We thought they were the ones trying to hack us, see our logs? (cat log | sed -e 's/someip/theirip/g'
I would suggest formal Licensure for Cybersecurity professionals requiring Passing a practical Examination, also a Test, and committing
to a code of conduct including No Espionage, Theft, or Disclosure of Data --- requiring any item of data unrelated to an attack be kept confidential and not shared, even with a boss, employer, or co-worker.
Then have the bill so the Active Defense argument is ONLY valid for an individual Response reviewed and directed by a Licensed professional, Regardless if the Professional is a member of Law Enforcement or working in private industry and Protects only the direct actions of the licensed professional, Not actions that automatically selected and committed a response without specified human judgement and scrutiny.
Also, modify the act so Law Enforcement professionals Otherwise excluded from the Act are Subject to prosecution for any Hacking, If they don't have the same license.
Any misbehavior such as Hacking an innocent system, will be brought before a board, and their license will be revoked or
on a minor offense suspended for a minimum of 5, 6, or 7 years.
I'm waiting for him to declare that Linux has 20% market share on the desktop he lies so much.
How do you know that Linux DOESN'T have 20% market share?
I've been around a while, and I've noticed that a lot of the people authoring reports suggesting Linux has a low market share turn out to be
Windows users.
If You or your media outlet was one of the ones that defended or didn't criticize as a fatal flaw: Hillary Clinton and her most glaring case of using personal E-mail server to cause security exposures and Fail to deliver items ordered by the court,
Then you already lost any right to criticize Pence, Etc, for lesser cases Of use of a personal e-mail account.
That seems to be pretty much All people and All the media outlets, by the way.
I don't agree, but For some reason we as a society decided it was all OK, At least for anything that was going on before 2016.
The question wasn't, "The power goes out. Does your bitcoin still exist?".
It was, "The power goes out. How much is your bitcoin worth then?".
It's worth just as much as your Credit card is after the power goes out.
Also, your Checkbook and Debit card are worth the same amount after the power goes out which is $0.
All the information is stored in computers, And if those computers are down, Then you have nothing.
No, the problem is in the freezing, fractures happen to samples bigger than 3cm across. It's why cryopreservation of dead humans is a farce
So.... How about putting the samples in a vacuum chamber, and reduce the air pressure in order to Make the freezing point of water lower,
then super-chill the tissue under lower and lower pressures, until it is cold enough to preserve the tissue without freezing the water, causing it to become solid crystals.
Why do you think a comma should be followed by a capital letter?
Because I already have my degree, And I can follow WhAtEvEr CaPitAliZatIoN StYlE MoSt PLEASES mE.
Because will run into is in the future tense and he doesn't have a time machine.
No.... The suggestion is a technical interviewer, if they're expecting to make a test -- Should present such a problem and ask the Engineer to solve that. Give them an hour, let them try to use network resources and fail, rather than deny the use of network resources. It's actually more likely to be interesting, what progress a candidate makes.
By the way: If it is a Problem with no solution on Stack overflow, And it is not obvious and solvable just by knowing the basics of the programming language at hand, Then the Architect or senior Designers (Who should know the language capabilities and have more of a CS background than the coders or software engineers) have failed to do an important part of their job, so the SE could rightly contact the Designer and get a clarification/update regarding, "When you say this function needs to do X.... what basic algorithm steps are to be used to accomplish X ? .
If you're unable to find a meaningful problem whose answer is Not on the net; then that makes it a hypothetical theory that such thing exists, And a fairly unrealistic one at that. These are the kinds of problems engineers need a reasonable timeframe and all tools at their disposal to attack; Net resources ARE still useful, and pertinent, even if you would not find the answer to the exact question. The reality is that there is no such thing as "First principals" complicated problems can be broken down, or the engineer will remember a problem similar to a sub-problem of what is at hand and look the similar one up, then use that as a starting point to facilitate efficiently and effectively solving the problem at hand.
It's not a good test of an engineer's abilities to cramp their creative style and artificially limit what tools they can use to "The tools limited by what some other engineer or academic's personal opinion is about how the thought process should work like or by what some unqualified third party thinks the engineer should need", And if things are so elaborate there's nothing remotely similar to the whole problem on Stackoverflow.... then it's not something you solve in 10 minutes on a whiteboard.
In fact, Whiteboards are too limiting and mainly for creative folks, and many engineers find a Whiteboard not an effective place to solve a technical problem; A fat notebook with plenty of paper to jot down all pertinent facts works much better.
If the problem is so unique, that makes Network resources and Team collaboration even More critical in developing a good solution.
The point of having someone solve it without net resources is that when they are working they will run into problems where the answer is not on Stackoverflow and you need to be able to solve from first principles.
Why don't you ask them to whiteboard one of those, then, instead of Bubblesort?
* simple coding problem (why doesn't this work):
Except that only a crusty old Unix geek like me will recognize that language.
As to the "implement a bubblesort on the whiteboard"
Hey..... Bubblesort is probably the one sorting algorithm I could potentially do on a Whiteboard.
If they asked me to write working generic code for Quicksort, Mergesort, Dijkstra, or A* Search in a short whiteboard session; I'd be screwed.
When I went to do business, I had to have a visa.
Sounds pretty dodgy..... What's "Business"? Is attending an industry conference for personal education or to meet other people considered business?
Does it count as business if you're going on vacation, but you happen to meet up with an overseas client to a little chit-chat / smalltalk?