Hardly. Concrete, for example, isn't a chemical. (The individual constituents may be. Ultimately, the constituents of concrete are all composed of chemicals, but that could be a ways down.) A bridge isn't a chemical. Humans, potatoes, bacon, hope, money -- none of those are chemicals.
"Everything" is perhaps a more inclusive word than you were going for.
Applications don't provide location data to the API, it's the other way around. If you wanted to do that, you'd need a heavily modified, rooted iPhone, at which point you might as well just disable Location Services entirely.
Interesting but not surprising. Their workshop includes machine tools. You really need a trained machinist to oversee such things (and teach non-machinists how to use them), and most trained machinists are older. (Plus, the older ones are better.)
Barely, for things like cars and buses. If they actually charged you more based on your weight and scaled it by increased fuel cost, the added charge would be so low that it would probably cost more to collect it than they brought in.
Now, if the bus is nearly full and a large person takes up more space, lowering the capacity of the bus, it could have an impact. But that's only applicable when the bus is nearly full, which tends to happen at predictable times, so you'd do almost as well to charge a higher bus fare during rush hour instead (easier to compute and collect).
Also using another's identity most certainly can and does bring harm to the creator/originator of that identity.
Absolutely. "Identity theft" causes direct financial damage to the person whose identity is "stolen". I just think both words in the term are sort of a poor fit. You still have your identity, but someone else has information about your identity that they're using for a variety of nefarious things. (One of those things could be stealing your money, of course. Or any manner of other forms of financial damage.)
I also, of course, don't think "stealing" should apply to unauthorized access to confidential data (the case in TFA) or to unauthorized copying of copyrighted material (either for a profit or not).
Almost all of those domain seizures are for sites selling counterfeit products or engaged in the sale of copyrighted works. Admittedly, not all of them are. But ICE shutting down major torrent websites and sites that are profiting from counterfeiting or ignoring copyright (which *is* criminal) is a far cry from the FBI "chasing after... people that copy music and movies".
"A matter of minutes" is a bit of an overstatement (if everyone owned iPhones, it would be simpler, but the procedure for collecting data with something like Cellebrite is more time-consuming than "minutes"), but it's true that it's not too difficult to pull information off a phone if you have physical access to it.
It's certainly true that the location database can easily be taken and used against you if someone has physical access to your phone. It's certainly true that people can get physical access to your phone. However, there are lots of things -- many of them much worse than getting a history of your past locations -- that people can also easily do if they have physical access to your phone.
So, like I said, if your stalker has physical access to your phone, you're in a lot more trouble than "they might have my location history".
Good call. You could take the same secret question answers and subject them to two transformations: normalization + hashing for online password reset requests and encryption for offline requests. Decent normalization should be able to do a good job.
Right, and for a database that's storing timestamp-location pairs, you're probably mostly interested in finding rows that match a range (of coordinates or times), which means no exact matches.
Now, if you're using your SQL database as a fancy way of doing simple data storage and only ever query the last few items, you could encrypt the rows.
I think the answer, though, is that the whole file is encrypted. iOS has built-in facilities for that sort of thing so that the SQLite library doesn't need to know or care that the file is encrypted.
If your stalker has physical access to your phone, you're in a lot of trouble, regardless of Apple's policy and implementation of Location Services on the iPhone.
Was the sensitive information deleted from Sony's system, denying them access to it? If not, how is that stealing? I thought the People of Slashdot were against calling it "stealing" when information is merely duplicated without taking access away from the original holder?
Passwords should be stored as hashes, yes. Answers to secret questions can only really be stored as hashes if you insist on people reproducing spelling, capitalization, and punctuation accurately and you don't intend to use the secret questions for over-the-phone authentication. Other sensitive information can be encrypted, but obviously an automated system that *uses* that information must have access to the encryption key necessary to decrypt the data. Sure, you can have your database and the system that uses the sensitive information on separate systems, but if a person just hacks in to both, they can decrypt the database's data.
If you can't decrypt and use the sensitive information, there's no reason to store it in the first place.
Fortunately, it's much, much harder to have accidental hash collisions, even with the weakest commonly-used hash algorithm, than anyone appreciates.
If a billion Dropbox users filled their 2 GB of free space with 1 kB files, these were all hashed with MD5, and you guessed a million hashes a second, it would take on the order of a trillion years to have a reasonable chance of guessing the hash of an existing file.
So, you're mixing "crap publication" and "cheating". I have limited experience with crap publication -- that is, I see people submitting terrible papers, but I don't know why.
As far as cheating goes, I only have experience with my school. In physics, people didn't really cheat. It was a hard program, and if you cheated, you were likely to fail miserably anyway, so there was no motivation to cheat. In engineering disciplines, there was a ton of cheating, and it was to some extend endemic to the discipline. Even professors thought it was reasonable to cheat if it meant that you succeeded (as long as you weren't cheating in *their* class, of course). However, American students were for the most part unwilling to cheat, whereas Indian students thought that it was an acceptable path to success.
Slashdot Mirror
Are you seriously trying to tell us that these big labs are not using version control while developing their systems?
That's a lot more common than any sane programmer would suspect.
Hardly. Concrete, for example, isn't a chemical. (The individual constituents may be. Ultimately, the constituents of concrete are all composed of chemicals, but that could be a ways down.) A bridge isn't a chemical. Humans, potatoes, bacon, hope, money -- none of those are chemicals.
"Everything" is perhaps a more inclusive word than you were going for.
Applications don't provide location data to the API, it's the other way around. If you wanted to do that, you'd need a heavily modified, rooted iPhone, at which point you might as well just disable Location Services entirely.
Elcomsoft? The Russian company Elcomsoft practically lives to violate the DMCA.
Would you take investment advice from someone who confuses "where" with "what"?
Interesting but not surprising. Their workshop includes machine tools. You really need a trained machinist to oversee such things (and teach non-machinists how to use them), and most trained machinists are older. (Plus, the older ones are better.)
Moving more mass requires more fuel.
Barely, for things like cars and buses. If they actually charged you more based on your weight and scaled it by increased fuel cost, the added charge would be so low that it would probably cost more to collect it than they brought in.
Now, if the bus is nearly full and a large person takes up more space, lowering the capacity of the bus, it could have an impact. But that's only applicable when the bus is nearly full, which tends to happen at predictable times, so you'd do almost as well to charge a higher bus fare during rush hour instead (easier to compute and collect).
Or maybe they're just idiots.
That's, "iDiots".
Go murder your neighbor.
You should be okay with that, right, since it's not stealing?
Also using another's identity most certainly can and does bring harm to the creator/originator of that identity.
Absolutely. "Identity theft" causes direct financial damage to the person whose identity is "stolen". I just think both words in the term are sort of a poor fit. You still have your identity, but someone else has information about your identity that they're using for a variety of nefarious things. (One of those things could be stealing your money, of course. Or any manner of other forms of financial damage.)
I also, of course, don't think "stealing" should apply to unauthorized access to confidential data (the case in TFA) or to unauthorized copying of copyrighted material (either for a profit or not).
Almost all of those domain seizures are for sites selling counterfeit products or engaged in the sale of copyrighted works. Admittedly, not all of them are. But ICE shutting down major torrent websites and sites that are profiting from counterfeiting or ignoring copyright (which *is* criminal) is a far cry from the FBI "chasing after ... people that copy music and movies".
.>Meanwhile the FBI spends more time chasing after ... people that copy music and movies...
That's almost exclusively done by private companies on the MPAA/RIAA's dime. The FBI is rarely involved (since it's not criminal).
If someone steals your identity, do you no longer have it? Who are you then?
"A matter of minutes" is a bit of an overstatement (if everyone owned iPhones, it would be simpler, but the procedure for collecting data with something like Cellebrite is more time-consuming than "minutes"), but it's true that it's not too difficult to pull information off a phone if you have physical access to it.
It's certainly true that the location database can easily be taken and used against you if someone has physical access to your phone. It's certainly true that people can get physical access to your phone. However, there are lots of things -- many of them much worse than getting a history of your past locations -- that people can also easily do if they have physical access to your phone.
So, like I said, if your stalker has physical access to your phone, you're in a lot more trouble than "they might have my location history".
Good call. You could take the same secret question answers and subject them to two transformations: normalization + hashing for online password reset requests and encryption for offline requests. Decent normalization should be able to do a good job.
Right, and for a database that's storing timestamp-location pairs, you're probably mostly interested in finding rows that match a range (of coordinates or times), which means no exact matches.
Now, if you're using your SQL database as a fancy way of doing simple data storage and only ever query the last few items, you could encrypt the rows.
I think the answer, though, is that the whole file is encrypted. iOS has built-in facilities for that sort of thing so that the SQLite library doesn't need to know or care that the file is encrypted.
How do you intend to do a select on encrypted data?
Redacting timestamps to the accuracy you think you need is much more annoying than simply getting a timestamp via a built-in function.
If your stalker has physical access to your phone, you're in a lot of trouble, regardless of Apple's policy and implementation of Location Services on the iPhone.
Not encrypting the data, on the other hand, seems to be a genuine oversight.
To what end? In order to make use of the data, the encryption key would have to be stored on the phone.
Was the sensitive information deleted from Sony's system, denying them access to it? If not, how is that stealing? I thought the People of Slashdot were against calling it "stealing" when information is merely duplicated without taking access away from the original holder?
Passwords should be stored as hashes, yes. Answers to secret questions can only really be stored as hashes if you insist on people reproducing spelling, capitalization, and punctuation accurately and you don't intend to use the secret questions for over-the-phone authentication. Other sensitive information can be encrypted, but obviously an automated system that *uses* that information must have access to the encryption key necessary to decrypt the data. Sure, you can have your database and the system that uses the sensitive information on separate systems, but if a person just hacks in to both, they can decrypt the database's data.
If you can't decrypt and use the sensitive information, there's no reason to store it in the first place.
Fortunately, it's much, much harder to have accidental hash collisions, even with the weakest commonly-used hash algorithm, than anyone appreciates.
If a billion Dropbox users filled their 2 GB of free space with 1 kB files, these were all hashed with MD5, and you guessed a million hashes a second, it would take on the order of a trillion years to have a reasonable chance of guessing the hash of an existing file.
Dropbox already lets you share files privately. Just not in this particular manner.
I have Dropbox on this machine with a handful of shared folders from other Dropbox users.
So, you're mixing "crap publication" and "cheating". I have limited experience with crap publication -- that is, I see people submitting terrible papers, but I don't know why.
As far as cheating goes, I only have experience with my school. In physics, people didn't really cheat. It was a hard program, and if you cheated, you were likely to fail miserably anyway, so there was no motivation to cheat. In engineering disciplines, there was a ton of cheating, and it was to some extend endemic to the discipline. Even professors thought it was reasonable to cheat if it meant that you succeeded (as long as you weren't cheating in *their* class, of course). However, American students were for the most part unwilling to cheat, whereas Indian students thought that it was an acceptable path to success.