PS/2 and USB HID devices are just as much of a security risk, possibly more so. Simply emulate a keyboard and you can type arbitrary commands into the machine. You might even be able to wake it up from sleep mode in the middle of the night.
I don't know of any USB device drivers that loads microcode from a USB device. There are plenty that do it the other way around - the USB is just a bootloader + RAM, with the application code stored in the driver and loaded every time it is plugged in.
The issue is that the USB device sends device descriptors to the computer that describe what it is and how to talk to it. By looking at that data the OS can device which driver to assign to it. By sending malformed descriptors you can trigger bugs in the Linux parser, which for some insane reason is running in the kernel.
Interestingly Windows is immune to this kind of attack because it does all the parsing and runs the USB stack in user space. Only the very low level stuff, the packet handling, runs in the kernel and it is simple and robust enough to avoid these kinds of flaws.
Not really, especially today when great steps have been made towards creating physical security for computers.
We have self-encrypting SSDs, and AMD's latest parts support encrypted RAM. The keys are stored in secure enclaves of the CPU, so things like cold boot attacks and removing RAM doesn't work any more.
Combine that with a secure OS and secure boot via UEFI and the machine is pretty difficult to p0wn even with physical access. You would need to get to the level of replacing firmware in some critical peripheral, which these days is likely signed code. So while possible it's the kind of thing that only well resourced attackers will be able to do, it protects most people from most attacks and it's only getting better.
I used to sync files via FTP to my phone, because the MTP implementation in Windows was broken. A couple of months ago Microsoft finally patched the issue and I can use USB again, which is much, much faster.
That's the problem with wireless file transfer: it's slow. For large files I'll use USB and charge at the same time. For small files it's usually easier to just email/messenger app them to myself or keep them in cloud storage.
What are your local consumer rights laws like? Around here if something doesn't last a "reasonable length of time", which for a smart remote I'd take to be 10 years, you can return it to the shop for repair, replacement or refund.
I remember when Firefox would be introducing this kind of thing, looking out for the user and giving them a better experience. Instead the just keep making their own UI worse.
Ads will always be malicious, that will never change.
Missing the point, I don't want apps wasting my battery on pointless crap either. A nice, usability focused UI will be fine, thanks.
I guess maybe there are some unusual applications that would benefit from your use case, but I really can't think of any app that was censored/driven out by price and would benefit from having that kind of interactivity via a web version.
Even if you somehow overcame all that, the other major problem is noise. Because you have to move a lot of air to life that amount of weight, it's impossible to make it quiet and non-disruptive (strong winds blowing everything nearby over).
The only people who will be able to make use of this are the same ones who can use helicopters now. It's basically a cheaper helicopter alternative. Maybe they will offer semi-affordable hops between helipads.
It was recognised in the 80s that databases and computer networks would allow massive amounts of data to be gathered. Laws were introduced to control the gathering, storage and use of that data, and they work. For example, in the UK if you have a criminal conviction that is "spent" your employer can't ask about, can't seek to find out about it and can't be told about it by credit reference agencies or anyone else doing a background check on you. And yes, it works in practice.
How about GM crops? Heavily regulated, some parts of the world have rejected them. Same with farm animals injected with antibiotics and growth hormones, or washed in chlorine.
There was no way to verify that other countries kept their vague promises.
It's pretty easy actually. NASA's Earth science satellites can measure pollutants in the atmosphere. People on the ground can take independent measurements. It's impossible to hide pollution on the scale that it is being emitted, and we know how much each country is emitting with a very high degree of certainty.
"Chinaâ(TM)s CO2 emissions appear to have peaked more than a decade ahead of its Paris Agreement NDC commitment to peak its CO2 emissions before 2030. The latest analysis from the Climate Action Tracker indicates that CO2 emissions may, in fact, already have stopped increasing and reached peak levels.
The on-going reduction in coal use for the third year in a row has had a major impact... China has already surpassed solar PV deployment target for 2020, and has now doubled its PV target for 2020 in response..."
Their main criticism is that the NDC target is too low (50-70% below 2005 levels) and should be further reduced to meet the maximum 2C global temperature rise goal, which is likely to happen in the next 5 year plan.
Except that countries are doing stuff, no need to pretend. Most of them would have been doing stuff without Paris anyway, but it gives them political capital to push even harder.
In fact, the US not signing up has given the rest of the world a boost. One of the biggest competitors in the energy sector is pulling back, which means big opportunities for everyone else.
A few years down the line when the US realizes it needs that stuff, all the patents and experience will be in Europe and China. When US automotive gearbox manufacturers realize that most cars won't have gearboxes in a few years time, and try to pivot to save their businesses, they are going to find that the market is already mature, saturated and heavily patent encumbered.
This is like say "hay, you have been shot, hold this rolled up shirt over the wound to stem the bleeding while we get you to hospital" and responding "your shirt isn't a solution to being shot, so I'm just gonna lie here and bleed to death".
It's 240 because that amount can comfortably fit on a phone screen at a reasonable font size. People were just posting images of their ~240 character messages instead of actual text, which is bad for Twitter because text in images can't easily be searched.
Why is it that only the US seems to need it to be a legally binding contract, when other countries are happy to just get on with meeting their targets?
The US seems to think that no-one else will make any effort if it isn't legally binding, which is incredibly ironic when you consider that everyone else IS making an effort and it's only the US that is going backwards.
Europe and China are investing in reduced emissions even though the US is lagging. Make no mistake that it is an investment opportunity, and one that failed businessman Trump has let slip by.
This is a problem in many systems, and is due to elections being for both a local representative and to decide who gets overall control. Your local rep might be a complete asshat, but you end up supporting them because your preferred party getting overall control of the government is far more important and influential on your life.
Better systems separate local and national representation, and tend towards coalition governments where no one party has overall control and everyone is forced to compromise.
But why bother? You can use a simple quantum noise source made from a saturated silicon P-N junction (half a transistor) that puts up a few million bits per second. Balance and whiten them and you can easily get a 2 million truly random bits per second for parts costing a couple of Euros. I built one as a little hobby project.
Just using a microcontroller's built in termperature sensor I've managed to get close to 3Mb/sec. It all passes the standard tests (Diehard, NIST etc.)
Cloudflare's systems are just gimmicks. Interesting ones, but not serious.
PS/2 and USB HID devices are just as much of a security risk, possibly more so. Simply emulate a keyboard and you can type arbitrary commands into the machine. You might even be able to wake it up from sleep mode in the middle of the night.
I don't know of any USB device drivers that loads microcode from a USB device. There are plenty that do it the other way around - the USB is just a bootloader + RAM, with the application code stored in the driver and loaded every time it is plugged in.
The issue is that the USB device sends device descriptors to the computer that describe what it is and how to talk to it. By looking at that data the OS can device which driver to assign to it. By sending malformed descriptors you can trigger bugs in the Linux parser, which for some insane reason is running in the kernel.
Interestingly Windows is immune to this kind of attack because it does all the parsing and runs the USB stack in user space. Only the very low level stuff, the packet handling, runs in the kernel and it is simple and robust enough to avoid these kinds of flaws.
you're already pwned
Not really, especially today when great steps have been made towards creating physical security for computers.
We have self-encrypting SSDs, and AMD's latest parts support encrypted RAM. The keys are stored in secure enclaves of the CPU, so things like cold boot attacks and removing RAM doesn't work any more.
Combine that with a secure OS and secure boot via UEFI and the machine is pretty difficult to p0wn even with physical access. You would need to get to the level of replacing firmware in some critical peripheral, which these days is likely signed code. So while possible it's the kind of thing that only well resourced attackers will be able to do, it protects most people from most attacks and it's only getting better.
I used to sync files via FTP to my phone, because the MTP implementation in Windows was broken. A couple of months ago Microsoft finally patched the issue and I can use USB again, which is much, much faster.
That's the problem with wireless file transfer: it's slow. For large files I'll use USB and charge at the same time. For small files it's usually easier to just email/messenger app them to myself or keep them in cloud storage.
If it stops working why don't you return it?
What are your local consumer rights laws like? Around here if something doesn't last a "reasonable length of time", which for a smart remote I'd take to be 10 years, you can return it to the shop for repair, replacement or refund.
It will be when the first big game console service shuts down prematurely that people really wake up to it.
I remember when Firefox would be introducing this kind of thing, looking out for the user and giving them a better experience. Instead the just keep making their own UI worse.
Ads will always be malicious, that will never change.
Missing the point, I don't want apps wasting my battery on pointless crap either. A nice, usability focused UI will be fine, thanks.
I guess maybe there are some unusual applications that would benefit from your use case, but I really can't think of any app that was censored/driven out by price and would benefit from having that kind of interactivity via a web version.
Even if you somehow overcame all that, the other major problem is noise. Because you have to move a lot of air to life that amount of weight, it's impossible to make it quiet and non-disruptive (strong winds blowing everything nearby over).
The only people who will be able to make use of this are the same ones who can use helicopters now. It's basically a cheaper helicopter alternative. Maybe they will offer semi-affordable hops between helipads.
Maybe web sites should not be trying to behave like apps. Especially if doing so kills browser performance and battery life on mobile.
Can you give an example of a web site where this behaviour is actually desirable?
I'm using fusion power right now. It powers my car!
No need to build more, the one we have is sufficient.
There are many counter-examples.
It was recognised in the 80s that databases and computer networks would allow massive amounts of data to be gathered. Laws were introduced to control the gathering, storage and use of that data, and they work. For example, in the UK if you have a criminal conviction that is "spent" your employer can't ask about, can't seek to find out about it and can't be told about it by credit reference agencies or anyone else doing a background check on you. And yes, it works in practice.
How about GM crops? Heavily regulated, some parts of the world have rejected them. Same with farm animals injected with antibiotics and growth hormones, or washed in chlorine.
There was no way to verify that other countries kept their vague promises.
It's pretty easy actually. NASA's Earth science satellites can measure pollutants in the atmosphere. People on the ground can take independent measurements. It's impossible to hide pollution on the scale that it is being emitted, and we know how much each country is emitting with a very high degree of certainty.
China is doing incredibly well, vastly exceeding its already aggressive targets: http://climateactiontracker.or...
"Chinaâ(TM)s CO2 emissions appear to have peaked more than a decade ahead of its Paris Agreement NDC commitment to peak its CO2 emissions before 2030. The latest analysis from the Climate Action Tracker indicates that CO2 emissions may, in fact, already have stopped increasing and reached peak levels.
The on-going reduction in coal use for the third year in a row has had a major impact... China has already surpassed solar PV deployment target for 2020, and has now doubled its PV target for 2020 in response..."
Their main criticism is that the NDC target is too low (50-70% below 2005 levels) and should be further reduced to meet the maximum 2C global temperature rise goal, which is likely to happen in the next 5 year plan.
Here's the US assessment, by the way: http://climateactiontracker.or...
Except that countries are doing stuff, no need to pretend. Most of them would have been doing stuff without Paris anyway, but it gives them political capital to push even harder.
In fact, the US not signing up has given the rest of the world a boost. One of the biggest competitors in the energy sector is pulling back, which means big opportunities for everyone else.
A few years down the line when the US realizes it needs that stuff, all the patents and experience will be in Europe and China. When US automotive gearbox manufacturers realize that most cars won't have gearboxes in a few years time, and try to pivot to save their businesses, they are going to find that the market is already mature, saturated and heavily patent encumbered.
This is like say "hay, you have been shot, hold this rolled up shirt over the wound to stem the bleeding while we get you to hospital" and responding "your shirt isn't a solution to being shot, so I'm just gonna lie here and bleed to death".
It's 240 because that amount can comfortably fit on a phone screen at a reasonable font size. People were just posting images of their ~240 character messages instead of actual text, which is bad for Twitter because text in images can't easily be searched.
Why is it that only the US seems to need it to be a legally binding contract, when other countries are happy to just get on with meeting their targets?
The US seems to think that no-one else will make any effort if it isn't legally binding, which is incredibly ironic when you consider that everyone else IS making an effort and it's only the US that is going backwards.
Europe and China are investing in reduced emissions even though the US is lagging. Make no mistake that it is an investment opportunity, and one that failed businessman Trump has let slip by.
This is a problem in many systems, and is due to elections being for both a local representative and to decide who gets overall control. Your local rep might be a complete asshat, but you end up supporting them because your preferred party getting overall control of the government is far more important and influential on your life.
Better systems separate local and national representation, and tend towards coalition governments where no one party has overall control and everyone is forced to compromise.
I thought it was
1) Executive
2) Legislative
3) Kremlin
Some of it is artificial scarcity. People will only pay a small fortune to eat somewhere if it is exclusive and hard to get a table.
At least that's what I learned from Frasier.
The next person to set foot on another world will be either Chinese or an employee of SpaceX.
I think Musk's company has a good chance of getting there first. The Chinese are taking it slow and steady, while Musk is willing to take more risks.
Queuing is common in Japan too. If a restaurant has a good reputation people are willing to wait.
But why bother? You can use a simple quantum noise source made from a saturated silicon P-N junction (half a transistor) that puts up a few million bits per second. Balance and whiten them and you can easily get a 2 million truly random bits per second for parts costing a couple of Euros. I built one as a little hobby project.
Just using a microcontroller's built in termperature sensor I've managed to get close to 3Mb/sec. It all passes the standard tests (Diehard, NIST etc.)
Cloudflare's systems are just gimmicks. Interesting ones, but not serious.
Why didn't you just clear the windscreen? Why wouldn't a self-driving car have wipers and heaters to keep sensors clear?