I’m sure previous A/C meant this as well, but to make it explicit:
If you ever lose sight of it, you should assume both the hardware and every bit of data not encrypted with FDE is compromised.
And by extension of the hardware being compromised, every bit of data on the FDE would be compromised should you attempt to unencrypt it. See Evil Maid Attack.
If by "crack" you mean the sound the rubber hose makes when applied to your flesh as they "ask" you to reveal your passphrase? I don't think increasing key length makes it any more difficult for them to crack.
Access to contacts, calendar, camera, and a number of other "sensitive" data stores on iOS requires your permission. Compared to Android, rather than asking at install (and preventing you from running the app if you'd rather not grant access), iOS asks at runtime, and you can revoke that access at any time after install. You're given the choice of still running an app in a restricted fashion by denying permission to access certain API's. In order to pass the review process, apps must operate in a reasonable manner if permission is refused or revoked. (Reasonable? A camera app denied camera probably can't do much, but an IM app can still work with a local contact list if you deny it access to your iOS contacts.)
While I'll admit the geek in me might want a few more fobs to tweak than iOS has, I think they reached a good compromise where your average Mom can have some chance of making a sensibly informed decision as to whether an app is seeking too much access or not. Android's granular permissions are WAY beyond what any mortal could be expected to comprehend. Controlling or restricting network access (WiFi only!) would be a nice touch, but in fairness, most of the apps that need it already include the option in their own preferences. Beyond that, most of the things that are additional permissions on Android are forbidden or allowed only in limited conditions (background execution). As a developer, the restrictions are annoying, and there are probably some additional things I could do with my apps if they weren't there. As an end-user, most of those restrictions directly translate to better battery life, a more stable device (nothing in the background eating RAM or CPU cycles) and reduced bandwidth usage. Overall, the balance is I think to the favor of the end-user.
Having developed for iOS since the opening of the AppStore as well as recently for Android, I definitely prefer the iOS model of being able to run an app and deny it permissions piecemeal rather than the Android model of only being able to refuse to run the app completely if it's overreaching. That said, it would be nifty if Apple would add fields in the AppStore listing to show what an app is going to request, giving the best of both I think.
If they're x86 tables & phones, potentially, though I'd suspect there are some gotchas that would make existing malware unlikely to run as-is. ARM based devices would be immune to x86-targeted malware.
On a related note: 'Wonder why Apple doesn't try a tablet with OS X for a bit more than an iPad?
Because Apple figured out that touch & mouse based devices need a different UI paradigm to be useful.
If you want ultra-portable OSX, you get an Air. If you want a touch screen, you get an iThing, in your choice of three sizes (four if you count pre-iPhone 5 sized devices).
As someone who is involved with hiring developers, I agree there is a shortage of qualified developers currently looking for work. H1B (in my experience, in my area of the country) does very little if anything to help the situation. If there are highly qualified H1B carrying individuals, I'd love to meet them (and hire them).
My personal experience has shown that on the whole, H1B's are average to slightly below in terms of the overall talent pool, and that pool is pretty shallow right now. I've interviewed H1B's whose most complicated project they worked on in college amounted to "Hello World" and who can't even code FizzBuzz on a whiteboard. Granted, I've also interviewed American citizens who are equally un-qualified, but if the intent of H1B is to attract only the "best & brightest," I'd say it fails pretty badly.
If there was a way of screening H1B applicants for qualifications before granting the visa, it might make more sense. Perhaps require that they have a job offer waiting from someone who wants to hire them first. As the program stands now, all it seems to do is dilute the talent pool and waste interview time on dead wood.
As far as off-shoring goes, as we've also tried that as an option, we found you get what you pay for. The time differences, language barrier, and out of reach nature of off shore programmers led to barely adequate code quality, and required significant oversight & double-checking by some of our more talented team members to ensure what the off short contracts were delivering was secure, performant, and actually did what it was supposed to do. We found that at any scale, the amount of highly talented supervision required on-shore off set any gains by having programmers off-shore. Hiring better people locally & paying them a bit more is a better ROI.
IANAL, but I don't think DMCA safeharbor has anything to do with libel. It's about copyright infringement. It does not provide any protection whatsoever for libel, etc.
As far as what could you charge him with if burglaries start happening? "Here's a list of addresses where people have bought brand new 60" 3D televisions over the last month and don't keep their doors locked. Don't do anything bad with it." Facilitating would be a stretch, but not a big one. Certainly within the purview of a gun-positive D.A. somewhere to make the guy's life thoroughly miserable for a number of months or years.
Trying to link murders, etc. onto the app is indeed silly. Makes as much sense as trying to charge gun shops / manufacturers with murder. But the theft isn't that big of a stretch IMHO. It's perfectly reasonable to assert that there's an high likelihood that a particular theft would not have occurred had the owner not been listed in the app.
I don't think any (sane) person has ever tried to claim guns prevent crime. Guns are for protection of my family, not my property. If someone uses this app to break into my house and steal my guns while I'm at work, that's one thing. That's one of the reasons I have problems with disclosure of gun ownership like this or via gun registration records being public (I don't think they should be public records). If I buy a new TV, I tear up the box before I put it out with the trash so it's not completely obvious I have a new shiny to come steal. Same thing...
Where the gun comes in is if someone is unfortunate enough to try to break into my house while I'm in it. That's where the protection of a gun comes in. I can pretty much guarantee he's not going to be walking away from that one, and my family will not be victimized by him, beyond any unfortunate necessary cleanup...
Newspapers don't libel or invade privacy, reporters/authors do. Ask the paper how that works out for them when some hack reporter submits something libelous that gets printed.
If there's basis for a tort against someone for posting via this app, I have zero doubt that the app creators will be named in the suit. They may or may not prevail in court, but it's going to cost them a bundle in lawyers fees either way.
Having read TFA, I don't *think* the embedded version of Crowd used for LDAP/AD authentication in JIRA since 5.x is effected by this, but it doesn't explicitly say it isn't. Anybody know for certain?
I don't know about UK law specifically, but in the US, every aspect of your life is an open book during an adoption. If you enjoy anything that doesn't jibe with good upstanding Christian morals (WTF ever that means..), you will have a difficult time adopting and probably have your personal life aired in ways you'd rather not have. Assuming you succeed in adopting, for some extended period of time thereafter, your life will be subject to inspection by the courts in ways that would never be considered acceptable intrusions if you'd had "your own" child. The situation of an adoptive parent is similar to one who has been accused of child abuse. There's a presumption that you're a risk, simply out of fear of the bad press from the State "giving" a baby to an abuser.
Then there's the very real possibility that you may adopt an organism that was damaged in transit due to drugs or alcohol, etc., and you have no way of knowing until it's far too late. You could also easily find that the set of genes you've adopted had problems worse than your own. I understand wanting to have control over the process of creating your progeny from start to finish. I also understand the desire to propagate ones own genes, provided they lack (or can be made to lack through Science) any serious defects.
I'd personally have a very hard time either submitting to the US adoption process or accepting what could easily be a broken baby that someone else discarded. I also really don't have a problem with actively modifying genetics to improve the result. "Super humans" don't particularly worry me, nor would I found them unethical. Certainly, I'd have concerns that any such (untested) process could have Unintended Consequences, but it's certainly something that seems reasonable and ethical to investigate in a controlled fashion.
... to help prevent scenarios such as movie studios removing films from the web in a bid to protect them from piracy.
Last I checked, the movie studios need our money more than we need their movies. Remove content from what is increasingly becoming the de facto way of purchasing entertainment, and they stand to lose far more revenue than is "lost" to illegal copies.
The music industry seems to have successfully had a clue rammed down their throat, at least with regards to selling DRM-free music. The movie industry is long over due.
I say call their bluff. Let's see who blinks first.
Which makes me wonder how close "Excel" and "PowerPoint" are to falling out of trademark protection à la Kleenex or Aspirin? I can't remember the last time someone using OpenOffice referred to their slide deck as an "Impress" or honestly even from the Mac camp anyone who used "Keynote" by name. Seems like the MS terms are genericized to the point where trademark protection may be in peril.
However, it sure would reduce cognitive load to not switch languages between browser and server ends.
Personally, I find that cognitive load (or since we're talking about the web, perhaps a "cognitive refresh") to be a valuable thing when jumping tiers. There are things that must inherently be done differently depending on if you're on the remote client or local server. Access to data has vastly different cost, security expectations of the runtime change, consistency of the runtime environment (and thus how close to the "edge" of the environment's capacities you can target) change between a reasonably well controlled server environment and Aunt Tilly's IE6 install.
I find that needing a moment to shift gears when moving between tiers helps recalibrate my mindset about the target environment. It helps keep me from doing (as) stupid things that while standard practice on one tier (and thus in one language) are unacceptable on another tier. The difference in language is a bar to code reuse (which is a good thing with code that *shouldn't* be reused in the other environment), and it tends to reduce the frequency that I shoot myself in the foot.
Assuming they're not using the same algorithms they've classically used to estimate remaining time to copy files to determine disk I/O capacity, that does indeed sound like a nifty feature.
Plus you get all the new feature that windows 8 offers.
Those being?... Serious question.
Other than Metro, what does Win8 offer that Win7+updates doesn't, assuming you're not a movie company that wants even moar DRM locked into the operating system?
If "performs faster than a geriatric dog with two broken legs" is considered an enterprise tweak or add, then yes, you are correct.
OpenJDK is SLOW compared to Oracle Java. Doubly so on non-Intel platforms. It approaches unusable on ARM when doing any kind of image manipulation work (IE building RRD-style graphs).
I see one pretty significant difference that underscores the abuse of government power supposedly in the name of the Public Good.
Toxic waste on land is inherently dangerous to all in the area. It leaches into surrounding water, etc., people get sick. As a property owner, your in-action in not cleaning it up has a high likelihood of causing harm to others. It's reasonable that the government would use its power to force the owner to clean it up.
History and artifacts are nice, but if they're destroyed, nobody is poisoned or gets cancer. If The People believe that preserving them and learning about the past is an important goal, The People should pay for it, not drop the entire cost on the hapless sot who bought the property where someone happened to have dropped dead a long time ago.
In the former case, the Public Good is protected. A dangerous situation which can harm others who have no control over the problem (IE I can't go on your land to clean up your mess) is rectified. In the latter case, individual property rights are trampled with at best weak justification. It seems unlikely that this find will unearth great and valuable truths about the indigenous population. If the owners wish to allow an archeologist to examine the dig at his own (or perhaps a university's) expense, that's very nice of them. They shouldn't be required to do so, and it's completely unreasonable to expect them to pay for it.
In their place, I'd be calling a lawyer to see whether the potential fines from an "accident" destroying the entire find exceed the potential cost of hiring someone to dig it up. Then I'd proceed in the most fiscally responsible manner.
So how's the officer to tell if that pending (unsent) message was typed while I was driving, an hour before I got in the car, or while I was standing on the side of the road waiting for police to arrive? Never mind about when I downloaded that cat picture that made me laugh so hard I crashed...
See also: Forcing defendants to turn over their encryption keys & passwords. My phone auto-locks. Please do try to guess the password (not a piddly four-digit pin) 10 times.
Slashdot Mirror
So you’re looking for 100% packet loss? Why not just unplug the cord. Would be cheaper, less stuff to patch...
I’m sure previous A/C meant this as well, but to make it explicit:
And by extension of the hardware being compromised, every bit of data on the FDE would be compromised should you attempt to unencrypt it. See Evil Maid Attack.
The *problem* is that courts of have ruled these gag orders *cannot* be challenged in court.
If by "crack" you mean the sound the rubber hose makes when applied to your flesh as they "ask" you to reveal your passphrase? I don't think increasing key length makes it any more difficult for them to crack.
If they thawed me out & I never had to shave again? Hmmm.. Two for one!
Access to contacts, calendar, camera, and a number of other "sensitive" data stores on iOS requires your permission. Compared to Android, rather than asking at install (and preventing you from running the app if you'd rather not grant access), iOS asks at runtime, and you can revoke that access at any time after install. You're given the choice of still running an app in a restricted fashion by denying permission to access certain API's. In order to pass the review process, apps must operate in a reasonable manner if permission is refused or revoked. (Reasonable? A camera app denied camera probably can't do much, but an IM app can still work with a local contact list if you deny it access to your iOS contacts.)
While I'll admit the geek in me might want a few more fobs to tweak than iOS has, I think they reached a good compromise where your average Mom can have some chance of making a sensibly informed decision as to whether an app is seeking too much access or not. Android's granular permissions are WAY beyond what any mortal could be expected to comprehend. Controlling or restricting network access (WiFi only!) would be a nice touch, but in fairness, most of the apps that need it already include the option in their own preferences. Beyond that, most of the things that are additional permissions on Android are forbidden or allowed only in limited conditions (background execution). As a developer, the restrictions are annoying, and there are probably some additional things I could do with my apps if they weren't there. As an end-user, most of those restrictions directly translate to better battery life, a more stable device (nothing in the background eating RAM or CPU cycles) and reduced bandwidth usage. Overall, the balance is I think to the favor of the end-user.
Having developed for iOS since the opening of the AppStore as well as recently for Android, I definitely prefer the iOS model of being able to run an app and deny it permissions piecemeal rather than the Android model of only being able to refuse to run the app completely if it's overreaching. That said, it would be nifty if Apple would add fields in the AppStore listing to show what an app is going to request, giving the best of both I think.
If they're x86 tables & phones, potentially, though I'd suspect there are some gotchas that would make existing malware unlikely to run as-is. ARM based devices would be immune to x86-targeted malware.
"I'll only put the tip in."
Admittedly, often found in proximity to #3.
He was also no doubt surrounded by a dozen people with large guns who wouldn't hesitate to shoot anyone who tried to arrest him as a criminal.
Because Apple figured out that touch & mouse based devices need a different UI paradigm to be useful.
If you want ultra-portable OSX, you get an Air. If you want a touch screen, you get an iThing, in your choice of three sizes (four if you count pre-iPhone 5 sized devices).
As someone who is involved with hiring developers, I agree there is a shortage of qualified developers currently looking for work. H1B (in my experience, in my area of the country) does very little if anything to help the situation. If there are highly qualified H1B carrying individuals, I'd love to meet them (and hire them).
My personal experience has shown that on the whole, H1B's are average to slightly below in terms of the overall talent pool, and that pool is pretty shallow right now. I've interviewed H1B's whose most complicated project they worked on in college amounted to "Hello World" and who can't even code FizzBuzz on a whiteboard. Granted, I've also interviewed American citizens who are equally un-qualified, but if the intent of H1B is to attract only the "best & brightest," I'd say it fails pretty badly.
If there was a way of screening H1B applicants for qualifications before granting the visa, it might make more sense. Perhaps require that they have a job offer waiting from someone who wants to hire them first. As the program stands now, all it seems to do is dilute the talent pool and waste interview time on dead wood.
As far as off-shoring goes, as we've also tried that as an option, we found you get what you pay for. The time differences, language barrier, and out of reach nature of off shore programmers led to barely adequate code quality, and required significant oversight & double-checking by some of our more talented team members to ensure what the off short contracts were delivering was secure, performant, and actually did what it was supposed to do. We found that at any scale, the amount of highly talented supervision required on-shore off set any gains by having programmers off-shore. Hiring better people locally & paying them a bit more is a better ROI.
IANAL, but I don't think DMCA safeharbor has anything to do with libel. It's about copyright infringement. It does not provide any protection whatsoever for libel, etc.
As far as what could you charge him with if burglaries start happening? "Here's a list of addresses where people have bought brand new 60" 3D televisions over the last month and don't keep their doors locked. Don't do anything bad with it." Facilitating would be a stretch, but not a big one. Certainly within the purview of a gun-positive D.A. somewhere to make the guy's life thoroughly miserable for a number of months or years.
Trying to link murders, etc. onto the app is indeed silly. Makes as much sense as trying to charge gun shops / manufacturers with murder. But the theft isn't that big of a stretch IMHO. It's perfectly reasonable to assert that there's an high likelihood that a particular theft would not have occurred had the owner not been listed in the app.
I don't think any (sane) person has ever tried to claim guns prevent crime. Guns are for protection of my family, not my property. If someone uses this app to break into my house and steal my guns while I'm at work, that's one thing. That's one of the reasons I have problems with disclosure of gun ownership like this or via gun registration records being public (I don't think they should be public records). If I buy a new TV, I tear up the box before I put it out with the trash so it's not completely obvious I have a new shiny to come steal. Same thing...
Where the gun comes in is if someone is unfortunate enough to try to break into my house while I'm in it. That's where the protection of a gun comes in. I can pretty much guarantee he's not going to be walking away from that one, and my family will not be victimized by him, beyond any unfortunate necessary cleanup...
Newspapers don't libel or invade privacy, reporters/authors do. Ask the paper how that works out for them when some hack reporter submits something libelous that gets printed.
If there's basis for a tort against someone for posting via this app, I have zero doubt that the app creators will be named in the suit. They may or may not prevail in court, but it's going to cost them a bundle in lawyers fees either way.
Having read TFA, I don't *think* the embedded version of Crowd used for LDAP/AD authentication in JIRA since 5.x is effected by this, but it doesn't explicitly say it isn't. Anybody know for certain?
I don't know about UK law specifically, but in the US, every aspect of your life is an open book during an adoption. If you enjoy anything that doesn't jibe with good upstanding Christian morals (WTF ever that means..), you will have a difficult time adopting and probably have your personal life aired in ways you'd rather not have. Assuming you succeed in adopting, for some extended period of time thereafter, your life will be subject to inspection by the courts in ways that would never be considered acceptable intrusions if you'd had "your own" child. The situation of an adoptive parent is similar to one who has been accused of child abuse. There's a presumption that you're a risk, simply out of fear of the bad press from the State "giving" a baby to an abuser.
Then there's the very real possibility that you may adopt an organism that was damaged in transit due to drugs or alcohol, etc., and you have no way of knowing until it's far too late. You could also easily find that the set of genes you've adopted had problems worse than your own. I understand wanting to have control over the process of creating your progeny from start to finish. I also understand the desire to propagate ones own genes, provided they lack (or can be made to lack through Science) any serious defects.
I'd personally have a very hard time either submitting to the US adoption process or accepting what could easily be a broken baby that someone else discarded. I also really don't have a problem with actively modifying genetics to improve the result. "Super humans" don't particularly worry me, nor would I found them unethical. Certainly, I'd have concerns that any such (untested) process could have Unintended Consequences, but it's certainly something that seems reasonable and ethical to investigate in a controlled fashion.
Last I checked, the movie studios need our money more than we need their movies. Remove content from what is increasingly becoming the de facto way of purchasing entertainment, and they stand to lose far more revenue than is "lost" to illegal copies.
The music industry seems to have successfully had a clue rammed down their throat, at least with regards to selling DRM-free music. The movie industry is long over due.
I say call their bluff. Let's see who blinks first.
Which makes me wonder how close "Excel" and "PowerPoint" are to falling out of trademark protection à la Kleenex or Aspirin? I can't remember the last time someone using OpenOffice referred to their slide deck as an "Impress" or honestly even from the Mac camp anyone who used "Keynote" by name. Seems like the MS terms are genericized to the point where trademark protection may be in peril.
Personally, I find that cognitive load (or since we're talking about the web, perhaps a "cognitive refresh") to be a valuable thing when jumping tiers. There are things that must inherently be done differently depending on if you're on the remote client or local server. Access to data has vastly different cost, security expectations of the runtime change, consistency of the runtime environment (and thus how close to the "edge" of the environment's capacities you can target) change between a reasonably well controlled server environment and Aunt Tilly's IE6 install.
I find that needing a moment to shift gears when moving between tiers helps recalibrate my mindset about the target environment. It helps keep me from doing (as) stupid things that while standard practice on one tier (and thus in one language) are unacceptable on another tier. The difference in language is a bar to code reuse (which is a good thing with code that *shouldn't* be reused in the other environment), and it tends to reduce the frequency that I shoot myself in the foot.
Assuming they're not using the same algorithms they've classically used to estimate remaining time to copy files to determine disk I/O capacity, that does indeed sound like a nifty feature.
Those being?... Serious question.
Other than Metro, what does Win8 offer that Win7+updates doesn't, assuming you're not a movie company that wants even moar DRM locked into the operating system?
If "performs faster than a geriatric dog with two broken legs" is considered an enterprise tweak or add, then yes, you are correct.
OpenJDK is SLOW compared to Oracle Java. Doubly so on non-Intel platforms. It approaches unusable on ARM when doing any kind of image manipulation work (IE building RRD-style graphs).
Indeed this is not true. I use mobile hotspot on iOS6 (iPhone 4S). Default password was pathetic, but easily changed.
I see one pretty significant difference that underscores the abuse of government power supposedly in the name of the Public Good.
Toxic waste on land is inherently dangerous to all in the area. It leaches into surrounding water, etc., people get sick. As a property owner, your in-action in not cleaning it up has a high likelihood of causing harm to others. It's reasonable that the government would use its power to force the owner to clean it up.
History and artifacts are nice, but if they're destroyed, nobody is poisoned or gets cancer. If The People believe that preserving them and learning about the past is an important goal, The People should pay for it, not drop the entire cost on the hapless sot who bought the property where someone happened to have dropped dead a long time ago.
In the former case, the Public Good is protected. A dangerous situation which can harm others who have no control over the problem (IE I can't go on your land to clean up your mess) is rectified. In the latter case, individual property rights are trampled with at best weak justification. It seems unlikely that this find will unearth great and valuable truths about the indigenous population. If the owners wish to allow an archeologist to examine the dig at his own (or perhaps a university's) expense, that's very nice of them. They shouldn't be required to do so, and it's completely unreasonable to expect them to pay for it.
In their place, I'd be calling a lawyer to see whether the potential fines from an "accident" destroying the entire find exceed the potential cost of hiring someone to dig it up. Then I'd proceed in the most fiscally responsible manner.
So how's the officer to tell if that pending (unsent) message was typed while I was driving, an hour before I got in the car, or while I was standing on the side of the road waiting for police to arrive? Never mind about when I downloaded that cat picture that made me laugh so hard I crashed...
See also: Forcing defendants to turn over their encryption keys & passwords. My phone auto-locks. Please do try to guess the password (not a piddly four-digit pin) 10 times.