Their customers are the schools, standardized testing companies, colleges, etc that still only allow these sorts of calculators (and not smartphones, etc) precisely because they are "locked down" and only support a known set of functions (or can be put in a testing mode that does this).
If the protection is broken and TI doesn't respond, their real customers will start prohibiting TI calculators and then their market will dry up. After all... who uses one of these outside of high school / college situations? I carry a graphing calculator program on my phone that does everything these calculators can do.
It seems like adopting a different design would be a win-win for everyone; have test mode firmware that is digitally signed and protected. When certain buttons are held down during a reboot, the hardware physically prevents access to the user-programmable firmware and will only run the test mode firmware. When not in test mode, have zero restrictions on what software can run. I doubt most people using these as small computers will care - they have full access to the hardware and can do what they want with it. Plus the primary "customers" get a locked down test mode that guarantees no tampering.
Or schools could go another route... order "school" editions of the calculators that have permanently burned firmware in ROM that only supports the features they want. The only way to change the program is to physically swap the ROM chips. Then the school can just provide the calculator and be certain no one is using it to cheat.
This is all reminiscent of the PS3/OtherOS issue. If Sony had just left well enough alone, there wouldn't be any need to attempt to bypass the security system.
Summary: They designed nano-scale devices that behave as antennas at infrared frequencies, meaning that infrared light induces a THz current in the antenna. They then proceeded to manufacture a few one-off test pieces that performed well and are now using a master pattern to roll/stamp the devices onto a film (though the full results of that weren't shown or aren't known yet).
We don't typically think of stuff like light as being susceptible to this sort of thing because we haven't been able to make the antennas small enough to work at those wavelengths. In theory the technique can be used to design antennas that capture any part of the electromagnetic spectrum.
The key piece they are missing is cheap efficient THz rectifiers that can convert the induced AC current into usable DC voltages. Not a small problem but not an impossible one either.
OK so you wish to live without dynamic language support, true generics, query expressions/LINQ, closures, lambda expressions, the new async/await, and a whole host of other features so you can stick with a language that hasn't seen a major new feature in a long time? One that continuously makes the wrong decisions just for backwards compatibility? (type erasure is idiotic, just make people upgrade their JVMs. the "lambda" support coming in 1.7 will suck for the same reason - it isn't true lambda expressions that make functions first-class citizens, its just syntax sugar on an anonymous class so non-final vars don't get hoisted because writing the changed value back to the caller would apparently be too much trouble.)
Basically Java is frozen in stone and will never be updated with anything worthwhile. Apparently anything that requires JVM support is absolutely out of the question. Especially if C# did it. And if by some miracle Java includes something C# did first, it will introduce incompatible syntax just to be a dick. (for/enumeration loops I'm looking at you!)
There is one interesting question... what will Microsoft do now for Silverlight Linux support? Will they drop it or just go ahead and produce an actual.Net runtime for *nix? They already had rotor, which was an independent implementation of the runtime for *BSD. It wouldn't be hard to do and if they did so there would literally be no reason to choose Java as the only thing it has going for it is that it runs on multiple operating systems. This doesn't necessarily involve the GUI framework or other such things... but the core runtime itself is fantastic.
People need to stop treating this as a contest to be won or lost. Android is "beating" the iPhone because android phones are what handset makers.can. build so they are churning them out.
The android market is different than the iPhone market (in large part). Android is displacing traditional cell phones with smart phones beause it is flooding the market with models and pretty much any phone that isn't an iPhone is or soon will be an android phone. That's a perfectly fine business model and works just fine for everyone involved. Apple is setting records for iPhone and tablet sales year over year and their app store is undeniably the largest with the most exclusive and popular apps.... But not everyone cares about running apps on their phone or may actively avoid Apple for various reasons. Apple (so far) hasn't chased the low end or low margin markets, nor have they branched out into different form factors. Cell companies also like Android better because their profit margins are higher on some of the phones and they can do a lot more customization (and crippling in some cases since they like being jackasses)... That has an effect too.
The iPad is different... People get one because they *want* one, not because they dropped their old one in a toilet or their contract was up or their old battery died so they figured it was time to upgrade anyway. Having one is useless without the apps to run on it, unlike a cell phone which is perfectly capable of doing the basic things cell phones have done for years without installing a single app.
When an Android tablet is the same price as an iPad with far fewer apps, a less fully-baked OS (though improving), etc it is certainly no surprise that the iPad owns the market. That doesn't mean Apple is winning the "tablet war" or android is losing... It just means the market dynamics are reversed in that case. The Android tablets appeal to anti-apple folks, geeks, people looking for alternate form factors, etc.
I use Apple products but I'm glad there are competitors out there to keep Apple nimble and honest. And if you prefer Android, great - use it. In the end we are all winning in a sense because our devices continue to get better and better.
So they're not tracking your location, just the data needed to triangulate your location. Just like the GPS doesn't track your location, since it also only gives the data needed to triangulate your location.
Incorrect; what they are doing is using the known location of one cell tower, WiFi hotspot, or GPS to make a wild guess as to your current location, then going to Apple's servers and downloading a chunk of data that contains all the known cell towers and WiFi points anywhere within up to 100 miles of the WiFi hotspot/cell tower the device originally saw a signal from. This info is written to the cache.
*IF* an application requests location services, it uses this database to quickly triangulate an approximate current position to help it get a GPS lock extremely quickly (Go read up on GPS - if you have a half-way decent idea of where you are, it makes acquiring a more exact fix much faster - somewhat like turning your TomTom off then back on immediately vs turning it off, flying across the country, then turning it back on... in the latter case it will take a lot longer to get a location). If there is no GPS signal, it can at least give an approximate location to the application that requested it. Location services on iOS allow the app to specify the desired level of accuracy as well as receive the instantaneous accuracy level. If the app only wants to know what zip code you are in the device might not even need to bother turning GPS on - the cache might be enough to get that information.
In any case, all the database tells you is that of the entire list of cell towers and WiFi hotspots in the database for a given time period, you were near *one* of them somewhere vaguely around that time.
No, they're just logging the location of things you go near and the time you passed by them. This is not a location the same way that "314 Evergreen Street, Pigsknuckle, Arkansas at 2:31:14am on April 17, 2011" is not a location because it doesn't specify if you're inside or outside the house.
More like that address just means you were in the city of Pugsknuckle sometime on April 17; you might have been at 314 Evergreen, maybe 325 Evergreen... maybe across town at another address entirely. Maybe you just drove through town on your way to Texas. There is literally no way to know because the chunk of cache you get back can cover a wide area and depends on what the server decides to send you. Two people at the same location at the same time might get different lists back from the server that cover a different geographical area.
Short version: This is no different then looking at a laptop's recently seen WiFi access point list and trying to claim the laptop is tracking you. All it means is that you were within some distance X (depending on conditions) of that access point sometime in the past.
I always wondered why companies like Microsoft and Intel gave a crap about DRM or what the movie studios/music industry wanted. They are much bigger and have a lot more cash on hand.
It is obvious why Sony cripples all their products - because they are also a studio. But if you adopt a different model - one of selling online services or hardware, the content just becomes a value-add. Then you can enable whatever you want and tell the other studios to get on board or go to hell. On-demand, DVD, etc just needs to cover your costs.
I wonder... once DNSSEC is widely deployed, can we put SSL cert information in DNS records? Maybe a specific TXT extension or a new record type. It would give the browser a way to automatically verify that the certificate was not only issued by a valid CA but the hash also matches what the site owner says it should be. At least then you'd need a fraudulent cert and control over the target's DNS nameservers. I suspect DNSSEC isn't required to cover a lot of these hacks because getting control of the nameservers is a higher bar but it would definitely be required to protect against governments... it would require the country to prohibit the use of DNSSEC, so at least you would know you were being lied to.
This issue seems like the classic problem of trust in that there is a fundamental assumption that the CA will never lie but that has been proven false over and over again.
This deal is really simple. T-Mobile needed to spend a lot of money upgrading their network to stay in business. ATT needs new spectrum... their biggest problems are lack of spectrum and lack of backhaul in areas where they aren't an ILEC.
This deal gives DT a way to exit cleanly without having to "double-down" on T-Mobile and it gives ATT a big chunk of spectrum.
The code has to be a certain length in order to be unique, it has to be complex enough to take a while to crack, but write down one digit wrong (or slighly unreadable) and the code is invalid.
It does need to be unique but you are incorrect about the other requirements.
The code can include parity such that it can be deciphered even with an incorrect digit. Just off the top of my head: I presume you would only use one of any potentially confusing character sets (eg: number 1 but not L or I (capital i); zero, not the letter O; etc). Then you'd need to figure out a distribution of bits that allowed you to reconstruct an original code if one or two characters are off... for example, let's say each character represents three bits of the original number then three bits of its inverse position in the code (so the first character has the first three bits and the last three bits of the code; if they flub the last character you can still get those bits from the first character). I'm not saying this is a really good system, I'll leave designing that to the experts... I'm just saying it is entirely possible to design.
The other thing is the code doesn't need to be uncrackable... you simply have a large space of codes and have your master database pick codes at random out of this possible space. At that point someone can certainly generate new codes all they want but they will have the same problem as generating fake credit card numbers: If that number isn't marked in the database as a valid code (tied to a valid purchase transaction) then it will not be accepted.
All of this leaves aside the main issue: Your name & address is most likely going to be in the return address portion of any letter or package! The OCR software can scan that and match it to the purchaser of the code. Too many mismatches from the same address and maybe you can flag it for further investigation. Too many letters without return addresses using suspect codes at the same post office or sorting facility and that greatly narrows your range of investigation.
Just wait until a postman copies the code to a package of his own, and just destroys the original package.
How is that any different than my current postman cutting the unmarked stamp off my envelope, throwing it away, then gluing that cutout onto his letter? (Hint: it isn't).
People generally find out when their letters don't arrive so its not like you can hide that sort of crime very easily. Risking prison to save on a postage stamp seems like the height of stupidity... I'd prefer any moron of that caliber try it immediately so we can quickly identify them and remove them from society.
Short Version: For your first felony, I highly suggest not putting your name & address on it and sending it through the mail.
The default position of just making money isn't enough - they've gotta do better every quarter so the only way to do that is to make cheaper content and/or abandon the niche and try to appeal to more people. Of course everyone is doing that so the market young people are already abandoning becomes an even bigger wasteland as everyone battles for a slice of the shrinking pie.
Of course we know what it takes to run a profitable network that can do really good original programming... about $10-$15/month. It's called HBO. Band of Brothers, Boardwalk Empire, The Pacific, Generation Kill, Rome, The Wire, Six Feet Under, The Sopranos, Sex and the City, Oz, The Ricky Gervais Show, Bored to Death, the upcoming Game of Thrones, and many more. I don't know if a Science Fiction channel can sustain that kind of paying audience but imagine BSG without commercials on a network like HBO. I'd certainly subscribe.
Of course I'd also happily pay $10/month for a REAL Discovery channel. Bring back the historical documentaries from the old History channel, the real science programs from the Science Channel, real educational programs from TLC, etc and put it on a paid network with no commercials.
History International was carrying the History Channel banner for a while but it too has descended into the UFO hunter/ghost/reality/monster wasteland that is the History channel. Science Channel is heading down the same road. Five years ago my programming guide used to be on a favorites list with only the discovery networks, HBO, and a few other channels. Now I barely watch them at all and I'm in the most coveted demographic: 18-30 male. It makes me wonder how they are making money when they seem to be producing dreck that doesn't seem to appeal to the most valued target audience for advertisers. I guess it must just be extremely cheap to produce so it doesn't matter.
But part of the problem there is that Mars doesn't have a significant atmosphere or magnetic field so you have similar shielding issues. In fact this is pretty much true of everywhere in the solar system except Earth. When you get far away from the Sun you still have to deal with cosmic rays, you just get to sit in the cold darkness for your trouble.
Any future human colonies (in this solar system) will probably need to be underground and/or require nuclear reactors to generate enough power to run magnetic shielding systems. IIRC there was a new engine (maybe VASIMR?) that had the side effect of generating a magnetic field during operation, the only issue being the ability to supply enough power to run the thing at decent power levels.
If we aren't there already it should soon be the case that intra-solar-system travel is mainly an engineering problem; we just need to decide to go and commit resources to it. That's what is so exciting about private rocket development; I sincerely hope that space tourism, asteroid mining, and/or other ventures prove profitable as quickly as possible, then it can become self-sustaining. It is obvious that governments aren't going to spend the resources required anytime soon. Given the technology that fell out of the last "space race", I can only imagine what wonderful discoveries would naturally fall out of a race to develop a permanent human colony on another world. (Plus look at what SpaceX has been able to do in only a few years with one passionate person investing his internet fortune in it; imagine if you had whole industries organized around space travel investing billions).
Waaaaaaa! Give me something for free! I hate commercials and advertising but I refuse to pay! Waaaaaaa!
In all seriousness there are definitely things to complain about (paying for cable TV but still having to put up with commercials; I'd be happy to pay for fewer channels and ditch the commercials). Or artificial restrictions... I'd be happy to pay the $150/yr license fee to get access to BBC here in the states but due to artificial geographic restrictions I cannot (and thus the incentive to pirate).
But complaining about paying for a service that delivers commercial-free music? One that you can *still get for free* on your computer? That's just being an ass.
MPEG-LA could cut this whole thing off at the knees and ensure WebM is relegated to an also-ran by making a H.264 basic profile available in a completely royalty-free way... Obviously there are a lot of profiles in H.264, but pick a baseline one for the video and audio portions and make it entirely freely available for anyone to implement without signing any agreements/etc. From a purely cut-throat business position: If I were one of the major members of MPEG-LA, I'd certainly take this seriously and do anything I could to ensure there is no need for WebM to exist. Basically make myself the path of least resistance.
Now people like Apple/Microsoft are still going to pay the license fee to implement all the profiles but for projects like Firefox it would give them a way to implement a video standard that was developed through an open process, is an ISO standard, and enjoys widespread hardware acceleration support. It would also give anyone targetting browsers an easy way to do so because everything that exports or records video does so in H.264 or supports transferring to H.264. Selecting the "web standard profile 1.0" would be all that one needed to do to ensure compatibility.
It's not like this isn't what will happen anyway: what linux users haven't installed ffmpeg or VLC with included H.264 support? Honestly, all this would do is legitimize the status quo. H.264 isn't going way: iPhones/iPads alone mean video is going to be produced in H.264 (mindshare can be as important as marketshare). Add in Windows and Mac native support and you are looking at what - 80% of all web users? 90%?
I hate this political bullshit that gets in the way of just standardizing on what everyone is already doing anyway.
P.S. I don't see what is bad about handing off video/audio rendering to the OS frameworks. Frankly, if Firefox or Chrome can't render a given codec, they should fall back to that mode anyway. I may be doing things for my internal intranet or my own personal use that have nothing to do with this browser maker pissing contest so just get out of my way and let my OS render anything it knows how to render.
Well everyone in the 1980s thought Japan would rule the world and own everything but internal problems proved that there were limits to their power... just as any nation has limits. We in the US often forget our own limitations because we're used to having our own way.
China has severe internal issues; a massive property bubble that makes the US housing crisis seem tame by comparison; local governments are addicted to land sales to fund their massive infrastructure projects, loaded down with loans from the state banks. Unless you truly believe that empty apartment blocks or even empty cities are a good investment and property prices will always go up that game has to end at some point and when it does China won't be able to hide the pain. Plus massive corruption and cheating (how can you make decisions at the top when all your stats are based on outright falsified data?). Official government statistics say that about 40% of the academic papers published from Chinese Universities contain falsified research and that's just what they will admit.
Did I also mention the leadership/succession problem? How many times in world history has some political succession BS thrown a wrench into a country's previously bright future?
I'll put it another way: if China gets too annoying and the EU+US slap a 50% tariff on Chinese imports who do you think will blink first? The consumers who have to pay $5.99 for that plastic toy instead of $2.99? Or the communist authorities in China facing millions of unemployed laborers with no job prospects, nowhere to go, and nothing to do? The political situation in China is far less straightforward and stable than people suppose.
Prior to Windows 7 (or maybe Vista?), it had the same problem. Anything that issued massive I/O requests to the disk would bring the system to a crawl. The introduction of an I/O scheduler (which Linux also has) helps quite a bit in these scenarios but you do run into the issues of what priority really means. A video player, even if in the background, is probably still a high-priority process. But a compiler probably isn't; the problem is if you try to trust applications to indicate their own priority they'll lie and say they are always the most important application (which is why Microsoft doesn't publish APIs to do certain things like pin an app to the start menu... because so many apps tend toward narcissism: "gee whiz I'm the most important app ever! of course the user wants to pin me to the start menu, and put me on the desktop, and the quicklaunch bar, and in the startup group. If I get removed from any of those locations it must be a mistake so I'll just add myself back in!") How you can put the average computer user in control without making it overly complex is a hard problem. Hell, you can't make it take too much attention either because anything that gets in the way or is annoying just causes users to click "CANCEL" to try to get out of the dialog box. If it pops up again they just click "OK" to see if that works, all without reading any of it.
Anyway I would postulate that any virtualized shared resource will require a priority-based "fair" (for some definition of fair) scheduler, otherwise ill-behaved applications will consume all of the available resource and ruin the system for everyone. We saw that with the CPU and cooperative multitasking, we saw that with memory and shared address spaces, we see it now with disk and network I/O, and I predict as the GPU becomes more virtualized and heavily used it will run into the same thing. Processes of the future will have CPU, memory, disk I/O, network I/O, and GPU priorities IMHO. Frankly I'd also like to see processes run inside their own VM sandboxes so I can transparently block their ability to do certain things, like change my filesystem but that's another issue.
I'm fairly sure a lot of the/. readership would like to participate in the creation of ESCs.
I know you are being funny but your comment reminded me: research shows that the average sexually active straight woman not using birth control will shed fertilized eggs on a regular basis (entirely naturally) because they fail to implant or because her period arrives too quickly (not enough hormones build up to trigger the "I'm preggers" alarm and stop the monthly cycle). Of the ones that do implant, a significant number miscarry due to errors in the DNA, cell replication, or other developmental issues. Sometimes the woman is even unaware that she was pregnant to begin with, she may just believe her cycle was "late".
Warning: metaphysical discussion follows...
If life/humanity/soul/etc begins at conception, then God is the biggest mass murderer of all time. That's not an image of God I can buy, so I must conclude that the human idea that "life begins at conception" must be entirely incorrect. Ergo there can be no legitimate objection to the study of stem cells nor can there be objection to birth control or even at least some types of abortions.
As a man of science and of faith I must believe that anytime scientific discovery and faith appear to be in conflict they are not - it is merely my misinterpretation or my preconceived ideas about God that cause the conflict. The facts are what they are and do not bend themselves to fit my worldview, something I wish more people would acknowledge.
Working at Oracle is a bit crazy. They'll fork over $1200 for fancy chairs, but if you want a 1920x1200 screen instead of the default 1440x900 then the laptop request has to go to Larry Ellison's office for personal approval. IT denied my request for 8GB ram on my test server to load a >4GB dataset. I'm looking at eBay to find an old server with 16GB ram so I can actually get my testing done. No, I'm not joking.
Oracle pays well and has good benefits, but sometimes it is extremely frustrating to be unable to obtain the tools and resources you need to do your job. That kind of thing can drive you crazy.
I use Password Safe to store my passwords; I have about 60 entries in my database. No, I'm not kidding. Between work and personal systems the number of passwords to keep track of is insane. Some don't allow special characters, some don't allow passwords > 12 characters (so no passphrases for you!) Worse, some are using "wish it was two-factor" schemes now, requiring me to know other pieces of information that are no better than a password anyway. They're often worse because they are based on information that can be found in public records or by some snooping into my personal life. Fortunately, I have pre-memorized answers for all the common questions (mother's maiden name, oldest sibling's middle name, high school, etc) that are not the correct answer so no one can guess them by checking ancestry.com.
Of course at work, we have a bunch of passwords that all have different expiration schedules. They've slowly been integrating things into the single sign-on system, but that is a work in progress. The funny part is the SSO system doesn't expire passwords and the password reset system is accessed by logging in with SSO, which totally defeats any notion of expiring passwords. Yet the policies remain in place. Expiring passwords are stupid, let me pick a good complex password and keep it.
Unfortunately there are too many players and too many commercial interests to easily change anything now. Similar to the problems with SMTP, if anyone had forseen the problems and managed to get sysadmin buyin in the early 1990s, then you could have made stuff like OpenID an internet standard. Then when everyone was rushing to get on the web in the early days, they'd grasp around for any info on current standards and practices and they would have implemented them. Let this be a lesson to you, even in simple matters like providing example code with your SDK: People will copy your simple crappy example code and it will end up being "the way" to do it, no matter how many disclaimers you put on it. Half of all password forms, expirations, and restrictions are just copies of what people have seen on other websites or in other applications. Sometimes bad design sticks around forever.
The Volt uses a planetary gearset where the main gear is driven by the primary electric motor. The planet and ring gears can also optionally by driven by the engine and a second assist electric motor when needed. This allows the computer to continuously vary the power source that is driving the wheels. The only part of this equation that was not previously known was that the engine can directly give torque to the wheels under certain circumstances (without going through a generator).
Typical operation for a daily commuter is stop and go traffic of 20 miles or less each way, which means the typical commuter in a Volt will use only the electric motor. The gasoline engine will never even start up. The Volt also comes with plug-in support from the factory. These two things are what make it different than existing hybrid cars. If you can sell these cars and start moving them in large numbers then you can start moving the battery prices down and scaling the electric-only range up. You can't let the perfect be the enemy of the good otherwise you'll never ship anything. We know that in software, in hardware (think 1st gen iPod), and it is just as true in cars. The Volt is a necessary evolutionary step and I hope it sells really well because battery prices will drop and we can take the next step even sooner.
I also find it disingenuous to run the Volt around with drained batteries so you can see its "true" MPG (whatever your definition of "true" is with this sort of test). That's like saying a hard-top convertible sucks because I wanted to see how it performed in the rain but purposely left the hard top in the garage. The whole point of the Volt is using 100% electric power for most people's daily commutes. If my commute is 37 miles round-trip, then the Volt gives me infinite MPG, which makes no sense because the electricity does have a cost to it. This just highlights how inadequate MPG is as an efficiency measurement.
First, the ViewState is encrypted so figuring out the key allows you to inject your own data into the ViewState. The worse an app's code, the worse the exploit on this because some apps even store their "IsAdmin" flag in the ViewState and other such nonsense, so this lets you impersonate any user you like. DotNetNuke is one example of a crappy system. Worse, it allows you to upload ZIP files of themes and whatnot, so you can use this to impersonate the superuser, upload some hacks, then try to execute them. Depending on what account ASP.Net runs under and whether you are fully patched, this can lead to escalation to admin and owning the box. If you have followed all the other in-depth security practices (and for coders don't store any sensitive info in the ViewState) then this isn't nearly as big of a deal.
The big hole is that starting with 3.5 SP1 (and also in 4.0) the WebResource.axd handler takes an encrypted filename as its parameter, so you can encrypt say "web.config" and get it to happily pipe web.config to you... or any other file. It completely bypasses the normal restricted file handler. In previous releases this was not the case, the stuff it would let you download was much more limited. Granted, there are facilities to encrypt connection strings/etc in web.config, but a lot of people are lazy and just deploy with plaintext passwords and whatnot. Again, following defense in-depth practices greatly restricts the scope of any potential attack.
IMHO the WebResource.axd issue is inexcusable. There is no legitimate reason for allowing the new behavior.
Perhaps on paper there are privacy rights, but to a large extent only on paper. Some privacy (and security) exists for those who can pay for it, or know how to implement it. - Hard question - if actual privacy is only for a few, who largely use it as cover to secretly abuse the rights of the other 99%, are we defending privacy rights just for them? Put simply, transparency in government and management, accountability, public participation, are not very compatible with secrecy.
Privacy exists because we as a society are very two-faced in our dealings with each other. We present a certain face and claim to adhere to certain norms in public, while almost all of us engage in similar "deviant" behaviors behind closed doors. Almost no one is entirely 100% "clean"... whether they smoke (pot or tobacco), have an "interesting" sex life, watch TV programs their neighbors don't watch, etc. Even if it isn't true now, it is certainly true of everyone's past. For example: we can't just all admit that kids often go a little crazy when they get out from under their parents, so we have to hide photos of drunken shenanigans lest a potential employer see that you were a normal early-20-something five years ago and got the party bug out of your system... even though everyone involved in the hiring process did the exact same thing when they were the same age.
In the US, especially regarding sexual behavior, Kinsey proved pretty well that the facade we were all putting on in public was bullshit. It was very controversial at the time because people prefer to think "well this behavior is OK for me because I know what I'm doing/I'm morally superior/I can handle it" but God-forbid we actually admit to it in public... think of the children!
Whenever we get to the point that people aren't judgmental of others, we aren't jumping to conclusions, and we aren't forced to put on public faces, then the right to privacy won't be as important. The damage that invasion of privacy can do is limited if your public persona matches your private one because then there is nothing to expose. Politicians learned from Bill Clinton's "I did not inhale" gaffe and now readily cop to smoking pot in the past because it instantly diffuses any potential attack.
(P.S. Always be wary of someone leading the charge against some perceived moral depravity. This is often (though not always) a tactic used to elevate that person at the expense of others because that person is engaging in the same behavior and fears discovery/reprisals, even if that fear is only in their own mind and not from some external source. When accused of being the proverbial witch, the oldest trick in the book is say "I'm not a witch, but SHE is! Get her!")
Forgive my ignorance here, but could this be a hardware hack? I know that most Firewire controllers will happily let devices DMA all over RAM, completely bypassing any/all protections from the OS. A lot of hacking of supposed trusted-computing crap has been by using this sort of hardware to peek and poke at memory without running any software on the target box whatsoever.
If there is a hardware hole in the USB controller it may be very difficult to patch with firmware; even if you could patch it, you could run your own mini-hypervisor that fooled Sony's hypervisor into thinking it was running on the real hardware, which means in practice you can't ever really close this hole. Whether the promised mod is that sophisticated I don't know, but in principle it is possible.
Agreed, SSDs still have many cost and reliability issues to overcome, and I'm not going to get too excited till I see some improvements in those areas. Solid State is the wave of the future, but the wave is still way out there and is only just reaching the rocks off-shore.
That greatly depends on your specific application. I can tell you that installing an SSD in my work laptop was the single greatest (relative) performance jump I've ever seen, starting with my 8086/1MB/CGA machine until the present day, including all processor/memory/graphics upgrades I've ever done.
I can also say that some Antivirus products really, really suck and take up tons of CPU and have single-threading bottlenecks, so that if you have the RTV scanner turned on, you will give back a lot of the performance gains. (I'm talking about the one that installs 19 different drivers and services. Someone in IT got a kickback on that purchase).
I'd pit this SSD against a mechanical hard drive in a laptop any day of the week. It can take all sorts of bumps, bounces, heat, etc that could kill a HDD. Better battery life, increased performance. At 160GB, it is about 100GB less than the HDDs they are installing in new laptops, but other than that it is better in every way.
Slashdot Mirror
Their customers are the schools, standardized testing companies, colleges, etc that still only allow these sorts of calculators (and not smartphones, etc) precisely because they are "locked down" and only support a known set of functions (or can be put in a testing mode that does this).
If the protection is broken and TI doesn't respond, their real customers will start prohibiting TI calculators and then their market will dry up. After all... who uses one of these outside of high school / college situations? I carry a graphing calculator program on my phone that does everything these calculators can do.
It seems like adopting a different design would be a win-win for everyone; have test mode firmware that is digitally signed and protected. When certain buttons are held down during a reboot, the hardware physically prevents access to the user-programmable firmware and will only run the test mode firmware. When not in test mode, have zero restrictions on what software can run. I doubt most people using these as small computers will care - they have full access to the hardware and can do what they want with it. Plus the primary "customers" get a locked down test mode that guarantees no tampering.
Or schools could go another route... order "school" editions of the calculators that have permanently burned firmware in ROM that only supports the features they want. The only way to change the program is to physically swap the ROM chips. Then the school can just provide the calculator and be certain no one is using it to cheat.
This is all reminiscent of the PS3/OtherOS issue. If Sony had just left well enough alone, there wouldn't be any need to attempt to bypass the security system.
Summary: They designed nano-scale devices that behave as antennas at infrared frequencies, meaning that infrared light induces a THz current in the antenna. They then proceeded to manufacture a few one-off test pieces that performed well and are now using a master pattern to roll/stamp the devices onto a film (though the full results of that weren't shown or aren't known yet).
We don't typically think of stuff like light as being susceptible to this sort of thing because we haven't been able to make the antennas small enough to work at those wavelengths. In theory the technique can be used to design antennas that capture any part of the electromagnetic spectrum.
The key piece they are missing is cheap efficient THz rectifiers that can convert the induced AC current into usable DC voltages. Not a small problem but not an impossible one either.
OK so you wish to live without dynamic language support, true generics, query expressions/LINQ, closures, lambda expressions, the new async/await, and a whole host of other features so you can stick with a language that hasn't seen a major new feature in a long time? One that continuously makes the wrong decisions just for backwards compatibility? (type erasure is idiotic, just make people upgrade their JVMs. the "lambda" support coming in 1.7 will suck for the same reason - it isn't true lambda expressions that make functions first-class citizens, its just syntax sugar on an anonymous class so non-final vars don't get hoisted because writing the changed value back to the caller would apparently be too much trouble.)
Basically Java is frozen in stone and will never be updated with anything worthwhile. Apparently anything that requires JVM support is absolutely out of the question. Especially if C# did it. And if by some miracle Java includes something C# did first, it will introduce incompatible syntax just to be a dick. (for/enumeration loops I'm looking at you!)
There is one interesting question... what will Microsoft do now for Silverlight Linux support? Will they drop it or just go ahead and produce an actual .Net runtime for *nix? They already had rotor, which was an independent implementation of the runtime for *BSD. It wouldn't be hard to do and if they did so there would literally be no reason to choose Java as the only thing it has going for it is that it runs on multiple operating systems. This doesn't necessarily involve the GUI framework or other such things... but the core runtime itself is fantastic.
People need to stop treating this as a contest to be won or lost. Android is "beating" the iPhone because android phones are what handset makers .can. build so they are churning them out.
The android market is different than the iPhone market (in large part). Android is displacing traditional cell phones with smart phones beause it is flooding the market with models and pretty much any phone that isn't an iPhone is or soon will be an android phone. That's a perfectly fine business model and works just fine for everyone involved. Apple is setting records for iPhone and tablet sales year over year and their app store is undeniably the largest with the most exclusive and popular apps.... But not everyone cares about running apps on their phone or may actively avoid Apple for various reasons. Apple (so far) hasn't chased the low end or low margin markets, nor have they branched out into different form factors. Cell companies also like Android better because their profit margins are higher on some of the phones and they can do a lot more customization (and crippling in some cases since they like being jackasses)... That has an effect too.
The iPad is different... People get one because they *want* one, not because they dropped their old one in a toilet or their contract was up or their old battery died so they figured it was time to upgrade anyway. Having one is useless without the apps to run on it, unlike a cell phone which is perfectly capable of doing the basic things cell phones have done for years without installing a single app.
When an Android tablet is the same price as an iPad with far fewer apps, a less fully-baked OS (though improving), etc it is certainly no surprise that the iPad owns the market. That doesn't mean Apple is winning the "tablet war" or android is losing... It just means the market dynamics are reversed in that case. The Android tablets appeal to anti-apple folks, geeks, people looking for alternate form factors, etc.
I use Apple products but I'm glad there are competitors out there to keep Apple nimble and honest. And if you prefer Android, great - use it. In the end we are all winning in a sense because our devices continue to get better and better.
Your characterization is way off.
So they're not tracking your location, just the data needed to triangulate your location. Just like the GPS doesn't track your location, since it also only gives the data needed to triangulate your location.
Incorrect; what they are doing is using the known location of one cell tower, WiFi hotspot, or GPS to make a wild guess as to your current location, then going to Apple's servers and downloading a chunk of data that contains all the known cell towers and WiFi points anywhere within up to 100 miles of the WiFi hotspot/cell tower the device originally saw a signal from. This info is written to the cache.
*IF* an application requests location services, it uses this database to quickly triangulate an approximate current position to help it get a GPS lock extremely quickly (Go read up on GPS - if you have a half-way decent idea of where you are, it makes acquiring a more exact fix much faster - somewhat like turning your TomTom off then back on immediately vs turning it off, flying across the country, then turning it back on... in the latter case it will take a lot longer to get a location). If there is no GPS signal, it can at least give an approximate location to the application that requested it. Location services on iOS allow the app to specify the desired level of accuracy as well as receive the instantaneous accuracy level. If the app only wants to know what zip code you are in the device might not even need to bother turning GPS on - the cache might be enough to get that information.
In any case, all the database tells you is that of the entire list of cell towers and WiFi hotspots in the database for a given time period, you were near *one* of them somewhere vaguely around that time.
No, they're just logging the location of things you go near and the time you passed by them. This is not a location the same way that "314 Evergreen Street, Pigsknuckle, Arkansas at 2:31:14am on April 17, 2011" is not a location because it doesn't specify if you're inside or outside the house.
More like that address just means you were in the city of Pugsknuckle sometime on April 17; you might have been at 314 Evergreen, maybe 325 Evergreen... maybe across town at another address entirely. Maybe you just drove through town on your way to Texas. There is literally no way to know because the chunk of cache you get back can cover a wide area and depends on what the server decides to send you. Two people at the same location at the same time might get different lists back from the server that cover a different geographical area.
Short version: This is no different then looking at a laptop's recently seen WiFi access point list and trying to claim the laptop is tracking you. All it means is that you were within some distance X (depending on conditions) of that access point sometime in the past.
I always wondered why companies like Microsoft and Intel gave a crap about DRM or what the movie studios/music industry wanted. They are much bigger and have a lot more cash on hand.
It is obvious why Sony cripples all their products - because they are also a studio. But if you adopt a different model - one of selling online services or hardware, the content just becomes a value-add. Then you can enable whatever you want and tell the other studios to get on board or go to hell. On-demand, DVD, etc just needs to cover your costs.
I wonder... once DNSSEC is widely deployed, can we put SSL cert information in DNS records? Maybe a specific TXT extension or a new record type. It would give the browser a way to automatically verify that the certificate was not only issued by a valid CA but the hash also matches what the site owner says it should be. At least then you'd need a fraudulent cert and control over the target's DNS nameservers. I suspect DNSSEC isn't required to cover a lot of these hacks because getting control of the nameservers is a higher bar but it would definitely be required to protect against governments... it would require the country to prohibit the use of DNSSEC, so at least you would know you were being lied to.
This issue seems like the classic problem of trust in that there is a fundamental assumption that the CA will never lie but that has been proven false over and over again.
This deal is really simple. T-Mobile needed to spend a lot of money upgrading their network to stay in business. ATT needs new spectrum... their biggest problems are lack of spectrum and lack of backhaul in areas where they aren't an ILEC.
This deal gives DT a way to exit cleanly without having to "double-down" on T-Mobile and it gives ATT a big chunk of spectrum.
It really is that simple.
The code has to be a certain length in order to be unique, it has to be complex enough to take a while to crack, but write down one digit wrong (or slighly unreadable) and the code is invalid.
It does need to be unique but you are incorrect about the other requirements.
The code can include parity such that it can be deciphered even with an incorrect digit. Just off the top of my head: I presume you would only use one of any potentially confusing character sets (eg: number 1 but not L or I (capital i); zero, not the letter O; etc). Then you'd need to figure out a distribution of bits that allowed you to reconstruct an original code if one or two characters are off... for example, let's say each character represents three bits of the original number then three bits of its inverse position in the code (so the first character has the first three bits and the last three bits of the code; if they flub the last character you can still get those bits from the first character). I'm not saying this is a really good system, I'll leave designing that to the experts... I'm just saying it is entirely possible to design.
The other thing is the code doesn't need to be uncrackable... you simply have a large space of codes and have your master database pick codes at random out of this possible space. At that point someone can certainly generate new codes all they want but they will have the same problem as generating fake credit card numbers: If that number isn't marked in the database as a valid code (tied to a valid purchase transaction) then it will not be accepted.
All of this leaves aside the main issue: Your name & address is most likely going to be in the return address portion of any letter or package! The OCR software can scan that and match it to the purchaser of the code. Too many mismatches from the same address and maybe you can flag it for further investigation. Too many letters without return addresses using suspect codes at the same post office or sorting facility and that greatly narrows your range of investigation.
Just wait until a postman copies the code to a package of his own, and just destroys the original package.
How is that any different than my current postman cutting the unmarked stamp off my envelope, throwing it away, then gluing that cutout onto his letter? (Hint: it isn't).
People generally find out when their letters don't arrive so its not like you can hide that sort of crime very easily. Risking prison to save on a postage stamp seems like the height of stupidity... I'd prefer any moron of that caliber try it immediately so we can quickly identify them and remove them from society.
Short Version: For your first felony, I highly suggest not putting your name & address on it and sending it through the mail.
The default position of just making money isn't enough - they've gotta do better every quarter so the only way to do that is to make cheaper content and/or abandon the niche and try to appeal to more people. Of course everyone is doing that so the market young people are already abandoning becomes an even bigger wasteland as everyone battles for a slice of the shrinking pie.
Of course we know what it takes to run a profitable network that can do really good original programming... about $10-$15/month. It's called HBO. Band of Brothers, Boardwalk Empire, The Pacific, Generation Kill, Rome, The Wire, Six Feet Under, The Sopranos, Sex and the City, Oz, The Ricky Gervais Show, Bored to Death, the upcoming Game of Thrones, and many more. I don't know if a Science Fiction channel can sustain that kind of paying audience but imagine BSG without commercials on a network like HBO. I'd certainly subscribe.
Of course I'd also happily pay $10/month for a REAL Discovery channel. Bring back the historical documentaries from the old History channel, the real science programs from the Science Channel, real educational programs from TLC, etc and put it on a paid network with no commercials.
History International was carrying the History Channel banner for a while but it too has descended into the UFO hunter/ghost/reality/monster wasteland that is the History channel. Science Channel is heading down the same road. Five years ago my programming guide used to be on a favorites list with only the discovery networks, HBO, and a few other channels. Now I barely watch them at all and I'm in the most coveted demographic: 18-30 male. It makes me wonder how they are making money when they seem to be producing dreck that doesn't seem to appeal to the most valued target audience for advertisers. I guess it must just be extremely cheap to produce so it doesn't matter.
But part of the problem there is that Mars doesn't have a significant atmosphere or magnetic field so you have similar shielding issues. In fact this is pretty much true of everywhere in the solar system except Earth. When you get far away from the Sun you still have to deal with cosmic rays, you just get to sit in the cold darkness for your trouble.
Any future human colonies (in this solar system) will probably need to be underground and/or require nuclear reactors to generate enough power to run magnetic shielding systems. IIRC there was a new engine (maybe VASIMR?) that had the side effect of generating a magnetic field during operation, the only issue being the ability to supply enough power to run the thing at decent power levels.
If we aren't there already it should soon be the case that intra-solar-system travel is mainly an engineering problem; we just need to decide to go and commit resources to it. That's what is so exciting about private rocket development; I sincerely hope that space tourism, asteroid mining, and/or other ventures prove profitable as quickly as possible, then it can become self-sustaining. It is obvious that governments aren't going to spend the resources required anytime soon. Given the technology that fell out of the last "space race", I can only imagine what wonderful discoveries would naturally fall out of a race to develop a permanent human colony on another world. (Plus look at what SpaceX has been able to do in only a few years with one passionate person investing his internet fortune in it; imagine if you had whole industries organized around space travel investing billions).
Waaaaaaa! Give me something for free! I hate commercials and advertising but I refuse to pay! Waaaaaaa!
In all seriousness there are definitely things to complain about (paying for cable TV but still having to put up with commercials; I'd be happy to pay for fewer channels and ditch the commercials). Or artificial restrictions... I'd be happy to pay the $150/yr license fee to get access to BBC here in the states but due to artificial geographic restrictions I cannot (and thus the incentive to pirate).
But complaining about paying for a service that delivers commercial-free music? One that you can *still get for free* on your computer? That's just being an ass.
MPEG-LA could cut this whole thing off at the knees and ensure WebM is relegated to an also-ran by making a H.264 basic profile available in a completely royalty-free way... Obviously there are a lot of profiles in H.264, but pick a baseline one for the video and audio portions and make it entirely freely available for anyone to implement without signing any agreements/etc. From a purely cut-throat business position: If I were one of the major members of MPEG-LA, I'd certainly take this seriously and do anything I could to ensure there is no need for WebM to exist. Basically make myself the path of least resistance.
Now people like Apple/Microsoft are still going to pay the license fee to implement all the profiles but for projects like Firefox it would give them a way to implement a video standard that was developed through an open process, is an ISO standard, and enjoys widespread hardware acceleration support. It would also give anyone targetting browsers an easy way to do so because everything that exports or records video does so in H.264 or supports transferring to H.264. Selecting the "web standard profile 1.0" would be all that one needed to do to ensure compatibility.
It's not like this isn't what will happen anyway: what linux users haven't installed ffmpeg or VLC with included H.264 support? Honestly, all this would do is legitimize the status quo. H.264 isn't going way: iPhones/iPads alone mean video is going to be produced in H.264 (mindshare can be as important as marketshare). Add in Windows and Mac native support and you are looking at what - 80% of all web users? 90%?
I hate this political bullshit that gets in the way of just standardizing on what everyone is already doing anyway.
P.S. I don't see what is bad about handing off video/audio rendering to the OS frameworks. Frankly, if Firefox or Chrome can't render a given codec, they should fall back to that mode anyway. I may be doing things for my internal intranet or my own personal use that have nothing to do with this browser maker pissing contest so just get out of my way and let my OS render anything it knows how to render.
Well everyone in the 1980s thought Japan would rule the world and own everything but internal problems proved that there were limits to their power... just as any nation has limits. We in the US often forget our own limitations because we're used to having our own way.
China has severe internal issues; a massive property bubble that makes the US housing crisis seem tame by comparison; local governments are addicted to land sales to fund their massive infrastructure projects, loaded down with loans from the state banks. Unless you truly believe that empty apartment blocks or even empty cities are a good investment and property prices will always go up that game has to end at some point and when it does China won't be able to hide the pain. Plus massive corruption and cheating (how can you make decisions at the top when all your stats are based on outright falsified data?). Official government statistics say that about 40% of the academic papers published from Chinese Universities contain falsified research and that's just what they will admit.
Did I also mention the leadership/succession problem? How many times in world history has some political succession BS thrown a wrench into a country's previously bright future?
I'll put it another way: if China gets too annoying and the EU+US slap a 50% tariff on Chinese imports who do you think will blink first? The consumers who have to pay $5.99 for that plastic toy instead of $2.99? Or the communist authorities in China facing millions of unemployed laborers with no job prospects, nowhere to go, and nothing to do? The political situation in China is far less straightforward and stable than people suppose.
Prior to Windows 7 (or maybe Vista?), it had the same problem. Anything that issued massive I/O requests to the disk would bring the system to a crawl. The introduction of an I/O scheduler (which Linux also has) helps quite a bit in these scenarios but you do run into the issues of what priority really means. A video player, even if in the background, is probably still a high-priority process. But a compiler probably isn't; the problem is if you try to trust applications to indicate their own priority they'll lie and say they are always the most important application (which is why Microsoft doesn't publish APIs to do certain things like pin an app to the start menu... because so many apps tend toward narcissism: "gee whiz I'm the most important app ever! of course the user wants to pin me to the start menu, and put me on the desktop, and the quicklaunch bar, and in the startup group. If I get removed from any of those locations it must be a mistake so I'll just add myself back in!") How you can put the average computer user in control without making it overly complex is a hard problem. Hell, you can't make it take too much attention either because anything that gets in the way or is annoying just causes users to click "CANCEL" to try to get out of the dialog box. If it pops up again they just click "OK" to see if that works, all without reading any of it.
Anyway I would postulate that any virtualized shared resource will require a priority-based "fair" (for some definition of fair) scheduler, otherwise ill-behaved applications will consume all of the available resource and ruin the system for everyone. We saw that with the CPU and cooperative multitasking, we saw that with memory and shared address spaces, we see it now with disk and network I/O, and I predict as the GPU becomes more virtualized and heavily used it will run into the same thing. Processes of the future will have CPU, memory, disk I/O, network I/O, and GPU priorities IMHO. Frankly I'd also like to see processes run inside their own VM sandboxes so I can transparently block their ability to do certain things, like change my filesystem but that's another issue.
I'm fairly sure a lot of the /. readership would like to participate in the creation of ESCs.
I know you are being funny but your comment reminded me: research shows that the average sexually active straight woman not using birth control will shed fertilized eggs on a regular basis (entirely naturally) because they fail to implant or because her period arrives too quickly (not enough hormones build up to trigger the "I'm preggers" alarm and stop the monthly cycle). Of the ones that do implant, a significant number miscarry due to errors in the DNA, cell replication, or other developmental issues. Sometimes the woman is even unaware that she was pregnant to begin with, she may just believe her cycle was "late".
Warning: metaphysical discussion follows...
If life/humanity/soul/etc begins at conception, then God is the biggest mass murderer of all time. That's not an image of God I can buy, so I must conclude that the human idea that "life begins at conception" must be entirely incorrect. Ergo there can be no legitimate objection to the study of stem cells nor can there be objection to birth control or even at least some types of abortions.
As a man of science and of faith I must believe that anytime scientific discovery and faith appear to be in conflict they are not - it is merely my misinterpretation or my preconceived ideas about God that cause the conflict. The facts are what they are and do not bend themselves to fit my worldview, something I wish more people would acknowledge.
Working at Oracle is a bit crazy. They'll fork over $1200 for fancy chairs, but if you want a 1920x1200 screen instead of the default 1440x900 then the laptop request has to go to Larry Ellison's office for personal approval. IT denied my request for 8GB ram on my test server to load a >4GB dataset. I'm looking at eBay to find an old server with 16GB ram so I can actually get my testing done. No, I'm not joking.
Oracle pays well and has good benefits, but sometimes it is extremely frustrating to be unable to obtain the tools and resources you need to do your job. That kind of thing can drive you crazy.
I use Password Safe to store my passwords; I have about 60 entries in my database. No, I'm not kidding. Between work and personal systems the number of passwords to keep track of is insane. Some don't allow special characters, some don't allow passwords > 12 characters (so no passphrases for you!) Worse, some are using "wish it was two-factor" schemes now, requiring me to know other pieces of information that are no better than a password anyway. They're often worse because they are based on information that can be found in public records or by some snooping into my personal life. Fortunately, I have pre-memorized answers for all the common questions (mother's maiden name, oldest sibling's middle name, high school, etc) that are not the correct answer so no one can guess them by checking ancestry.com.
Of course at work, we have a bunch of passwords that all have different expiration schedules. They've slowly been integrating things into the single sign-on system, but that is a work in progress. The funny part is the SSO system doesn't expire passwords and the password reset system is accessed by logging in with SSO, which totally defeats any notion of expiring passwords. Yet the policies remain in place. Expiring passwords are stupid, let me pick a good complex password and keep it.
Unfortunately there are too many players and too many commercial interests to easily change anything now. Similar to the problems with SMTP, if anyone had forseen the problems and managed to get sysadmin buyin in the early 1990s, then you could have made stuff like OpenID an internet standard. Then when everyone was rushing to get on the web in the early days, they'd grasp around for any info on current standards and practices and they would have implemented them. Let this be a lesson to you, even in simple matters like providing example code with your SDK: People will copy your simple crappy example code and it will end up being "the way" to do it, no matter how many disclaimers you put on it. Half of all password forms, expirations, and restrictions are just copies of what people have seen on other websites or in other applications. Sometimes bad design sticks around forever.
The Volt uses a planetary gearset where the main gear is driven by the primary electric motor. The planet and ring gears can also optionally by driven by the engine and a second assist electric motor when needed. This allows the computer to continuously vary the power source that is driving the wheels. The only part of this equation that was not previously known was that the engine can directly give torque to the wheels under certain circumstances (without going through a generator).
Typical operation for a daily commuter is stop and go traffic of 20 miles or less each way, which means the typical commuter in a Volt will use only the electric motor. The gasoline engine will never even start up. The Volt also comes with plug-in support from the factory. These two things are what make it different than existing hybrid cars. If you can sell these cars and start moving them in large numbers then you can start moving the battery prices down and scaling the electric-only range up. You can't let the perfect be the enemy of the good otherwise you'll never ship anything. We know that in software, in hardware (think 1st gen iPod), and it is just as true in cars. The Volt is a necessary evolutionary step and I hope it sells really well because battery prices will drop and we can take the next step even sooner.
I also find it disingenuous to run the Volt around with drained batteries so you can see its "true" MPG (whatever your definition of "true" is with this sort of test). That's like saying a hard-top convertible sucks because I wanted to see how it performed in the rain but purposely left the hard top in the garage. The whole point of the Volt is using 100% electric power for most people's daily commutes. If my commute is 37 miles round-trip, then the Volt gives me infinite MPG, which makes no sense because the electricity does have a cost to it. This just highlights how inadequate MPG is as an efficiency measurement.
First, the ViewState is encrypted so figuring out the key allows you to inject your own data into the ViewState. The worse an app's code, the worse the exploit on this because some apps even store their "IsAdmin" flag in the ViewState and other such nonsense, so this lets you impersonate any user you like. DotNetNuke is one example of a crappy system. Worse, it allows you to upload ZIP files of themes and whatnot, so you can use this to impersonate the superuser, upload some hacks, then try to execute them. Depending on what account ASP.Net runs under and whether you are fully patched, this can lead to escalation to admin and owning the box. If you have followed all the other in-depth security practices (and for coders don't store any sensitive info in the ViewState) then this isn't nearly as big of a deal.
The big hole is that starting with 3.5 SP1 (and also in 4.0) the WebResource.axd handler takes an encrypted filename as its parameter, so you can encrypt say "web.config" and get it to happily pipe web.config to you... or any other file. It completely bypasses the normal restricted file handler. In previous releases this was not the case, the stuff it would let you download was much more limited. Granted, there are facilities to encrypt connection strings/etc in web.config, but a lot of people are lazy and just deploy with plaintext passwords and whatnot. Again, following defense in-depth practices greatly restricts the scope of any potential attack.
IMHO the WebResource.axd issue is inexcusable. There is no legitimate reason for allowing the new behavior.
Perhaps on paper there are privacy rights, but to a large extent only on paper. Some privacy (and security) exists for those who can pay for it, or know how to implement it.
- Hard question - if actual privacy is only for a few, who largely use it as cover to secretly abuse the rights of the other 99%, are we defending privacy rights just for them? Put simply, transparency in government and management, accountability, public participation, are not very compatible with secrecy.
Privacy exists because we as a society are very two-faced in our dealings with each other. We present a certain face and claim to adhere to certain norms in public, while almost all of us engage in similar "deviant" behaviors behind closed doors. Almost no one is entirely 100% "clean"... whether they smoke (pot or tobacco), have an "interesting" sex life, watch TV programs their neighbors don't watch, etc. Even if it isn't true now, it is certainly true of everyone's past. For example: we can't just all admit that kids often go a little crazy when they get out from under their parents, so we have to hide photos of drunken shenanigans lest a potential employer see that you were a normal early-20-something five years ago and got the party bug out of your system... even though everyone involved in the hiring process did the exact same thing when they were the same age.
In the US, especially regarding sexual behavior, Kinsey proved pretty well that the facade we were all putting on in public was bullshit. It was very controversial at the time because people prefer to think "well this behavior is OK for me because I know what I'm doing/I'm morally superior/I can handle it" but God-forbid we actually admit to it in public... think of the children!
Whenever we get to the point that people aren't judgmental of others, we aren't jumping to conclusions, and we aren't forced to put on public faces, then the right to privacy won't be as important. The damage that invasion of privacy can do is limited if your public persona matches your private one because then there is nothing to expose. Politicians learned from Bill Clinton's "I did not inhale" gaffe and now readily cop to smoking pot in the past because it instantly diffuses any potential attack.
(P.S. Always be wary of someone leading the charge against some perceived moral depravity. This is often (though not always) a tactic used to elevate that person at the expense of others because that person is engaging in the same behavior and fears discovery/reprisals, even if that fear is only in their own mind and not from some external source. When accused of being the proverbial witch, the oldest trick in the book is say "I'm not a witch, but SHE is! Get her!")
"To show everyone what the black hats and spammers are going to be doing", sounds good enough to me.
Fixed it for you: "To show everyone what the black hats and spammers are doing".
Forgive my ignorance here, but could this be a hardware hack? I know that most Firewire controllers will happily let devices DMA all over RAM, completely bypassing any/all protections from the OS. A lot of hacking of supposed trusted-computing crap has been by using this sort of hardware to peek and poke at memory without running any software on the target box whatsoever.
If there is a hardware hole in the USB controller it may be very difficult to patch with firmware; even if you could patch it, you could run your own mini-hypervisor that fooled Sony's hypervisor into thinking it was running on the real hardware, which means in practice you can't ever really close this hole. Whether the promised mod is that sophisticated I don't know, but in principle it is possible.
Agreed, SSDs still have many cost and reliability issues to overcome, and I'm not going to get too excited till I see some improvements in those areas. Solid State is the wave of the future, but the wave is still way out there and is only just reaching the rocks off-shore.
That greatly depends on your specific application. I can tell you that installing an SSD in my work laptop was the single greatest (relative) performance jump I've ever seen, starting with my 8086/1MB/CGA machine until the present day, including all processor/memory/graphics upgrades I've ever done.
I can also say that some Antivirus products really, really suck and take up tons of CPU and have single-threading bottlenecks, so that if you have the RTV scanner turned on, you will give back a lot of the performance gains. (I'm talking about the one that installs 19 different drivers and services. Someone in IT got a kickback on that purchase).
I'd pit this SSD against a mechanical hard drive in a laptop any day of the week. It can take all sorts of bumps, bounces, heat, etc that could kill a HDD. Better battery life, increased performance. At 160GB, it is about 100GB less than the HDDs they are installing in new laptops, but other than that it is better in every way.