Is the submitter of the article a developer looking for ideas?
I hope so...if so, he's doing it in a very clever way. Provided, of course, that he can determine the difference in ideas between that which comes from a fairly normal user with a standard need/desire as opposed to a socially-incompetent neckbeard.
As an astronaut, I wonder which would appeal to me more? The "Exciting Choice" or the "Safe Choice?" On one hand, I'll be strapped to it as it launches it (and me) into space. On the other hand...I'm an astronaut! My choice of car is probably NOT a fucking Volvo.
Some technologies just don't make sense. At least with our current battery and silicon constraints.
A nice tablet at $500 didn't make sense... until the iPad came out. (Some early speculation had it priced at @$1,000). An expensive smartphone without a keyboard didn't make sense... until the iPhone. A laptop that is.68 inches thick (and gets thinner from there) didn't make sense... until the MacBook Air.
Apple has a track record of pushing limits, and of not releasing products that aren't highly refined. If they come out with an "iWatch," I'd bet it will be something special. And the following iterations will only improve it.
Your point is merely that innovation is something people don't see coming. I don't think it applies here, however.
Everyone wants an "iWatch," so much so that you can use the term and everyone knows exactly what you mean by it. Everyone wanted an iPhone...they were freaking begging for it for years before it came into being.
In this case, though, Intel's made a massive mistake. You can't pair a highly-durable good (bracelet with semi-precious stones, precious metals and exotic materials like "water snakeskin") with something based on personal technology. Very few people will spend $1,000 for the non-functional components of something that they'll replace as often as a cell phone. And almost nobody will do it twice.
Even more notably, the pictures they sent are of bracelets that make distinct statements with regard to color, texture, etc. They won't match just any outfit...which means that either the user must not come to depend on the bracelet (or they'll be disappointed when it clashes with their outfit and so they don't wear it) or buy multiples (which only amplifies the cost/disposability conundrum).
If they had a form factor that allowed for separation of the cosmetic (semi-precious stones, snakeskin, etc.) and functional (electronics) components such that you could swap the electronics module between shells and update it without having to throw away the whole bracelet, then this could work. It would also allow for a platform, however, where you could just wear the electronics module in something like a silicon wrist strap...and thus, that negates the whole point of Intel's idea here by caching the thing as a fashion accessory. As soon as someone puts it in a $10 wristband and notices that it doesn't do all that much that they need, everyone notices the emperor is naked, and they go back to buying bracelets from Cartier or Tiffany's instead.
The key to the iPad and the iPhone was that they were, at their core, supremely functional. That they had lovely form factors was just icing on the cake, and their cache as items of status followed from that...not the other way around.
An American would think that. Citizens from other countries may well disagree there. Especially because of that unthinking American preference for Americans in charge everywhere.
Really? Do tell us about all the governments that would rather have Iran or North Korea in charge of ICANN. Please:)
You are speculating on a system that would be able to correctly identify ALL THE OBJECTS IN THE AREA and that is never going to happen.
It doesn't have to identify all the objects in the area, it simply has to not hit them.
Actually, since the whole question of TFA is about ethical choices, it does have to identify them. It can't view a trash can as being equal to a child pedestrian, for example. It will have to see the difference between a dumpster (hit it, nobody inside dies) and another car (hit it, someone inside it may die). It may even need to weigh the potential occupancy of other vehicles...a bus is likely to hold more people than a scooter.
The question at its heart is not about object avoidance in the article...it's about choices between objects. And that requires identification.
Your analysis seems to assume that there are apps, and that is it. But in reality there are apps that are virus hosts in themselves. VB within Excel. Javascript within browsers.
Actually, no. There are apps and there is the OS itself. But by the time you're talking about the security model, the OS already exists, and anything you add to that is, essentially, an application. Delivery operates the same way, dependencies can as well. The VB that is within Excel is no less an app than the app that requires.NET framework be installed, a javascript that executes in the browser, or a java applet that requires a JRE. The fact that it depends on something else doesn't change the model. And any app can be malicious or friendly; even a friendly app can be modified or tied with a pre-executed piece of malware.
/. may be a software-centric site, but those of us in mechanical, electrical, optical, materials, and other branches of engineering are in the same basic position. But sadly, even in businesses which promote engineers into senior roles end up respecting people primarily on the basis of how many direct reports (that's the term for peons whose salaries they determine) they control. Until you're able to rate people by the quality/quantity of output regardless of altitude in the org chart, this problem will continue.
Indeed; the underlying basis of the article could really match almost any profession. Accountants, HR personnel, programmers, even admin assistants. Not understanding the role of a job invariably means not understanding its challenges or the value it brings. So what? This is not news. Hell, I've seen companies where they didn't understand the value of managers...and thus, promoted/hired people into such roles who had no skill at doing their jobs.
There are currently two solid alternatives to traditional AV. Unfortunately, one is not suitable outside of a well-managed (i.e., corporate) environment and the other probably would not work in a full-featured computer environment.
1. Whitelisting: Application whitelisting is really, really effective. There are ways to circumvent it, but that's true of just about any technical security control. The problem with it is twofold: one, someone needs to develop exactly *what* that whitelist is, and the average home user isn't really up to the task. Bit9 (the leader in the space) has gotten around this to some degree with a cloud-based archive of "known good" files and processes, but your standard home user will still run into a lot of things they don't recognize when they install. And what if one of those things is actually an existing infection? Then they will probably add it to their whitelist...or, on the other hand, err on the side of caution and end up breaking valid software on their systems. The odds of them hitting it exactly right are very small. And even then, they have to maintain the whitelist...so if they're taken in by that "YOU NEED TO UPDATE YOUR VIDEO CODEC LOL" popup window, they'll invariably end up authorizing whatever file gets downloaded ("'Trojan_video.exe'...sounds legit to me!") and infecting their system anyways.
2. The "Walled Garden" Model: In a lot of ways, this is like whitelisting built into the underlying OS, with the OS manufacturer being the custodian of the whitelist. This is how iOS works, so it's actually a proven model. There's only been one discovered instance of malware that's slipped into the App Store, and that was easily eradicated with the press of a button back at the Apple mothership. But on the other hand, there are ancillary effects to forcing all devs to go through a single clearinghouse for software. Apple's cut of the profits, and their cut of any revenue passing through any app sold through the App Store, are obvious issues, but the antitrust risk of a PC OS with only one place to go for software is a latent...and larger risk, going forward. One court decision can break the model entirely; if Apple doesn't collect at least some money from developers, then there's no money to support the App Store and the activities around it. But if there's no central authority, then there goes the chain of trust that's necessary to maintain the safety of the OS. And there's complexity in a PC-based OS environment that you don't find in a tablet or smartphone; in the tablet/phone model, each application is an island, separate onto itself for the most part. You don't have browser plugins, underlying execution environments or interpreters (Air, Java,.NET, Python, Perl, etc.).
Either way, the "blacklist" approach doesn't work. It's all fine to point out that other things (firewalls, IPS, etc.) need to be in place, and that's true...but malware is its own threat, and cannot be fully addressed by solutions that only focus on the attack. Applications will have vulnerabilities; railing against this hasn't accomplished anything in two decades. People will make mistakes, or be social-engineered into doing things they should not do. Supply chains will become infected (remember cameras, USB drives, etc. that have come with malware?) and sometimes those mistakes will affect people besides the mistake-maker. So there needs to be a way to address malware itself.
There are two approaches that, while theoretical, also hold promise. The issue is that they are pretty much theoretical; there's no existing implementation of either of them on any scale, or as a deployable off-the-shelf technology today.
3, The Managed Immunological Response: Assume that malware will exist, and somehow get onto systems. Most complex organisms hold pathogens within themselves that are harmful...and in many cases, even contain them in a symbiotic relationship. Eradicate E. Coli from a human's lower GI tract and they'll develop problems, for example...but E.
If we have this much surplus, clearly we're buying too much. I know that if I find myself giving away cans of green beans, I make sure I don't buy a whole pallet the next time I'm at Costco.
We just demobilized from one war, and are nearly done pulling out from another. Surplus is what inevitably happens as a result.
Look at it like this: when you get back from a camping trip, do you set the tent back up at home, and use the cook stove to cook your meals at home too? Of course not. And military equipment is usually better off sold rather than mothballed, especially since the threats keep changing and the cost of upgrades on gear that's in storage (don't forget the logistics) is greater than the cost of replacement, all other things taken into account.
That said, I wonder how much of this billion dollars is from MRAP donations. The military is giving nearly all of their MRAPs to law enforcement agencies, and they aren't exactly cheap. So that could be the bulk of this, easily.
Great dad, in my opinion. My kids grew up involved in hunting, fishing, and shooting sports - but a trip to a refugee camp would probably have cured them of the FPS BS faster than anything.
Fortunately, they were never really into videogames.
Aaaaand...what kinds of movies did they watch, perchance? Did their dad keep them on a strict diet of Barbara Striesand? No? A few action movies, then? Hm.
Games are one form of entertainment. If someone is going to condemn simulated (and unrealistic) violence in one medium, they really should do so across all media, don't you think?
The one nice thing about Android (assuming a rooted device) is the ability to turn on and use Linux's iptables to prevent apps from phoning home. After that, Xposed and XPrivacy are good (although the interface is nowhere as nice as Protect My Privacy from Cydia on iOS) to enforce restrictions on apps that ask for more than they should.
It would be nice if XPrivacy would fake data like PMP does, so if an app asks for GPS info, it will get GPS info, but not anything useful, or if an app asks for contacts on the phone, it gets random sets of garbage.
This is all fine and good, until one app that you want to phone home uses AWS or Cloudfront, and so does another app that you don't want phoning home. Firewalls have never been a good approach to application security...evidenced by the fact that "application security" became a concept long after firewalls were commonplace.
It's kinda terrifying that the people making fast, heavy lumps of metal with computerised control systems don't already routinely isolate those control systems from any other computerised technologies in the vehicle, particularly any that can interact remotely. They shouldn't need to be publicly admonished about the dangers of these situations. Don't these organisations employ actual engineers any more?
But given that it does seem to be necessary to make a public display of this -- which presumably removes any plausible deniability if the auto makers do get sued after an accident later, so I can believe it will at least get their attention -- I'm glad it seems to be a responsible group with the right motivations who are starting the ball rolling. If it were just a bunch of lawyers or insurers, the general public could write the campaign off as the signatories just looking out for their own interests.
Problem #1; you can't isolate those systems, in the context of the reason for why they exist.
So, let's look at OnStar, or Hyundai's Bluelink. These are systems that connect to larger infrastructure over public or semi-public communications channels (i.e., cellular) for a variety of purposes. Such purposes include being able to start your car remotely, notify authorities of an accident even if you are incapacitated and unable to call for help (especially in that case, actually) and recover your car in case of theft. All three of those functions inherently require access to engine functions (in a read-write sort of way), GPS, and/or OBD-II data. And you can make a strong argument that many of these things are beneficial from a safety perspective as well. But you can't have them if you isolate the control systems from any other computerized technologies...you absolutely cannot.
On the flip side, you *could* isolate the systems that manage our financial accounts...banking, stocks, pensions...from any other computerized systems. But then you'd lose online banking, bill pay, ability to trade in stocks and other financial instruments without going into an office, etc. But that industry has figured out how to connect things together without the world coming to an end, despite the tremendous opportunity and motivation it provides for criminals. The car industry can figure this out too. I dare say it's easier to figure out how to develop a reference architecture based on the CAN II that is secure than it is to secure all the various interconnections of the financial industry. And it also bears mentioning that once upon a time, the financial industry got egg on their face too for security problems. This is the normal evolutionary process.
The only way around it is to avoid storing sensitive data on the phone.
This must also be an important issue for those that uses phones as security tokens, i.e. banks and other important institutions that sends an SMS with credentials to provide verification - it's a very insecure solution since the phone may have an app that forwards the credentials to a third party that can use this to access the system.
Avoid storing sensitive data...like the phone numbers of other people? Like the text messages you send? Just using this phone...to make phone calls, mind you...results in data being uploaded. I don't see how "not having that data" on your phone is really an option. It's a goddamned phone; you're going to have to use it, some day.
I also seem to remember that Apple got into problems because they were uploading user data without permission.
Nope. They got into trouble because somebody found location data in logs on the phone, and assumed it was being uploaded without actually testing that theory.
Right...and even then, this was location-based information that Apple said the phone wasn't collecting. It could just as easily have been a misunderstanding about underlying software behavior at a low level (or even that the programmer who built it that way didn't even work at Apple any longer) as anything else.
"due to Netflix arbitrarily blocking the Linux build"
i.e., generating a valid page based on detection of a Linux-based USER-AGENT from the browser, to save the user from trying to troubleshoot what has been, until recently, a problem that the user could not fix. Hardly sinister.
It's also trivial to change the pics slightly (change one pixel from black to white, for instance), and completely change the hash so it doesn't match. Thus matching hashes is... less than useful... against an even moderately smart CP'er.
Very true...but the point of any technology is never to be a 100%, totally foolproof approach; that is never possible, with anything. And if only one image in a collection is a match, then you have caught the person who owns it; you don't need to match more than that. Human investigation, at that point, will catch the rest. Going one step further, you don't even need to catch every single person...catch one in a group that have some form of relationship to one another, even just online, and you can round the rest up through a combination of digital forensics and plain-old gumshoe investigation. This tactic also doesn't come at the expense of other means of catching people who trade in child porn...it's a net increase in the availability of means to catch such people.
NCMEC has the collection of actual illegal pictures. They have government permission to have them.
Everyone else (Microsoft, Google, Facebook, etc) just has the list of hash values. Totally legal for them to have.
This system has been public knowledge for at least 3 years. Just google NCMEC and follow the links!
And (since someone always complains) yes, the people running this know what a hash collision is. They are experts with hash functions and image processing.
Let me give a bit of detail to this. NCMEC has a collection of actual illegal pictures, as do the FBI. This, in turn, can be turned into hash/size tuples...which makes it very, very easy to automate searching for content without 1, needing direct human observation of anything but the content that matches a signature, 2, requiring much work on behalf of Google/Microsoft/Apple/, or 3, actually giving pictures of child pornography to the provider. Essentially, it's trivial to repurpose technologies intended for DMCA patrolling/enforcement to this task, and I'd argue that it's a much better use of those technologies than what we've been seeing currently.
"Idiot", "moron". You sound like a bunch of poor kids struggling in a lousy job economy, hurling insults at a successful man able to afford an Infiniti.
Except it's obviously a ploy by the car makers themselves.
Daring acts (like this scripted advertisement you're all being fooled by) will drive consumer demand for autonomous cars.
I think the word you were going for was "plebeians," there in the title...but maybe I didn't here you correctly.
So as I understand it, what's desired is a solution that will just plain work out of the box as soon as you plug it in, and will require no work/help from the users at the other end to keep it working. Teleconference (video and audio) calls need to be auto-answered at the remote end, provided it's the right party calling them; effectively, the remote endpoint needs to have neither control over the system nor responsibility to keep it running. I presume to some degree this is to be able to check up on them and make sure everything is okay, as much as it is for more social uses of telepresence?
So, do this:
1. Send them one of the new "smart TVs" that comes with a webcam built in.
2. Get a job at the NSA.
3. Profit!
Re:Welcome to the Privacy Free Zone
on
The Social Laboratory
·
· Score: 3, Insightful
Thank you for obeying!
You don't understand Singapore. I know it sounds quite bizarre to a Westerner, but the citizens of Singapore *want* this. This is what they actually value; the common perspective differs, in that they feel that the needs of the society of the whole are greater than those of the individual. This level of control isn't something that they're obeying...it's something that they're desiring, facilitating, embracing. And while I'm with you in my preference of a more Western form of social balance, it's also hard to argue that Singapore is actually a bad place to live or be.
Slashdot Mirror
Is the submitter of the article a developer looking for ideas?
I hope so...if so, he's doing it in a very clever way. Provided, of course, that he can determine the difference in ideas between that which comes from a fairly normal user with a standard need/desire as opposed to a socially-incompetent neckbeard.
As an astronaut, I wonder which would appeal to me more? The "Exciting Choice" or the "Safe Choice?" On one hand, I'll be strapped to it as it launches it (and me) into space. On the other hand...I'm an astronaut! My choice of car is probably NOT a fucking Volvo.
Some technologies just don't make sense. At least with our current battery and silicon constraints.
A nice tablet at $500 didn't make sense... until the iPad came out. (Some early speculation had it priced at @$1,000). An expensive smartphone without a keyboard didn't make sense... until the iPhone. A laptop that is .68 inches thick (and gets thinner from there) didn't make sense... until the MacBook Air.
Apple has a track record of pushing limits, and of not releasing products that aren't highly refined. If they come out with an "iWatch," I'd bet it will be something special. And the following iterations will only improve it.
Your point is merely that innovation is something people don't see coming. I don't think it applies here, however.
Everyone wants an "iWatch," so much so that you can use the term and everyone knows exactly what you mean by it. Everyone wanted an iPhone...they were freaking begging for it for years before it came into being.
In this case, though, Intel's made a massive mistake. You can't pair a highly-durable good (bracelet with semi-precious stones, precious metals and exotic materials like "water snakeskin") with something based on personal technology. Very few people will spend $1,000 for the non-functional components of something that they'll replace as often as a cell phone. And almost nobody will do it twice.
Even more notably, the pictures they sent are of bracelets that make distinct statements with regard to color, texture, etc. They won't match just any outfit...which means that either the user must not come to depend on the bracelet (or they'll be disappointed when it clashes with their outfit and so they don't wear it) or buy multiples (which only amplifies the cost/disposability conundrum).
If they had a form factor that allowed for separation of the cosmetic (semi-precious stones, snakeskin, etc.) and functional (electronics) components such that you could swap the electronics module between shells and update it without having to throw away the whole bracelet, then this could work. It would also allow for a platform, however, where you could just wear the electronics module in something like a silicon wrist strap...and thus, that negates the whole point of Intel's idea here by caching the thing as a fashion accessory. As soon as someone puts it in a $10 wristband and notices that it doesn't do all that much that they need, everyone notices the emperor is naked, and they go back to buying bracelets from Cartier or Tiffany's instead.
The key to the iPad and the iPhone was that they were, at their core, supremely functional. That they had lovely form factors was just icing on the cake, and their cache as items of status followed from that...not the other way around.
An American would think that. Citizens from other countries may well disagree there. Especially because of that unthinking American preference for Americans in charge everywhere.
Really? Do tell us about all the governments that would rather have Iran or North Korea in charge of ICANN. Please :)
It doesn't have to identify all the objects in the area, it simply has to not hit them.
Actually, since the whole question of TFA is about ethical choices, it does have to identify them. It can't view a trash can as being equal to a child pedestrian, for example. It will have to see the difference between a dumpster (hit it, nobody inside dies) and another car (hit it, someone inside it may die). It may even need to weigh the potential occupancy of other vehicles...a bus is likely to hold more people than a scooter.
The question at its heart is not about object avoidance in the article...it's about choices between objects. And that requires identification.
...who's going to make the obligatory, in-poor-taste cancer joke?
Your analysis seems to assume that there are apps, and that is it. But in reality there are apps that are virus hosts in themselves. VB within Excel. Javascript within browsers.
Actually, no. There are apps and there is the OS itself. But by the time you're talking about the security model, the OS already exists, and anything you add to that is, essentially, an application. Delivery operates the same way, dependencies can as well. The VB that is within Excel is no less an app than the app that requires .NET framework be installed, a javascript that executes in the browser, or a java applet that requires a JRE. The fact that it depends on something else doesn't change the model. And any app can be malicious or friendly; even a friendly app can be modified or tied with a pre-executed piece of malware.
/. may be a software-centric site, but those of us in mechanical, electrical, optical, materials, and other branches of engineering are in the same basic position. But sadly, even in businesses which promote engineers into senior roles end up respecting people primarily on the basis of how many direct reports (that's the term for peons whose salaries they determine) they control. Until you're able to rate people by the quality/quantity of output regardless of altitude in the org chart, this problem will continue.
Indeed; the underlying basis of the article could really match almost any profession. Accountants, HR personnel, programmers, even admin assistants. Not understanding the role of a job invariably means not understanding its challenges or the value it brings. So what? This is not news. Hell, I've seen companies where they didn't understand the value of managers...and thus, promoted/hired people into such roles who had no skill at doing their jobs.
There are currently two solid alternatives to traditional AV. Unfortunately, one is not suitable outside of a well-managed (i.e., corporate) environment and the other probably would not work in a full-featured computer environment.
1. Whitelisting: Application whitelisting is really, really effective. There are ways to circumvent it, but that's true of just about any technical security control. The problem with it is twofold: one, someone needs to develop exactly *what* that whitelist is, and the average home user isn't really up to the task. Bit9 (the leader in the space) has gotten around this to some degree with a cloud-based archive of "known good" files and processes, but your standard home user will still run into a lot of things they don't recognize when they install. And what if one of those things is actually an existing infection? Then they will probably add it to their whitelist...or, on the other hand, err on the side of caution and end up breaking valid software on their systems. The odds of them hitting it exactly right are very small. And even then, they have to maintain the whitelist...so if they're taken in by that "YOU NEED TO UPDATE YOUR VIDEO CODEC LOL" popup window, they'll invariably end up authorizing whatever file gets downloaded ("'Trojan_video.exe'...sounds legit to me!") and infecting their system anyways.
2. The "Walled Garden" Model: In a lot of ways, this is like whitelisting built into the underlying OS, with the OS manufacturer being the custodian of the whitelist. This is how iOS works, so it's actually a proven model. There's only been one discovered instance of malware that's slipped into the App Store, and that was easily eradicated with the press of a button back at the Apple mothership. But on the other hand, there are ancillary effects to forcing all devs to go through a single clearinghouse for software. Apple's cut of the profits, and their cut of any revenue passing through any app sold through the App Store, are obvious issues, but the antitrust risk of a PC OS with only one place to go for software is a latent...and larger risk, going forward. One court decision can break the model entirely; if Apple doesn't collect at least some money from developers, then there's no money to support the App Store and the activities around it. But if there's no central authority, then there goes the chain of trust that's necessary to maintain the safety of the OS. And there's complexity in a PC-based OS environment that you don't find in a tablet or smartphone; in the tablet/phone model, each application is an island, separate onto itself for the most part. You don't have browser plugins, underlying execution environments or interpreters (Air, Java, .NET, Python, Perl, etc.).
Either way, the "blacklist" approach doesn't work. It's all fine to point out that other things (firewalls, IPS, etc.) need to be in place, and that's true...but malware is its own threat, and cannot be fully addressed by solutions that only focus on the attack. Applications will have vulnerabilities; railing against this hasn't accomplished anything in two decades. People will make mistakes, or be social-engineered into doing things they should not do. Supply chains will become infected (remember cameras, USB drives, etc. that have come with malware?) and sometimes those mistakes will affect people besides the mistake-maker. So there needs to be a way to address malware itself.
There are two approaches that, while theoretical, also hold promise. The issue is that they are pretty much theoretical; there's no existing implementation of either of them on any scale, or as a deployable off-the-shelf technology today.
3, The Managed Immunological Response: Assume that malware will exist, and somehow get onto systems. Most complex organisms hold pathogens within themselves that are harmful...and in many cases, even contain them in a symbiotic relationship. Eradicate E. Coli from a human's lower GI tract and they'll develop problems, for example...but E.
If we have this much surplus, clearly we're buying too much. I know that if I find myself giving away cans of green beans, I make sure I don't buy a whole pallet the next time I'm at Costco.
We just demobilized from one war, and are nearly done pulling out from another. Surplus is what inevitably happens as a result.
Look at it like this: when you get back from a camping trip, do you set the tent back up at home, and use the cook stove to cook your meals at home too? Of course not. And military equipment is usually better off sold rather than mothballed, especially since the threats keep changing and the cost of upgrades on gear that's in storage (don't forget the logistics) is greater than the cost of replacement, all other things taken into account.
That said, I wonder how much of this billion dollars is from MRAP donations. The military is giving nearly all of their MRAPs to law enforcement agencies, and they aren't exactly cheap. So that could be the bulk of this, easily.
Great dad, in my opinion. My kids grew up involved in hunting, fishing, and shooting sports - but a trip to a refugee camp would probably have cured them of the FPS BS faster than anything.
Fortunately, they were never really into videogames.
Aaaaand...what kinds of movies did they watch, perchance? Did their dad keep them on a strict diet of Barbara Striesand? No? A few action movies, then? Hm.
Games are one form of entertainment. If someone is going to condemn simulated (and unrealistic) violence in one medium, they really should do so across all media, don't you think?
doesn't that mean my entire face would be 1 pixel large?
I think Slashdot editors believe that all of the readers must be profoundly obese chinbeards...as in, multiple chins, and a beard for each of them.
The one nice thing about Android (assuming a rooted device) is the ability to turn on and use Linux's iptables to prevent apps from phoning home. After that, Xposed and XPrivacy are good (although the interface is nowhere as nice as Protect My Privacy from Cydia on iOS) to enforce restrictions on apps that ask for more than they should.
It would be nice if XPrivacy would fake data like PMP does, so if an app asks for GPS info, it will get GPS info, but not anything useful, or if an app asks for contacts on the phone, it gets random sets of garbage.
This is all fine and good, until one app that you want to phone home uses AWS or Cloudfront, and so does another app that you don't want phoning home. Firewalls have never been a good approach to application security...evidenced by the fact that "application security" became a concept long after firewalls were commonplace.
It's kinda terrifying that the people making fast, heavy lumps of metal with computerised control systems don't already routinely isolate those control systems from any other computerised technologies in the vehicle, particularly any that can interact remotely. They shouldn't need to be publicly admonished about the dangers of these situations. Don't these organisations employ actual engineers any more?
But given that it does seem to be necessary to make a public display of this -- which presumably removes any plausible deniability if the auto makers do get sued after an accident later, so I can believe it will at least get their attention -- I'm glad it seems to be a responsible group with the right motivations who are starting the ball rolling. If it were just a bunch of lawyers or insurers, the general public could write the campaign off as the signatories just looking out for their own interests.
Problem #1; you can't isolate those systems, in the context of the reason for why they exist.
So, let's look at OnStar, or Hyundai's Bluelink. These are systems that connect to larger infrastructure over public or semi-public communications channels (i.e., cellular) for a variety of purposes. Such purposes include being able to start your car remotely, notify authorities of an accident even if you are incapacitated and unable to call for help (especially in that case, actually) and recover your car in case of theft. All three of those functions inherently require access to engine functions (in a read-write sort of way), GPS, and/or OBD-II data. And you can make a strong argument that many of these things are beneficial from a safety perspective as well. But you can't have them if you isolate the control systems from any other computerized technologies...you absolutely cannot.
On the flip side, you *could* isolate the systems that manage our financial accounts...banking, stocks, pensions...from any other computerized systems. But then you'd lose online banking, bill pay, ability to trade in stocks and other financial instruments without going into an office, etc. But that industry has figured out how to connect things together without the world coming to an end, despite the tremendous opportunity and motivation it provides for criminals. The car industry can figure this out too. I dare say it's easier to figure out how to develop a reference architecture based on the CAN II that is secure than it is to secure all the various interconnections of the financial industry. And it also bears mentioning that once upon a time, the financial industry got egg on their face too for security problems. This is the normal evolutionary process.
The only way around it is to avoid storing sensitive data on the phone.
This must also be an important issue for those that uses phones as security tokens, i.e. banks and other important institutions that sends an SMS with credentials to provide verification - it's a very insecure solution since the phone may have an app that forwards the credentials to a third party that can use this to access the system.
Avoid storing sensitive data...like the phone numbers of other people? Like the text messages you send? Just using this phone...to make phone calls, mind you...results in data being uploaded. I don't see how "not having that data" on your phone is really an option. It's a goddamned phone; you're going to have to use it, some day.
I also seem to remember that Apple got into problems because they were uploading user data without permission.
Nope. They got into trouble because somebody found location data in logs on the phone, and assumed it was being uploaded without actually testing that theory.
Right...and even then, this was location-based information that Apple said the phone wasn't collecting. It could just as easily have been a misunderstanding about underlying software behavior at a low level (or even that the programmer who built it that way didn't even work at Apple any longer) as anything else.
"due to Netflix arbitrarily blocking the Linux build"
i.e., generating a valid page based on detection of a Linux-based USER-AGENT from the browser, to save the user from trying to troubleshoot what has been, until recently, a problem that the user could not fix. Hardly sinister.
It's also trivial to change the pics slightly (change one pixel from black to white, for instance), and completely change the hash so it doesn't match. Thus matching hashes is... less than useful... against an even moderately smart CP'er.
Very true...but the point of any technology is never to be a 100%, totally foolproof approach; that is never possible, with anything. And if only one image in a collection is a match, then you have caught the person who owns it; you don't need to match more than that. Human investigation, at that point, will catch the rest. Going one step further, you don't even need to catch every single person...catch one in a group that have some form of relationship to one another, even just online, and you can round the rest up through a combination of digital forensics and plain-old gumshoe investigation. This tactic also doesn't come at the expense of other means of catching people who trade in child porn...it's a net increase in the availability of means to catch such people.
NCMEC has the collection of actual illegal pictures. They have government permission to have them.
Everyone else (Microsoft, Google, Facebook, etc) just has the list of hash values. Totally legal for them to have.
This system has been public knowledge for at least 3 years. Just google NCMEC and follow the links!
And (since someone always complains) yes, the people running this know what a hash collision is. They are experts with hash functions and image processing.
Let me give a bit of detail to this. NCMEC has a collection of actual illegal pictures, as do the FBI. This, in turn, can be turned into hash/size tuples...which makes it very, very easy to automate searching for content without 1, needing direct human observation of anything but the content that matches a signature, 2, requiring much work on behalf of Google/Microsoft/Apple/, or 3, actually giving pictures of child pornography to the provider. Essentially, it's trivial to repurpose technologies intended for DMCA patrolling/enforcement to this task, and I'd argue that it's a much better use of those technologies than what we've been seeing currently.
...Apple locks users of Windows 8.1 and earlier out of FaceTime.
Wah.
"Idiot", "moron". You sound like a bunch of poor kids struggling in a lousy job economy, hurling insults at a successful man able to afford an Infiniti.
Except it's obviously a ploy by the car makers themselves.
Daring acts (like this scripted advertisement you're all being fooled by) will drive consumer demand for autonomous cars.
I think the word you were going for was "plebeians," there in the title...but maybe I didn't here you correctly.
"Who wants some chimichangas, huh? Best thing I ever did was install this deep fryer in the 'bago."
"Ron, why do you have this bag of bowling balls and this terrarium filled with scorpions?"
"Oh, it's a long, crazy story!"
"Hey, Ron. Cruise control just regulates speed, it doesn't steer."
"Come again?"
And yes...this is EXACTLY what came to mind when I read this :)
So as I understand it, what's desired is a solution that will just plain work out of the box as soon as you plug it in, and will require no work/help from the users at the other end to keep it working. Teleconference (video and audio) calls need to be auto-answered at the remote end, provided it's the right party calling them; effectively, the remote endpoint needs to have neither control over the system nor responsibility to keep it running. I presume to some degree this is to be able to check up on them and make sure everything is okay, as much as it is for more social uses of telepresence?
So, do this:
1. Send them one of the new "smart TVs" that comes with a webcam built in.
2. Get a job at the NSA.
3. Profit!
Thank you for obeying!
You don't understand Singapore. I know it sounds quite bizarre to a Westerner, but the citizens of Singapore *want* this. This is what they actually value; the common perspective differs, in that they feel that the needs of the society of the whole are greater than those of the individual. This level of control isn't something that they're obeying...it's something that they're desiring, facilitating, embracing. And while I'm with you in my preference of a more Western form of social balance, it's also hard to argue that Singapore is actually a bad place to live or be.
"What could possible go wrong...?"
That's true of pretty much every solution to any problem though...isn't it?
The real question is this...what could possibly go right, by doing nothing?