- whenever you want to use the benefits of her Prime account, just create a new whishlist, share it with her, and let her buy it on her account providing her a payment form. If you don't share or want to supply your personal payment data to her, I don't really know about Luxembourg but in Portugal we have many types of virtual credit card systems, that you create for any purchase and add a limit to it, so that you don't have to share or put your physical card on the web (I never even have placed my physical card on my 10+years of online shopping because we got this cool system in Portugal).
Easiest way I've found is for friends to simply send me an Amazon gift card in the exact amount. They select their items, I give them the total (they can add it themselves if they wanted, but sometimes I like totaling it up to make sure) and they buy me a gift card in the exact amount (Amazon lets you do this). They give me the code and I enter it into the payment form, make sure it ends up as $0 off my card and order is placed.
Yes, Amazon lets you buy a gift card for an exact amount down to the penny. And anyone with an Amazon account can buy one and send it instantly to someone else.
In that case, I conjecture it could only do so by phoning home to Microsoft to check the URL against a remote on-line database... but that would then raise a massive privacy tsunami about remotely communicating what URLs you're visiting to some dark-site server somewhere in Redmond, WA. If so, let the tin-foil hat parade commence.
Youi realize that Google's anti-phishing thing works exactly the same way too? Except instead of Seattle, WA, it consults Mountain View, CA?
Ostensibly, Google actually has more information, since basically all the major browsers (Chrome, Firefox and Safari) all use Google's API, whereas now, Microsoft only got Edge and now optionally Chrome.
There is actually a standard for this, called CEC, which is implemented on some TV-connected devices. Unfortunately, TV receivers uniformly suck at implementing it. You wonâ(TM)t find a TV tech who even knows what CEC is.
CEC is implemented on a lot of things. Most TVs support it (usually under some branding, like LG's SimpLink, Sony BraviaSync, Samsung and others all have it as well). Most receivers do as well (the ones that don't generally are the boutique very high end ones - the ones you control with a Creston smart home system or other thing)
The problem is, it was never a fully fleshed out specification, so they all suck and interoperability is generally poor unless EVERYTHING is from the same manufacturer. If you get it to work, great! Enjoy it while it lasts, because it will break sooner or later.
The AVS Forums are full of people who say "CEC is the best thing ever!" followed by "CEC stopped working - why?!". Sometimes a full system reset works, other times it's broken for good. And this happens even if nothing changed. (And then you have people countering "CEC is unreliable" with "It works great for me!" in threads where well, CEC suddenly broke).
Primary motivation for rolling HTML5 media was that Flash was too easy to auto-block.
HTML5 video is easy to auto block as well, because browsers don't have to load the media associated with the tag. Even better, they don't have to obey the autoplay property (and some browsers don't).
Browsers also make it possible to avoid javascript toggling video playback - they can simply insist that a user click is required to start playback, not some piece of javascript "clicking" the button.
This is a lot better control than what you had with Flash - because if you wanted to see flash, it was all, or none. You either had to block it all and selectively click the ones you wanted to see, or you didn't and they could do whatever they hell they want.
It looks like the drug companies charge what they like because the market in the US is fixed.
No, it's because in Canada and Europe, the state buys from the drug companies. When an entire country is buying the drugs, they buy in bulk because they're buying for everyone in the country. This sheer buying power means they can demand good pricing for drugs. (In Canada, it's actually bought at the provincial level, but many provinces have joined forces to group buy the drugs, again, because it increases their leverage and buying power).
In the US, pharmacies pretty much have to fend for themselves. Sure, the hospitals often have more buying power, as are chain pharmacies, but when you've got basically no buying power at all (what, you don't want to pay? Well, your customers can go across the street to the pharmacy that carries the drug instead), prices get jacked up.
And let's not forget it's the state that also sets the laws regarding generic drugs and such - it's a very powerful weapon when you can ask, but you can't ask too hard because your monopoly is dependent on your customer. Sure the companies can bitch and whine all they want about withholding drugs and such, but it's a threat they rarely follow through because it means forgoing a lot of money now just to make a point, without saying there aren't going to be other companies willing to fill in the gap and undercut you.
I did mine back in early March (via the IRS's own freefillableforms.com). But, since I owed money, the date I picked for the IRS to withdraw the funds was today - and that withdrawal hasn't happened yet, which very well might be due to these problems.
So your implication that this only impacts last-minute filers is not necessarily accurate.
And accountants, some of the most conservative people on the planet, don't schedule things for the last minute. They always schedule payments a few days early because crap happens. Because well, crap always happens.
So they'd schedule a payment a few days prior, because who knows what can happen. The payment system can go down. Or perhaps the payments get delayed (electronic transfers, while generally instant, can occasionally get "lost" in the system, so the money may have come out of the account, but it's not actually posted into the recipient's account yet).
Or better yet, perhaps your account gets locked because of suspicious transactions. Far better to have a few days to sort things out than have to scramble with the banks on the day the payment goes out.
They always have a "just in case" ready.
And you know what? Those that paid a few days early wouldn't have been stressed out the few hours realizing they couldn't make a payment and having to scramble to find an alternative way to pay or hope an amnesty would be announced.
Evils of government and all, but the few cents of interest you'd make just isn't worth the added stress then crap happens. Giving yourself a few extra days to sort things out is a godsend when you're ending up spending hours on the phone.
I often wonder if these government institutions actually live in the real world.
The common sense thing to do if their payment system is broken would be to postpone the due date for payments!
No, they live in the real world. If you ask any accountant, they say to never pay on the due date - you always pay a few days ahead because you know what? Crap happens. Systems go down, and if they're going to go down, as someone who works in the IT field, you know it WILL go down when you need it most.
So every accounts payable always gets paid a few days before the due date - that way if the system goes down on the due date, no big deal, the payment has already gone through. If the system is down when you make the payment, you have a few days to send payment through an alternate means.
Plus, it's not like you are forced to pay on only one day - you can pay early.
Paying early also accounts for delays in processing - just because you paid it, doesn't mean they received it, so it helps account for that delay, even in electronic transfers.
There seems to be a common misunderstanding that WSL is running a Linux kernel. It isn't. WSL is still running on the Windows kernel. People think of popular Linux distributions as being Linux, but they're only Linux because of the kernel, not because of the tools they're bundling to create a distribution. When you switch to a BSD or Mach kernel using the same tools, you're no longer using Linux, regardless of the programs you're running. That's what WSL is too. It's a distribution's bundled tools running on a different kernel, in this case the Windows kernel.
It'd make more sense to call it Ubuntu on Windows. Really though, it makes more sense for MS to call it "Linux" because that's what people think of when they hear the word. Otherwise you'd have "GNU on Windows" and spend all your time explaining you're talking about running a Linux distribution on Windows without using actual Linux. It's like insisting people use the original meaning of the word "hacker." If you use the word to mean what it really means, then people won't understand what you mean.
I know this post is pretty much off topic, but a lot of people still seem misled by the term and I hope at to help clear up the misconceptions for a couple people.
Exactly. A lot of early comments about WSL was about how "the Linux side is a security hole". Not beyond typical Windows - because the Windows kernel still enforces security permissions even for WSL.
It's really more of a kernel personality - BSD has a Linux personality so it can run Linux binaries easily by emulating its system call behavior. Windows is doing the exact same thing - for WSL, it's emulating how Linux does system calls. And since the Linux system call table is public information (how to make a system call, register contents, etc), all anyone needs to do to add Linux support is emulate those system calls.
And just like Debian on BSD calls itself "GNU/kBSD" to show it's a GNU userspace (versus BSD userspace) on a BSD kernel. So technically this is more "GNU/kWindows" than anything.
Oddly, it's probably the closest to a full POSIX implementation WIndows would ever have - its POSIX implementation back in the day was fairly limited.
Twin Galaxies is part of the high scores community, not the speedrunning community. There's actually less overlap than you'd think - partially because TG was widely seen as not up to the standards of the speedrunners. (Other reasons are just the different game eras - TG/highscores tend to be pre-NES while speedruns are primarily NES and later)
The new crop of management at TG definitely seems to be headed the right direction, but I don't think most people have forgiven them yet. It's been a common criticism that TG took way, way too long with their "investigation", and was far too willing to entertain the theories of Billy's defender club. The general mood appears to be "guarded optimism".
There's been talk of trying to replace TG but so far nothing's come of it, and I think it even less likely now that they're actually purging the fraudulent records.
You have to remember that Twin Galaxies started as an arcade. They starting recording down the high scores done in their arcade which lead to them being the go-to source for arcade high scores. And back then, if you wanted to submit a high score, you had to travel to their arcade and perform it on their machines.
Of course, then the consoles happened and like most arcades, they shut down and their high score table was the lone survivor. Now they do demand video evidence of high scores which must be done on a real machine with real settings (I believe you must film the settings used). They don't typically do NES and later games because well, they have an arcade heritage and arcades fell out of favor in the late 80s. That doesn't mean there weren't good arcade games, but most of the arcade high scores died out as well as games stopped scoring people and arcade games moved away from the "arcade game" genre.
Now, the reason to defend the scores is simple - it's way too easy to be good and be accused of cheating - ask anyone decent who's played an FPS and getting aimbot accusations. This is especially true of old records which have been around a long time - it's not like you can ask someone to replay the game, and if the video is only standard def, it can be hard to make out details.
So it's really best to err on the side of caution unless it can be proven there was a cheat involved. I believe in this case, they had to rely on the very slight difference between how MAME and the real hardware drew graphics. For that, you'd need to prove it in hardware and MAME, and also prove it in the video (which takes a long time - if it's poor quality video (say, standard def), it can be very hard to make out the drawing differences). It probably involved lots of people reviewing the footage frame by frame trying to see if that weird blink counts. And as long as the debate rages and certainty isn't assured, the prudent thing is to let the records stand.
And heck, you probably want to contact the guy and ask him to defend the accusations as well.
It's a very fine line - I'm sure Guinness themselves go through a lot of processes in case one of their records is questioned. (And for a lot of them, they are personally witnessed, but even then you can try to pull a fast one. It's one of those things where cheating will always be prevalent - if not for money, then the prestige. And a lot of the time, the records get beaten by bending the rules.
Actually, how does Linux support the 68K CPU? It doesn't have an MMU that's required. I know there was a version of Linux called uCLinux that worked on MMU-less (and MMU-lite) processors like the 68K, but I've found it quite unstable. No hardware support for protection means a bad pointer literally will take down the system.
So it was neat, but completely pointless in the end. All it took was one bus error and you'd be rebooting.
Now, there were later 68K CPUs with MMUs (I believe the 68020 had an external MMU chip, but the 68030 was fully capable of Linux). Heck, there were a couple of bad instructions in the 68k that made a "modern" OS impossible (i.e., you can call them from user mode) - that's why it was revised into the 68010 to allow proper user-supervisor mode separation.
I think the problem is these crappy reality shows are relatively cheap to put on, you don't need to pay the contestants and the prizes are generally a fraction of what real actors/script writers etc etc would cost. I saw a recent article claiming it was at a minimum double the cost for series episode and that is for the cheap less successful ones where they don't have to pay the talent as much.
True. It costs a lot less to produce a reality show - no writers and cheap actors (sorry, participants) and such make it really low end. And even worse, people watch it which means they attract advertisers and thus, money.
However, there has to be a balance - CBS does really well because they aren't all reality shows - they have a few hit ones, but they also have bought and show a lot of scripted shows as well - turns out audiences don't want all reality, but the right mix.
I agree with him, it's way worse. Yes, there were always trolling and flame wars, but it *didn't matter*. Remember that (offensive) saying "arguing on the Internet is like the special olympics - win or lose, you're still retarded"? That was the attitude. Now you've got national security interests saying trolls swayed elections, you've got organized forces viciously fighting life or death battles for mindshare, I mean seriously fighting, like it means something. It's a totally different world today.
The problem is, ordinary people use the internet today. Back when "it didn't matter", it was just a bunch of techies playing around with a toy that's neat and all the crap that happens was ha ha ha good joke insider thing.
But the internet proved that such a useful tool could not be the realm of techies forever. It, like the computerization of everything, meant that its utility was far too great to not be an influential part of everyday life. Even before the internet, it was envisioned by people having access to endless stores of information - be it through a guide with the words "Don't Panic" in large friendly letters, or other database of knowledge.
So it became a tool for the ordinary people who took to it like flies to honey. Which unfortunately had very serious side effects - the casual posting of everything online (there was an old online adage - never post online what you don't want to see in the New York Times tomorrow? As in, what you post may be splashed front and center for the world to see? Imagine how Facebook would be if people realized what "privacy controls" actually meant), to simply, the internet does not forget - what happened is now tied to you, forever.
And the biggest lesson of all? Never trust what you see online. That's a lesson that gets forgotten all the time, from spreading email viruses, to phishing, to trolls.
What's really incredible is these lessons were taught when I was in high school (in the 90s) before the Internet took off. These days, it seems no one is teaching it in any sort of class, not even an "online safety" style course. Hell, I bet this whole "digital natives" thing probably prevents them from hearing these lesson from us, the "digital immigrants" who always grew up with a skeptical look about online information.
Also, it's ultimately up to the browser whether to enable copy/paste or not.
And I know Firefox lets you bypass those blocks by holding the Shift key and right-clicking. (This stops Javascript execution of the right-click event, so the regular right-click Firefox menu will display with all the normal options).
I assume other browsers have similar features to bypass Javascript.
And it's not just US government works. It's also Canadian government works, and I assume every other government as well.
Not all Canadian government documents are actually free to view. There is such a thing called Crown Copyright that holds the copyright to basically everything written by government (it doesn't automatically fall into public domain). To see if you can make copies of a document, you must contact the agency or department that produced the document for permission.
The only exception to this are laws - federal laws that get enacted, or already on the books are allowed to be reproduced freely by anyone. However, it is the responsibility of the reproducer to ensure the resulting copy is accurate.
Provincially, there are a bunch of other laws allowing restricted reproduction of documents produced by the provincial government and they can be downright odd. (E.g., BC allows a librarian to make a single copy of a law for a patron, provided the patron uses it for their own personal use, or for legal use (getting copies of legislation referred to by lawyers and accountants for procedural purposes). You're not allowed to make copies or any more without prior permission).
Can someone speak to what the exploit is? Does it have to do with bypassing the 10 PIN entry lockout limit?
Well, given it's running its own code, it involves jailbreaking. And yes, there is the Electra jailbreak for iOS11. The only difference is this unit's jailbreak need only involve tethered jailbreaks, which are far more plentiful than untethered jailbreaks like Electra (which was one of the first since iOS 8 or 9).
We also know that it's likely involving elevated permissions - perhaps going so far as to force a hard power down before the secure enclave can commit the changes it needs to nonvolatile storage. (In some more secure architectures, power down is handled by telling the secure processor to shut everything down, so it will commit its changes to storage prior to turn off. But most SoCs I've seen will tell the PMIC to turn off the rails and there it goes, without giving the security processor a chance).
These would be the most reasonable points of attack - you can start with jailbreaks simply because you need the ability to run your own code - we know it runs on the device directly.
And yes, complex pass codes are a thing on iOS, and can be done with not too much hassle given you can use TouchID or FaceID to alleviate a lot of the pain. (iOS mandates a 6 digit passcode now, it's only 4 if you've upgraded without changing it).
I am surprised that HTC is on the 3-4 list. I've had very good luck with them ensuring that patches come out on time. Even though they are not a "tier 1" maker like Samsung, they produce decent phones that may not have the latest bells and whistles... but they do the job and do it well. They also allow for bootloader unlocking, which is a make or break thing, as a root firewall is a must these days.
The article is not about patches coming out on time. It's about patches that come out missing.
It's easy to make a security patch that patches nothing other than updating the date you see in the about screen.
That's what the article is about - just because your device is "up to date", doesn't mean it has all the patches. They basically took a patched phone and re-ran the vulnerability tests on them, only to find the patches were not applied despite claims they were by having the patches up to date.
Problem here is that large loads are easily filtered out. What they are using is a load variation of about 10 watts or so. So when your AC unit starts, it's pretty obvious and easy to remove the signal.
What you need is a randomly variable power consumer/producer that can sufficiently randomize the small variations in power consumption and *possibly* make it too hard to figure out what's the data signal and what's just random noise. Even then, it's going to be pretty difficult to truly hide all possible data transfer using this technique. You may slow down the data rate possible, but I don't think you can totally mask this power consumption variation.
The thing is, the bits are *modulated*. You're not sending bits using load - say, +10W for a 1 and 0W for a 0. No, you cannot tell the bits apart this way.
Instead, they modulate the bits, by spiking the CPU cores at varying frequencies. You can detect these much more easily, and you can filter out the large loads since those generally are constant.
They use FSK, so presumably they can say spike the CPU at 10Hz (giving a 10W-0W cycling at 10Hz) to represent a 0 and do it at 20Hz to represent a 1.
But, two questions: first, can they compete with companies like Garmin and Google who have tons of money and clients, plus smart people who could try to reverse-engineer these improvements and roll them out basically for free? It could easily be worth it to crush competition. And, if the success of the probabilistic model is based upon having many clients, do they get this level of improvement everywhere, or only in higher-traffic areas like cities?
I don't think they're aiming to compete with Garmin and Google. They're aiming to sell their technology to Garmin and Google to have not just lane guidance, but lane accuracy as well. One of the annoyances I had was despite Google having lane guidance, it would only provide it when I got close. Why not tell me to change lanes after turning so I can prepare myself ahead of time and not have to go from one side of the road to another?
Not only that, but it can reroute ahead of time - perhaps I'm in the wrong lane - it can ask me to change lanes, but also prepare a new route in case I'm unable to change lanes for whatever reason.
Driving a car, to a location, 1.5m accuracy who cares. What I want to know is the basic route and where to park when I get there, what the location looks like, what the entry to the carpark looks like and the best route to a carpark, close to the final destination.
If you want that, Google Maps already gives you that. Every step in the step-by-step driving instructions has a little Street View thing beside it so you can tap it and see the intersection and buildings and landmark ahead of time.
Why do the telephone companies allow callers to spoof the originating number?
Because the design was to allow companies and other entities with multiple phone lines to have them all present the same phone number when an outgoing call is made. Most PBX's don't maintain a 1:1 mapping between phone numbers and internal lines, so when you make an outgoing call, it randomly picks a free phone line and connects your call using it. Being random, if the phone company provided ANI directly, you'd get some oddball number that won't answer (because the PBX wasn't configured to allow those phone lines to "ring"). Instead, the PBX would tell the phone company what number to show, in this case, say the main phone number of the company.
The same goes for DID (direct inward dial, aka direct line) numbers. Again, there's no 1:1 mapping between phone lines and numbers (and many companies maintain far fewer lines than numbers - in this day and age, they may get away with say, 10 phone lines despite having say, 60 people/phone numbers assigned). In this case, an outgoing call will cause the PBX to assign one of those random lines to your call, and the PBX will tell the phone company to use your direct number for caller ID (so people will know it's you calling). On the reverse side, the same thing happens - if you call the direct line, the phone company picks one of the random lines and tells the PBX what that line is supposed to connect to. This also makes it trivially easy to upgrade phone lines - if the company discovers that calls are dropping because all 10 lines are busy, they can easily upgrade to another few lines by calling the phone company to give a larger fraction of the T1 or so and configuring the PBX to recognize the new lines.
What phone companies need to do is source filter the numbers, just like how we source-filter IP addresses. I.e., the numbers that can be reported for the caller ID can only be the numbers assigned to the company, and any attempt to spoof a different number is simply dropped.
One of the reasons electric cars have been so slow to take off is that they don't have an exhaust system that sounds like a twelve-ton hog farting through a giant trombone.
Right; we've just been turning our noses up at all the various models of viable electric cars over the years because they weren't loud enough. Or you're completely imagining shit./b
Well, that is one of the reasons why. Think of it this way - cars have gotten much quieter of late. So much so that many cars actually have "engine augmentation" - i.e., car engine noises are piped into the audio system of the car to make the engine sound "bigger" to people inside.
And Audi has been working for years perfecting the sound of their E-trons - they have an outside speaker that plays an "electric engine"type noise (take a motor noise, sweeten it up a bit and make it sound futuristic)
And of course, we have motorcyclists which seem to have a serious flatulence problem... farting down the road so badly it reverberates for many city blocks.
True, but the perfect is the enemy of the good in this case, and one has to start somewhere. It would be nice if everything can be made in the US, but one only can do so much, and this is a lot better than just buying something from a Chinese OEM/ODM and "badge engineering" the product.
So System76 is not doing anything that every other white box computer maker in the US is doing. There are plenty of companies who assemble computers in the US - they range in size from mom and pop computer shops selling their own prebuilt PCs to companies like Dell which can and do assemble PCs in the US.
Given their pricing, I would've thought their computers were assembled in the US anyways.
OTOH, maybe their a Tier 1 OEM now, which means they can manufacture their own boards in the US. That is more unique (though there are many other white box companies that can do this as well), in which case that's a bit more impressive. But given their volumes, it's probably not a difficult thing if it's designed elsewhere. There's a lot of small contract manufacturers out there and they can handle motherboard production quite readily. (The company I work for often uses local CMs - the PCBs and parts often come from overseas, but small runs of units we generally use a local CM to stuff the boards and test them. Larger runs we use China.
Right? About the only thing worse would be a kernel vulnerability in something silly like fonts...
The beep vulnerability makes a lot of sense, actually. Related to this update, I recently learned that the ubiquitous beep used to be driven by reprogramming the system clock. Naturally, that kind of hardware access is something that should be a system administrator function, restricted to root on *nix systems. It would make sense, then, that any vulnerability there would likely be a privilege escalation.
Font handling is not easy, especially in modern days. It might seem easy (after all, TeX works by pushing around fixed-sized boxes, but that doesn't work in a modern i18n world). Take for example, letter decorations. Beyond the Euro languages which generally just have accents and such, some languages have a lot more they can put on letters. And then the order of the decorations can be important as well as where the character appears in the string (e.g., Arabic is bad for this - add a character and the "word" can enlarge in size, shrink in size, etc. It's one of the ways iOS was compromised - if you attempt to replace a long word with a split one (e.g., instead of showing "This is a really long message to fit on the message box of the screen", it will want to cut it and show "This is a really long message..." or "This is a really long mess..."), the string can actually take more space to display than if you added more characters.
Rendering fonts is no longer easy - some languages seem poised to make it especially difficult because the shape you use depends on so many variables (decorations, preceding words, location of character in the word, etc) so it is no surprise that there are vulnerabilities. Depending on where your font rendering code is, this could be a serious one or a minor one.
As for the beep package, on the PC, the system speaker is connected to the timer chip. In order to control the pitch and duration you have to reprogram the timer chip (which can be the main timer chip as well) in order to cause it to make noise (you have to have access to a couple other registers as well - there's an enable line and an "amplifier" enable line used to connect the timer output to the speaker itself).
This inflexibility of the PC speaker is what makes PCM output using the speaker impressive.
Another bonus is that it would also eliminate religion.
It only eliminates what we know of religion today - you know, the classical Christianity, Islam, Judaism,etc.
It will not eliminate upcoming religions like technocracy (worship of technology/technology can do no wrong - though not an official religion, there's quite a few people who actually believe this), and worship of the "all powerful AI"which will emerge soon enough.
The problem with technology is it's frustratingly neutral. For all the positives, there are negatives to it. Think of any technology and you'll see it can be used for good AND bad. Nuclear technology can give us clean energy, or destroy cities. Cars get us places, but demand way more attention lest we end up killing. The internet was supposed to educate, inform and give voices to the little man, but it's also used to oppress, enrage and troll.
AI can be used for good and evil. It will not care which it is. The best we can do is realize what can happen and try not to let it.
Heck, even Star Trek saw the issue arising, which is why they had "ethical subroutines" and other things for Data, compared to Lore. Even Knight Rider explored it, with KITT versus KARR. And of course, there are the Asimov's Three Rules, whose exploration of which covers many books.
Best use for WSL that I've found is to finally have a good SSH client on Windows.
I've switched to using WSL instead of Cygwin on my Windows 10 systems. Cygwin is nice (all binaries are Windows binaries), but it's just a lot easier to have a full Debian or Ubuntu or whatever installation around. (Notably, Cygwin doesn't have standard C library manpages). Plus, I get full access to the repositories of those distributions - if there's no Cygwin port of something, you can try compiling it, but it may or may not work. WSL, I can apt-get what I need.
It's not the best, but it's usable enough that I can run important stuff on it. Plus, Windows ports of some utilities are hokey and run better under Linux (like youtube-dl).
That said, Cygwin still has stuff WSL doesn't, like an X server.
Except it wasn't in-store purchases that were hacked. It was online purchases - the chat software was a SaaS package Best Buy, Sears, etc. all used that got hacked.
It's not about Point of Sale machines being hacked (this time), but how one company has software used by lots of other companies got hacked. Closest example would be bad ads being served up, except instead of the site hosting the ad, it was a piece of utility software instead.
Slashdot Mirror
Easiest way I've found is for friends to simply send me an Amazon gift card in the exact amount. They select their items, I give them the total (they can add it themselves if they wanted, but sometimes I like totaling it up to make sure) and they buy me a gift card in the exact amount (Amazon lets you do this). They give me the code and I enter it into the payment form, make sure it ends up as $0 off my card and order is placed.
Yes, Amazon lets you buy a gift card for an exact amount down to the penny. And anyone with an Amazon account can buy one and send it instantly to someone else.
Youi realize that Google's anti-phishing thing works exactly the same way too? Except instead of Seattle, WA, it consults Mountain View, CA?
Ostensibly, Google actually has more information, since basically all the major browsers (Chrome, Firefox and Safari) all use Google's API, whereas now, Microsoft only got Edge and now optionally Chrome.
CEC is implemented on a lot of things. Most TVs support it (usually under some branding, like LG's SimpLink, Sony BraviaSync, Samsung and others all have it as well). Most receivers do as well (the ones that don't generally are the boutique very high end ones - the ones you control with a Creston smart home system or other thing)
The problem is, it was never a fully fleshed out specification, so they all suck and interoperability is generally poor unless EVERYTHING is from the same manufacturer. If you get it to work, great! Enjoy it while it lasts, because it will break sooner or later.
The AVS Forums are full of people who say "CEC is the best thing ever!" followed by "CEC stopped working - why?!". Sometimes a full system reset works, other times it's broken for good. And this happens even if nothing changed. (And then you have people countering "CEC is unreliable" with "It works great for me!" in threads where well, CEC suddenly broke).
HTML5 video is easy to auto block as well, because browsers don't have to load the media associated with the tag. Even better, they don't have to obey the autoplay property (and some browsers don't).
Browsers also make it possible to avoid javascript toggling video playback - they can simply insist that a user click is required to start playback, not some piece of javascript "clicking" the button.
This is a lot better control than what you had with Flash - because if you wanted to see flash, it was all, or none. You either had to block it all and selectively click the ones you wanted to see, or you didn't and they could do whatever they hell they want.
No, it's because in Canada and Europe, the state buys from the drug companies. When an entire country is buying the drugs, they buy in bulk because they're buying for everyone in the country. This sheer buying power means they can demand good pricing for drugs. (In Canada, it's actually bought at the provincial level, but many provinces have joined forces to group buy the drugs, again, because it increases their leverage and buying power).
In the US, pharmacies pretty much have to fend for themselves. Sure, the hospitals often have more buying power, as are chain pharmacies, but when you've got basically no buying power at all (what, you don't want to pay? Well, your customers can go across the street to the pharmacy that carries the drug instead), prices get jacked up.
And let's not forget it's the state that also sets the laws regarding generic drugs and such - it's a very powerful weapon when you can ask, but you can't ask too hard because your monopoly is dependent on your customer. Sure the companies can bitch and whine all they want about withholding drugs and such, but it's a threat they rarely follow through because it means forgoing a lot of money now just to make a point, without saying there aren't going to be other companies willing to fill in the gap and undercut you.
And accountants, some of the most conservative people on the planet, don't schedule things for the last minute. They always schedule payments a few days early because crap happens. Because well, crap always happens.
So they'd schedule a payment a few days prior, because who knows what can happen. The payment system can go down. Or perhaps the payments get delayed (electronic transfers, while generally instant, can occasionally get "lost" in the system, so the money may have come out of the account, but it's not actually posted into the recipient's account yet).
Or better yet, perhaps your account gets locked because of suspicious transactions. Far better to have a few days to sort things out than have to scramble with the banks on the day the payment goes out.
They always have a "just in case" ready.
And you know what? Those that paid a few days early wouldn't have been stressed out the few hours realizing they couldn't make a payment and having to scramble to find an alternative way to pay or hope an amnesty would be announced.
Evils of government and all, but the few cents of interest you'd make just isn't worth the added stress then crap happens. Giving yourself a few extra days to sort things out is a godsend when you're ending up spending hours on the phone.
No, they live in the real world. If you ask any accountant, they say to never pay on the due date - you always pay a few days ahead because you know what? Crap happens. Systems go down, and if they're going to go down, as someone who works in the IT field, you know it WILL go down when you need it most.
So every accounts payable always gets paid a few days before the due date - that way if the system goes down on the due date, no big deal, the payment has already gone through. If the system is down when you make the payment, you have a few days to send payment through an alternate means.
Plus, it's not like you are forced to pay on only one day - you can pay early.
Paying early also accounts for delays in processing - just because you paid it, doesn't mean they received it, so it helps account for that delay, even in electronic transfers.
Exactly. A lot of early comments about WSL was about how "the Linux side is a security hole". Not beyond typical Windows - because the Windows kernel still enforces security permissions even for WSL.
It's really more of a kernel personality - BSD has a Linux personality so it can run Linux binaries easily by emulating its system call behavior. Windows is doing the exact same thing - for WSL, it's emulating how Linux does system calls. And since the Linux system call table is public information (how to make a system call, register contents, etc), all anyone needs to do to add Linux support is emulate those system calls.
And just like Debian on BSD calls itself "GNU/kBSD" to show it's a GNU userspace (versus BSD userspace) on a BSD kernel. So technically this is more "GNU/kWindows" than anything.
Oddly, it's probably the closest to a full POSIX implementation WIndows would ever have - its POSIX implementation back in the day was fairly limited.
You have to remember that Twin Galaxies started as an arcade. They starting recording down the high scores done in their arcade which lead to them being the go-to source for arcade high scores. And back then, if you wanted to submit a high score, you had to travel to their arcade and perform it on their machines.
Of course, then the consoles happened and like most arcades, they shut down and their high score table was the lone survivor. Now they do demand video evidence of high scores which must be done on a real machine with real settings (I believe you must film the settings used). They don't typically do NES and later games because well, they have an arcade heritage and arcades fell out of favor in the late 80s. That doesn't mean there weren't good arcade games, but most of the arcade high scores died out as well as games stopped scoring people and arcade games moved away from the "arcade game" genre.
Now, the reason to defend the scores is simple - it's way too easy to be good and be accused of cheating - ask anyone decent who's played an FPS and getting aimbot accusations. This is especially true of old records which have been around a long time - it's not like you can ask someone to replay the game, and if the video is only standard def, it can be hard to make out details.
So it's really best to err on the side of caution unless it can be proven there was a cheat involved. I believe in this case, they had to rely on the very slight difference between how MAME and the real hardware drew graphics. For that, you'd need to prove it in hardware and MAME, and also prove it in the video (which takes a long time - if it's poor quality video (say, standard def), it can be very hard to make out the drawing differences). It probably involved lots of people reviewing the footage frame by frame trying to see if that weird blink counts. And as long as the debate rages and certainty isn't assured, the prudent thing is to let the records stand.
And heck, you probably want to contact the guy and ask him to defend the accusations as well.
It's a very fine line - I'm sure Guinness themselves go through a lot of processes in case one of their records is questioned. (And for a lot of them, they are personally witnessed, but even then you can try to pull a fast one. It's one of those things where cheating will always be prevalent - if not for money, then the prestige. And a lot of the time, the records get beaten by bending the rules.
Actually, how does Linux support the 68K CPU? It doesn't have an MMU that's required. I know there was a version of Linux called uCLinux that worked on MMU-less (and MMU-lite) processors like the 68K, but I've found it quite unstable. No hardware support for protection means a bad pointer literally will take down the system.
So it was neat, but completely pointless in the end. All it took was one bus error and you'd be rebooting.
Now, there were later 68K CPUs with MMUs (I believe the 68020 had an external MMU chip, but the 68030 was fully capable of Linux). Heck, there were a couple of bad instructions in the 68k that made a "modern" OS impossible (i.e., you can call them from user mode) - that's why it was revised into the 68010 to allow proper user-supervisor mode separation.
True. It costs a lot less to produce a reality show - no writers and cheap actors (sorry, participants) and such make it really low end. And even worse, people watch it which means they attract advertisers and thus, money.
However, there has to be a balance - CBS does really well because they aren't all reality shows - they have a few hit ones, but they also have bought and show a lot of scripted shows as well - turns out audiences don't want all reality, but the right mix.
The problem is, ordinary people use the internet today. Back when "it didn't matter", it was just a bunch of techies playing around with a toy that's neat and all the crap that happens was ha ha ha good joke insider thing.
But the internet proved that such a useful tool could not be the realm of techies forever. It, like the computerization of everything, meant that its utility was far too great to not be an influential part of everyday life. Even before the internet, it was envisioned by people having access to endless stores of information - be it through a guide with the words "Don't Panic" in large friendly letters, or other database of knowledge.
So it became a tool for the ordinary people who took to it like flies to honey. Which unfortunately had very serious side effects - the casual posting of everything online (there was an old online adage - never post online what you don't want to see in the New York Times tomorrow? As in, what you post may be splashed front and center for the world to see? Imagine how Facebook would be if people realized what "privacy controls" actually meant), to simply, the internet does not forget - what happened is now tied to you, forever.
And the biggest lesson of all? Never trust what you see online. That's a lesson that gets forgotten all the time, from spreading email viruses, to phishing, to trolls.
What's really incredible is these lessons were taught when I was in high school (in the 90s) before the Internet took off. These days, it seems no one is teaching it in any sort of class, not even an "online safety" style course. Hell, I bet this whole "digital natives" thing probably prevents them from hearing these lesson from us, the "digital immigrants" who always grew up with a skeptical look about online information.
And I know Firefox lets you bypass those blocks by holding the Shift key and right-clicking. (This stops Javascript execution of the right-click event, so the regular right-click Firefox menu will display with all the normal options).
I assume other browsers have similar features to bypass Javascript.
Not all Canadian government documents are actually free to view. There is such a thing called Crown Copyright that holds the copyright to basically everything written by government (it doesn't automatically fall into public domain). To see if you can make copies of a document, you must contact the agency or department that produced the document for permission.
The only exception to this are laws - federal laws that get enacted, or already on the books are allowed to be reproduced freely by anyone. However, it is the responsibility of the reproducer to ensure the resulting copy is accurate.
Provincially, there are a bunch of other laws allowing restricted reproduction of documents produced by the provincial government and they can be downright odd. (E.g., BC allows a librarian to make a single copy of a law for a patron, provided the patron uses it for their own personal use, or for legal use (getting copies of legislation referred to by lawyers and accountants for procedural purposes). You're not allowed to make copies or any more without prior permission).
Well, given it's running its own code, it involves jailbreaking. And yes, there is the Electra jailbreak for iOS11. The only difference is this unit's jailbreak need only involve tethered jailbreaks, which are far more plentiful than untethered jailbreaks like Electra (which was one of the first since iOS 8 or 9).
We also know that it's likely involving elevated permissions - perhaps going so far as to force a hard power down before the secure enclave can commit the changes it needs to nonvolatile storage. (In some more secure architectures, power down is handled by telling the secure processor to shut everything down, so it will commit its changes to storage prior to turn off. But most SoCs I've seen will tell the PMIC to turn off the rails and there it goes, without giving the security processor a chance).
These would be the most reasonable points of attack - you can start with jailbreaks simply because you need the ability to run your own code - we know it runs on the device directly.
And yes, complex pass codes are a thing on iOS, and can be done with not too much hassle given you can use TouchID or FaceID to alleviate a lot of the pain. (iOS mandates a 6 digit passcode now, it's only 4 if you've upgraded without changing it).
The article is not about patches coming out on time. It's about patches that come out missing.
It's easy to make a security patch that patches nothing other than updating the date you see in the about screen.
That's what the article is about - just because your device is "up to date", doesn't mean it has all the patches. They basically took a patched phone and re-ran the vulnerability tests on them, only to find the patches were not applied despite claims they were by having the patches up to date.
The thing is, the bits are *modulated*. You're not sending bits using load - say, +10W for a 1 and 0W for a 0. No, you cannot tell the bits apart this way.
Instead, they modulate the bits, by spiking the CPU cores at varying frequencies. You can detect these much more easily, and you can filter out the large loads since those generally are constant.
They use FSK, so presumably they can say spike the CPU at 10Hz (giving a 10W-0W cycling at 10Hz) to represent a 0 and do it at 20Hz to represent a 1.
I don't think they're aiming to compete with Garmin and Google. They're aiming to sell their technology to Garmin and Google to have not just lane guidance, but lane accuracy as well. One of the annoyances I had was despite Google having lane guidance, it would only provide it when I got close. Why not tell me to change lanes after turning so I can prepare myself ahead of time and not have to go from one side of the road to another?
Not only that, but it can reroute ahead of time - perhaps I'm in the wrong lane - it can ask me to change lanes, but also prepare a new route in case I'm unable to change lanes for whatever reason.
If you want that, Google Maps already gives you that. Every step in the step-by-step driving instructions has a little Street View thing beside it so you can tap it and see the intersection and buildings and landmark ahead of time.
Because the design was to allow companies and other entities with multiple phone lines to have them all present the same phone number when an outgoing call is made. Most PBX's don't maintain a 1:1 mapping between phone numbers and internal lines, so when you make an outgoing call, it randomly picks a free phone line and connects your call using it. Being random, if the phone company provided ANI directly, you'd get some oddball number that won't answer (because the PBX wasn't configured to allow those phone lines to "ring"). Instead, the PBX would tell the phone company what number to show, in this case, say the main phone number of the company.
The same goes for DID (direct inward dial, aka direct line) numbers. Again, there's no 1:1 mapping between phone lines and numbers (and many companies maintain far fewer lines than numbers - in this day and age, they may get away with say, 10 phone lines despite having say, 60 people/phone numbers assigned). In this case, an outgoing call will cause the PBX to assign one of those random lines to your call, and the PBX will tell the phone company to use your direct number for caller ID (so people will know it's you calling). On the reverse side, the same thing happens - if you call the direct line, the phone company picks one of the random lines and tells the PBX what that line is supposed to connect to. This also makes it trivially easy to upgrade phone lines - if the company discovers that calls are dropping because all 10 lines are busy, they can easily upgrade to another few lines by calling the phone company to give a larger fraction of the T1 or so and configuring the PBX to recognize the new lines.
What phone companies need to do is source filter the numbers, just like how we source-filter IP addresses. I.e., the numbers that can be reported for the caller ID can only be the numbers assigned to the company, and any attempt to spoof a different number is simply dropped.
Well, that is one of the reasons why. Think of it this way - cars have gotten much quieter of late. So much so that many cars actually have "engine augmentation" - i.e., car engine noises are piped into the audio system of the car to make the engine sound "bigger" to people inside.
And Audi has been working for years perfecting the sound of their E-trons - they have an outside speaker that plays an "electric engine"type noise (take a motor noise, sweeten it up a bit and make it sound futuristic)
And of course, we have motorcyclists which seem to have a serious flatulence problem... farting down the road so badly it reverberates for many city blocks.
So System76 is not doing anything that every other white box computer maker in the US is doing. There are plenty of companies who assemble computers in the US - they range in size from mom and pop computer shops selling their own prebuilt PCs to companies like Dell which can and do assemble PCs in the US.
Given their pricing, I would've thought their computers were assembled in the US anyways.
OTOH, maybe their a Tier 1 OEM now, which means they can manufacture their own boards in the US. That is more unique (though there are many other white box companies that can do this as well), in which case that's a bit more impressive. But given their volumes, it's probably not a difficult thing if it's designed elsewhere. There's a lot of small contract manufacturers out there and they can handle motherboard production quite readily. (The company I work for often uses local CMs - the PCBs and parts often come from overseas, but small runs of units we generally use a local CM to stuff the boards and test them. Larger runs we use China.
Font handling is not easy, especially in modern days. It might seem easy (after all, TeX works by pushing around fixed-sized boxes, but that doesn't work in a modern i18n world). Take for example, letter decorations. Beyond the Euro languages which generally just have accents and such, some languages have a lot more they can put on letters. And then the order of the decorations can be important as well as where the character appears in the string (e.g., Arabic is bad for this - add a character and the "word" can enlarge in size, shrink in size, etc. It's one of the ways iOS was compromised - if you attempt to replace a long word with a split one (e.g., instead of showing "This is a really long message to fit on the message box of the screen", it will want to cut it and show "This is a really long message..." or "This is a really long mess..."), the string can actually take more space to display than if you added more characters.
Rendering fonts is no longer easy - some languages seem poised to make it especially difficult because the shape you use depends on so many variables (decorations, preceding words, location of character in the word, etc) so it is no surprise that there are vulnerabilities. Depending on where your font rendering code is, this could be a serious one or a minor one.
As for the beep package, on the PC, the system speaker is connected to the timer chip. In order to control the pitch and duration you have to reprogram the timer chip (which can be the main timer chip as well) in order to cause it to make noise (you have to have access to a couple other registers as well - there's an enable line and an "amplifier" enable line used to connect the timer output to the speaker itself).
This inflexibility of the PC speaker is what makes PCM output using the speaker impressive.
It only eliminates what we know of religion today - you know, the classical Christianity, Islam, Judaism,etc.
It will not eliminate upcoming religions like technocracy (worship of technology/technology can do no wrong - though not an official religion, there's quite a few people who actually believe this), and worship of the "all powerful AI"which will emerge soon enough.
The problem with technology is it's frustratingly neutral. For all the positives, there are negatives to it. Think of any technology and you'll see it can be used for good AND bad. Nuclear technology can give us clean energy, or destroy cities. Cars get us places, but demand way more attention lest we end up killing. The internet was supposed to educate, inform and give voices to the little man, but it's also used to oppress, enrage and troll.
AI can be used for good and evil. It will not care which it is. The best we can do is realize what can happen and try not to let it.
Heck, even Star Trek saw the issue arising, which is why they had "ethical subroutines" and other things for Data, compared to Lore. Even Knight Rider explored it, with KITT versus KARR. And of course, there are the Asimov's Three Rules, whose exploration of which covers many books.
I've switched to using WSL instead of Cygwin on my Windows 10 systems. Cygwin is nice (all binaries are Windows binaries), but it's just a lot easier to have a full Debian or Ubuntu or whatever installation around. (Notably, Cygwin doesn't have standard C library manpages). Plus, I get full access to the repositories of those distributions - if there's no Cygwin port of something, you can try compiling it, but it may or may not work. WSL, I can apt-get what I need.
It's not the best, but it's usable enough that I can run important stuff on it. Plus, Windows ports of some utilities are hokey and run better under Linux (like youtube-dl).
That said, Cygwin still has stuff WSL doesn't, like an X server.
Except it wasn't in-store purchases that were hacked. It was online purchases - the chat software was a SaaS package Best Buy, Sears, etc. all used that got hacked.
It's not about Point of Sale machines being hacked (this time), but how one company has software used by lots of other companies got hacked. Closest example would be bad ads being served up, except instead of the site hosting the ad, it was a piece of utility software instead.