It's a good point in theory, the problem is in practice it's an economic tradeoff between security and cost (cost being all of implementation, customer support, and general complication ie. online revenue for the majority of consumers who just "doesn't want to know").
Just look at the credit card companies for an example - the system is horribly insecure but they have calculated that the overhead in implementation costs (minor) + lost usage/revenue for customers having to do *anything* extra to buy shit online (major) isn't worth making it any better.
if you believe this person works for the bank, you're done.
Which still means there is plenty of room for social engineering/hacking. It's still about trust, and talking to someone on the phone doesn't change that.
It's debatable whether this would result in better or worse security, but it's not debatable that the costs in time and money over the current system would skyrocket. Every company on the planet wanting to do online transactions needing customer service reps available any time someone wants to verify their certificates? And besides, 90% of Internet users don't understand and don't want to understand how it all works, anyway.
It's the same sort of issue as with credit cards - the whole system is amazingly unsecure and prone to fraud, but the credit card companies don't have incentive to improve it because the reduced fraud that would result in a better system doesn't outweigh the costs (in development, as well as - more significantly - convenience to the customer, ie. extra revenue) involved.
But that would basically limit all of your online transactions to businesses with a local office within driving range. Not many people are going to be willing to fly to Seattle just to get a cert to buy something online from Amazon...
How would using self-signed certs be an improvement? As long as the CAs that do this are revoked it seems like it would still be a more secure system than requiring the end user to manually trust every single HTTPS site on the internet. Most users would never know the difference from a spoofed web site with a self-signed certificate vs a spoofed web site with a CA-signed certificate...
Really? Seriously??? That was his whole point. He was implying that the fact Apple showed up at his doorstep with such a tenuous lead implies they may have had GPS data.
Basically, there seems to be some evidence implicating the guy. Doesn't excuse Apple employees if they impersonated police, though...
There isn't a shred of proof the visit or the search ever happened.
"At one point, a man who identified himself as Tony gave Calderón his phone number, who later gave it to the SF Weekly’s reporter. The writer, Peter Jamison, then called the number and spoke with Anthony Colon, whose LinkedIn identifies him as a “senior investigator” at Apple. That profile has since been taken down. Apple has not responded to the Weekly’s request for comment."
Sounds like proof to me.
Though there are now even *more* recent reports that the SFPD may have accompanied some Apple security people to his apartment. Still doesn't excuse your completely baseless accusation of the guy of making up the story, though.
The SID is just Google's "session ID", it doesn't contain browsing data itself. They were just hijacking the session id and using it in Google searches, then looking at the results to try to determine a user's search history based on what Google sent back.
Stealing someone's session cookie and then using it to get information about the victim? This is *definitely* nothing new, and I'm sure there are tons of other sites vulnerable to the same attack...
I think what he should have said is "there is no engineer gap" - ie. the comparisons of "engineering" graduate numbers from the US vs China is a pointless one.
His point was that the administration's plan of encouraging more students to study engineering isn't the solution - there are plenty of students. The problem is with encouraging the best of them to go into the engineering profession. And flooding the market with mediocre engineering graduates sure won't help that.
It's the same with teaching - there is no shortage of teachers, just a shortage of *good* ones. Training more teachers without encouraging those who would be *good* teachers is just going to add to the bottom.
Yeah, not even close. The point here is the fetus is still alive and developing, so they can watch individual fluorescent-stained neurons grow. Pretty cool, really.
"Favorite part of this post? The Farmville moms trolling TC." Brilliant.
Though I have to admit if I were a middle aged woman who put real money into an online game that was suddenly cancelled, I'd probably be pissed, too. Google might want to consider crediting back people for their virtual shit if they want to avoid some bizarre (but interesting) virtual lawsuits...
Oh, give me a break. UTTERLY irrelevant to my comment, and the price is $499-$829. Plenty of people are flocking to pay $600+, and in fact the mean price is probably above that. Clearly Apple products are more expensive than their competitors, and they make a huge margin on them. My point was, people will pay that premium.
The problem is that they are being removed because no one cares to support them any more. A fork would be 10x the effort, and 10 x 0 = 0...
Besides, you can get graphics cards with an order of magnitude more performance than those listed for $5-$20. The only reason to support them now is for a Linux 3D gaming museum...
Well, I think you were the first person even to suggest the fact that the package copied Real's DLLs - everyone else just assumed it was an open source implementation like ffmpeg. That makes it pretty misleading information in my opinion...
But anyway, this wasn't really even about that obviously infringing software - it was about some guy who linked to it, where it's not even clear he didn't take down his link after asked. I hope the guy hires an even more expensive lawyer and then makes Real pay for him plus punitive damages after their suit is crushed to oblivion. But that's probably a big gamble for the poor guy...
Plus, jeez, yeah, I'm pretty sure the only way you could actually find Real Video content to play is to take a time machine to 1998 in a search for low grade porn.
Yeah, except the Real Alternative package is NOT actually freeware, but basically distributes the *actual* Real Player DLLs that it uses to decode with a wrapper. That's pretty clearly a copyright infringement (criminal one in fact, as it was willful and widely distributed, which generally counts as "commercial").
Real Networks IMO is a total bottom feeder company and I'd personally never install their software, but one thing I hate more than d-bag companies like Real is blatant misinformation, and this article is full of it...
Good point... to support it, note Samsung's awful original Galaxy Tab, and the fairly decent but rather derivative Galaxy Tab 10.1. Once they realized they couldn't innovate, their massive vertical integration still managed to let them turn around an iPad clone fast enough most people forgot the first mistake. And didn't hurt that it was running Android Honeycomb instead of the absolutely horrible (for tablets at least) Gingerbread...
Yeah, for some strange reason it's not surprising that a Taiwanese electronics company outsourcing their manufacturing to China to attempt to rule the notebook market with their products design skills and insights into the US market is somehow failing.
Acer suffers from the same delusion as seemingly every other company in the market, as well as many tech geeks (including many on/. trying to make this claim) that Apple is all about marketing and not actual innovative product design and engineering (actually - Samsung did figure this out, but they also realized they didn't have the talent to do the same so they just copied what worked...)
Please, just spend 5 minutes trying to use most Android tablets (Motorola Xoom, Vizio, etc) or an HP TouchPad, Blackberry Playbook, whatever vs an iPad and if you REALLY think the average (or even most non-average) consumer would not choose the iPad... well, I have nothing... you can't be helped.
And, yes, I have tried every tablet I listed, as well as a few that are not even announced, let alone released. The iPad is the only one I haven't been literally swearing out loud about the bad UI design decisions in a matter of minutes. And honestly I think so many things about iTunes, the Apple app store, and Apple's near-fascist control of the platform are just plain fucked up for a personal computing device for which people are flocking to drop down $600+.
Mailed? How is that secure at *all*? That would be the easiest way to forge something official-looking.
It's a good point in theory, the problem is in practice it's an economic tradeoff between security and cost (cost being all of implementation, customer support, and general complication ie. online revenue for the majority of consumers who just "doesn't want to know").
Just look at the credit card companies for an example - the system is horribly insecure but they have calculated that the overhead in implementation costs (minor) + lost usage/revenue for customers having to do *anything* extra to buy shit online (major) isn't worth making it any better.
if you believe this person works for the bank, you're done.
Which still means there is plenty of room for social engineering/hacking. It's still about trust, and talking to someone on the phone doesn't change that.
It's debatable whether this would result in better or worse security, but it's not debatable that the costs in time and money over the current system would skyrocket. Every company on the planet wanting to do online transactions needing customer service reps available any time someone wants to verify their certificates? And besides, 90% of Internet users don't understand and don't want to understand how it all works, anyway.
It's the same sort of issue as with credit cards - the whole system is amazingly unsecure and prone to fraud, but the credit card companies don't have incentive to improve it because the reduced fraud that would result in a better system doesn't outweigh the costs (in development, as well as - more significantly - convenience to the customer, ie. extra revenue) involved.
But that would basically limit all of your online transactions to businesses with a local office within driving range. Not many people are going to be willing to fly to Seattle just to get a cert to buy something online from Amazon...
How would using self-signed certs be an improvement? As long as the CAs that do this are revoked it seems like it would still be a more secure system than requiring the end user to manually trust every single HTTPS site on the internet. Most users would never know the difference from a spoofed web site with a self-signed certificate vs a spoofed web site with a CA-signed certificate...
2-3? Mine sometimes gets hundreds. It's pretty ridiculous.these days.
Actually, he *was* a former San Jose police officer...
Really? Seriously??? That was his whole point. He was implying that the fact Apple showed up at his doorstep with such a tenuous lead implies they may have had GPS data.
Basically, there seems to be some evidence implicating the guy. Doesn't excuse Apple employees if they impersonated police, though...
There isn't a shred of proof the visit or the search ever happened.
"At one point, a man who identified himself as Tony gave Calderón his phone number, who later gave it to the SF Weekly’s reporter. The writer, Peter Jamison, then called the number and spoke with Anthony Colon, whose LinkedIn identifies him as a “senior investigator” at Apple. That profile has since been taken down. Apple has not responded to the Weekly’s request for comment."
Sounds like proof to me.
Though there are now even *more* recent reports that the SFPD may have accompanied some Apple security people to his apartment. Still doesn't excuse your completely baseless accusation of the guy of making up the story, though.
The SID is just Google's "session ID", it doesn't contain browsing data itself. They were just hijacking the session id and using it in Google searches, then looking at the results to try to determine a user's search history based on what Google sent back.
Stealing someone's session cookie and then using it to get information about the victim? This is *definitely* nothing new, and I'm sure there are tons of other sites vulnerable to the same attack...
I think what he should have said is "there is no engineer gap" - ie. the comparisons of "engineering" graduate numbers from the US vs China is a pointless one.
His point was that the administration's plan of encouraging more students to study engineering isn't the solution - there are plenty of students. The problem is with encouraging the best of them to go into the engineering profession. And flooding the market with mediocre engineering graduates sure won't help that.
It's the same with teaching - there is no shortage of teachers, just a shortage of *good* ones. Training more teachers without encouraging those who would be *good* teachers is just going to add to the bottom.
10 PRINT "YOU SUCK!"
20 GOTO 10
Pretty much every Apple II in my elementary school ran that program almost continuously... what more do you need?
[Bonus - it was a gateway program to writing Eamon expansions by Jr High. Double bonus if anyone actually knows what the hell I am talking about...]
Whoops, I totally missed the last sentence for some reason and read "developing mice" as still developing. My mistake!
I think you're right, the key was that it didn't affect the fluorescent dye. Still useful, but not earthshattering.
Yeah, not even close. The point here is the fetus is still alive and developing, so they can watch individual fluorescent-stained neurons grow. Pretty cool, really.
Or clear chicken.
True, you definitely want the aeration for a proper mouse mousse.
"Favorite part of this post? The Farmville moms trolling TC." Brilliant.
Though I have to admit if I were a middle aged woman who put real money into an online game that was suddenly cancelled, I'd probably be pissed, too. Google might want to consider crediting back people for their virtual shit if they want to avoid some bizarre (but interesting) virtual lawsuits...
Oh, give me a break. UTTERLY irrelevant to my comment, and the price is $499-$829. Plenty of people are flocking to pay $600+, and in fact the mean price is probably above that. Clearly Apple products are more expensive than their competitors, and they make a huge margin on them. My point was, people will pay that premium.
The problem is that they are being removed because no one cares to support them any more. A fork would be 10x the effort, and 10 x 0 = 0...
Besides, you can get graphics cards with an order of magnitude more performance than those listed for $5-$20. The only reason to support them now is for a Linux 3D gaming museum...
nor do I see a need for anyone else to ever need nor want to use one
And that's why Steve Jobs is worth $10B and we aren't...
Well, I think you were the first person even to suggest the fact that the package copied Real's DLLs - everyone else just assumed it was an open source implementation like ffmpeg. That makes it pretty misleading information in my opinion...
But anyway, this wasn't really even about that obviously infringing software - it was about some guy who linked to it, where it's not even clear he didn't take down his link after asked. I hope the guy hires an even more expensive lawyer and then makes Real pay for him plus punitive damages after their suit is crushed to oblivion. But that's probably a big gamble for the poor guy...
Plus, jeez, yeah, I'm pretty sure the only way you could actually find Real Video content to play is to take a time machine to 1998 in a search for low grade porn.
Yeah, except the Real Alternative package is NOT actually freeware, but basically distributes the *actual* Real Player DLLs that it uses to decode with a wrapper. That's pretty clearly a copyright infringement (criminal one in fact, as it was willful and widely distributed, which generally counts as "commercial").
Real Networks IMO is a total bottom feeder company and I'd personally never install their software, but one thing I hate more than d-bag companies like Real is blatant misinformation, and this article is full of it...
Good point... to support it, note Samsung's awful original Galaxy Tab, and the fairly decent but rather derivative Galaxy Tab 10.1. Once they realized they couldn't innovate, their massive vertical integration still managed to let them turn around an iPad clone fast enough most people forgot the first mistake. And didn't hurt that it was running Android Honeycomb instead of the absolutely horrible (for tablets at least) Gingerbread...
Yeah, for some strange reason it's not surprising that a Taiwanese electronics company outsourcing their manufacturing to China to attempt to rule the notebook market with their products design skills and insights into the US market is somehow failing.
Acer suffers from the same delusion as seemingly every other company in the market, as well as many tech geeks (including many on /. trying to make this claim) that Apple is all about marketing and not actual innovative product design and engineering (actually - Samsung did figure this out, but they also realized they didn't have the talent to do the same so they just copied what worked...)
Please, just spend 5 minutes trying to use most Android tablets (Motorola Xoom, Vizio, etc) or an HP TouchPad, Blackberry Playbook, whatever vs an iPad and if you REALLY think the average (or even most non-average) consumer would not choose the iPad... well, I have nothing... you can't be helped.
And, yes, I have tried every tablet I listed, as well as a few that are not even announced, let alone released. The iPad is the only one I haven't been literally swearing out loud about the bad UI design decisions in a matter of minutes. And honestly I think so many things about iTunes, the Apple app store, and Apple's near-fascist control of the platform are just plain fucked up for a personal computing device for which people are flocking to drop down $600+.
So was mine, which you *clearly* missed...