If these same taxpayers allegedly did not know about the spycams even while holding said spycammed laptops in their hands, how would they have known about them at voting time? Crystal ball? (And no, I don't believe the argument of "they voted republican, they should have known what they were getting" would hold legal significance;-)
A peeping Tom would get prison, how is this not the same thing only worse?
Maybe part of the discovery process should include scouring the school officials' PCs for any 'interesting' student footage they decided to save. If they disciplined one student after watching an (undisclosed) 'inappropriate' act at that student's home, what other inappropriate acts might they have watched with greater interest? Even in the likely case that no kiddie porn is found, it would be appropriate for them to experience the humiliation and privacy invasion of forensics folks scavenging around in their personal files.
(if a hole, once found, stays open for some time then the effort is more worth it than looking for a hole on a platform where security patches are released in a more timely fashion)
Even if they are releasing patches the same day, given Adobe's practices to date, who that has been around a few years is naive enough to willfully accept an Adobe update and believe is in their best interest? Traditionally, an Adobe "upgrade" means only the addition of new flashing adverts in the document window (Reader), DRM functions (Reader), 10+-meg increase in file size (Reader), doubling of CPU utilization and/or halving of framerate (Flash player), or new privacy-eroding features like persistent "Flash cookies" and free access to your peripherals (Flash player). Anymore, the fear of russian h4x0rz using your HDD for kiddie porn is the only thing driving the Adobe upgrade cycles, and I would not be surprised if they are happy that way.
And what do we NOT do with email attachments we don't recognise? We DON'T open them. What do we do with something we downloaded from the internet? Scan it for viruses.
It's possible that.PDF exploits are so successful because the average user doesn't think of them as an executable file. Under windows, the idea of "don't open.exe attachments!" has been drummed into the heads of all but the noobest of noobs (grandparents, AOL'ers etc.), but how many "experts" pass every web URL to a virus scanner before browsing to it? (Buffer overflow exploits against some JPG and PNG parsers exist in the wild and may be successfully exploited in older browsers as well as graphics packages.) How many scan a.txt file for viruses? (Even Microsoft's notepad.exe includes one or more undocumented "parsing" features* besides plain text display; who knows if an exploitable bug exists in any of them.) Another way to think is, whose fault is it *really* that a non-executable filetype is... well, executable?
* try this: under Win32, create a new file in Notepad.exe starting with the exact string ".LOG" (no quotes), save and close, and open the file again. The current date and time will be automagically pasted in each time you open the file.
Yes, followed by the weekly (daily?) check for security fixes and update cycle, then hand-cleanup of your database tables when russian script kiddies hack it anyway with a not-yet-patched exploit. Hope they know SQL too!
I've also seen this happen with regularity - at work we sometimes crack a beer after hours, my boss likes to keep his cube fridge hell-frozen-overishly cold. So perfectly liquid beers (can or bottle) from the top shelf often freeze within 20 seconds after opening. He swears by the belief that giving the can a good hard squeeze for several seconds prior to opening reduces the chance of it freezing, but nobody has yet come up with a believable theory as to why that would be. Guesses so far are that the applying of warm hands boosts the temperature just enough, or that the final squeeze helps compress any stray bubbles back into solution and thus eliminate possible nucleation points. Personally, I'm just amused to keep mine a bit warmer and watch a handful of MS and PhDs arguing over why their beer freezes.
Yeah, and if you pull a certain amount of vacuum on it, you can get water to do all of boil, liquefy and freeze at the same temperature. This is even without applying mechanical energy or kinky fields (electrostatic or magnetic) to coerce its behavior.
Amen. This has nothing to do with changing the temperature of the water and everything to do with changing the charge on the container (which happens to be a function of temperature). It would be interesting to replicate this experiment on a piezoelectric rather than pyroelectric medium and force the water to phase change by deflecting one surface of the container a bit.
The $400K figure is likely an amount carefully calculated to make Universal's lawyers go "WTF?" and come out fighting. Remember, the EFF doesn't really want $400k out of this, they want an end to the practice of secretive and often-wrong Algorithms robo-lawyering toddlers and infringing peoples' fair use rights, and that likely starts with getting them into a courtroom. Billing $100 for their work is not going to raise an eyebrow, either for Universal or any hypothetical collections agency they hired to enforce it.
Whaa...? The Wii has 88MB of total RAM (not including texture memory, ~3MB) in which to store and execute code+data. In fact, the Homebrew Channel (the Wii equivalent of Iphone jailbreak) listens on port 4299 for.dol/.elf binaries and executes them directly from RAM when received (great for developers). There is no need to write anything to Flash before executing.
No guarantees that the Big N 'officially' lets arbitrary developers/licensees full access to the RAM, but this capability is supported by the hardware and is being used successfully.
Agreed, I wish TFA were more clear about which were actual bistable (zero-power image retention) displays. But I do know that the E-Ink (electrophoretic) and Kent (cholesteric) screens are bistable. A very interesting fact that is briefly touched on in the article is that the active material in Kent's displays is reflective in its 'lighted' state and optically clear in its 'dark' states respectively, vs. the typical reflective/absorptive states of E-Ink or mirrorbacked LCD - the 'black' you see in the off state is a black paint sprayed on the rear glass. At low refresh rates, the screens can actually become power-budget positive when this black material is replaced by a black thin-film solarcell and a dark-heavy image is displayed. There was a demo of a solar-powered e-reader at the Boston ESC a few years ago; shame that I haven't heard anything about the solar-screen possibility since.
I wonder what happened to all these "90% finished" versions - whether they were just trashed outright and lost entirely, or there are a few still kicking around in a repository somewhere. A micro-scale version of the DNF 'pattern' played out for the original D3D too (partly-finish the game, then scrap it and head in a new direction), but they actually released the partly-finished lame version because the curious D3D fanatics were clamoring for it (google for 'lameduke' if it still exists anywhere). It had about 50% chance of crashing during the demo screen, and the unfinished game bore no resemblance to the final D3D (more sci-fi, less funny, and you drank cola to refill health), but it was an interesting look at what-would-have-been. Any bets on the possibility of a 'LameDuke Forever' release(s)?
Hence disabling most functionality of the phone unless you pay extra "service fees" to access those functions. My own case: Verizon only allows applications in a token way... If I get a new phone, I have to buy the apps that I want all over again if I get them out of their store.
Not to mention tricks like disabling the menu items to copy pictures from its internal Flash to the phone's own microSD slot, and/or switch to it as the default storage device, so that if you want to use the onboard camera you paid for, you have to get the pictures off by Picture Messaging them to yourself at $1.25 a pop. There is a hack for this, but you shouldn't have to hack your phone to move data from the phone to another place *on the same phone*. If you've taken the phone apart, between those chips is a distance of less than 1cm.
I humbly suggest a new slogan for VZW: "There's A Hack For That!"
And Slashdot's ads (IIRC) are certainly nerd-oriented and can be disabled if you give them money or contribute regularly
Could just be a quirk on my end, but as a somewhat infrequent contributor, I have the "disable advertising" option while logged in, but it has to be re-set from time to time... frankly, if the ads are staying put and not making noise / dancing around the screen / giving me a seizure, I don't care enough to withdraw what little monetary support my eyeballs provide. It would be interesting if/. correlated the use of this feature to which ad was playing at the time to see whose dancing monsters are pushing users over that threshold.
My vote is for the advertisers who trap any click inside the browser window (to highlight poorly-colored text, focus the window, etc.) to spawn popups/redirects/other-nastiness, now that the entire free world is blocking onLoad/onUnload events out-of-the-box. And mouseovers. MOUSEOVERS! These dickheads are the reason I keep my speakers switched off at work (the same advertisers who think trapping mouseover events is cute also think yelling at their prospective customer is cute).
Granted, I haven't felt need to buy a new personal music gadget in the last few years, but the last one I did buy - a Creative Nomad - had a builtin decibel limit feature, enabled at 85db out of the box (it can be adjusted or disabled if needed; see many previous comments for why this might be important). With music players doing everything but wipe your butt for you these days, don't most if not all these days come with this feature already? (Or is the nanny state's beef with the fact that the feature can be turned off?...)
Google have also been getting very aggressive lately about algorithmically delisting sites that fail some minor "spam" metric or other, which, according to many of the "SEO" types discussing the subject*, may include splogged copies of your content hosted in obscure countries and *incoming* links from suspect sites. I found just how rampant this is becoming only when the algorithm decided I was a spammer too. From what I can now tell it was a simple misclassification, and at the time of this writing, the site appears to be indexed again (with throwing a couple 'NOINDEX's around on the pages that confused them), but it did give me a firsthand taste of how easily they are now throwing babies out with the bathwater, and how many other legitimate sites I may be missing out on by using Google. I've since changed away from Google for most of my search needs.
More details, for anyone who finds themselves in the same situation: First off, the preferred method of getting a classification issue looked into by a live human seems to be knowing someone who is Facebook friends with Matt Cutts. Otherwise, try for a media frenzy (if you're suitably popular or controversial), or don't waste your time.
From what I can now tell (or rather guess), it tripped on a detailed dossier we published of a back-in-the-day malware, which included a full list of URLS and keywords that it triggered on. This being the usual popup-spawning unkillable background process, you can probably guess the kinds of sites and keywords it triggered on (or just read the 'Sections' page). Some while after the site was delisted, an automated "we're removing your site" message showed up in the Google Webmaster Tools listing a sampling of the keywords on that page and suggesting it was placed there by an exploit.
A reasonably popular site (it's been slashdotted a few times), together with one of the oldest continuously-running malware help forums in existence, silently delisted from Google for ONE FILE. Legitimate, at that.
* "SEO" = likely banned for more legitimate reasons, although OTOH, determining how Google's ranking algorithms work is their fulltime job.
I think the GP was intending humor, but although power literally is heat, and electric heating is by definition 100% efficient at the socket (P=IV=I^2*R), the amount of heat you produce between the socket prongs has no correlation to what the utility charges for it. As a simple thought experiment, imagine placing a small bit of superconductor between the rails just after the meter. The heat you produce locally may be negligible (or zero for an ideal superconductor)*, but look at that sucker spin.
Enclaimer: IAAEE.
* there is still plenty of resistance in the wires between the utility and your house, so the current across your ideal superconductor will not be infinite, and there WILL be some heat generated in the transmission lines. But that's not how the power company bills for electricity...
Be thankful, those at least have some chance of having an answer to the technical problem, even if there are copies scattered all over. Outside of the "program x barfs cryptic error message y"-type queries, my results for any search containing a vaguely technical/engineering term all start with "System and method of..." I've actually started adding -patent to my queries to not have to click past the 3 pages of junk patent applications that somehow manage to claw their way to the top of the listings.
Slashdot Mirror
If these same taxpayers allegedly did not know about the spycams even while holding said spycammed laptops in their hands, how would they have known about them at voting time? Crystal ball? (And no, I don't believe the argument of "they voted republican, they should have known what they were getting" would hold legal significance ;-)
A peeping Tom would get prison, how is this not the same thing only worse?
Maybe part of the discovery process should include scouring the school officials' PCs for any 'interesting' student footage they decided to save. If they disciplined one student after watching an (undisclosed) 'inappropriate' act at that student's home, what other inappropriate acts might they have watched with greater interest? Even in the likely case that no kiddie porn is found, it would be appropriate for them to experience the humiliation and privacy invasion of forensics folks scavenging around in their personal files.
Not to mention the eyeful they've collected if your daughter is a Twitter Shitter.
(if a hole, once found, stays open for some time then the effort is more worth it than looking for a hole on a platform where security patches are released in a more timely fashion)
Even if they are releasing patches the same day, given Adobe's practices to date, who that has been around a few years is naive enough to willfully accept an Adobe update and believe is in their best interest? Traditionally, an Adobe "upgrade" means only the addition of new flashing adverts in the document window (Reader), DRM functions (Reader), 10+-meg increase in file size (Reader), doubling of CPU utilization and/or halving of framerate (Flash player), or new privacy-eroding features like persistent "Flash cookies" and free access to your peripherals (Flash player). Anymore, the fear of russian h4x0rz using your HDD for kiddie porn is the only thing driving the Adobe upgrade cycles, and I would not be surprised if they are happy that way.
And what do we NOT do with email attachments we don't recognise? We DON'T open them. What do we do with something we downloaded from the internet? Scan it for viruses.
It's possible that .PDF exploits are so successful because the average user doesn't think of them as an executable file. Under windows, the idea of "don't open .exe attachments!" has been drummed into the heads of all but the noobest of noobs (grandparents, AOL'ers etc.), but how many "experts" pass every web URL to a virus scanner before browsing to it? (Buffer overflow exploits against some JPG and PNG parsers exist in the wild and may be successfully exploited in older browsers as well as graphics packages.) How many scan a .txt file for viruses? (Even Microsoft's notepad.exe includes one or more undocumented "parsing" features* besides plain text display; who knows if an exploitable bug exists in any of them.) Another way to think is, whose fault is it *really* that a non-executable filetype is... well, executable?
* try this: under Win32, create a new file in Notepad.exe starting with the exact string ".LOG" (no quotes), save and close, and open the file again. The current date and time will be automagically pasted in each time you open the file.
Yes, followed by the weekly (daily?) check for security fixes and update cycle, then hand-cleanup of your database tables when russian script kiddies hack it anyway with a not-yet-patched exploit. Hope they know SQL too!
Nonsense, everyone knows its an injection vulnerability...
I've also seen this happen with regularity - at work we sometimes crack a beer after hours, my boss likes to keep his cube fridge hell-frozen-overishly cold. So perfectly liquid beers (can or bottle) from the top shelf often freeze within 20 seconds after opening. He swears by the belief that giving the can a good hard squeeze for several seconds prior to opening reduces the chance of it freezing, but nobody has yet come up with a believable theory as to why that would be. Guesses so far are that the applying of warm hands boosts the temperature just enough, or that the final squeeze helps compress any stray bubbles back into solution and thus eliminate possible nucleation points. Personally, I'm just amused to keep mine a bit warmer and watch a handful of MS and PhDs arguing over why their beer freezes.
Yeah, and if you pull a certain amount of vacuum on it, you can get water to do all of boil, liquefy and freeze at the same temperature. This is even without applying mechanical energy or kinky fields (electrostatic or magnetic) to coerce its behavior.
Amen. This has nothing to do with changing the temperature of the water and everything to do with changing the charge on the container (which happens to be a function of temperature). It would be interesting to replicate this experiment on a piezoelectric rather than pyroelectric medium and force the water to phase change by deflecting one surface of the container a bit.
http://www.grc.com/ct/ctwho.htm
The $400K figure is likely an amount carefully calculated to make Universal's lawyers go "WTF?" and come out fighting. Remember, the EFF doesn't really want $400k out of this, they want an end to the practice of secretive and often-wrong Algorithms robo-lawyering toddlers and infringing peoples' fair use rights, and that likely starts with getting them into a courtroom. Billing $100 for their work is not going to raise an eyebrow, either for Universal or any hypothetical collections agency they hired to enforce it.
I don't know, I think putting earbuds up my rectum already qualifies as causing some uncomfortable feelings.
Whaa...? The Wii has 88MB of total RAM (not including texture memory, ~3MB) in which to store and execute code+data. In fact, the Homebrew Channel (the Wii equivalent of Iphone jailbreak) listens on port 4299 for .dol/.elf binaries and executes them directly from RAM when received (great for developers). There is no need to write anything to Flash before executing.
No guarantees that the Big N 'officially' lets arbitrary developers/licensees full access to the RAM, but this capability is supported by the hardware and is being used successfully.
One of the reasons he can't find a girlfriend is because he is one of those people who USE the Drake equation
obXKCD: 191
Agreed, I wish TFA were more clear about which were actual bistable (zero-power image retention) displays. But I do know that the E-Ink (electrophoretic) and Kent (cholesteric) screens are bistable. A very interesting fact that is briefly touched on in the article is that the active material in Kent's displays is reflective in its 'lighted' state and optically clear in its 'dark' states respectively, vs. the typical reflective/absorptive states of E-Ink or mirrorbacked LCD - the 'black' you see in the off state is a black paint sprayed on the rear glass. At low refresh rates, the screens can actually become power-budget positive when this black material is replaced by a black thin-film solarcell and a dark-heavy image is displayed. There was a demo of a solar-powered e-reader at the Boston ESC a few years ago; shame that I haven't heard anything about the solar-screen possibility since.
I wonder what happened to all these "90% finished" versions - whether they were just trashed outright and lost entirely, or there are a few still kicking around in a repository somewhere. A micro-scale version of the DNF 'pattern' played out for the original D3D too (partly-finish the game, then scrap it and head in a new direction), but they actually released the partly-finished lame version because the curious D3D fanatics were clamoring for it (google for 'lameduke' if it still exists anywhere). It had about 50% chance of crashing during the demo screen, and the unfinished game bore no resemblance to the final D3D (more sci-fi, less funny, and you drank cola to refill health), but it was an interesting look at what-would-have-been. Any bets on the possibility of a 'LameDuke Forever' release(s)?
Hence disabling most functionality of the phone unless you pay extra "service fees" to access those functions. My own case: Verizon only allows applications in a token way... If I get a new phone, I have to buy the apps that I want all over again if I get them out of their store.
Not to mention tricks like disabling the menu items to copy pictures from its internal Flash to the phone's own microSD slot, and/or switch to it as the default storage device, so that if you want to use the onboard camera you paid for, you have to get the pictures off by Picture Messaging them to yourself at $1.25 a pop. There is a hack for this, but you shouldn't have to hack your phone to move data from the phone to another place *on the same phone*. If you've taken the phone apart, between those chips is a distance of less than 1cm.
I humbly suggest a new slogan for VZW: "There's A Hack For That!"
And Slashdot's ads (IIRC) are certainly nerd-oriented and can be disabled if you give them money or contribute regularly
Could just be a quirk on my end, but as a somewhat infrequent contributor, I have the "disable advertising" option while logged in, but it has to be re-set from time to time... frankly, if the ads are staying put and not making noise / dancing around the screen / giving me a seizure, I don't care enough to withdraw what little monetary support my eyeballs provide. It would be interesting if /. correlated the use of this feature to which ad was playing at the time to see whose dancing monsters are pushing users over that threshold.
My vote is for the advertisers who trap any click inside the browser window (to highlight poorly-colored text, focus the window, etc.) to spawn popups/redirects/other-nastiness, now that the entire free world is blocking onLoad/onUnload events out-of-the-box. And mouseovers. MOUSEOVERS! These dickheads are the reason I keep my speakers switched off at work (the same advertisers who think trapping mouseover events is cute also think yelling at their prospective customer is cute).
Granted, I haven't felt need to buy a new personal music gadget in the last few years, but the last one I did buy - a Creative Nomad - had a builtin decibel limit feature, enabled at 85db out of the box (it can be adjusted or disabled if needed; see many previous comments for why this might be important). With music players doing everything but wipe your butt for you these days, don't most if not all these days come with this feature already? (Or is the nanny state's beef with the fact that the feature can be turned off?...)
Google have also been getting very aggressive lately about algorithmically delisting sites that fail some minor "spam" metric or other, which, according to many of the "SEO" types discussing the subject*, may include splogged copies of your content hosted in obscure countries and *incoming* links from suspect sites. I found just how rampant this is becoming only when the algorithm decided I was a spammer too. From what I can now tell it was a simple misclassification, and at the time of this writing, the site appears to be indexed again (with throwing a couple 'NOINDEX's around on the pages that confused them), but it did give me a firsthand taste of how easily they are now throwing babies out with the bathwater, and how many other legitimate sites I may be missing out on by using Google. I've since changed away from Google for most of my search needs.
More details, for anyone who finds themselves in the same situation:
First off, the preferred method of getting a classification issue looked into by a live human seems to be knowing someone who is Facebook friends with Matt Cutts. Otherwise, try for a media frenzy (if you're suitably popular or controversial), or don't waste your time.
From what I can now tell (or rather guess), it tripped on a detailed dossier we published of a back-in-the-day malware, which included a full list of URLS and keywords that it triggered on. This being the usual popup-spawning unkillable background process, you can probably guess the kinds of sites and keywords it triggered on (or just read the 'Sections' page). Some while after the site was delisted, an automated "we're removing your site" message showed up in the Google Webmaster Tools listing a sampling of the keywords on that page and suggesting it was placed there by an exploit.
A reasonably popular site (it's been slashdotted a few times), together with one of the oldest continuously-running malware help forums in existence, silently delisted from Google for ONE FILE. Legitimate, at that.
* "SEO" = likely banned for more legitimate reasons, although OTOH, determining how Google's ranking algorithms work is their fulltime job.
Woohoo, free backups!
I think the GP was intending humor, but although power literally is heat, and electric heating is by definition 100% efficient at the socket (P=IV=I^2*R), the amount of heat you produce between the socket prongs has no correlation to what the utility charges for it. As a simple thought experiment, imagine placing a small bit of superconductor between the rails just after the meter. The heat you produce locally may be negligible (or zero for an ideal superconductor)*, but look at that sucker spin.
Enclaimer: IAAEE.
* there is still plenty of resistance in the wires between the utility and your house, so the current across your ideal superconductor will not be infinite, and there WILL be some heat generated in the transmission lines. But that's not how the power company bills for electricity...
Be thankful, those at least have some chance of having an answer to the technical problem, even if there are copies scattered all over. Outside of the "program x barfs cryptic error message y"-type queries, my results for any search containing a vaguely technical/engineering term all start with "System and method of..." I've actually started adding -patent to my queries to not have to click past the 3 pages of junk patent applications that somehow manage to claw their way to the top of the listings.