Hmm... 17 year old kid playing with Teh Radiations, building fusors, shooting at potential fissile materials with neutron beams? From what I understand of our government, it will definitely, er, take notice of him.
Why attack an airport at all? My odds - and let's pray to the deities / scientists of our choosing that it doesn't happen anytime soon - are that a future attacker will skip the hassle of trying to sneak an attack past airport security full-stop, and hit some thing with a) more people, b) packed closer together, c) with much less / zero security to get in the way. Ever been to any major US city's 4th of July fireworks show? Hundreds of thousands of people, packing sardine-dense into commuter rails, subways, buses and anything else to reach the center of the action, then packing asshole-to-elbow to watch the show. People against people as far as the eye can see. Think of the kind of damage a few "students'" backpacks worth of C-4 would do for terror there.
Not to sound too morbid or anything, but I think watching for a subsequent attack at an airport is almost a waste of time at this point.
So basically, the entire issue lives or dies according to some small linguistic / legal hack?
True story: A local artist / hackerspace group in my town has a significant contingent of folks who homebrew beer, and decided to throw an event where the folks who brewed would each bring some in to sample & share - the brewers would donate a batch, and the non-brewers who wanted to sample some would toss in a few bucks at the door to cover the venue and everything. Long story short, the lawyers told 'em they couldn't do this, because they don't have a liquor license and this would constitute selling liquor. But instead, the lawyers said, they could have the brewers donate a batch, and the non-brewers toss in a few bucks at the door - for a "one-day membership" "in a club", at which "free beer would be served", and they'd be completely in the clear.
Come to think of it, this does sound extremely similar to the Cablevision case, in which a huge amount of legal wrangling centered on which end would "initiate" the recording on the remote-hosted DVR (which already both encoded and streamed the content individually on a per-user basis, rather than the much more logical, if more questionable, encode-once-stream-on-demand approach), since this apparently would make all the difference in the world.
and once it does, you can use it to make popcorn to eat while watching the meltdown happen:-) With air, not much to do but open all the windows and mutter "oh shit" repeatedly.
It's a Canadian Girlfriend(tm) that includes evidence in the form of Facebook posts to help convince your friends, exes and old highschool acquaintances that she's real?;-)
I wonder if having a CloudGirl would hinder or help one's prospects of landing a real date. The premise reminds me of that Seinfeld episode where George carries around a picture of a random stunningly Hot Chick in his wallet as the "(ex?)-girlfriend" in order to get in with women well out of his league. IME guys who wouldn't ordinarily be given the time of day are suddenly more desirable to women once they are taken! On the other hand, being taken (including "faken") might discourage shy geeky women from showing interest, leading to some missed opportunities (and maybe game-theory complexities).
An implementation issue: where is this company getting all these live women to fulfill online fantasies of sorts, without any visible source of funding? Seems unlikely that ad views and "virtual gift" crap would generate enough income to cover all that overhead. Is there an article just like this one circulating around popular womens' sites about a new startup offering a FREE experience/roleplaying opportunity to those consistently shunned by live suitors?
There are a few specialist blacklists popping up. Here is one specifically for listing spam robots that attack the most popular forum softwares (phpBB, SMF, etc). What I would really like to see is one that lists all the latest "scrapers to detect when people say negative things about your company/product and C&D them" services. I'd sign onto that in a minute - a no-brainer security measure for yourself, your blog and your forum users.
It's worse than that... the MBAs must have paid the engineers peanuts and lit a blowtorch under their asses to ship it, because the "security" on these was laughable (the one thing they had going for them was a Funny Plug(tm) that wouldn't fit a standard USB cable); it took several revisions before the software security measures presented so much as a speed bump. How do I hack thee? Let me recount thy ways...
1) The camcorders used a 128 BYTE(!) challenge/response system to unlock the device over USB. But the first-gen units used the SAME keypair for every device! So extract the key from one, unlock them all.
2) The key could be extracted by desoldering and reading the Flash chip, or... just asking the device nicely! The challenge key and expected response were stored consecutively in memory; you would request the challenge key in 4-byte(?) chunks, and after the 32nd chunk, respond with 32 chunks of response key. But if you instead just kept requesting chunks after the 32nd, it would GIVE you the response key.
3) Eventually they fixed this. But there was still a backdoor / "default" key, leading to the very popular "battery drop" method of unlocking cams. The response key and other housekeeping data were stored in an NVRAM area (actually IIRC just a file called nvram.dat) - if the camera ever failed to boot, it assumed it was a crash due to corrupted NVRAM and replaced it with a known default copy. Letting the batteries drop out about a second after hitting the power switch would replace the response key with a "key" consisting of the imager manufacturer's name spelled backward and then forward.
Eventually (being IIRC a couple *years*) they fixed all of these. You could still do it by shorting pins on the Flash or erasing part of it via external hardware, but the easy point-and-click software hacks were shored up. There was still debate as to whether the keys were algorithmically related to one another or one-time-pad random. Until...
4) Somebody discovered PD left details (possibly code) of the keygen algorithm on their anonymous FTP server! It was pulled before I got a chance to see it;-) but it was enough information that somebody wrote a tool to bruteforce a master key of some sort, which took a few computers about a week or 2. With the master key found, hackers just updated the GUI software to generate proper response keys, prompting PD to release the "please grant us a Mulligan" letter linked by the GP.
Haha... The company I work at bought the company (that bought the company...) that used to make those! While they existed, they used to make vibration-absorbing golf clubs and bike shocks with the same guts.
It was a clever idea, at least - inside were one or more piezoceramic benders, wired through a very large inductor to a load (typically an LED to show that it was Doing Something). For the spark chasers out there, it was an LC tank circuit tuned to cancel out the main resonant mode of the "beam" (ski, club shaft), using the loaded piezo to draw mechanical energy out of the system (similar to back EMF on a heavily loaded electric motor). And it did "work"; at least in a laboratory setting, vibration was measurably dampened. Whether the difference was enough to matter in practice was debatable, though.
The big problem was that for as "active" as it was, it was completely passive - the only motion-opposing force was provided by what electricity was extracted from the motion itself (some 10s of mW per strike). Its downfall AFAICT was that a passive tuned mass damper could achieve the same result for 1/10 the cost. K2 / ACX eventually folded and was bought mostly for its equipment. Those same machines now are used make piezo energy harvesters that use vibrations to power small sensors embedded into airframes and other hard-to-reach places.
It's fun to bash Yanks and all, but are you kidding? In the US, the onus is on the plaintiff to prove a statement was defamatory, not the defendant to prove that it wasn't; also, truth is an absolute defense against a defamation claim. Not so in the UK, with England being known as "the libel capital of the world".
Also, the OP didn't say what size of meteorites (s)he is looking for. For ~99.9x% of the meteorite particles that reach Earth intact, they will be not only mapped by a magnet-bearing sensor, but automatically collected:-)
Is this in any way to the "please-don't-track-me" header or optout-cookie proposals being volleyed around by gov/browser folks and the IAB, respectively? Have they worked out how they actually plan to enforce this business and keep everybody honest?
So.. do you remember when you were a kid, on Halloween, somebody would put out a big bucket of candy and a "please take only one" sign? Do you remember how well that worked? Well, now those kids are all grown up and working at internet advertising companies:-) And lemme tell ya, the chocolate bars there are a lot bigger, tastier, and... greener.
<devil's advocate> It's not as simple as that. Some 70% of commercial 3rd-party sites now include some kind of Google-hosted advertising (including recently-acquired Doubleclick).
Not to shit on your point too much (civilians intercepting your -encrypted- cellphone chat still tickles 'wiretapping' laws in most states), but since when does the protocol have anything to do with whether or not your communications can be heard by the general public? If you stand on your rooftop and yell "Hey Bob! Blah blah blah", do people not named Bob hear nothing?
"Pandering to whatever voters currently want"... Er, isn't that supposed to be their job? (Some might disagree on how well they are doing it, of course...)
Worse, if you login from an unfamiliar place, Facebook often subjects you to a rather lengthy quiz to prove that you are the accountholder, asking you to identify friends in photos (based on other users' tags.) Get more than 2 or so 'wrong', and your account gets locked out.
And even when the owner of the accidentally-a-real-number is cool with it. There was some movie that caused an uproar with parents and nanny-state groups with a gag-line like "What's her number, 1-800-SPANK-ME?", which turned out (if not before the movie released, shortly thereafter) to be a real phone-sex number.
Those were both antitrust actions against highly dominant companies abusing their monopoly status via certain arrangements, not illegality of those arrangements per se. If a bit player like Transmeta struck the same deal, the FTC would not have flinched. Similar deals are struck all the time - a good example is the exclusive arrangements between restaurant chains and soft drink companies (ever wonder why most fastfood chains serve Coke products or Pepsi products, but never both?)
A minor clarification; this behavior does not necessarily mean a system is "low end", only that it is standards-compliant:) Per the USB spec, a USB device may not exceed 1 unit load (100mA) from the port prior to enumeration; after this it can request up to 500mA. In general the BIOS provides enough USB support to get legacy HID devices like keyboard operable, not handle power and bandwidth negotiations, etc.
How well devices obey this limitation is another matter.
Ironically, it's the low-end systems that forgo per-port current control and simply drop a 1-2A polyfuse inline with +5V, letting the device draw as much as it likes at any time.
True. On-die, per-core power management tightly integrated with what the CPU is actually doing is certainly a Good Thing (disclaimer: I design ultralow power / energy harvesting systems, so I'm biased;-) , but you're right that here's really nothing 'new' here. Dynamic voltage scaling (many chips may safely derate voltage with lower operating frequency, and let the voltage sag much lower if they only need to retain memory contents) at the per-core or even on-chip-module level is already becoming a fad, and any CPU/MCU worth its salt already gates the clock or actively cuts power to modules not in use. To be fair, the article mentions that DVS and cutting power to subsystems is already common, and that the real difference is in tracking CPU demand to within some nanoseconds. Per-core vs. per-chip voltage control is a purely academic distinction these days, when even single-core chips take two or three separate / scalable voltages for different on-chip modules.
There is another option: for the button maker to call their bluff and sue for declaratory judgment that the use is non-infringing. Unfortunately, since I assume this is but one of many buttons they are selling, and probably not huge quantities at that, even the plane ticket to whatever venue this was litigated in would exceed the revenue from this specific button. It would be purely a moral victory, if that.
Well, to me, this button is in no way an effective criticism of Tolkien, but is instead a blatant attempt to trade on the value of Tolkien's name (and that of Evangelion) in order to achieve market value.
In the same way that Consumer Reports trades on the value of the products it reviews? If those products didn't exist and were never marketed, nobody would buy Consumer Reports.
Slashdot Mirror
Hmm... 17 year old kid playing with Teh Radiations, building fusors, shooting at potential fissile materials with neutron beams? From what I understand of our government, it will definitely, er, take notice of him.
Why not? It can even be used as a preposition, for fuck's sake. "Bob was mortified when he came home to find his wife sitting afuck the mailman."
Why attack an airport at all? My odds - and let's pray to the deities / scientists of our choosing that it doesn't happen anytime soon - are that a future attacker will skip the hassle of trying to sneak an attack past airport security full-stop, and hit some thing with a) more people, b) packed closer together, c) with much less / zero security to get in the way. Ever been to any major US city's 4th of July fireworks show? Hundreds of thousands of people, packing sardine-dense into commuter rails, subways, buses and anything else to reach the center of the action, then packing asshole-to-elbow to watch the show. People against people as far as the eye can see. Think of the kind of damage a few "students'" backpacks worth of C-4 would do for terror there.
Not to sound too morbid or anything, but I think watching for a subsequent attack at an airport is almost a waste of time at this point.
So basically, the entire issue lives or dies according to some small linguistic / legal hack?
True story: A local artist / hackerspace group in my town has a significant contingent of folks who homebrew beer, and decided to throw an event where the folks who brewed would each bring some in to sample & share - the brewers would donate a batch, and the non-brewers who wanted to sample some would toss in a few bucks at the door to cover the venue and everything. Long story short, the lawyers told 'em they couldn't do this, because they don't have a liquor license and this would constitute selling liquor. But instead, the lawyers said, they could have the brewers donate a batch, and the non-brewers toss in a few bucks at the door - for a "one-day membership" "in a club", at which "free beer would be served", and they'd be completely in the clear.
Come to think of it, this does sound extremely similar to the Cablevision case, in which a huge amount of legal wrangling centered on which end would "initiate" the recording on the remote-hosted DVR (which already both encoded and streamed the content individually on a per-user basis, rather than the much more logical, if more questionable, encode-once-stream-on-demand approach), since this apparently would make all the difference in the world.
and once it does, you can use it to make popcorn to eat while watching the meltdown happen :-) With air, not much to do but open all the windows and mutter "oh shit" repeatedly.
It's a Canadian Girlfriend(tm) that includes evidence in the form of Facebook posts to help convince your friends, exes and old highschool acquaintances that she's real? ;-)
I wonder if having a CloudGirl would hinder or help one's prospects of landing a real date. The premise reminds me of that Seinfeld episode where George carries around a picture of a random stunningly Hot Chick in his wallet as the "(ex?)-girlfriend" in order to get in with women well out of his league. IME guys who wouldn't ordinarily be given the time of day are suddenly more desirable to women once they are taken! On the other hand, being taken (including "faken") might discourage shy geeky women from showing interest, leading to some missed opportunities (and maybe game-theory complexities).
An implementation issue: where is this company getting all these live women to fulfill online fantasies of sorts, without any visible source of funding? Seems unlikely that ad views and "virtual gift" crap would generate enough income to cover all that overhead. Is there an article just like this one circulating around popular womens' sites about a new startup offering a FREE experience/roleplaying opportunity to those consistently shunned by live suitors?
If you can name it, Slashdong probably has it. It's like Rule 34 for your USB ports, and usually open-source at that :-)
There are a few specialist blacklists popping up. Here is one specifically for listing spam robots that attack the most popular forum softwares (phpBB, SMF, etc). What I would really like to see is one that lists all the latest "scrapers to detect when people say negative things about your company/product and C&D them" services. I'd sign onto that in a minute - a no-brainer security measure for yourself, your blog and your forum users.
It's worse than that... the MBAs must have paid the engineers peanuts and lit a blowtorch under their asses to ship it, because the "security" on these was laughable (the one thing they had going for them was a Funny Plug(tm) that wouldn't fit a standard USB cable); it took several revisions before the software security measures presented so much as a speed bump. How do I hack thee? Let me recount thy ways...
1) The camcorders used a 128 BYTE(!) challenge/response system to unlock the device over USB. But the first-gen units used the SAME keypair for every device! So extract the key from one, unlock them all.
2) The key could be extracted by desoldering and reading the Flash chip, or... just asking the device nicely! The challenge key and expected response were stored consecutively in memory; you would request the challenge key in 4-byte(?) chunks, and after the 32nd chunk, respond with 32 chunks of response key. But if you instead just kept requesting chunks after the 32nd, it would GIVE you the response key.
3) Eventually they fixed this. But there was still a backdoor / "default" key, leading to the very popular "battery drop" method of unlocking cams. The response key and other housekeeping data were stored in an NVRAM area (actually IIRC just a file called nvram.dat) - if the camera ever failed to boot, it assumed it was a crash due to corrupted NVRAM and replaced it with a known default copy. Letting the batteries drop out about a second after hitting the power switch would replace the response key with a "key" consisting of the imager manufacturer's name spelled backward and then forward.
Eventually (being IIRC a couple *years*) they fixed all of these. You could still do it by shorting pins on the Flash or erasing part of it via external hardware, but the easy point-and-click software hacks were shored up. There was still debate as to whether the keys were algorithmically related to one another or one-time-pad random. Until...
4) Somebody discovered PD left details (possibly code) of the keygen algorithm on their anonymous FTP server! It was pulled before I got a chance to see it ;-) but it was enough information that somebody wrote a tool to bruteforce a master key of some sort, which took a few computers about a week or 2. With the master key found, hackers just updated the GUI software to generate proper response keys, prompting PD to release the "please grant us a Mulligan" letter linked by the GP.
Haha... The company I work at bought the company (that bought the company...) that used to make those! While they existed, they used to make vibration-absorbing golf clubs and bike shocks with the same guts.
It was a clever idea, at least - inside were one or more piezoceramic benders, wired through a very large inductor to a load (typically an LED to show that it was Doing Something). For the spark chasers out there, it was an LC tank circuit tuned to cancel out the main resonant mode of the "beam" (ski, club shaft), using the loaded piezo to draw mechanical energy out of the system (similar to back EMF on a heavily loaded electric motor). And it did "work"; at least in a laboratory setting, vibration was measurably dampened. Whether the difference was enough to matter in practice was debatable, though.
The big problem was that for as "active" as it was, it was completely passive - the only motion-opposing force was provided by what electricity was extracted from the motion itself (some 10s of mW per strike). Its downfall AFAICT was that a passive tuned mass damper could achieve the same result for 1/10 the cost. K2 / ACX eventually folded and was bought mostly for its equipment. Those same machines now are used make piezo energy harvesters that use vibrations to power small sensors embedded into airframes and other hard-to-reach places.
It's fun to bash Yanks and all, but are you kidding? In the US, the onus is on the plaintiff to prove a statement was defamatory, not the defendant to prove that it wasn't; also, truth is an absolute defense against a defamation claim. Not so in the UK, with England being known as "the libel capital of the world".
Also, the OP didn't say what size of meteorites (s)he is looking for. For ~99.9x% of the meteorite particles that reach Earth intact, they will be not only mapped by a magnet-bearing sensor, but automatically collected :-)
Is this in any way to the "please-don't-track-me" header or optout-cookie proposals being volleyed around by gov/browser folks and the IAB, respectively? Have they worked out how they actually plan to enforce this business and keep everybody honest?
So.. do you remember when you were a kid, on Halloween, somebody would put out a big bucket of candy and a "please take only one" sign? Do you remember how well that worked? Well, now those kids are all grown up and working at internet advertising companies :-) And lemme tell ya, the chocolate bars there are a lot bigger, tastier, and... greener.
<devil's advocate> It's not as simple as that. Some 70% of commercial 3rd-party sites now include some kind of Google-hosted advertising (including recently-acquired Doubleclick).
Not to shit on your point too much (civilians intercepting your -encrypted- cellphone chat still tickles 'wiretapping' laws in most states), but since when does the protocol have anything to do with whether or not your communications can be heard by the general public? If you stand on your rooftop and yell "Hey Bob! Blah blah blah", do people not named Bob hear nothing?
"Pandering to whatever voters currently want"... Er, isn't that supposed to be their job?
(Some might disagree on how well they are doing it, of course...)
Worse, if you login from an unfamiliar place, Facebook often subjects you to a rather lengthy quiz to prove that you are the accountholder, asking you to identify friends in photos (based on other users' tags.) Get more than 2 or so 'wrong', and your account gets locked out.
And even when the owner of the accidentally-a-real-number is cool with it. There was some movie that caused an uproar with parents and nanny-state groups with a gag-line like "What's her number, 1-800-SPANK-ME?", which turned out (if not before the movie released, shortly thereafter) to be a real phone-sex number.
Those were both antitrust actions against highly dominant companies abusing their monopoly status via certain arrangements, not illegality of those arrangements per se. If a bit player like Transmeta struck the same deal, the FTC would not have flinched. Similar deals are struck all the time - a good example is the exclusive arrangements between restaurant chains and soft drink companies (ever wonder why most fastfood chains serve Coke products or Pepsi products, but never both?)
A minor clarification; this behavior does not necessarily mean a system is "low end", only that it is standards-compliant :) Per the USB spec, a USB device may not exceed 1 unit load (100mA) from the port prior to enumeration; after this it can request up to 500mA. In general the BIOS provides enough USB support to get legacy HID devices like keyboard operable, not handle power and bandwidth negotiations, etc.
How well devices obey this limitation is another matter.
Ironically, it's the low-end systems that forgo per-port current control and simply drop a 1-2A polyfuse inline with +5V, letting the device draw as much as it likes at any time.
True. On-die, per-core power management tightly integrated with what the CPU is actually doing is certainly a Good Thing (disclaimer: I design ultralow power / energy harvesting systems, so I'm biased ;-) , but you're right that here's really nothing 'new' here. Dynamic voltage scaling (many chips may safely derate voltage with lower operating frequency, and let the voltage sag much lower if they only need to retain memory contents) at the per-core or even on-chip-module level is already becoming a fad, and any CPU/MCU worth its salt already gates the clock or actively cuts power to modules not in use. To be fair, the article mentions that DVS and cutting power to subsystems is already common, and that the real difference is in tracking CPU demand to within some nanoseconds. Per-core vs. per-chip voltage control is a purely academic distinction these days, when even single-core chips take two or three separate / scalable voltages for different on-chip modules.
There is another option: for the button maker to call their bluff and sue for declaratory judgment that the use is non-infringing. Unfortunately, since I assume this is but one of many buttons they are selling, and probably not huge quantities at that, even the plane ticket to whatever venue this was litigated in would exceed the revenue from this specific button. It would be purely a moral victory, if that.
Well, to me, this button is in no way an effective criticism of Tolkien, but is instead a blatant attempt to trade on the value of Tolkien's name (and that of Evangelion) in order to achieve market value.
In the same way that Consumer Reports trades on the value of the products it reviews? If those products didn't exist and were never marketed, nobody would buy Consumer Reports.
http://en.wikipedia.org/wiki/Nominative_use
But that's not got *much* Tolkien in it...