2010 seems to be crippleware, although I suspect it is unintentional. 2008 is fine.
Audacity officially uses 2008 still, because it won't build on 2010. But it does reference bugs (just the word bugs so I'm not sure which ones).
The wikipedia article is pretty good for listing the differences. Definitely crippleware in your sense of the word, but entirely functional. Most of the features are not used in daily life.
You lose your phone, and the hacker won't know which of the 70 billion fingers in the world unlocks the phone, so that's another layer of security.
Even if it's 20 people in a room, that's a big unknown. A phone on the subway in New York is going to be a lost cause.
It's not effective against someone who has access to both your phone and your fingerprints. But it is better than nothing for some cases, and faster than a pin.
Just checked my phone - without any special preparation it has no fingerprints on it (checked with tape too, not just visibly). Some phones might have fingerprints, but it's not guaranteed. In a purse or pocket, it's more likely to get smudged.
You're saying that Microsoft considered the number of people who would buy an XBone first, manage to hook it up by hunting around behind the tv, then purchase another console, and decide not to hunt around behind the tv, find the lag annoying but not too annoying to search online for answers, and as a result spend less time online with the competition, will bring in more money than whatever it would take to optimize the pass-through.
That they balanced the choice of fixing or not fixing, and it was these few people who swayed the decision.
It's more likely that a fundamental re-design would be needed, and that tiny number of people wasn't enough to make it worthwhile.
This explains why Apple would sign charging cables. Just search for "apple charging cables fire" for more. They cut the price and have a trade-in program to try to get rid of all of the counterfeits. Signing alone might have been suspicious, but there are pretty good reasons, like not setting your customers on fire.
You should feel badly about what you wrote. Not "death in the family" bad, but maybe "farted in the elevator with that dude or chick I was going to chat up and it smelled like burnt sick" bad, or "I thought your puppy was a rat so I kicked it to death but it survived and your vet bills are going to be ridiculous" bad.
analyzing anonymous cell phone tracking data, 95% of 1.5 million individuals could be identified.
I'm not sure you conveyed this accurately. Given 4 measurements, you can match it up to a specific anonymized data set. You have to have the data set first. Given 4 tweets with geo-tagged images, your phone company could de-anonymize your twitter account. I don't see anywhere in the research that they were able to identify an individual by name. They were able to identify that the data belonged to an individual in their data set. Did I miss something?
The researchers randomly selected a representative sampling from the set of 1.5 million cellphone traces and, for each trace, began choosing points at random. For 95 percent of the traces, just four randomly selected points was enough to distinguish them from all other traces in the database.
The Netflix data was de-anonymized because people volunteered the same ratings data to IMDB, under accounts attached to their real name. That's just simple correlation math - and the biggest point is that the users themselves put the same data out un-anonymously. De-anonymizing non-anonymous data is pretty insignificant.
The pregnancy thing was no different from being in a small town where everyone knows everyone, and you suddenly start buying different things. The clerk will know something is up, pay attention, and eventually guess your secret. We just don't think it's the same because we see different people.
I write these words to highlight this: The threat to privacy is the people that *have* your data, because they can't correlate anonymized data to your identity without having both the identity and some data to be correlated.
Companies and government won't stop it, so you have to either not give away your information, or pollute it. Switch shopping lists with your friends, or pay your buddy cash while she pays with her card. The data will remain anonymous, and you will retain your privacy.
The dongle hack was information about the SecurID token, which does not use the same PRNG. Of course this information is probably from RSA itself since it is sourced anonymously. The SecurID hack was apparently a phishing e-mail exploiting CVE-2011-0609 according to f-secure, so not specifically an RSA failure.
In other words, not the same crypto in question. Your scenario is probably more like 2 steps:
1) 2006 papers suggest Dual_EC_DRNG is predictable 2) China decrypts everything created by BSAFE Toolkits or DPM
Unlikely that defense contractors and financial institutions are protected by BSAFE or DPM.
Your comment was "Anonymous identifier. Let's just say that repeatedly until the problem sinks into all of our brains."
The moment you log in to FaceBook or Google+ with your real name, it ceases to be an anonymous identifier to FaceBook or Google. I get that. And data mining can take an online identity and find a real person. But it has to be a combination of personal information that you volunteer plus that ID to stop being anonymous.
I still argue that anonymous identifier, by itself, is not the problem. Data mining is good enough now that it will just make resolution easier - not markedly more successful. It won't magically make people able to find out my name. I will be identified by a number, not a name, making it by definition anonymous. I have friends whose name will be associated from day 1, but that is a function of their behavior, not the identifier.
I am a statistical outlier, true. Your average facebook user will be identified and associated with the number. But they are already associated with different numbers, so the identifier has no effect. This is really no different from just never deleting cookies, which is what most people do, so again - no impact.
There are databases filled with all kinds of information that can be tied together without your help or knowledge. That is the problem, not the anonymous identifier.
There are two separate points here - one, that RSA did not change the default, and two, that it was at the direction of the NSA. My objection is to the second. Maybe I am misreading, but you are taking the given, that the default was not changed, to mean that it therefore must have been at the request of some government agency. It is a simple and compelling argument to make, but it doesn't stand up given what I understand.
"RSA shills" are simply pointing out what RSA claimed. I have not seen anything solid to refute that other than finger pointing and name calling. The best takedown I have read basically says "Yes, but the other algorithms do too, so it doesn't make sense why you chose one over the other."
And I have not seen a really firm explanation of how this is truly insecure until recently. I have read a lot of the news, but few people go beyond "we knew it in 2006". I see a paper from Berry Schoenmakers and Andrey Sidorenko that attacks a claim, but does not substantially prove insecurity. Distinguishable from absolute randomness doesn't mean insecure - predictable output determines if a PRNG is insecure.
The most concrete statement on predictability in that paper I could find was:
An independent work is done by Gjsteen [4] who shows that there exists an algorithm that predicts the next bit of the DEC PRG with advantage 0.0011. The work by Gjsteen is based on similar ideas to those proposed in this paper.
That's not a huge advantage.
In 2007 Shumow and Ferguson said that if you knew some secret numbers, you could predict the next value after only 32 bytes (256 bits). But no way to determine those numbers, meaning that only the people who chose the numbers, if they exist, would be able to attack the PRNG. And discovering the numbers would be a cryptographically hard problem to solve by itself. At the time, it was not obvious that one should distrust the NSA/NIST who would be the only ones to have those numbers, since NSA was helping encryption get better. If they knew the numbers and weren't telling anyone, no harm done at the time, given the purpose of the product.
The big results in the 2006 paper were predictability after some number of bits, and since the RSA statements mention re-seeding, I can't conclude that the RSA implementation is subject to that prediction attack.
If you want to stop the RSA shills, we need to find out if RSA used a mitigation strategy or not. If no, the entire company should be wiped off the map. If yes, that would put a great big hole in the "RSA was forced to use it" argument. Until we know that, I'm not taking a side, and I will continue to preach caution on such sweeping conclusions.
The default can be changed, and a simple advisory to customers really should have been issued to do so, but given the lack of a definitive attack I don't see the necessity. It's obvious now, and they are doing exactly that, but it was not obvious.
And knowing how business operates, I'm not at all surprised that the cryptographers in the back were not updating the user manual to change the recommendations. This kind of institutional inertia is exactly why no one should be trusting business unquestioningly in the first place. 2006 is coincidentally when it was sold to EMC, which is a sure sign that products would be sold as-is with no one scrutinizing new advances to understand the implications to products that are making money. That's certainly no defense of RSA for the people who relied on its products, but I'm just not seeing the data to make a condemnation. In fact, that supports my understanding that it was corporate ineptitude rather than NSA interference.
When we answer the mitigation question, if it turns out "no mitigations", every purchase should be refunded. There would be no question at that point that RSA failed to update its products, and sold a known insecure product as a security solution. But we still would not have anything that indicates w
JavaScript may be involved, but controlling and tracking separate ID values for normal vs. private browsing, and control by browser settings says it's baked in to the browser somehow. Disabling JavaScript alone will not get rid of this ad ID, based on the person's description. They want a solution that will work if cookies are disabled, and falling back on JavaScript will not solve that problem.
HTML5 and persistent storage might work. And it could be done greasemonkey style in JavaScript. But the description leads me to believe some portion is baked in. Implemented poorly, disabling JS will give you a new ID every time you open the browser, and some people leave it open for weeks without closing the last tab.
But given all of the reaching out to industry and partners, it won't be a simple script that can be discovered and turned off as a side effect of disabling JS. They would have done that already, if that's all it were.
Human interaction is one of the main reasons people go to bars.
Yes, but standing behind a wall of people and trying to get the bartender's attention means I spend less time interacting. The good old fashioned hand raise, like hailing a cab, or waving money, or holding up numbers, does not work in a busy bar.
If you have ever had to fight for a beer, you would realize the advantages of keeping the human element out of this transaction, so I could get back to the people I actually want to interact with.
For a slow bar, or someone with depression or who otherwise wants a captive audience, human interaction is not going to be replaced. Alcohol sales would plummet, and the robot would be sold for scrap.
In a busy place where you can't even hear each other, a human bartender is a waste of space. An iPad every 3 feet where you can select your beverage and a human could deliver it would be an improvement. A robot that can alert a bartender that someone is ready to order, and has been waiting for two minutes, would be an improvement. Anything that allows quicker acquisition of alcohol makes customers and owners happy. You revealed more about your own perception and/or experience with bartenders than insight on how the world really works with that post.
McDonald's knows that if someone is standing in line, they want to order or otherwise ask for something. Solving that problem with a robot is a no-brainer. Pretty much the definition of a bar is a lot of people standing around who don't immediately want to order. That's a harder problem to solve, and has implications way beyond bartending. This is a win for computer vision in general, and orders of magnitude past fast food service.
Oh you mean that banned document that you can't hand out on some university campuses anymore?
There is a HUGE world of difference between banning distribution of the Constitution, and small-minded bureaucrats enforcing stupidly designed policies.
There is nothing even suggesting that the Constitution was singled out, or even a consideration of what was being distributed in that case.
I appreciate the link, and rhodium_mir for asking, but if that is the basis for Mashiki's comment, then Mashiki is an idiot. Probably not a troll, but there is no moderation for "spews incoherent nonsense on the internet."
Information gets stored according to what you know, so this isn't surprising. The extent of the over-generalization, however, is astonishing, and I am embarrassed to be in the same species.
Have you been watching too much television? The NSA is signals intelligence. They are tasked with "go find anything interesting, and let me know if you find something interesting."
The NSA is not following orders, because they don't know what they are looking for, or where. No one is telling the NSA to log this or look there, because no one knows what is important.
That's the entire reason behind the "log everything" strategy. That is the NSA solution to "go find anything". Look at everything, log everything, throw it away once you recognize it is useless (or illegal).
So just what is it exactly that makes you say the CIA is directing things? If you are asked to be the signals intelligence arm of a large government, without CIA direction, wouldn't the logical conclusion be exactly what the NSA is doing right now?
No. The entire purpose of RSA is providing security. And plenty of their products do not use this PRNG. If they allow themselves to be tainted, their entire business goes poof and lawsuits ensue.
Go read up a little more and see if you still think the same thing. I won't even provide links - if you trust CNN, google "RSA Dual_EC_DRNG site:cnn.com" - or choose your own news source. Ars Technica, Fox News, I don't care where. Just go read, and then come back.
The reason they chose this method is that elliptical curve was in vogue at the time, and hash-based cryptography was coming under attack, like MD5. Especially, this method is a lot slower. Slower to make hopefully meant slower to break.
This is all on the record, and makes a lot more sense than RSA intentionally breaking security. I have not been convinced, and you're going to have to refute the hash-based attacks, EC being popular, the speed advantage, and the timing of the decisions in order to refute RSA's defense.
And it is actively telling people not to use it. Sure blame that one on ass-covering. If they were forced, this would be a half-assed attempt, or they would continue to defend it as "not entirely broken" or "no known attacks".
You're jaded, we get that. But you can't leap to conclusions that otherwise don't make sense just because you are jaded. You have to have something to fall back on.
I don't actually have a problem with advertising in general.. it just seems to really suck.
If it sucked, or weren't effective, or gathered no sales, or just in general didn't work, it would not be a billions of dollars industry. You are probably not one of the common sheeple who follow predictable patterns. You don't fit the model, so they fall back on the potato peeler you bought.
I have several plugins to discourage tracking, and I get the most ridiculous nonsense, for the lowest common denominator. "Want sex? Find women in [city that's kinda close] now."
For the kind of people who click on stuff, get viruses, and then STILL CLICK ON STUFF, advertising is effective. And the more effective it is, the more information they have and the more effective it is. It works best on the type of people it is designed to work best on. Rather redundant, but if you thought advertising was effective you probably would find that description insightful.
They don't know who you are. They can put together a pretty good picture, but they don't have a name, address, phone number, or photo of you.
Not sure what your point is here. You are going to be tracked, and what you like and/or do will be revealed. Just like today.
They will be able to say that user 6865 dislikes Republicans, owns several Playstation products, lives in America, and has been posting on slashdot for 15 years. Demonstrates slight paranoid tendencies and distrust of authority. Between 35 and 37 years old, and has communicated frequently with Japanese sararimen.
I still don't know your name, but I know your number. I know a lot of other things, just from your postings on one website. I also know that you really want to yell at me right now about one of those details above.
Until you give me your name, I will never know you if I meet you in person, and you therefore remain anonymous. Unless you are the exception to John Gabriel's Greater Internet Fuckwad Theory. You have to admit, you do come off as abrasive sometimes...
Google has not made the proposal public â" although the company plans to reach out to industry participants, government bodies and consumer groups in coming weeks and months...... the new tool will give users the ability to limit ad tracking through browser settings......The AdID may be automatically reset by the browser every year, and users will be able to create a secondary AdID for online browsing sessions they want to keep particularly private, the person explained.
It's pretty clear to me this is going to be implemented client-side in the browser, just based on the limited information available. Just like Windows Media Player's "send unique player id to content providers" option.
Firefox (funded largely by by Google) and Chrome are slightly under 40% market share, and Chrome is increasing.
All you need is Microsoft on board, or the advertising industry. They won't get the ad industry, so they need Microsoft. Or a plugin for IE that pops up an installer bubble when you use google search, gmail, or youtube. And I'm pretty sure Microsoft is on board, given their media player thing.
I expect an additional header in the HTTP request. I also expect an uptick in the number of people using a customized FireFox or Chromium that does not send this, or better yet sends a random number (leave the PRNG jokes and asides out of this, that's not the topic).
You don't agree, so you redefine the words. That's not how this works.
As a retiree, it certainly would be in my best interests to sell out my remaining patent years and let someone else do the licensing and, if violated, enforcements. That sounds like a reasonable use of my time, so I can relax or invent something else.
They get a share of royalties (and if it comes to one a part of the lawsuit settlement) in exchange for doing work I would rather not do. Taken to an extreme, I could cash out and let them do all the enforcing. If I'm still producing, and they are enforcing, that seems fair?
Then I die, and no one is producing. The NPE does not have a production line, and/or does not feel like getting into manufacturing. But has a year left on the patent that it bought.
On one side, it is a patent troll. On the other side, it purchased for a flat fee the remainder of the patent protection. Should it give up its rights, which it legally owns, because I died?
This is one of those situations where your answer will depend on how you already feel, and if you feel strongly you won't understand the other side's answer at all.
What if I have a yearly license fee, and died, so the NPE doesn't have to pay this year's fee, but does get the protection. Is that just stupid negotiation on my part? Is the NPE more of a patent troll than if it outright paid in advance?
What if my son picks up where I left off, after spending 6 months arranging his life so he could get the last 6 months out of my patent. Was the NPE a patent troll for 6 months until my son started producing?
And perhaps Zeno and the Eleatics who maintained that "Space and time can be neither continuous nor discrete...."
Achilles and the tortoise relies on space being discrete. It is essentially a calculus problem in the form of "the limit of distance as time approaches zero". If speed is rate over time, at some point the rate becomes incalculable due to division by zero. Solving introductory calculus problems removes this division by zero and you get an answer - two straight lines which cross. The failure here is implying that time is continuous, when it reaches infinitely small values and eventually zero.
Dichotomy paradox is basically the same thing, the limit as time approaches zero. Time gets cut in half when distance does, turning a straight line into a logarithm with one non-constant axis.
Arrow paradox is based on a misunderstanding of intertia, or moment. Stopping time for the durationless instance does not remove momentum - in fact it is impossible and only a thought experiment.
I didn't dig further - Wikipedia fouled up the others by quoting Aristotle's dissection rather than Zeno. I find one source for your quote - Jethro from sciforums - who lists these as 4 statements that, taken together, cannot be simultaneously true. (or two pairs, it's not clear)
If each is flawed, then there is no paradox. Zeno was brilliant for his time, and thought provoking, but it is pure philosophy and holds no water outside of that branch.
My nine dimensional computer is in the shop - sorry, it's all on me. My bad.
To convey the direction of a food source, the bee varies the angle the waggling run makes with an imaginary line running straight up and down. One of Von Frischâ(TM)s most amazing discoveries involves this angle. If you draw a line connecting the beehive and the food source, and another line connecting the hive and the spot on the horizon just beneath the sun, the angle formed by the two lines is the same as the angle of the waggling run to the imaginary vertical line. The bees, it appears, are able to triangulate as well as a civil engineer... The shape or geometry of the dance changes as the distance to the food source changes, Shipman explains. Move a pollen source closer to the hive and the coffee-bean shape of the waggle dance splits down the middle. Move the food source closer than some critical distance and the dance changes dramatically: the bee stops doing the waggle dance and switches into the round dance. It runs in a small circle, reversing and going in the opposite direction after one or two turns or sometimes after only half a turn.
One day Shipman was busy projecting the six-dimensional residents of the flag manifold onto two dimensions. The particular technique she was using involved first making a two-dimensional outline of the six dimensions of the flag manifold. This is not as strange as it may sound. When you draw a circle, you are in effect making a two-dimensional outline of a three- dimensional sphere. As it turns out, if you make a two-dimensional outline of the six-dimensional flag manifold, you wind up with a hexagon. The beeâ(TM)s honeycomb, of course, is also made up of hexagons, but that is purely coincidental. However, Shipman soon discovered a more explicit connection. She found a group of objects in the flag manifold that, when projected onto a two-dimensional hexagon, formed curves that reminded her of the beeâ(TM)s recruitment dance. The more she explored the flag manifold, the more curves she found that precisely matched the ones in the recruitment dance. I wasnâ(TM)t looking for a connection between bees and the flag manifold, she says. I was just doing my research. The curves were nothing special in themselves, except that the dance patterns kept emerging.
Holy shitcock monkey balls fuck! When I looked at it in 6 dimensions instead of 9, it made sense to me! It's almost like... like people can know things somehow that I don't! Like there is a whole other source of information for these people!
Again I say, WTF are you on about? Your entire most makes no sense to me.
Allow me to explain. We believe things because they are in books, and because we have been told that is the truth. When we go outside of those beliefs, we get taken to task and reminded of what the true Word is.
That explains both science and religion. After all, you can't reproduce every experiment ever, so you have to take some things on faith. And breaking new ground requires justification before going away from canon. With science, you can do an experiment multiple times, with different results, and find nothing. We expect to revise your hypothesis, or methods, and try again.
With religion, you do the same goddamned thing over again and pray it turns out differently. Of course, the "conclusions" section of a paper never says "it would have worked except that one member of our team just didn't believe hard enough." So, apart from expectations, religion and science are hardly different taken fundamentally.
s.petry does make the point that a model that simplifies things greatly doesn't mean the universe reflects that model. After all, we have a model of a geocentric solar system. It is quite the, as a programmer would say, "hack", but it works. And it's clear that most of us agree on that point at least.
But it does give us a new way to explore the same old story - like getting the King James Earl Jones Bible On Tape. The story of the universe that has been with us for 6500 years (+/- 13.7 billion)
And how does the school district get the student account information?
With $40K and a geo-tag, I could screen-scrape enough facebook and twitter to identify 90 percent of the students who are at any given school (who use social media) given:
1) Any seed account , even the principal or superintendant, or someone else at that school 2) A list of student names - and it gets easier with ages 3) Students often post unfiltered information publically, including the names of their sports teams 4) Students are often not even aware that there is an option to mark things private, or that postings are visible to anyone but their friends 5) Friend or follow lists will be highly correlated with school population, meaning I can spider from every new account 6) A specially crafted mascot account for each school can be used, to friend or follow students susceptible to joining things they don't understand 7) A list of trigger words that flag comments for review by a person 8) A social sciences college student who needs money enough to read the postings of 13 to 18 year olds that have been flagged to see if it should go on a report 9) Another college student interested in sociology or psychology willing to vet and approve the automated matches, and look for more that software missed
Oh man, it goes on. It's quite simple, really, and I for one wish I had thought of offering such a service. The kids don't have to volunteer one bit of information directly to the monitoring company - they will volunteer it all indirectly, unknowingly, and will be very surprised when the school calls mom and dad.
I'd still have most of that $40K, and with a story like this I just upped my client list by an order of magnitude, parental outrage be damned.
I think everyone kinda knows and expects this because:
As outlined in Turing's Test, the Loebner Prize and Chatterbots there is a gold medal and a $100,000 prize offered by Hugh Loebner for the first computer to pass the Turing Test and be indistinguishable from a human in a conversation conducted using a keyboard. However, no-one expects this to be awarded any time soon and meanwhile the top prize for the annual competition is $4,000 and a bronze medal.
First place isn't even an option. I was wondering why we care who the third place entry was, when it turns out that's the only winner.
they go on an ultra ban on everything because they can't put the ipad on the top shelf... as a conclusion I bet the guy didn't like friendly messages the wife was getting on facebook and wanted to do something ultra hipstery to fix that(being too stupid to understand that every woman with a picture gets friend requests from jafars, kinda like nigerian letters)....
You're not even a person. You apparently have no concept that people might have opinions different from yours, and that if they do they are obviously based on non-sensical reasoning. Because to you, the reasoning actually does not make sense.
The kids were overly preoccupied with tech, and the parents decided to take an 8 month break to reset their parenting skills. That makes sense to me. There were probably discussions about what they did as children, and lots more things that weren't in the article at all that went into this decision.
I'm pretty sure the husband didn't just go all President Madagascar on his wife and say "Fuck this, shut down everything, and call the newspapers so that gl4ss can point out how retarded we are because otherwise we would have no idea about how making sudden, sweeping decisions might affect us," and then the wife said "You're right, besides my facebook account is starting to smell like curry." Actually, I'm not just pretty sure, I'm damned certain that didn't happen.
heck the kids won't even remember this experiment by the time they're 7 and 10.
That's probably a good thing. Hopefully the parents do, and agree that they made the right decision.
Certainly kids spend more time on the internet talking and playing games with their friends than they did running around in the yard with them in 1986, but it's still time interacting with friends, and less time for mom and dad to drive the kids around.
While I agree that playing video games is still playing video games no matter the technology, you completely missed this:
They're doing it because their kids – Trey, 5, and Denton, 2 – wouldn't look up from their parents' iPhones and iPads long enough to kick a ball around the backyard.
That is substantially different. It is not time interacting with friends. Do you think a 2 year old is engaged on social media sites liking their neighboring 2 year old's diaper-related instagrams? Or that a 5 year old is meaningfully using Skype to tell pee pee jokes? This is not behavior that will get these kids properly socialized. On the argument that they need exposure to technology to fit in, that may be true but this is way over the line of normal development behavior of a social animal.
I think it's a serious mistake to think the allocation of time between work - eating - goofing off is radically different, or that the time spent goofing off is meaningfully different today than in 1986
You're not even from this planet, and I'm not going to waste time responding to that. The multitasking alone makes it hard to retain memories because they don't stay in short-term holding long enough. That is a serious concern among people whose career is to be concerned about things like that. You must live in some insulated community of technophobes. Is this your Rumspringa?
You seem confused on how the big picture works. Legalities are being figured out, and it is probable that existing, mounting public pressure will make the legislative branch take on the executive branch, and determine what actually is legal. Meanwhile, more information is coming from FISC and other decisions and policies, so the people who say what's legal can see what other people who say what's legal based their decisions on. The entirety of case law which resulted in a win for the prosecution was stuff that was legal until a court said it wasn't. And I can't see a flawless victory when 2 of 3 branches disagree with the Executive. So we still don't know. Oh, you didn't want opinion, you wanted something more substantial, like the FISA court finding the NSA to be in violation of the fourth amendment. So no, just because someone says it's legal doesn't mean it is.
And I spent THE REST OF THE PARAGRAPH explaining what is wrong with that single chair. In a nutshell: More than one person should have an unobstructed view of a 22 foot screen, and I count reflection off the chrome as obstruction.
No one yet has mentioned that the PDF lists the completion date as 1999 - well in time to have had some effect two years later but failing to do so. According the the Foreign Policy Article, "On Aug. 1, 2005, Lt. Gen. Keith Alexander reported for duty as the 16th director of the National Security Agency". If that is the right document, planning would have been under Lt Gen Kenneth A. Minihan (February 1996 - March 1999) or if they were super fast, Lt Gen Michael V. Hayden.
The chronology is wrong, or the documents are wrong, or the story is wrong. And you expect people to "Let the NSA geek feel like he's Captain Picard"? It is not going to happen, because people don't work that way. They are already outraged at something that, one way or another, isn't even a story.
Care to defend the "doors that made a 'whoosh' sound when they slid open and closed"? Because I'm sure people will start listening to reason now. Or, do you instead realize the answers to all your "Why" questions above?
Slashdot Mirror
2010 seems to be crippleware, although I suspect it is unintentional. 2008 is fine.
Audacity officially uses 2008 still, because it won't build on 2010. But it does reference bugs (just the word bugs so I'm not sure which ones).
The wikipedia article is pretty good for listing the differences. Definitely crippleware in your sense of the word, but entirely functional. Most of the features are not used in daily life.
http://en.wikipedia.org/wiki/Microsoft_Visual_Studio_Express
The Geico spokesman finally made it out of the car park, but not without some mishaps.
You lose your phone, and the hacker won't know which of the 70 billion fingers in the world unlocks the phone, so that's another layer of security.
Even if it's 20 people in a room, that's a big unknown. A phone on the subway in New York is going to be a lost cause.
It's not effective against someone who has access to both your phone and your fingerprints. But it is better than nothing for some cases, and faster than a pin.
Just checked my phone - without any special preparation it has no fingerprints on it (checked with tape too, not just visibly). Some phones might have fingerprints, but it's not guaranteed. In a purse or pocket, it's more likely to get smudged.
You're saying that Microsoft considered the number of people who would buy an XBone first, manage to hook it up by hunting around behind the tv, then purchase another console, and decide not to hunt around behind the tv, find the lag annoying but not too annoying to search online for answers, and as a result spend less time online with the competition, will bring in more money than whatever it would take to optimize the pass-through.
That they balanced the choice of fixing or not fixing, and it was these few people who swayed the decision.
It's more likely that a fundamental re-design would be needed, and that tiny number of people wasn't enough to make it worthwhile.
This explains why Apple would sign charging cables. Just search for "apple charging cables fire" for more. They cut the price and have a trade-in program to try to get rid of all of the counterfeits. Signing alone might have been suspicious, but there are pretty good reasons, like not setting your customers on fire.
You should feel badly about what you wrote. Not "death in the family" bad, but maybe "farted in the elevator with that dude or chick I was going to chat up and it smelled like burnt sick" bad, or "I thought your puppy was a rat so I kicked it to death but it survived and your vet bills are going to be ridiculous" bad.
I'm not sure you conveyed this accurately. Given 4 measurements, you can match it up to a specific anonymized data set. You have to have the data set first. Given 4 tweets with geo-tagged images, your phone company could de-anonymize your twitter account. I don't see anywhere in the research that they were able to identify an individual by name. They were able to identify that the data belonged to an individual in their data set. Did I miss something?
The Netflix data was de-anonymized because people volunteered the same ratings data to IMDB, under accounts attached to their real name. That's just simple correlation math - and the biggest point is that the users themselves put the same data out un-anonymously. De-anonymizing non-anonymous data is pretty insignificant.
The pregnancy thing was no different from being in a small town where everyone knows everyone, and you suddenly start buying different things. The clerk will know something is up, pay attention, and eventually guess your secret. We just don't think it's the same because we see different people.
I write these words to highlight this: The threat to privacy is the people that *have* your data, because they can't correlate anonymized data to your identity without having both the identity and some data to be correlated.
Companies and government won't stop it, so you have to either not give away your information, or pollute it. Switch shopping lists with your friends, or pay your buddy cash while she pays with her card. The data will remain anonymous, and you will retain your privacy.
The dongle hack was information about the SecurID token, which does not use the same PRNG. Of course this information is probably from RSA itself since it is sourced anonymously. The SecurID hack was apparently a phishing e-mail exploiting CVE-2011-0609 according to f-secure, so not specifically an RSA failure.
In other words, not the same crypto in question. Your scenario is probably more like 2 steps:
1) 2006 papers suggest Dual_EC_DRNG is predictable
2) China decrypts everything created by BSAFE Toolkits or DPM
Unlikely that defense contractors and financial institutions are protected by BSAFE or DPM.
Your comment was "Anonymous identifier. Let's just say that repeatedly until the problem sinks into all of our brains."
The moment you log in to FaceBook or Google+ with your real name, it ceases to be an anonymous identifier to FaceBook or Google. I get that. And data mining can take an online identity and find a real person. But it has to be a combination of personal information that you volunteer plus that ID to stop being anonymous.
I still argue that anonymous identifier, by itself, is not the problem. Data mining is good enough now that it will just make resolution easier - not markedly more successful. It won't magically make people able to find out my name. I will be identified by a number, not a name, making it by definition anonymous. I have friends whose name will be associated from day 1, but that is a function of their behavior, not the identifier.
I am a statistical outlier, true. Your average facebook user will be identified and associated with the number. But they are already associated with different numbers, so the identifier has no effect. This is really no different from just never deleting cookies, which is what most people do, so again - no impact.
There are databases filled with all kinds of information that can be tied together without your help or knowledge. That is the problem, not the anonymous identifier.
There are two separate points here - one, that RSA did not change the default, and two, that it was at the direction of the NSA. My objection is to the second. Maybe I am misreading, but you are taking the given, that the default was not changed, to mean that it therefore must have been at the request of some government agency. It is a simple and compelling argument to make, but it doesn't stand up given what I understand.
"RSA shills" are simply pointing out what RSA claimed. I have not seen anything solid to refute that other than finger pointing and name calling. The best takedown I have read basically says "Yes, but the other algorithms do too, so it doesn't make sense why you chose one over the other."
And I have not seen a really firm explanation of how this is truly insecure until recently. I have read a lot of the news, but few people go beyond "we knew it in 2006". I see a paper from Berry Schoenmakers and Andrey Sidorenko that attacks a claim, but does not substantially prove insecurity. Distinguishable from absolute randomness doesn't mean insecure - predictable output determines if a PRNG is insecure.
The most concrete statement on predictability in that paper I could find was :
That's not a huge advantage.
In 2007 Shumow and Ferguson said that if you knew some secret numbers, you could predict the next value after only 32 bytes (256 bits). But no way to determine those numbers, meaning that only the people who chose the numbers, if they exist, would be able to attack the PRNG. And discovering the numbers would be a cryptographically hard problem to solve by itself. At the time, it was not obvious that one should distrust the NSA/NIST who would be the only ones to have those numbers, since NSA was helping encryption get better. If they knew the numbers and weren't telling anyone, no harm done at the time, given the purpose of the product.
The big results in the 2006 paper were predictability after some number of bits, and since the RSA statements mention re-seeding, I can't conclude that the RSA implementation is subject to that prediction attack.
If you want to stop the RSA shills, we need to find out if RSA used a mitigation strategy or not. If no, the entire company should be wiped off the map. If yes, that would put a great big hole in the "RSA was forced to use it" argument. Until we know that, I'm not taking a side, and I will continue to preach caution on such sweeping conclusions.
The default can be changed, and a simple advisory to customers really should have been issued to do so, but given the lack of a definitive attack I don't see the necessity. It's obvious now, and they are doing exactly that, but it was not obvious.
And knowing how business operates, I'm not at all surprised that the cryptographers in the back were not updating the user manual to change the recommendations. This kind of institutional inertia is exactly why no one should be trusting business unquestioningly in the first place. 2006 is coincidentally when it was sold to EMC, which is a sure sign that products would be sold as-is with no one scrutinizing new advances to understand the implications to products that are making money. That's certainly no defense of RSA for the people who relied on its products, but I'm just not seeing the data to make a condemnation. In fact, that supports my understanding that it was corporate ineptitude rather than NSA interference.
When we answer the mitigation question, if it turns out "no mitigations", every purchase should be refunded. There would be no question at that point that RSA failed to update its products, and sold a known insecure product as a security solution. But we still would not have anything that indicates w
JavaScript may be involved, but controlling and tracking separate ID values for normal vs. private browsing, and control by browser settings says it's baked in to the browser somehow. Disabling JavaScript alone will not get rid of this ad ID, based on the person's description. They want a solution that will work if cookies are disabled, and falling back on JavaScript will not solve that problem.
HTML5 and persistent storage might work. And it could be done greasemonkey style in JavaScript. But the description leads me to believe some portion is baked in. Implemented poorly, disabling JS will give you a new ID every time you open the browser, and some people leave it open for weeks without closing the last tab.
But given all of the reaching out to industry and partners, it won't be a simple script that can be discovered and turned off as a side effect of disabling JS. They would have done that already, if that's all it were.
Yes, but standing behind a wall of people and trying to get the bartender's attention means I spend less time interacting. The good old fashioned hand raise, like hailing a cab, or waving money, or holding up numbers, does not work in a busy bar.
If you have ever had to fight for a beer, you would realize the advantages of keeping the human element out of this transaction, so I could get back to the people I actually want to interact with.
For a slow bar, or someone with depression or who otherwise wants a captive audience, human interaction is not going to be replaced. Alcohol sales would plummet, and the robot would be sold for scrap.
In a busy place where you can't even hear each other, a human bartender is a waste of space. An iPad every 3 feet where you can select your beverage and a human could deliver it would be an improvement. A robot that can alert a bartender that someone is ready to order, and has been waiting for two minutes, would be an improvement. Anything that allows quicker acquisition of alcohol makes customers and owners happy. You revealed more about your own perception and/or experience with bartenders than insight on how the world really works with that post.
McDonald's knows that if someone is standing in line, they want to order or otherwise ask for something. Solving that problem with a robot is a no-brainer. Pretty much the definition of a bar is a lot of people standing around who don't immediately want to order. That's a harder problem to solve, and has implications way beyond bartending. This is a win for computer vision in general, and orders of magnitude past fast food service.
There is a HUGE world of difference between banning distribution of the Constitution, and small-minded bureaucrats enforcing stupidly designed policies.
There is nothing even suggesting that the Constitution was singled out, or even a consideration of what was being distributed in that case.
I appreciate the link, and rhodium_mir for asking, but if that is the basis for Mashiki's comment, then Mashiki is an idiot. Probably not a troll, but there is no moderation for "spews incoherent nonsense on the internet."
Information gets stored according to what you know, so this isn't surprising. The extent of the over-generalization, however, is astonishing, and I am embarrassed to be in the same species.
Have you been watching too much television? The NSA is signals intelligence. They are tasked with "go find anything interesting, and let me know if you find something interesting."
The NSA is not following orders, because they don't know what they are looking for, or where. No one is telling the NSA to log this or look there, because no one knows what is important.
That's the entire reason behind the "log everything" strategy. That is the NSA solution to "go find anything". Look at everything, log everything, throw it away once you recognize it is useless (or illegal).
So just what is it exactly that makes you say the CIA is directing things? If you are asked to be the signals intelligence arm of a large government, without CIA direction, wouldn't the logical conclusion be exactly what the NSA is doing right now?
No. The entire purpose of RSA is providing security. And plenty of their products do not use this PRNG. If they allow themselves to be tainted, their entire business goes poof and lawsuits ensue.
Go read up a little more and see if you still think the same thing. I won't even provide links - if you trust CNN, google "RSA Dual_EC_DRNG site:cnn.com" - or choose your own news source. Ars Technica, Fox News, I don't care where. Just go read, and then come back.
The reason they chose this method is that elliptical curve was in vogue at the time, and hash-based cryptography was coming under attack, like MD5. Especially, this method is a lot slower. Slower to make hopefully meant slower to break.
This is all on the record, and makes a lot more sense than RSA intentionally breaking security. I have not been convinced, and you're going to have to refute the hash-based attacks, EC being popular, the speed advantage, and the timing of the decisions in order to refute RSA's defense.
And it is actively telling people not to use it. Sure blame that one on ass-covering. If they were forced, this would be a half-assed attempt, or they would continue to defend it as "not entirely broken" or "no known attacks".
You're jaded, we get that. But you can't leap to conclusions that otherwise don't make sense just because you are jaded. You have to have something to fall back on.
If it sucked, or weren't effective, or gathered no sales, or just in general didn't work, it would not be a billions of dollars industry. You are probably not one of the common sheeple who follow predictable patterns. You don't fit the model, so they fall back on the potato peeler you bought.
I have several plugins to discourage tracking, and I get the most ridiculous nonsense, for the lowest common denominator. "Want sex? Find women in [city that's kinda close] now."
For the kind of people who click on stuff, get viruses, and then STILL CLICK ON STUFF, advertising is effective. And the more effective it is, the more information they have and the more effective it is. It works best on the type of people it is designed to work best on. Rather redundant, but if you thought advertising was effective you probably would find that description insightful.
They don't know who you are. They can put together a pretty good picture, but they don't have a name, address, phone number, or photo of you.
Not sure what your point is here. You are going to be tracked, and what you like and/or do will be revealed. Just like today.
They will be able to say that user 6865 dislikes Republicans, owns several Playstation products, lives in America, and has been posting on slashdot for 15 years. Demonstrates slight paranoid tendencies and distrust of authority. Between 35 and 37 years old, and has communicated frequently with Japanese sararimen.
I still don't know your name, but I know your number. I know a lot of other things, just from your postings on one website. I also know that you really want to yell at me right now about one of those details above.
Until you give me your name, I will never know you if I meet you in person, and you therefore remain anonymous. Unless you are the exception to John Gabriel's Greater Internet Fuckwad Theory. You have to admit, you do come off as abrasive sometimes...
It's pretty clear to me this is going to be implemented client-side in the browser, just based on the limited information available. Just like Windows Media Player's "send unique player id to content providers" option.
Firefox (funded largely by by Google) and Chrome are slightly under 40% market share, and Chrome is increasing.
All you need is Microsoft on board, or the advertising industry. They won't get the ad industry, so they need Microsoft. Or a plugin for IE that pops up an installer bubble when you use google search, gmail, or youtube. And I'm pretty sure Microsoft is on board, given their media player thing.
I expect an additional header in the HTTP request. I also expect an uptick in the number of people using a customized FireFox or Chromium that does not send this, or better yet sends a random number (leave the PRNG jokes and asides out of this, that's not the topic).
You asked for a guess.
You don't agree, so you redefine the words. That's not how this works.
As a retiree, it certainly would be in my best interests to sell out my remaining patent years and let someone else do the licensing and, if violated, enforcements. That sounds like a reasonable use of my time, so I can relax or invent something else.
They get a share of royalties (and if it comes to one a part of the lawsuit settlement) in exchange for doing work I would rather not do. Taken to an extreme, I could cash out and let them do all the enforcing. If I'm still producing, and they are enforcing, that seems fair?
Then I die, and no one is producing. The NPE does not have a production line, and/or does not feel like getting into manufacturing. But has a year left on the patent that it bought.
On one side, it is a patent troll. On the other side, it purchased for a flat fee the remainder of the patent protection. Should it give up its rights, which it legally owns, because I died?
This is one of those situations where your answer will depend on how you already feel, and if you feel strongly you won't understand the other side's answer at all.
What if I have a yearly license fee, and died, so the NPE doesn't have to pay this year's fee, but does get the protection. Is that just stupid negotiation on my part? Is the NPE more of a patent troll than if it outright paid in advance?
What if my son picks up where I left off, after spending 6 months arranging his life so he could get the last 6 months out of my patent. Was the NPE a patent troll for 6 months until my son started producing?
Achilles and the tortoise relies on space being discrete. It is essentially a calculus problem in the form of "the limit of distance as time approaches zero". If speed is rate over time, at some point the rate becomes incalculable due to division by zero. Solving introductory calculus problems removes this division by zero and you get an answer - two straight lines which cross. The failure here is implying that time is continuous, when it reaches infinitely small values and eventually zero.
Dichotomy paradox is basically the same thing, the limit as time approaches zero. Time gets cut in half when distance does, turning a straight line into a logarithm with one non-constant axis.
Arrow paradox is based on a misunderstanding of intertia, or moment. Stopping time for the durationless instance does not remove momentum - in fact it is impossible and only a thought experiment.
I didn't dig further - Wikipedia fouled up the others by quoting Aristotle's dissection rather than Zeno. I find one source for your quote - Jethro from sciforums - who lists these as 4 statements that, taken together, cannot be simultaneously true. (or two pairs, it's not clear)
If each is flawed, then there is no paradox. Zeno was brilliant for his time, and thought provoking, but it is pure philosophy and holds no water outside of that branch.
My nine dimensional computer is in the shop - sorry, it's all on me. My bad.
Holy shitcock monkey balls fuck! When I looked at it in 6 dimensions instead of 9, it made sense to me! It's almost like... like people can know things somehow that I don't! Like there is a whole other source of information for these people!
TIME CUBE IS REAL
TOYNBEE IDEA ON JUPITER
WHEN 6 WAS 9
It has been here the whole time!!!
Allow me to explain. We believe things because they are in books, and because we have been told that is the truth. When we go outside of those beliefs, we get taken to task and reminded of what the true Word is.
That explains both science and religion. After all, you can't reproduce every experiment ever, so you have to take some things on faith. And breaking new ground requires justification before going away from canon. With science, you can do an experiment multiple times, with different results, and find nothing. We expect to revise your hypothesis, or methods, and try again.
With religion, you do the same goddamned thing over again and pray it turns out differently. Of course, the "conclusions" section of a paper never says "it would have worked except that one member of our team just didn't believe hard enough." So, apart from expectations, religion and science are hardly different taken fundamentally.
s.petry does make the point that a model that simplifies things greatly doesn't mean the universe reflects that model. After all, we have a model of a geocentric solar system. It is quite the, as a programmer would say, "hack", but it works. And it's clear that most of us agree on that point at least.
But it does give us a new way to explore the same old story - like getting the King James Earl Jones Bible On Tape. The story of the universe that has been with us for 6500 years (+/- 13.7 billion)
With $40K and a geo-tag, I could screen-scrape enough facebook and twitter to identify 90 percent of the students who are at any given school (who use social media) given:
1) Any seed account , even the principal or superintendant, or someone else at that school
2) A list of student names - and it gets easier with ages
3) Students often post unfiltered information publically, including the names of their sports teams
4) Students are often not even aware that there is an option to mark things private, or that postings are visible to anyone but their friends
5) Friend or follow lists will be highly correlated with school population, meaning I can spider from every new account
6) A specially crafted mascot account for each school can be used, to friend or follow students susceptible to joining things they don't understand
7) A list of trigger words that flag comments for review by a person
8) A social sciences college student who needs money enough to read the postings of 13 to 18 year olds that have been flagged to see if it should go on a report
9) Another college student interested in sociology or psychology willing to vet and approve the automated matches, and look for more that software missed
Oh man, it goes on. It's quite simple, really, and I for one wish I had thought of offering such a service. The kids don't have to volunteer one bit of information directly to the monitoring company - they will volunteer it all indirectly, unknowingly, and will be very surprised when the school calls mom and dad.
I'd still have most of that $40K, and with a story like this I just upped my client list by an order of magnitude, parental outrage be damned.
I think everyone kinda knows and expects this because:
First place isn't even an option. I was wondering why we care who the third place entry was, when it turns out that's the only winner.
You're not even a person. You apparently have no concept that people might have opinions different from yours, and that if they do they are obviously based on non-sensical reasoning. Because to you, the reasoning actually does not make sense.
The kids were overly preoccupied with tech, and the parents decided to take an 8 month break to reset their parenting skills. That makes sense to me. There were probably discussions about what they did as children, and lots more things that weren't in the article at all that went into this decision.
I'm pretty sure the husband didn't just go all President Madagascar on his wife and say "Fuck this, shut down everything, and call the newspapers so that gl4ss can point out how retarded we are because otherwise we would have no idea about how making sudden, sweeping decisions might affect us," and then the wife said "You're right, besides my facebook account is starting to smell like curry." Actually, I'm not just pretty sure, I'm damned certain that didn't happen.
That's probably a good thing. Hopefully the parents do, and agree that they made the right decision.
While I agree that playing video games is still playing video games no matter the technology, you completely missed this:
That is substantially different. It is not time interacting with friends. Do you think a 2 year old is engaged on social media sites liking their neighboring 2 year old's diaper-related instagrams? Or that a 5 year old is meaningfully using Skype to tell pee pee jokes? This is not behavior that will get these kids properly socialized. On the argument that they need exposure to technology to fit in, that may be true but this is way over the line of normal development behavior of a social animal.
You're not even from this planet, and I'm not going to waste time responding to that. The multitasking alone makes it hard to retain memories because they don't stay in short-term holding long enough. That is a serious concern among people whose career is to be concerned about things like that. You must live in some insulated community of technophobes. Is this your Rumspringa?
I was not looking for a word.
You seem confused on how the big picture works. Legalities are being figured out, and it is probable that existing, mounting public pressure will make the legislative branch take on the executive branch, and determine what actually is legal. Meanwhile, more information is coming from FISC and other decisions and policies, so the people who say what's legal can see what other people who say what's legal based their decisions on. The entirety of case law which resulted in a win for the prosecution was stuff that was legal until a court said it wasn't. And I can't see a flawless victory when 2 of 3 branches disagree with the Executive. So we still don't know. Oh, you didn't want opinion, you wanted something more substantial, like the FISA court finding the NSA to be in violation of the fourth amendment. So no, just because someone says it's legal doesn't mean it is.
And I spent THE REST OF THE PARAGRAPH explaining what is wrong with that single chair. In a nutshell: More than one person should have an unobstructed view of a 22 foot screen, and I count reflection off the chrome as obstruction.
No one yet has mentioned that the PDF lists the completion date as 1999 - well in time to have had some effect two years later but failing to do so. According the the Foreign Policy Article, "On Aug. 1, 2005, Lt. Gen. Keith Alexander reported for duty as the 16th director of the National Security Agency". If that is the right document, planning would have been under Lt Gen Kenneth A. Minihan (February 1996 - March 1999) or if they were super fast, Lt Gen Michael V. Hayden.
The chronology is wrong, or the documents are wrong, or the story is wrong. And you expect people to "Let the NSA geek feel like he's Captain Picard"? It is not going to happen, because people don't work that way. They are already outraged at something that, one way or another, isn't even a story.
Care to defend the "doors that made a 'whoosh' sound when they slid open and closed"? Because I'm sure people will start listening to reason now. Or, do you instead realize the answers to all your "Why" questions above?