What's that? The companies who make consumer electronics do a terrible job of security and routinely deliver products with little or no security?
Well, golly gee, I'm totally shocked.
No, wait, the other one... where I think it should be self evident that probably 95% or more of all devices which want to connect to the internet should be presumed to be utterly insecure and not used.
It's pretty clear that without some penalties and liability, the companies who are trying to bring us the connected world are either incompetent at, or indifferent to, any form of security.
If it isn't a computer, I pretty much don't trust it with any form of network connection.
Assertions of violation should come with a cost when they are wrong.
Ahhh, but the DMCA has been carefully crafted to prevent that.
See, as much as they are supposed to be making a sworn statement subject to perjury, all they have to do is "ooops, we though this but we were wrong".
The DMCA was bought and paid for by the copyright cartel to ensure they can bully and bluster all they want, everyone else has to jump and say "yes sir", and they bear absolutely NO penalty or cost with being wrong, and the ISPs have to do this shit at their own expense.
What the copyright cartel did when they bought the DMCA was to ensure it was such a lop-sided law that they can misuse it all they want and nothing will ever happen to them.
The entire DMCA is defective by design. Because that's what the people who paid for it wanted it to be.
You laugh... but years ago at a different job, the marketing people decided to rename/re-brand a product.
We literally had to stop everything, and build an entire release which had the name changed; which ended up having to finalize other things or roll them back to add later.
Never underestimate how much marketing can screw up a dev schedule.
I'm not sure how uber gets around the disabled access regulations
The exact same way they get around regulations everywhere they operate: by pretending the regulations don't apply to them.
My city has mandatory cameras in cabs -- because cab drivers have committed sexual assaults, and because cab drivers get robbed. The fought it tooth and nail until one of their own was violently robbed and the camera would have helped with the conviction.
Uber, like with insurance and proper licensing, doesn't adhere to this. Uber's entire business model is being an bootleg cab dispatch company which ignores the rules and regulations. That's kind of that they do.
Everyone whinges about Uber undermining the taxi monopoly... the reality is, Uber is pretty much ignoring laws around proper licensing, insurance, background checks, and anything else.
So you really have no idea of what the hell you'll get.
Ever had a cab driver who had no idea of where they were going but relied on a GPS?
They end up taking the stupidest possible routes because they have no idea of where they're going. I once had a cab driver who ended up taking what seemed like the most ass-backwards route because he knew less about the city than I did.
Sometimes, GPS routes are utterly ridiculous.
I don't want to pay some clown a bunch of extra money because he got stuck in traffic or took a longer route because he had no idea where he was going.
Some bumbling idiot with no idea of where he's going and hopes the GPS will get him there... sorry, I'm not paying for that experience. I've seen how that can turn out.
Let me preface this by saying: I've never been to London.
But, as I understand it, the London cabbies have to take a test they call "The Knowledge" which ensures they know a lot of the details of the layout and how to find your way around in a complicated city like London.
Apparently this test requires so much actual knowledge and spatial awareness, the cab drivers end up with measurably larger hippocampus afterwards.
So, my completely unfounded (except for what I've seen on TV) 'understanding' is the amount of studying and training required to be a London cabbie is really extensive, resulting in people who can navigate around an apparently very confusing city.
Because the copyright cartel have bought laws from lawmakers which effectively give them the ability to decide who can use technology and how.
The DHS is now responsible for copyright enforcement, and the US foreign policy on copyright is now being directed by corporate interests.
All of these things have combined to mean that the accusations of corporations are being interpreted (by them, and by the idiot judge in this case) as meaning that they get to decide if a person should be removed from the internet due to being suspected of piracy.
Have you not been paying attention at all? Between the DMCA, the horrible extension of copyright, and the increasing extent to which protecting the profits of multinational corporations has driven US foreign policy... it's not the media corporations who make such decisions.
Oh, and did we mention they do this with a reduced standard of evidence, no requirement of proof, and little or no recourse for lying? (They can just call it incompetence and suddenly there is no penalty.)
What the copyright people want is a full veto over how all technology is used, and the ability to deny people the ability to use the internet because they say so.
The person paying for the internet service? He has no rights. He has the right to use the internet as long as the media companies haven't accused him of piracy... in which case, the media companies feel that accusation is sufficient to block further access.
You now live in a world in which probably 25% of all global treaty talks are specifically geared to entrenching into law that copyright owners have increasing powers.
The US has sold out to corporate interests, and then have subsequently championed them globally and foisted them on everyone else, and then used that to strengthen domestic controls.
If one guy and a sample size of 40 cards can do this with 100% accuracy... then I assume a better funded and more malicious entity could do it on a FAR larger scale.
I think the fact that it IS so trivial is kind of the point.
You would hope it wouldn't be even possible to predict the next card and that the numbers come from a big pool and should be unrelated. But apparently that's not true.
He noticed that the replacement card's number appeared to have a relationship with other Amex cards he'd had in the past. Kamkar worked out a formula for how the number was calculated, which matched up to 40 cards and replacement cards shared with him by his friends for his research.
I don't entirely disagree... but a lot of people prefer not to see something submitted which boils down to "hey, look what I have over here", especially if that submitter might actually benefit from the self promotion. And most especially if they don't give us the courtesy of adding the disclaimer which says "I'm on the payroll and this is mine".
So, like when Nerval's Lobster gets something accepted which inevitably links back to dice.com, we pretty much know he's a paid shill who gets preferentially published. But we only know it because we've seen it, not because anybody has made any great effort to point it out.
We just want to KNOW when it's self promotion, instead of having that fact be very opaque. And bumping up your hits on Forbes by submitting a link to your article on Slashdot... well, it's still self promotion. Especially if those extra hits on Forbes impact your compensation or retention by Forbes.
It might be relatively benign, but fess up to it in the summary instead of just pretending you stumbled on something awesome. Otherwise people assume it's not so benign.
So do you want to make it that much easier to give away your position in a first-person shooter to your screen-peeking competitors?
Yeah... about that... that's not an actual use-case for me, because I don't play them, or any other form of online game.
I strongly suspect it's also not an issue for most people either.
The needs of geeks and gamers have nothing to do with how the rest of the world uses technology, and are pretty useless in determining what people actually want and need.
And there's the rub... if you ever describe the sound of your speakers as "moist, peaty, and with chocolate overtones"... well, I have no idea what you consider to be a "good" speaker. I sure as hell can't hear what you claim to be able to.
I currently own four of these, and highly recommend them.
They still use old-fashioned head-phone jacks, can be daisy chained, have hours of battery life and can be charged from USB... utterly compatible with everything from an original Walkman to an iPhone, because everything still uses that headphone jack. There's no app or custom software, just a little 3.5mm jack. There's also no firmware updates.
Those little suckers have traveled with me for the last 4 years... they've been in hotels, in tropical resorts, in my backyard, poolside... all four of them weigh in at less than a pound and take up very little space. Two of them have traveled with me everywhere I have flown since I got them, the other two are much newer but give me a little more flexibility.
Being small little speakers, they have the benefit that in a relatively short distance you can't hear them at all. Which means the wife and I can have music that people 30 feet away can't even hear -- which is a bonus when you're in the back yard or lounging by a pool and don't want to disturb other people.
I have literally hundreds if not thousands of hours on the damned things. I consider them awesome speakers, mostly because of their utility and portability.
I'm with you, for overall utility and convenience, I define "good" as "good enough". But they completely eschew any form of network or wireless technology, because they don't need it.
It raises an intriguing question: where is the television headed? What uses and functions does one giant screen serve that can't be cleverly redistributed to smaller screens?
What the hell do you think people do with TVs?
That's right, we watch them... TV, movies, maybe video games.
I don't want my big TV replaced with anything which is "cleverly redistributed to smaller screens".
I have never used my TV as anything but a dumb screen for content from other sources. Most other people probably won't either.
People keep telling me what my TV will be in the future, and like so many people telling us what "the future" will hold for us, they're not actually listening to what anybody wants.
So, the next time I'm sitting and watching a movie in my living room in my comfy sofa... I sure as hell won't be asking the not-so-very-intriguing question of What uses and functions does one giant screen serve that can't be cleverly redistributed to smaller screens?.
A TV is a display device, for one or more other devices, all of which are infinitely more suited to retrieving and rendering content than my TV.
Oddly enough, the monitors on my computer are also just dumb displays.
They must think that the risk is worth it to check NK defences, but it doesn't help diplomatic efforts.
Honestly, sometimes I think it's fairly common that countries periodically have to do things which say "we know you're there, we're not afraid of you, and we can fuck you up".
So, think of China building artificial islands in the South China Sea and then claiming that is territorial waters. Sailing past and waving the flag is part and parcel of reminding them that, no, this is international waters and has been for some time. Would you have them cede the waters to China and just let them annex it?
Sometimes, you need to remind the other guy that you're still there, and reality isn't defined in terms of what they claim. And you usually do that by telling me "oh, by the way, we'll be doing this right here for the next little while".
For some countries, diplomacy requires a little show of force to demonstrate you're not as intimidated as they think you should be of their supreme leader's tiny penis and huge ego.
First off, if your $1000 smart TV is suddenly rendered useless, that's not exactly a minor inconvenience... if I stole your TV it would have about the same effect as rendering it inoperable.
Second, why the hell would you assume malware would give a crap about what it's infecting? Do you really think think the writers of ransomware are sitting around thinking "Oh, we better put in checks to make sure we don't fuck up some poor guy's TV"?
I think the real lesson here is these 'smart' devices have such inherently bad security that they can be rendered useless fairly easily, and that fixing them can be damned near impossible.
It's a trade off you'll have to decide for yourself.
For me, if there was a $400 JBL speaker which had wireless and internet and could be controlled by an app, and a $400 JBL speaker which simply took inputs over wires from an amplifier... I'm going to assume the one which needs the wire and the amplifier is, all things considered, a significantly better speaker.
Because it doesn't have all that extra stuff in it.
When the poster says it's a $400 speaker... it's not really. It's a much cheaper speaker with electronics and other features slapped around it which cause problems down the road, and jack up the price of a cheap speaker that people think is a $400 speaker.
If I had to guess, I'd say the latter... with the caveat that, like all consumer products, product management, marketing, and the accountants make all the decisions.
So you start off with a vanilla Android.
And then you put in all your proprietary stuff, figure out how to skin and brand it, add in the stuff so you can monetize the user experience, a little telemetry to call home.. next thing you know, you've got yet another horribly insecure piece of consumer electronics which has had a bunch of security holes installed.
Time and time again, we basically see that these kinds of products end up with these problems because of lazy/bad choices made by product managers and the marketing department.
Nobody is designing a TV and thinking they need to design a sure, robust architecture. They're trying to figure out how to keep making money off you after you buy it.
This same stuff happens on pretty much EVERY device which wants to connect to the intertubes these days. Because companies are more concerned about putting in a damned "like" button than they are anything to do with security.
I've reached the point where I assume any consumer electronics which wants to connect to the internet is inherently insecure and not worth owning.
I find it hard to believe anyone would give up on a $400 speaker that quickly, unless they are rich and $400 is nothing to them.
I find it hard to believe a damned speaker needs firmware upgrades.
Oh, but wait, it's controllable by an app, has Bluetooth and wifi, and connects to the internet, right?
Yeah... me, I don't want speakers which do that stuff. Precisely because time and time again companies demonstrate they're terrible at it, and you end up with a product with a MUCH shorter lifecycle -- because it's focused on 10 things besides being a good speaker.
My guess, if it needs firmware updates, it's really a $100 speaker with a bunch of extra crap slapped onto it.
Slashdot Mirror
What's that? The companies who make consumer electronics do a terrible job of security and routinely deliver products with little or no security?
Well, golly gee, I'm totally shocked.
No, wait, the other one ... where I think it should be self evident that probably 95% or more of all devices which want to connect to the internet should be presumed to be utterly insecure and not used.
It's pretty clear that without some penalties and liability, the companies who are trying to bring us the connected world are either incompetent at, or indifferent to, any form of security.
If it isn't a computer, I pretty much don't trust it with any form of network connection.
Ahhh, but the DMCA has been carefully crafted to prevent that.
See, as much as they are supposed to be making a sworn statement subject to perjury, all they have to do is "ooops, we though this but we were wrong".
The DMCA was bought and paid for by the copyright cartel to ensure they can bully and bluster all they want, everyone else has to jump and say "yes sir", and they bear absolutely NO penalty or cost with being wrong, and the ISPs have to do this shit at their own expense.
What the copyright cartel did when they bought the DMCA was to ensure it was such a lop-sided law that they can misuse it all they want and nothing will ever happen to them.
The entire DMCA is defective by design. Because that's what the people who paid for it wanted it to be.
You laugh ... but years ago at a different job, the marketing people decided to rename/re-brand a product.
We literally had to stop everything, and build an entire release which had the name changed; which ended up having to finalize other things or roll them back to add later.
Never underestimate how much marketing can screw up a dev schedule.
The exact same way they get around regulations everywhere they operate: by pretending the regulations don't apply to them.
My city has mandatory cameras in cabs -- because cab drivers have committed sexual assaults, and because cab drivers get robbed. The fought it tooth and nail until one of their own was violently robbed and the camera would have helped with the conviction.
Uber, like with insurance and proper licensing, doesn't adhere to this. Uber's entire business model is being an bootleg cab dispatch company which ignores the rules and regulations. That's kind of that they do.
When you ride with Uber, you're just getting into a stranger's car. And that doesn't always work so well.
Everyone whinges about Uber undermining the taxi monopoly ... the reality is, Uber is pretty much ignoring laws around proper licensing, insurance, background checks, and anything else.
So you really have no idea of what the hell you'll get.
Ever had a cab driver who had no idea of where they were going but relied on a GPS?
They end up taking the stupidest possible routes because they have no idea of where they're going. I once had a cab driver who ended up taking what seemed like the most ass-backwards route because he knew less about the city than I did.
Sometimes, GPS routes are utterly ridiculous.
I don't want to pay some clown a bunch of extra money because he got stuck in traffic or took a longer route because he had no idea where he was going.
Some bumbling idiot with no idea of where he's going and hopes the GPS will get him there ... sorry, I'm not paying for that experience. I've seen how that can turn out.
Let me preface this by saying: I've never been to London.
But, as I understand it, the London cabbies have to take a test they call "The Knowledge" which ensures they know a lot of the details of the layout and how to find your way around in a complicated city like London.
Apparently this test requires so much actual knowledge and spatial awareness, the cab drivers end up with measurably larger hippocampus afterwards.
So, my completely unfounded (except for what I've seen on TV) 'understanding' is the amount of studying and training required to be a London cabbie is really extensive, resulting in people who can navigate around an apparently very confusing city.
My god man .. they changed the strings from "Catalyst" to "Radeon".
What more do you want?
So, I remember when a fairly sizable tower was considered a "mini computer" ... hell, I think it was a friggin' VAX.
And the desktop PC was considered a "micro-computer".
Now we have this mini-micro computer called a mini-computer.
This is all very complicated. :-P
Because the copyright cartel have bought laws from lawmakers which effectively give them the ability to decide who can use technology and how.
The DHS is now responsible for copyright enforcement, and the US foreign policy on copyright is now being directed by corporate interests.
All of these things have combined to mean that the accusations of corporations are being interpreted (by them, and by the idiot judge in this case) as meaning that they get to decide if a person should be removed from the internet due to being suspected of piracy.
Have you not been paying attention at all? Between the DMCA, the horrible extension of copyright, and the increasing extent to which protecting the profits of multinational corporations has driven US foreign policy ... it's not the media corporations who make such decisions.
Oh, and did we mention they do this with a reduced standard of evidence, no requirement of proof, and little or no recourse for lying? (They can just call it incompetence and suddenly there is no penalty.)
What the copyright people want is a full veto over how all technology is used, and the ability to deny people the ability to use the internet because they say so.
The person paying for the internet service? He has no rights. He has the right to use the internet as long as the media companies haven't accused him of piracy ... in which case, the media companies feel that accusation is sufficient to block further access.
You now live in a world in which probably 25% of all global treaty talks are specifically geared to entrenching into law that copyright owners have increasing powers.
The US has sold out to corporate interests, and then have subsequently championed them globally and foisted them on everyone else, and then used that to strengthen domestic controls.
Honestly, have you slept through all this?
Doubly so because it was "new" 20 years ago, and people are already starting to look to replace it.
If one guy and a sample size of 40 cards can do this with 100% accuracy ... then I assume a better funded and more malicious entity could do it on a FAR larger scale.
I think the fact that it IS so trivial is kind of the point.
You would hope it wouldn't be even possible to predict the next card and that the numbers come from a big pool and should be unrelated. But apparently that's not true.
That sounds pretty damned broken to me.
Are these guys not even trying?
You know, I think we need to settle this once and for all ...
Holes are for cows ... You are all cows. Cows say moo. MOOOO! MOOOO! Moo cows MOOOO! Moo say the cows. YOU, er, hole-flowing current-producing COWS!!
And, no, I have no idea what you're talking about, I just think the cow thing is one of the funniest internet memes in years. ;-)
In my experience, there's a corollary which applies to the reverse of all such statements. Especially on the interwebs.
Just sayin'. ;-)
And, they won't burn due to all of the asbestos. It really is a win-win situation. ;-)
I don't entirely disagree ... but a lot of people prefer not to see something submitted which boils down to "hey, look what I have over here", especially if that submitter might actually benefit from the self promotion. And most especially if they don't give us the courtesy of adding the disclaimer which says "I'm on the payroll and this is mine".
So, like when Nerval's Lobster gets something accepted which inevitably links back to dice.com, we pretty much know he's a paid shill who gets preferentially published. But we only know it because we've seen it, not because anybody has made any great effort to point it out.
We just want to KNOW when it's self promotion, instead of having that fact be very opaque. And bumping up your hits on Forbes by submitting a link to your article on Slashdot ... well, it's still self promotion. Especially if those extra hits on Forbes impact your compensation or retention by Forbes.
It might be relatively benign, but fess up to it in the summary instead of just pretending you stumbled on something awesome. Otherwise people assume it's not so benign.
Yeah ... about that ... that's not an actual use-case for me, because I don't play them, or any other form of online game.
I strongly suspect it's also not an issue for most people either.
The needs of geeks and gamers have nothing to do with how the rest of the world uses technology, and are pretty useless in determining what people actually want and need.
And there's the rub ... if you ever describe the sound of your speakers as "moist, peaty, and with chocolate overtones" ... well, I have no idea what you consider to be a "good" speaker. I sure as hell can't hear what you claim to be able to.
I currently own four of these, and highly recommend them.
They still use old-fashioned head-phone jacks, can be daisy chained, have hours of battery life and can be charged from USB ... utterly compatible with everything from an original Walkman to an iPhone, because everything still uses that headphone jack. There's no app or custom software, just a little 3.5mm jack. There's also no firmware updates.
Those little suckers have traveled with me for the last 4 years ... they've been in hotels, in tropical resorts, in my backyard, poolside ... all four of them weigh in at less than a pound and take up very little space. Two of them have traveled with me everywhere I have flown since I got them, the other two are much newer but give me a little more flexibility.
Being small little speakers, they have the benefit that in a relatively short distance you can't hear them at all. Which means the wife and I can have music that people 30 feet away can't even hear -- which is a bonus when you're in the back yard or lounging by a pool and don't want to disturb other people.
I have literally hundreds if not thousands of hours on the damned things. I consider them awesome speakers, mostly because of their utility and portability.
I'm with you, for overall utility and convenience, I define "good" as "good enough". But they completely eschew any form of network or wireless technology, because they don't need it.
I'm pretty sure my TV hasn't had any role in volume, channel selection, or anything but which input it is displaying in well over a decade.
Unless you need a touch screen, pretty much any display device is just a passive monitor.
Between DVD players and cable boxes, TVs have been excluded from that functionality for a VERY long time.
What the hell do you think people do with TVs?
That's right, we watch them ... TV, movies, maybe video games.
I don't want my big TV replaced with anything which is "cleverly redistributed to smaller screens".
I have never used my TV as anything but a dumb screen for content from other sources. Most other people probably won't either.
People keep telling me what my TV will be in the future, and like so many people telling us what "the future" will hold for us, they're not actually listening to what anybody wants.
So, the next time I'm sitting and watching a movie in my living room in my comfy sofa ... I sure as hell won't be asking the not-so-very-intriguing question of What uses and functions does one giant screen serve that can't be cleverly redistributed to smaller screens?.
A TV is a display device, for one or more other devices, all of which are infinitely more suited to retrieving and rendering content than my TV.
Oddly enough, the monitors on my computer are also just dumb displays.
Honestly, sometimes I think it's fairly common that countries periodically have to do things which say "we know you're there, we're not afraid of you, and we can fuck you up".
So, think of China building artificial islands in the South China Sea and then claiming that is territorial waters. Sailing past and waving the flag is part and parcel of reminding them that, no, this is international waters and has been for some time. Would you have them cede the waters to China and just let them annex it?
Sometimes, you need to remind the other guy that you're still there, and reality isn't defined in terms of what they claim. And you usually do that by telling me "oh, by the way, we'll be doing this right here for the next little while".
For some countries, diplomacy requires a little show of force to demonstrate you're not as intimidated as they think you should be of their supreme leader's tiny penis and huge ego.
First off, if your $1000 smart TV is suddenly rendered useless, that's not exactly a minor inconvenience ... if I stole your TV it would have about the same effect as rendering it inoperable.
Second, why the hell would you assume malware would give a crap about what it's infecting? Do you really think think the writers of ransomware are sitting around thinking "Oh, we better put in checks to make sure we don't fuck up some poor guy's TV"?
I think the real lesson here is these 'smart' devices have such inherently bad security that they can be rendered useless fairly easily, and that fixing them can be damned near impossible.
It's a trade off you'll have to decide for yourself.
For me, if there was a $400 JBL speaker which had wireless and internet and could be controlled by an app, and a $400 JBL speaker which simply took inputs over wires from an amplifier ... I'm going to assume the one which needs the wire and the amplifier is, all things considered, a significantly better speaker.
Because it doesn't have all that extra stuff in it.
When the poster says it's a $400 speaker ... it's not really. It's a much cheaper speaker with electronics and other features slapped around it which cause problems down the road, and jack up the price of a cheap speaker that people think is a $400 speaker.
If I had to guess, I'd say the latter ... with the caveat that, like all consumer products, product management, marketing, and the accountants make all the decisions.
So you start off with a vanilla Android.
And then you put in all your proprietary stuff, figure out how to skin and brand it, add in the stuff so you can monetize the user experience, a little telemetry to call home .. next thing you know, you've got yet another horribly insecure piece of consumer electronics which has had a bunch of security holes installed.
Time and time again, we basically see that these kinds of products end up with these problems because of lazy/bad choices made by product managers and the marketing department.
Nobody is designing a TV and thinking they need to design a sure, robust architecture. They're trying to figure out how to keep making money off you after you buy it.
This same stuff happens on pretty much EVERY device which wants to connect to the intertubes these days. Because companies are more concerned about putting in a damned "like" button than they are anything to do with security.
I've reached the point where I assume any consumer electronics which wants to connect to the internet is inherently insecure and not worth owning.
I find it hard to believe a damned speaker needs firmware upgrades.
Oh, but wait, it's controllable by an app, has Bluetooth and wifi, and connects to the internet, right?
Yeah ... me, I don't want speakers which do that stuff. Precisely because time and time again companies demonstrate they're terrible at it, and you end up with a product with a MUCH shorter lifecycle -- because it's focused on 10 things besides being a good speaker.
My guess, if it needs firmware updates, it's really a $100 speaker with a bunch of extra crap slapped onto it.
These days, digital pretty much means disposable.