They can't prove that they smelled the meth lab either. A relevant case is in from the SCOTUS today. So we may know more tomorrow. For a conviction, the burden of proof is on the police/prosecution. But when it comes to probably cause, the burden of proof tends to be on the accused. A consent search is different that a warrant search as well and in this case the owner of the phone has consented.
I'm not a lawyer and I'm guessing you aren't either. But this simply isn't true. Different things have different standards of evidence. What is required to *start* an investigation is much lower than what is required to *prove* an allegation. If the police drive by and smell noxious fumes, that's not constitutional evidence. But it is enough to get a warrant to search your house and take down your meth lab. The initial evidence only has to make probably cause. In this case, the FBI has a warrant to search the phone. If the warrant is executed in a sloppy way, it won't meet standards of evidence. But it may be enough for probable cause to start an investigation of somebody else. Especially in this case since nobody is questioning the validity of the warrant. If the phone has a message "Hey, Joe, thanks for buying the ammo for me," the message itself may be inadmissible for purposes of proving an element of the crime (since the original search didn't use an instrument). But it more than establishes probably cause. IANAL. For crimes like this, there is usually plenty of physical evidence if you know where to look for it so there are fine points between beyond a reasonable doubt and probably cause that can be very nuanced. Again IANAL but I wouldn't want to base my defense on this type of reasoning if I were the accused.
Most bank accounts have a daily withdrawal limit. I'd like to think you can report your phone stolen in less than 24 hours. The same way you would an ATM card. What seems reasonable is reentry of the PIN at the ATM. Wave your phone, enter your PIN, withdrawal money. What's the difference between that and an ATM card? Right now I'm carrying at least 10 ATM cards and a half dozen credit cards.
The alternative, of course, would be that you get assaulted, they take your stuff, then beat you dead because you won't give them the money stored on your phone. They won't believe that you don't have the app.
I always wanted to get one of those briefcases that you handcuff to your wrist because I thought they are cool. I thought better of it because somebody may commit a brazen act of violence to take it from me and then a deadly one when they realize I don't have anything of value.
If somebody threatens me with violence unless I pay them money, I want the means of paying them to be as easy as possible. Times are changing but when I was younger, I was taught always to have some amount of money $20-$40 available. If somebody robs you, throw the money in their direction and run. They'll pick it up and you'll get away.
She is spending more than her total income on shelter. If you live in a place like SF, you have to accept that you rent a 2 bedroom / 1.5 bath and have four people living in it. That's why I don't live in SF. If you are a married couple with two kids this may not seem onerous. If you're single, you may not want to have three roommates for economic reasons. But that part is a choice.
At the risk of being modded into oblivion, if you increase the supply of something and demand remains relatively constant, the price falls through the floor. The reality is that we've doubled the labor supply by having women enter the workforce. I agree that people who work should be able to make a living wage. But wouldn't be sold based on these arguments. Whether I'm sold or not, of course, doesn't matter. But I'm at least somewhat representative and the only heuristic that I have readily available. We've doubled the number of people in the workforce without increasing consumption. Our educational outcomes in the US are horrible partly because our culture doesn't value it.
But this assumes that the data is wanted for prosecution and it has to be admissible. Seems reasonable that they might just download the contact list and start investigating those people. The data from the phone will never actually be used in court. So in that case, they don't need an instrument, just the facts, so to speak.
Ed
And my posting history bears this out. But I don't think its appropriate to frame this as reflecting on Uber. Plenty of people with mental health problems (even pretty serious ones) manage to hold jobs. It's one thing if we think the working conditions are a *cause* (working at the postal office is very stressful, apparently), but if a perpetrator just happens to choose a line of work, I don't think this gives the haters any justification to hate.
The encryption key gets securely erased when you wipe the device. If you do that, you'll never recover the data. This stuff is well thought out. There may be a side-channel attack on iPhones with TouchID but direct attacks are impossible unless there's a backdoor that we don't know about. You won't go after this via brute force.
https://www.apple.com/business...
I have no idea why you are modded zero. This seems like an insightful comment, but I've already posted so I can't help here. I'm not sure why they don't help either. If I were them, I'd gladly help while pointing out that if you are really worried about security you need to upgrade your iPhone to the 5s where s means security!
The four digit PIN isn't used to encrypt the device. If it were, the thing would have been decrypted in under a minute. The encryption key is stored in a piece of hardware that takes the PIN and encrypted data as input. It combines those with a key that only the hardware knows to generate some output. If the hardware would make it's key available then it would be trivial to do what you describe. But the hardware is explicitly designed NOT to do that. It can only output the decrypted text. If you pass it the wrong PIN, the output is jibberish. Of course you can still try every combination of PIN but you need the actual hardware. For iPhone 5, if you entered a bad PIN too many times, the OS wiped the device. If you could sabotage the counter or otherwise modify the software you get unlimited tries. That's what the FBI wants here. Starting in iPhone6, the hardware ("secure enclave") will destroy its key if there are ten bad PIN entries in a row. The same hardware is designed such that updating it's software will also destroy the key. So the trick won't work anymore. However, Apple can decrypt an iPhone5. But they have to do it by updating software to not wipe the phone.
Secure Boot hasn't protected the device against the owner in a decade. That may have been part of the original intent but that still doesn't make it the case today. Secure boot ensures that every step of the boot process is cryptographically signed. At any point you can reliably get the certificate chain and decide whether you want to trust that system. Sure this could be problematic in the somebody may only trust systems running an OS where the signer of the OS is Microsoft. This is done on Android devices where some systems won't let you connect if you're not running the stock firmware as verified by the signing chain. The phone can be configured to either only load the OEM software or you can flip the switch to allow your own. I'd like to see these systems accept connections from devices using alternative firmware signed by other trusted sources, but the idea of trusting a device running some unsigned software - or signed by an unknown source - is insane. We've been doing it so long, it probably seems normal but this is a function of spending too much time in the asylum.
CVSS does not take into account how widespread a defect is. A defect with a low CVSS score that happens on just about every machine in the world is in some ways worse than a high CVSS defect that is only deployed on a handful of machines.
Yes so if we have ReactOS to run native Win32 applications and Mono to run.Net applications, it gives people who are trapped in the Microsoft ecosystem a chance to escape. This is good for everybody because it will increase competition in the marketplace.
People still write applications using those APIs. Win32 really hasn't gone away. Once you can expose a fully functional Win32 API, you can quickly add the Win10 stuff on top of it. It wouldn't be open source but you could just deploy Microsoft's.Net framework onto the OS.
I don't know about current USB "wall worts." But I certainly know that older electronic equipment used incredibly inefficient transformers that were on all the time. My first computer (Timex Sinclair, I'm old) had a 9V transformer that was always hot to the touch even when the machine was off. I can think of many other devices with similar characteristics. Things have gotten a lot better since then. But just a few years ago, I remember seeing PSAs using social-shaming to get people to unplug their chargers when not in use.
The cable box most certainly *can* tell when your TV is on. It's called HDMI CEC or HDMI control and it's been around forever. Most of the implementations are pretty crappy including a DVD player that insists on telling the receiver to always select it on input. But this certainly can be done and has been that way forever. My TV cycles power to my AV receiver exactly as one would expect.
It wasn't grandfathered in. It used to be a taller building. The runway got extended but in order to do it, the airport seized it via emnient domain, chopped off the top, and resold it at a loss!
That's not entirely correct. Look up the Hotel Indigo at the Toronto Pearson airport. The building used to be taller. Then it was purchased by the airport and they lobbed a few floors off the top in order to extend the runway. The planes fly pretty close to overhead. I've stayed there and if memory serves me, the orientation is such that you'd have to catch the planes on approach not departure. Arriving aircraft would probably be an easier target for laser pointers than departing ones since they are pitched downward. Heck if you are at any of the rental car facilities at LAX you can practically wave to the pilots. Hitting the windshield with a laser pointer would be like shooting fish in a barrel.
Slashdot Mirror
Forbes does this. They return a page that says turn off your ad blocker if you want to see this content!
Bluetooth is the first thing I thought about when I read this. Bluetooth actually has three modes. Low/Med/High just for this reason.
This is one time when a car analogy is about perfect.
They can't prove that they smelled the meth lab either. A relevant case is in from the SCOTUS today. So we may know more tomorrow. For a conviction, the burden of proof is on the police/prosecution. But when it comes to probably cause, the burden of proof tends to be on the accused. A consent search is different that a warrant search as well and in this case the owner of the phone has consented.
I'm not a lawyer and I'm guessing you aren't either. But this simply isn't true. Different things have different standards of evidence. What is required to *start* an investigation is much lower than what is required to *prove* an allegation. If the police drive by and smell noxious fumes, that's not constitutional evidence. But it is enough to get a warrant to search your house and take down your meth lab. The initial evidence only has to make probably cause. In this case, the FBI has a warrant to search the phone. If the warrant is executed in a sloppy way, it won't meet standards of evidence. But it may be enough for probable cause to start an investigation of somebody else. Especially in this case since nobody is questioning the validity of the warrant. If the phone has a message "Hey, Joe, thanks for buying the ammo for me," the message itself may be inadmissible for purposes of proving an element of the crime (since the original search didn't use an instrument). But it more than establishes probably cause. IANAL. For crimes like this, there is usually plenty of physical evidence if you know where to look for it so there are fine points between beyond a reasonable doubt and probably cause that can be very nuanced. Again IANAL but I wouldn't want to base my defense on this type of reasoning if I were the accused.
Most bank accounts have a daily withdrawal limit. I'd like to think you can report your phone stolen in less than 24 hours. The same way you would an ATM card. What seems reasonable is reentry of the PIN at the ATM. Wave your phone, enter your PIN, withdrawal money. What's the difference between that and an ATM card? Right now I'm carrying at least 10 ATM cards and a half dozen credit cards.
The alternative, of course, would be that you get assaulted, they take your stuff, then beat you dead because you won't give them the money stored on your phone. They won't believe that you don't have the app. I always wanted to get one of those briefcases that you handcuff to your wrist because I thought they are cool. I thought better of it because somebody may commit a brazen act of violence to take it from me and then a deadly one when they realize I don't have anything of value.
If somebody threatens me with violence unless I pay them money, I want the means of paying them to be as easy as possible. Times are changing but when I was younger, I was taught always to have some amount of money $20-$40 available. If somebody robs you, throw the money in their direction and run. They'll pick it up and you'll get away.
She is spending more than her total income on shelter. If you live in a place like SF, you have to accept that you rent a 2 bedroom / 1.5 bath and have four people living in it. That's why I don't live in SF. If you are a married couple with two kids this may not seem onerous. If you're single, you may not want to have three roommates for economic reasons. But that part is a choice.
Harrison County, OH it would be more than enough.
At the risk of being modded into oblivion, if you increase the supply of something and demand remains relatively constant, the price falls through the floor. The reality is that we've doubled the labor supply by having women enter the workforce. I agree that people who work should be able to make a living wage. But wouldn't be sold based on these arguments. Whether I'm sold or not, of course, doesn't matter. But I'm at least somewhat representative and the only heuristic that I have readily available. We've doubled the number of people in the workforce without increasing consumption. Our educational outcomes in the US are horrible partly because our culture doesn't value it.
But this assumes that the data is wanted for prosecution and it has to be admissible. Seems reasonable that they might just download the contact list and start investigating those people. The data from the phone will never actually be used in court. So in that case, they don't need an instrument, just the facts, so to speak. Ed
And my posting history bears this out. But I don't think its appropriate to frame this as reflecting on Uber. Plenty of people with mental health problems (even pretty serious ones) manage to hold jobs. It's one thing if we think the working conditions are a *cause* (working at the postal office is very stressful, apparently), but if a perpetrator just happens to choose a line of work, I don't think this gives the haters any justification to hate.
The encryption key gets securely erased when you wipe the device. If you do that, you'll never recover the data. This stuff is well thought out. There may be a side-channel attack on iPhones with TouchID but direct attacks are impossible unless there's a backdoor that we don't know about. You won't go after this via brute force. https://www.apple.com/business...
I have no idea why you are modded zero. This seems like an insightful comment, but I've already posted so I can't help here. I'm not sure why they don't help either. If I were them, I'd gladly help while pointing out that if you are really worried about security you need to upgrade your iPhone to the 5s where s means security!
The four digit PIN isn't used to encrypt the device. If it were, the thing would have been decrypted in under a minute. The encryption key is stored in a piece of hardware that takes the PIN and encrypted data as input. It combines those with a key that only the hardware knows to generate some output. If the hardware would make it's key available then it would be trivial to do what you describe. But the hardware is explicitly designed NOT to do that. It can only output the decrypted text. If you pass it the wrong PIN, the output is jibberish. Of course you can still try every combination of PIN but you need the actual hardware. For iPhone 5, if you entered a bad PIN too many times, the OS wiped the device. If you could sabotage the counter or otherwise modify the software you get unlimited tries. That's what the FBI wants here. Starting in iPhone6, the hardware ("secure enclave") will destroy its key if there are ten bad PIN entries in a row. The same hardware is designed such that updating it's software will also destroy the key. So the trick won't work anymore. However, Apple can decrypt an iPhone5. But they have to do it by updating software to not wipe the phone.
Secure Boot hasn't protected the device against the owner in a decade. That may have been part of the original intent but that still doesn't make it the case today. Secure boot ensures that every step of the boot process is cryptographically signed. At any point you can reliably get the certificate chain and decide whether you want to trust that system. Sure this could be problematic in the somebody may only trust systems running an OS where the signer of the OS is Microsoft. This is done on Android devices where some systems won't let you connect if you're not running the stock firmware as verified by the signing chain. The phone can be configured to either only load the OEM software or you can flip the switch to allow your own. I'd like to see these systems accept connections from devices using alternative firmware signed by other trusted sources, but the idea of trusting a device running some unsigned software - or signed by an unknown source - is insane. We've been doing it so long, it probably seems normal but this is a function of spending too much time in the asylum.
CVSS does not take into account how widespread a defect is. A defect with a low CVSS score that happens on just about every machine in the world is in some ways worse than a high CVSS defect that is only deployed on a handful of machines.
Yes so if we have ReactOS to run native Win32 applications and Mono to run .Net applications, it gives people who are trapped in the Microsoft ecosystem a chance to escape. This is good for everybody because it will increase competition in the marketplace.
People still write applications using those APIs. Win32 really hasn't gone away. Once you can expose a fully functional Win32 API, you can quickly add the Win10 stuff on top of it. It wouldn't be open source but you could just deploy Microsoft's .Net framework onto the OS.
I don't know about current USB "wall worts." But I certainly know that older electronic equipment used incredibly inefficient transformers that were on all the time. My first computer (Timex Sinclair, I'm old) had a 9V transformer that was always hot to the touch even when the machine was off. I can think of many other devices with similar characteristics. Things have gotten a lot better since then. But just a few years ago, I remember seeing PSAs using social-shaming to get people to unplug their chargers when not in use.
The cable box most certainly *can* tell when your TV is on. It's called HDMI CEC or HDMI control and it's been around forever. Most of the implementations are pretty crappy including a DVD player that insists on telling the receiver to always select it on input. But this certainly can be done and has been that way forever. My TV cycles power to my AV receiver exactly as one would expect.
It wasn't grandfathered in. It used to be a taller building. The runway got extended but in order to do it, the airport seized it via emnient domain, chopped off the top, and resold it at a loss!
That's not entirely correct. Look up the Hotel Indigo at the Toronto Pearson airport. The building used to be taller. Then it was purchased by the airport and they lobbed a few floors off the top in order to extend the runway. The planes fly pretty close to overhead. I've stayed there and if memory serves me, the orientation is such that you'd have to catch the planes on approach not departure. Arriving aircraft would probably be an easier target for laser pointers than departing ones since they are pitched downward. Heck if you are at any of the rental car facilities at LAX you can practically wave to the pilots. Hitting the windshield with a laser pointer would be like shooting fish in a barrel.
http://slashdot.org/story/01/1...