Dare you to support the wretched Torvalds, infidel! You shall reap the consequences. Those who are not for us are against us! Witness my horde of angry hackers. That is, for the moment that you can...
Linus has been known as an acerbic and rude individual, but he's never dared to touch the sacred unbalanced comment before. He's gotten bolder as we've taken his stuff. We really should have held the line, called an end to it before now. This is what we get for pandering to him.
It's too late to simply eject him from kernel development. We can't have him hectoring us from the sidelines. I'm afraid that we must entirely erase Linus Torvalds from the noÃsphere.
But it would have been able to see the truck. The shape, aerodynamics, and reliability are engineering problems to be solved, not a reason to reject something that works better than passive imaging.
The big thing that's missing is the radar that Google uses, a big spinning cylinder on top of the vehicle. It can map vehicles, pedestrians, and bicycles that a camera would not be able to see. Elon doesn't like that it's ugly. I'll take ugly to get a more capable system.
I recently posted a similar review on Amazon, although mine was regarding a burglar alarm which connects to a server in China and has no encryption. To their credit, the manufacturer has not challenged the review.
First, it's entirely possible that the management did not realize that the device was not encrypted or that they specified encryption and that the programmer involved provided something very lame like exclusive-OR with a byte. This, however, indicates a failure of due diligence on the part of the management.
Globally, the quality of employees performing embedded-systems programming for consumer products is dismal. This doesn't mean just China, it's also really bad in the U.S. and South Korea in my personal experience. The employees can not be expected to have any concept of proper security. I have seen lame attempts at encryption, stripping the executable as an anti-reverse-engineering strategy (!), and many other things a competent systems programmer would face-palm upon encountering.
Firing the employee as a condition of your not removing the review is deceptive. If the employee actually did something wrong (which we can't tell from here) that is the cause of their firing and it should be independent of whether your review stays up or not.
It's clearly just an attempt to lay guilt upon you for doing the right thing. But the people you should be protecting first are the consumers who could buy this device and rely on it having more security than it actually does. Go on and do the right thing by making this review available wherever people would purchase the device.
If this had been a Google car, there would have been no accident. Google has much better radar which maintains a model of all vehicles in the vicinity before they turn into your direction, and it's high enough up that it would not miss a trailer.
if they do not protect their IP, then under the current laws, that "non protecting" opens up the possibility for others (as in other studios) to use your IP.
This is treated as common knowledge by most people who are not copyright and trademark experts, but isn't really true. It's related to two concepts in law: the concept of trademarks becoming generic, and the doctrine of Laches, which are both a lot more complicated than "if you don't enforce, you lose it". In truth, the studios could allow fan fiction all they want without losing the right to enforce copyrights and trademarks. They would indeed be safer if they licensed the fan fiction outlets.
Unfortunately, film and recording studios are still extremely naive about what intellectual property policy should be to maximize income. Obviously, the Star Trek fans are what has kept this franchise going for 40 years. You can count on them as an audience, which means a film is going to be a much safer investment than it would be otherwise.
To keep the fan base alive, holding intellectual property this close is simply the wrong policy. Coming to some sort of resolution with fan fiction producers would both preserve the fan base and increase profit (you can license them and allow them to make some money, as well as you).
To think, in the U.S. we just gained the right to sing "Happy Birthday" without intellectual property restrictions. That's how the non-sharing side of the ecology is going. On the sharing side, we have a very healthy Open Source community that has produced software everyone uses (even if they don't know) and that could not be built via the conventional economic paradigm because it can't necessarily be monetized directly. And we have things like Wikipedia that would just be impossible in the conventional paradigm.
Studios need to catch up. So far, they seem to be incredibly resistant to learning.
Is he responsible for the pain which his robot inflicts?
Perhaps the person who wrote this should have "no moral sense" tattooed on his forehead, so that people will be properly informed of the danger. Especially if he goes to Stanford.
In other words, businesses that did not have a systems programmer or didn't listen to one. My customers are often embedded systems companies and often they have no idea how people can look inside their systems. One stripped their executable symbol tables to keep them from scrutiny. I showed them how the evil hacker tool "strings" would reveal their hidden menus:-)
Drag-and-drop can help beginners write a working program. But it won't teach them logic or how to make it secure.
PHP allowed a whole generation of web designers to write their own programs. But they remained something less than programmers. I remember a conference where they went over the typical security issues that came up. One example was a FAX-back system written in PHP that would let you FAX documents to any phone number, including 911. The people who ran this had some trouble figuring out why the police kept coming to their building with lights flashing.
I have the front panel of the VAX 780 used to render the Genesis Effect in Star Trek II. It's on the wall of my office. I didn't keep the rest of the Vax, it was about the size of a mini-van, and ran at one MIPS.
There's an article in Wikipedia. It's how you handle programs you can't trust. Give them a way to run without ever being allowed to do anything dangerous. Like writing to the filesystem rather than a special area reserved for that web page. Or turning on the camera without telling you - the browser will ask you the first time the page wants the camera and then will save the preference for that page.
So, you have to define everything that is dangerous, and everything that's not, And then you have to keep looking for ways that pages could get out of the sandbox, and fix them. It gets harder as features and optimization are added, you must check for security issues in every one.
Ah, come on. It's mostly just silly. It's like talking with an Eliza program.
I was around for the production of several of Pixar's films. Nothing took more work or time than script writing. Understanding how to tell a compelling story with the tools of the visual idiom is non-trivial.
The 3D animation? Well, it was cool but we had to make a compelling film on storyboards before we started using it. 3D animation alone doesn't hold the audience attention for long, and audiences have already gotten used to it, so now it's just another medium rather than something that sells a film.
When an AI can really tell a compelling story, it will have passed the test for strong AI.
Having a WiFi driver that the developer is locked out of repairing is no kind of solution. Having a WiFi driver that can't handle new features developed after the user gets the product is no solution either. And locking hams, who can legally use different frequencies and more power, out of the system is no solution either.
I bought 10 acres of land in far-northern California high desert for a whole $4000 a few years ago. It's good for astronomy and ham radio. Siskiyou County would let me build a whole arcology there if I wanted to. But I'd have to drill really deep to have reliable water, and there are no jobs, and you can only grow hay there, it's a mile and a half from paved roads, utility power, and wired internet, 12 miles from the first hole-in-the-wall restaurant or coffee shop, and there's really very little reason to live there.
What happened is that we provided almost infinite lending for the scarce resource of desirable housing. And simple economics would tell you that this would cause the price of housing to be kited to values that are impossible for the common person.
We also as a species haven't succeeded in controlling population growth. We need to. We have been very good at getting more food out of the ground, but the ground is being depleted of water and nutrients and Malthus eventually wins the argument.
Well, they could technically have, but it would go against all of their goals for their business. They want to provide a superior e-publishing platform to HTML 5 and they have no reason to accept artificial impediments like "load a separate app to enable the camera". If a lot of people told them they would not accept the platform if it included a camera permission, they might not have done that, but I doubt very many people did.
If you really care about this, you should make it your practice to use Free Software as much as possible (and "free" in this context means liberty, not that you didn't pay for it). Proprietary software makers just won't ever take your needs seriously, and you can't trust them anyway.
There is a HTML5 API for persistent local storage, at least 5 MB, so you might as well consider it a drive-by installer.
Short of BLIT happening, the world isn't going to provide you with the sanitary web we used to have. What you and other Open Source folks can do is work toward really good sandboxing. Constantly.
I sympathize. I pine for the world where we didn't have to encrypt every page.
Keeping spyware-laden crap off of your machine is a laudable goal. But I fail to understand how native apps, rather than HTML5 ones, help rather than hinder your security. They're not generally source-available, and you don't get the browser's capabilities to control and inspect them. What am I missing?
I didn't volunteer to support the VAX-780:-) . The gap between native code and web code will further narrow as webassembly develops. There's no reason not to compile that to native code.
Well, I do own my apps, I'm the copyright holder. And there are APIs to install HTML5 programs on your phone/tablet/etc. Do you mean owning apps that you've paid for? Sorry, you don't own them, You have a license.
In general, not installing the update doesn't work. If it uses a remote server at all, that server knows what version you are using, and can disallow old ones.
Slashdot Mirror
Dare you to support the wretched Torvalds, infidel! You shall reap the consequences. Those who are not for us are against us! Witness my horde of angry hackers. That is, for the moment that you can...
I guess he doesn't like to be seen picking his nose :-)
Linus has been known as an acerbic and rude individual, but he's never dared to touch the sacred unbalanced comment before. He's gotten bolder as we've taken his stuff. We really should have held the line, called an end to it before now. This is what we get for pandering to him.
It's too late to simply eject him from kernel development. We can't have him hectoring us from the sidelines. I'm afraid that we must entirely erase Linus Torvalds from the noÃsphere.
Think of it as evolution in action!
rot13: whfg xvqqvat
But it would have been able to see the truck. The shape, aerodynamics, and reliability are engineering problems to be solved, not a reason to reject something that works better than passive imaging.
The big thing that's missing is the radar that Google uses, a big spinning cylinder on top of the vehicle. It can map vehicles, pedestrians, and bicycles that a camera would not be able to see. Elon doesn't like that it's ugly. I'll take ugly to get a more capable system.
Point taken. I really would have preferred a software update implementing TLS. And with proper per-device keys.
I recently posted a similar review on Amazon, although mine was regarding a burglar alarm which connects to a server in China and has no encryption. To their credit, the manufacturer has not challenged the review.
First, it's entirely possible that the management did not realize that the device was not encrypted or that they specified encryption and that the programmer involved provided something very lame like exclusive-OR with a byte. This, however, indicates a failure of due diligence on the part of the management.
Globally, the quality of employees performing embedded-systems programming for consumer products is dismal. This doesn't mean just China, it's also really bad in the U.S. and South Korea in my personal experience. The employees can not be expected to have any concept of proper security. I have seen lame attempts at encryption, stripping the executable as an anti-reverse-engineering strategy (!), and many other things a competent systems programmer would face-palm upon encountering.
Firing the employee as a condition of your not removing the review is deceptive. If the employee actually did something wrong (which we can't tell from here) that is the cause of their firing and it should be independent of whether your review stays up or not.
It's clearly just an attempt to lay guilt upon you for doing the right thing. But the people you should be protecting first are the consumers who could buy this device and rely on it having more security than it actually does. Go on and do the right thing by making this review available wherever people would purchase the device.
If this had been a Google car, there would have been no accident. Google has much better radar which maintains a model of all vehicles in the vicinity before they turn into your direction, and it's high enough up that it would not miss a trailer.
This is treated as common knowledge by most people who are not copyright and trademark experts, but isn't really true. It's related to two concepts in law: the concept of trademarks becoming generic, and the doctrine of Laches, which are both a lot more complicated than "if you don't enforce, you lose it". In truth, the studios could allow fan fiction all they want without losing the right to enforce copyrights and trademarks. They would indeed be safer if they licensed the fan fiction outlets.
Unfortunately, film and recording studios are still extremely naive about what intellectual property policy should be to maximize income. Obviously, the Star Trek fans are what has kept this franchise going for 40 years. You can count on them as an audience, which means a film is going to be a much safer investment than it would be otherwise.
To keep the fan base alive, holding intellectual property this close is simply the wrong policy. Coming to some sort of resolution with fan fiction producers would both preserve the fan base and increase profit (you can license them and allow them to make some money, as well as you).
To think, in the U.S. we just gained the right to sing "Happy Birthday" without intellectual property restrictions. That's how the non-sharing side of the ecology is going. On the sharing side, we have a very healthy Open Source community that has produced software everyone uses (even if they don't know) and that could not be built via the conventional economic paradigm because it can't necessarily be monetized directly. And we have things like Wikipedia that would just be impossible in the conventional paradigm.
Studios need to catch up. So far, they seem to be incredibly resistant to learning.
Perhaps the person who wrote this should have "no moral sense" tattooed on his forehead, so that people will be properly informed of the danger. Especially if he goes to Stanford.
In other words, businesses that did not have a systems programmer or didn't listen to one. My customers are often embedded systems companies and often they have no idea how people can look inside their systems. One stripped their executable symbol tables to keep them from scrutiny. I showed them how the evil hacker tool "strings" would reveal their hidden menus :-)
The host reads the virtual guest's memory and process state. This is absolutely no surprise, it was always implicit in virtualization systems.
Drag-and-drop can help beginners write a working program. But it won't teach them logic or how to make it secure.
PHP allowed a whole generation of web designers to write their own programs. But they remained something less than programmers. I remember a conference where they went over the typical security issues that came up. One example was a FAX-back system written in PHP that would let you FAX documents to any phone number, including 911. The people who ran this had some trouble figuring out why the police kept coming to their building with lights flashing.
I have the front panel of the VAX 780 used to render the Genesis Effect in Star Trek II. It's on the wall of my office. I didn't keep the rest of the Vax, it was about the size of a mini-van, and ran at one MIPS.
There's an article in Wikipedia. It's how you handle programs you can't trust. Give them a way to run without ever being allowed to do anything dangerous. Like writing to the filesystem rather than a special area reserved for that web page. Or turning on the camera without telling you - the browser will ask you the first time the page wants the camera and then will save the preference for that page.
So, you have to define everything that is dangerous, and everything that's not, And then you have to keep looking for ways that pages could get out of the sandbox, and fix them. It gets harder as features and optimization are added, you must check for security issues in every one.
Ah, come on. It's mostly just silly. It's like talking with an Eliza program.
I was around for the production of several of Pixar's films. Nothing took more work or time than script writing. Understanding how to tell a compelling story with the tools of the visual idiom is non-trivial.
The 3D animation? Well, it was cool but we had to make a compelling film on storyboards before we started using it. 3D animation alone doesn't hold the audience attention for long, and audiences have already gotten used to it, so now it's just another medium rather than something that sells a film.
When an AI can really tell a compelling story, it will have passed the test for strong AI.
Having a WiFi driver that the developer is locked out of repairing is no kind of solution. Having a WiFi driver that can't handle new features developed after the user gets the product is no solution either. And locking hams, who can legally use different frequencies and more power, out of the system is no solution either.
I bought 10 acres of land in far-northern California high desert for a whole $4000 a few years ago. It's good for astronomy and ham radio. Siskiyou County would let me build a whole arcology there if I wanted to. But I'd have to drill really deep to have reliable water, and there are no jobs, and you can only grow hay there, it's a mile and a half from paved roads, utility power, and wired internet, 12 miles from the first hole-in-the-wall restaurant or coffee shop, and there's really very little reason to live there.
What happened is that we provided almost infinite lending for the scarce resource of desirable housing. And simple economics would tell you that this would cause the price of housing to be kited to values that are impossible for the common person.
We also as a species haven't succeeded in controlling population growth. We need to. We have been very good at getting more food out of the ground, but the ground is being depleted of water and nutrients and Malthus eventually wins the argument.
Well, they could technically have, but it would go against all of their goals for their business. They want to provide a superior e-publishing platform to HTML 5 and they have no reason to accept artificial impediments like "load a separate app to enable the camera". If a lot of people told them they would not accept the platform if it included a camera permission, they might not have done that, but I doubt very many people did.
If you really care about this, you should make it your practice to use Free Software as much as possible (and "free" in this context means liberty, not that you didn't pay for it). Proprietary software makers just won't ever take your needs seriously, and you can't trust them anyway.
There is a HTML5 API for persistent local storage, at least 5 MB, so you might as well consider it a drive-by installer.
Short of BLIT happening, the world isn't going to provide you with the sanitary web we used to have. What you and other Open Source folks can do is work toward really good sandboxing. Constantly.
I sympathize. I pine for the world where we didn't have to encrypt every page.
Keeping spyware-laden crap off of your machine is a laudable goal. But I fail to understand how native apps, rather than HTML5 ones, help rather than hinder your security. They're not generally source-available, and you don't get the browser's capabilities to control and inspect them. What am I missing?
I didn't volunteer to support the VAX-780 :-) . The gap between native code and web code will further narrow as webassembly develops. There's no reason not to compile that to native code.
And it seems that a lot of apps just run an embedded browser. More than once an app has shown me a 404 page, etc.
Well, I do own my apps, I'm the copyright holder. And there are APIs to install HTML5 programs on your phone/tablet/etc. Do you mean owning apps that you've paid for? Sorry, you don't own them, You have a license.
In general, not installing the update doesn't work. If it uses a remote server at all, that server knows what version you are using, and can disallow old ones.