Hotels have engineering or maintenance staff who carry tools around all the time (the "engineering" term is used at the more expensive hotels). You just need to dress like a working class guy in a uniform--your name on a badge helps--and no one will question why you're wandering around with a crowbar. At a nice place it's a cheaper look to pull off than the suit you'd need to look like a concierge.
I used the same trick when trying to write an Atari 2600 game, with the Starpath Supercharger. That lets you load a new cartridge via the cassette interface. But rather than plug a real player in, you can compile your code into a WAV file that uses the same format as those cassettes. Play that sound on the laptop, audio output plugged into the Supercharger, and you can test the game on real hardware.
This is extremely useful, as emulators only go so far. I had my demo display loop working fine on the 2600 emulator. Didn't work right on the real hardware though, the vertical sync time was off and it rolled instead of being stable.
The important number is how many dollars could be extracted from the market by a mining company. Mt.Gox claims to make up a large part of the Bitcoin to real money market. The entire exchange trades about $100,000 per day of volume. Call it $35 million per year. Given the total size of the market, a company with ASIC production capabilities would be hard pressed to expect even $10M/year of revenue from a large investment in mining hardware development.
For comparison sake, even CPU underdog AMD generates $16M of revenue every day. Intel does 10X that much. It takes billions of dollars to create a new manufacturing fab facility for chips. And total trading volume for the major stock exchanges involve trillions of dollars moving around every day.
There would need to be roughly an order of magnitude increase in the size of the daily Bitcoin trading market before I'd expect serious hardware companies or investors to even notice. A slice of a $100M/year market would be big enough to draw attention.
This is not doing anything useful from a research perspective. To quote the article, "even [chip] technology 10 years old is much better than current mining devices". That's being generous. Look at the first semiconductor roadmap chart from 1993 for a minute. These Bitcoin ASICs are being built at 65 to 90nm; that wasn't even state of the art then. This is advancing absolutely nothing except Bitcoin mining; there's no benefit for anyone else.
This would be true if they were building general purpose computing devices. Since the work has moved onto ASIC production with the sole purpose of mining Bitcoins, it's no longer relevant unless you think that is a profitable exercise.
The sad thing about Bitcoin mining is its futility. If it ever does become something that's worth real money, it will get taken over by rich people and companies, same as every other currency in history. The relative ease of taking over the market with simple ASIC technology shows how easily the whole exercise can be devalued by a single entity with money to spend on R&D.
How does the victim here leave for work the next day if a thief has taken their keys? Even the biggest sheep should realize that when their keys have been stolen, they might need to change their locks at home.
The right scary story here is that a thief finds your car unlocked, gets your home address (which is possible just from your tag), and immediately drives it to your house to loot it. Once that's done, they return the car to your office parking lot. Now there's not even a getaway vehicle required in the crime! Your own car will be used against you. It solves all sorts of issues. If the neighbors notice someone looting the house, the thief can tell them "I'm helping my buddy move some things, that's why he loaned me his car".
I'm suggesting that technology has enabled spending in previously infeasible areas, and it's possible that really does work. The Obama campaign has been seeing a measurable return on investment on things like personalized e-mail to voters, to the point where they tested trial messages to tweak their presentation before the mass mailings.
I distrust extrapolation from old data here. It wasn't possible to develop a platform for this sort of software in the amount of time between presidential campaigns before. Historical study of things like ROI on advertising doesn't seem very relevant to that. Romney's campaign was run like an old-school software development monolith project, and it failed miserably.
I hate to dig into the CTO cliches here, but the only terminology that comes to mind for what the Obama promotion did is "disruptive" use of technology. And all the detailed information about that I've read suggested that it happened by adopting open-source platforms, by rejecting NIH syndrome. Small development targets, agile teams, analytics driven measurement of results, plus aggressive re-use of open platforms; it took all of that to make a difference with campaign spending.
We'll see if studies in the future are able to measure what I think happened here. I'm sure somewhere there's a researcher looking at how spending on social media and software impacted the last election.
A presidential election with an electoral setup is not a typical market though, and major drift between the popular and electoral votes would present a PR problem. And any study that claims money can't be turned into popular votes just wasn't thinking hard enough about how to spend the money. A major reason that Obama won the election by such a large amount was better directed spending, from having done this before. You do have to spend the money correctly though, such as using a heavily open-source platform for building software.
Discovered, but doesn't quite understand how it works in the real world yet. If you allow unlimited betting and there are two "exchanges" that give different odds, what happens next is that someone will place arbitrage bets on the pair until they are even. This is how trading markets force that sort of gap to zero once it appears.
Most trading vehicles come with some sort of spread between the buying and selling price, like the "bid" and "ask" for stocks. That small loss is the only real limit keeping people from exploiting any tiny gap between offers across markets into an arbitrage profit. Even if the profit per share on a trade is 0.01, put enough volume behind that and it turns into real money. But if you make entering and existing a trade typically result in a 0.01 loss--due to the difference between the bid and the ask--that puts a lower limit on how small of an arbitrage gap can be traded profitably. Adding a per-transaction fee is also useful for that.
Traditional gambling, via something like a bookie or a casino, doesn't have this problem because the odds aren't symmetrical. They are not a market that allows someone to play all sides of a bet and come close to breaking even. Roulette is a good example, where the zero value on the wheel makes it unprofitable to try and cover the board with a red/black or even/odd pair of bets.
I didn't say I was OK with anything. I stated the reality of the corporate position here. There are two main ways to get something out of a corporation. You can pay them for it, or you can legislate a rule so that they're required to provide it--which will then be passed along as a cost of doing business. Since neither of those are involved when a person requests their own medical data, of course the company says they can't have it right now. You are not a paying customer to them, so they have no incentive to make you happy.
The way health insurance in the US works, people are covered only if medical work goes through their doctor, and there is no incentive for the patient to improve their own care. In fact several of the corporate entities here are actually motivated against you getting better through self-care, the pharmaceutical companies being the most obvious one. Until you understand how the system is constructed and works already, you're not going to bust down any of the many barriers set to block empowered patients from doing anything on their own.
P.S. not all of those barriers are even a bad idea. Left on their own, many people prefer slickly sold snake-oil to real medicine. If I were at the company providing this heart product, I could easily construct a scary story about how people who can see their own data will skip regular check-ups because they think they know everything. And in some cases, that's exactly what will happen here.
If Oracle doesn't have someone reading FullDisclosure every day, including the weekends, you deserve to be embarrassed and shamed by your customers. Hint: someone from the MariaDB team was adding to the discussion already by Sunday.
A look at the twitter feed of the submitter and his associated web site--"Farlight Elite Hackers Legacy"--does not give the impression of responsible disclosure. But this is the same guy who released the 2010 “Apache Killer”; calling attention to problems with exploit code is this guy's method. I'd rather see that than no disclosure at all. He does appear to be a professional penetration tester at work, who does things like speak at conferences on his methods too.
Right, suggestions like the Zenoss commentor who says "f you dont want to frack around, just chmod those puppies 777" are the reason why this is a problem. It's sadly common advice in the "I want setup to be easy" land of MySQL priorities.
Note that if you change the directory a PostgreSQL server writes to so that other users are allowed to write there, too, the server will refuse to start until you fix the permissions so that isn't the case. New database installations made with initdb have the right permissions, but the code checks against people "fracking" themselves by making them less secure later. The only way around this is to modify the source code to disable the check!
The problem is right in how you're asking the question: "why wouldn't they give you the data you generated". That word, "give", it implies something you get for free. Why would you expect companies would do that? Nothing in it for them. The only way to get access to the data is to pay for it, with a trip to your doctor's office for example.
Being able to play bit-accurate data from a CD drive does not mean that you can extract audio from it. It is far easier to get CD-ROM data than audio off a CD.
The fundamental problem that makes ripping hard is mapping the audio stream, which was only designed to be played back continuously, into a series of sectors, and then reading all of them. Early CD-ROM drives didn't even allow repeatable positioning within the audio stream, suffering from what's called read offset jitter that wasn't consistent. It therefore couldn't be corrected without brute force re-scanning. Getting this wrong results in occasional glitches in the audio you extract.
One of the things that gets in the way of detecting and correcting for jitter is the drive's read cache. Doing that requires a fairly low-level conversation with the drive. Some USB chipsets don't pass the ATA commands necessary for that through transparently enough.
Bubble-era businessman? McAfee resigned from McAfee Associates in 1994. You might as well reference the Dutch tulip bubble, that's just as relevant.
When McAfee Associates started in 1987, it was only shortly after the very first IBM PC viruses (The Brain boot sector/Pakistani flu) appeared. And when the first PC virus mania hit, the 1992 Michelangelo scare, many of us used the shareware McAfee anti-virus program to check if our computers were infected. That era, his 1987 to 1992 work, was where the pioneer label comes from.
Blaming inventors for not fully defending against misuse of the technology they built is an old and tired argument. It most obviously goes back to the Manhattan Project, and from there it's a quick trip to discussing the Nazis and bam! Godwined.
Slashdot Mirror
I thought they just threatened to sue, but didn't when the project met their demands.
We need to poke GameSpy with the soft cushions!
...followed by security being called by the person you just threatened. Memorably harassing a member of the hotel staff is a pretty stupid plan.
Hotels have engineering or maintenance staff who carry tools around all the time (the "engineering" term is used at the more expensive hotels). You just need to dress like a working class guy in a uniform--your name on a badge helps--and no one will question why you're wandering around with a crowbar. At a nice place it's a cheaper look to pull off than the suit you'd need to look like a concierge.
386DX? Luxury.
I used the same trick when trying to write an Atari 2600 game, with the Starpath Supercharger. That lets you load a new cartridge via the cassette interface. But rather than plug a real player in, you can compile your code into a WAV file that uses the same format as those cassettes. Play that sound on the laptop, audio output plugged into the Supercharger, and you can test the game on real hardware.
This is extremely useful, as emulators only go so far. I had my demo display loop working fine on the 2600 emulator. Didn't work right on the real hardware though, the vertical sync time was off and it rolled instead of being stable.
The important number is how many dollars could be extracted from the market by a mining company. Mt.Gox claims to make up a large part of the Bitcoin to real money market. The entire exchange trades about $100,000 per day of volume. Call it $35 million per year. Given the total size of the market, a company with ASIC production capabilities would be hard pressed to expect even $10M/year of revenue from a large investment in mining hardware development.
For comparison sake, even CPU underdog AMD generates $16M of revenue every day. Intel does 10X that much. It takes billions of dollars to create a new manufacturing fab facility for chips. And total trading volume for the major stock exchanges involve trillions of dollars moving around every day.
There would need to be roughly an order of magnitude increase in the size of the daily Bitcoin trading market before I'd expect serious hardware companies or investors to even notice. A slice of a $100M/year market would be big enough to draw attention.
My relatives who don't understand computers and worry about viruses already pay a McAfree Fee each month.
This is not doing anything useful from a research perspective. To quote the article, "even [chip] technology 10 years old is much better than current mining devices". That's being generous. Look at the first semiconductor roadmap chart from 1993 for a minute. These Bitcoin ASICs are being built at 65 to 90nm; that wasn't even state of the art then. This is advancing absolutely nothing except Bitcoin mining; there's no benefit for anyone else.
This would be true if they were building general purpose computing devices. Since the work has moved onto ASIC production with the sole purpose of mining Bitcoins, it's no longer relevant unless you think that is a profitable exercise.
The sad thing about Bitcoin mining is its futility. If it ever does become something that's worth real money, it will get taken over by rich people and companies, same as every other currency in history. The relative ease of taking over the market with simple ASIC technology shows how easily the whole exercise can be devalued by a single entity with money to spend on R&D.
How does the victim here leave for work the next day if a thief has taken their keys? Even the biggest sheep should realize that when their keys have been stolen, they might need to change their locks at home.
The right scary story here is that a thief finds your car unlocked, gets your home address (which is possible just from your tag), and immediately drives it to your house to loot it. Once that's done, they return the car to your office parking lot. Now there's not even a getaway vehicle required in the crime! Your own car will be used against you. It solves all sorts of issues. If the neighbors notice someone looting the house, the thief can tell them "I'm helping my buddy move some things, that's why he loaned me his car".
That already is the position people end up in after making a visit to the office of Adobe's head lawyer.
Wait, you can play Crysis? When did that happen?
It's a game where you move around shooting. There's nothing different from all the games in the last 50 years, there's just more graphical detail.
I'm suggesting that technology has enabled spending in previously infeasible areas, and it's possible that really does work. The Obama campaign has been seeing a measurable return on investment on things like personalized e-mail to voters, to the point where they tested trial messages to tweak their presentation before the mass mailings.
I distrust extrapolation from old data here. It wasn't possible to develop a platform for this sort of software in the amount of time between presidential campaigns before. Historical study of things like ROI on advertising doesn't seem very relevant to that. Romney's campaign was run like an old-school software development monolith project, and it failed miserably.
I hate to dig into the CTO cliches here, but the only terminology that comes to mind for what the Obama promotion did is "disruptive" use of technology. And all the detailed information about that I've read suggested that it happened by adopting open-source platforms, by rejecting NIH syndrome. Small development targets, agile teams, analytics driven measurement of results, plus aggressive re-use of open platforms; it took all of that to make a difference with campaign spending.
We'll see if studies in the future are able to measure what I think happened here. I'm sure somewhere there's a researcher looking at how spending on social media and software impacted the last election.
A presidential election with an electoral setup is not a typical market though, and major drift between the popular and electoral votes would present a PR problem. And any study that claims money can't be turned into popular votes just wasn't thinking hard enough about how to spend the money. A major reason that Obama won the election by such a large amount was better directed spending, from having done this before. You do have to spend the money correctly though, such as using a heavily open-source platform for building software.
Discovered, but doesn't quite understand how it works in the real world yet. If you allow unlimited betting and there are two "exchanges" that give different odds, what happens next is that someone will place arbitrage bets on the pair until they are even. This is how trading markets force that sort of gap to zero once it appears.
Most trading vehicles come with some sort of spread between the buying and selling price, like the "bid" and "ask" for stocks. That small loss is the only real limit keeping people from exploiting any tiny gap between offers across markets into an arbitrage profit. Even if the profit per share on a trade is 0.01, put enough volume behind that and it turns into real money. But if you make entering and existing a trade typically result in a 0.01 loss--due to the difference between the bid and the ask--that puts a lower limit on how small of an arbitrage gap can be traded profitably. Adding a per-transaction fee is also useful for that.
Traditional gambling, via something like a bookie or a casino, doesn't have this problem because the odds aren't symmetrical. They are not a market that allows someone to play all sides of a bet and come close to breaking even. Roulette is a good example, where the zero value on the wheel makes it unprofitable to try and cover the board with a red/black or even/odd pair of bets.
I didn't say I was OK with anything. I stated the reality of the corporate position here. There are two main ways to get something out of a corporation. You can pay them for it, or you can legislate a rule so that they're required to provide it--which will then be passed along as a cost of doing business. Since neither of those are involved when a person requests their own medical data, of course the company says they can't have it right now. You are not a paying customer to them, so they have no incentive to make you happy.
The way health insurance in the US works, people are covered only if medical work goes through their doctor, and there is no incentive for the patient to improve their own care. In fact several of the corporate entities here are actually motivated against you getting better through self-care, the pharmaceutical companies being the most obvious one. Until you understand how the system is constructed and works already, you're not going to bust down any of the many barriers set to block empowered patients from doing anything on their own.
P.S. not all of those barriers are even a bad idea. Left on their own, many people prefer slickly sold snake-oil to real medicine. If I were at the company providing this heart product, I could easily construct a scary story about how people who can see their own data will skip regular check-ups because they think they know everything. And in some cases, that's exactly what will happen here.
If Oracle doesn't have someone reading FullDisclosure every day, including the weekends, you deserve to be embarrassed and shamed by your customers. Hint: someone from the MariaDB team was adding to the discussion already by Sunday.
A look at the twitter feed of the submitter and his associated web site--"Farlight Elite Hackers Legacy"--does not give the impression of responsible disclosure. But this is the same guy who released the 2010 “Apache Killer”; calling attention to problems with exploit code is this guy's method. I'd rather see that than no disclosure at all. He does appear to be a professional penetration tester at work, who does things like speak at conferences on his methods too.
Right, suggestions like the Zenoss commentor who says "f you dont want to frack around, just chmod those puppies 777" are the reason why this is a problem. It's sadly common advice in the "I want setup to be easy" land of MySQL priorities.
Note that if you change the directory a PostgreSQL server writes to so that other users are allowed to write there, too, the server will refuse to start until you fix the permissions so that isn't the case. New database installations made with initdb have the right permissions, but the code checks against people "fracking" themselves by making them less secure later. The only way around this is to modify the source code to disable the check!
The problem is right in how you're asking the question: "why wouldn't they give you the data you generated". That word, "give", it implies something you get for free. Why would you expect companies would do that? Nothing in it for them. The only way to get access to the data is to pay for it, with a trip to your doctor's office for example.
Being able to play bit-accurate data from a CD drive does not mean that you can extract audio from it. It is far easier to get CD-ROM data than audio off a CD.
The fundamental problem that makes ripping hard is mapping the audio stream, which was only designed to be played back continuously, into a series of sectors, and then reading all of them. Early CD-ROM drives didn't even allow repeatable positioning within the audio stream, suffering from what's called read offset jitter that wasn't consistent. It therefore couldn't be corrected without brute force re-scanning. Getting this wrong results in occasional glitches in the audio you extract.
One of the things that gets in the way of detecting and correcting for jitter is the drive's read cache. Doing that requires a fairly low-level conversation with the drive. Some USB chipsets don't pass the ATA commands necessary for that through transparently enough.
Bubble-era businessman? McAfee resigned from McAfee Associates in 1994. You might as well reference the Dutch tulip bubble, that's just as relevant.
When McAfee Associates started in 1987, it was only shortly after the very first IBM PC viruses (The Brain boot sector/Pakistani flu) appeared. And when the first PC virus mania hit, the 1992 Michelangelo scare, many of us used the shareware McAfee anti-virus program to check if our computers were infected. That era, his 1987 to 1992 work, was where the pioneer label comes from.
Blaming inventors for not fully defending against misuse of the technology they built is an old and tired argument. It most obviously goes back to the Manhattan Project, and from there it's a quick trip to discussing the Nazis and bam! Godwined.