The BBC should tell Murdoch and others to go jump. Unless something has changed recently, the BBC is funded largely by the license holders and has no obligation to Murdoch/News or any other "news" organization.
Anyone who sells a ticket for more than its face value (with a suitable legal definition of "face value") would be hit in a big way. Any tickets they are in possession of would be forfeited back to the event organizer (who could go ahead and resell them)
If the penalty is serious enough (say jail or huge fines) scalpers wont bother.
Event organizers/ticket sellers could limit the number of tickets they will sell to any one person (so scalpers cant come in and buy 50-100 tickets or whatever)
The #1 reason I HATE Atari right now is the crap they pulled when they took the new Ghostbusters game and sold the rights for Europe/Australia to Sony and the game became limited-time-PlayStation-exclusive. Its that reason I refuse to buy any product that says Atari on it. I also refuse to buy any games or gaming hardware that says Sony on it for this and other reasons.
TI is charging so much for the things because they have a near monopoly. Most schools have designed their lesson plans around the TI calculator and therefore require the purchase of TI calculators by their students.
When I was in high school, I was one of the first group to be allowed to use graphics calculators in the math classes, specifically the Casio CFX-9850G. Great calculator, still have one, used it all the way through University too (well in the one math unit where I was allowed/needed graphics calculators)
what will happen is that the smart kids will write the programs and the dumb kids will copy them from the smart kids (or from the Internet) and then just run them and copy the results (including the "working" displayed by the program), thus learning nothing.
As someone who has worked with Cisco routers running IOS, I can tell you that there are plenty of situations where a console cable (which plugs into a serial port) is essential.
Of course the real answer is to recognize that coal is dirty, ban the construction of any new coal power plants and start building replacements for the ones already operating. If we arent using coal, there is no need to mine it. And then no-one will die in the mines.
Do TiVO continue to make it hard to copy the videos OFF the device or to replace the kernel and root software?
Are there still PVRs out there where you CAN copy the files off the device right out of the box or have all of them been forced to remove this functionality at the behest of the content providers?
Since the update is being performed by a Toyota dealer, any problems caused by the update will be fixed at no cost by the dealer.
If the dealer installs the update and in doing so bricks the cars computer units, the dealer is obligated to fix the bricked computer units for free (especially since the update is done as part of a recall)
Given all the stories I see about how health insurance in the US sucks and how even if you have it you are highly unlikely to actually get much in the way of benefits back should you HAVE a serious illness or injury, why would having insurance be better than just putting the same amount of money in a high interest savings account and spending that money should you need it.
Or does having health insurance get you other benefits vs just saving the money and paying out of pocket?
Given the way these worms/trojans spread and the sort of PCs they are most likely to infect, even if you COULD compile a list of valid IP addresses its a good bet that those machines would be A.No longer infected (because its been cleaned by the Windows Malicious Software Removal Tool or by anti-virus or by a re-image of the computer from a recovery partition/CD/DVD or a standard corporate disk image) B.Firewalled off (corporate networks etc) C.Running behind NAT (again corporate networks using NAT or home users with a router and a single world-routeable IP address from their ISP) or D.Running on a different IP address (home broadband users with no computer know-how at all, a PC directly connected to the internet via a broadband modem in bridge mode, no firewall and a dynamic IP address assigned by their ISP are one of the biggest groups when it comes to bot infected PCs)
Presumably if Microsoft have done their homework, they have identified every possible machine that these bots could try to contact to receive new instructions (such as new SPAM messages to send) and had VeriSign disable every domain name so it cant be registered or used.
Does this mean the botnet is dead? If so, great. And lets hope people are working to repeat the excercise and block the domain names used for control of any other botnets that talk to specific servers by name for instructions.
Take Stargate Universe for example, TEN aired a few episodes and then took it off just as it was getting good. My guess is that pretty much anyone who is likely to care about the show has already downloaded the remaining episodes (those that have aired to date) and will not care to watch it on TEN.
Had TEN continued to air the show (even in a late night 10:30 or even 11:30 timeslot), most people would have continued to watch it (including the ads) and would not have bothered pirating it.
The problem with your idea is that there are a LOT of people out there (many of whom believe in some kind of non-existent god) who think its their god-given right to dictate what other people can and cannot do.
The problem with chip-and-pin is that the implementation is broken because it relies on the security of the card reader. My method does not rely on the security of the card reader and is not vulnerable to hacked card readers (wasnt there a recent story on here about chip-and-pin being broken?)
Designed right, its possible to even protect the account number so that only the smart card and the bank can see it (and since you never present enough of the mag strip to the mag strip reader, it cant read data from there)
One solution to these problems is to require either an RSA SecurID type rolling number which is added to the packet by the smart card chip. That way, each packet is only valid long enough to send it to the bank and get a response and replay attacks (or stored packets) are as good as useless.
Equip all cards with a simple chip. This chip contains an encryption algorithim (something strong enough to not be easily cracked by running brute force on data packets). It would also contain a secret key unique to your account. And it should not give the key itself out.
Then the reader sends a formatted packet containing the PIN (if entered), the options (credit vs debit etc) and the amount of the purchase. The card encrypts this data and hands the reader a data packet saying "this is a chip-and-pin transaction" and containing the encrypted data. The reader sends this through the bank networks to the issuing bank.
The issuing bank has another copy of the secret key which it uses to decrypt the data packet and validate that the transaction is possible (i.e. enough money there etc) and returns a "yes, proceed" result to the card reader. The bank would ONLY record the transaction as a chip-and-pin if it was sent through this process (thus preventing dodgy or compromised swipe-only terminals reading the mag stripe and running up the transaction like a mag stripe transaction but telling the bank its chip-and-pin)
Yep, the problem is that even today Android devices are being released with 1.6 (or worse 1.5). Google should have had greater platform control and insisted that any released device must be running the latest android build.
Half the time though, the problem is that devices come out running 1.x because vendors like HTC and Motorola have overlays like Blur and Sense that they havent yet gotten ported to 2.x. So they have no choice but to release phones on 1.x just to get the phone out the door.
Even if it doesn't stop every threat, its still a good simple cheap idea that requires no extra hardware, software or electronics and nothing you would need to carry around with you.
And like any security, if an attack appears that can acquire enough information to steal money, it can be modified or replaced with something better. Just like DES was used for security in the past and was broken so newer stronger crypto was invented.
A good solution to phishing is PassWindow (no I have no connection to their product, I just think its a damn good idea). See www.passwindow.com for details of the system.
Basically your card (ATM card, credit card, bank card or whatever) has a translucent window on it (translucent to make it hard to photocopy). This window contains segments like those on a 7 segment LED display. These segments are in a pre-defined pattern.
When you log in, the bank generates another set of 7-segment patterns. When you hold your card over the pattern, the segments on the card and the segments on the screen match up to generate 1 or more numbers that you then key into the login form.
Each time you login, the set of segments generated by the bank will be different (resulting in different numbers)
This system has the following advantages: 1.Unlike calculators and key-fobs and similar, it requires no batteries to operate. Plus, it is something you would carry with you anyway. 2.Unlike card/pin pads, special certificates and dongles and other devices that plug into your computer, PassWindow cards will work with any device that is capable of rendering the PassWindow image (including cellphones, internet cafe/kiosk computers and work PCs where plugging things in is not allowed) 3.The PassWindow system is essentially totally resistant to social engineering (due to the fact that its not easy to describe in words the layout of the PassWindow markings) 4.Unlike on-screen-keyboards, "click the right picture" and other such systems, the PassWindow system is resistant to trojan horses, keyloggers and any other software or hardware that may be running when you access the bank as the number generated by the PassWindow is 1-time-use-only and will not be valid if the trojan/hacker attempts to log in with it (if the trojan/hacker simply stores it and returns a "bank not working" error instead of actually logging in with it, it wont be valid since it will have expired) 5.The PassWindow system is resistant to brute force due to the number of possible combinations of PassWindow patterns that could be on the card (and the fact that the random image returned by the bank each time you try and log in is different each time)
Now I am not saying its perfect but its better than any other solution I have seen to date. (and cheaper than anything requiring a seperate electronic device of some sort)
If anyone knows of any ways in which the PassWindow technology would be insecure (or more to the point, less secure than alternatives that are currently in use) please speak up.
If Google opens up VP8, the same thing that happened to Microsoft when they opened up Windows Media as VC-1 will happen.
When MS opened up Windows Media as VC-1 a bunch of companies claimed patents on it (including some that claim they have patents on MPEG4/H.264) and everyone had to join the patent pool and/or buy a license.
Slashdot Mirror
The BBC should tell Murdoch and others to go jump. Unless something has changed recently, the BBC is funded largely by the license holders and has no obligation to Murdoch/News or any other "news" organization.
Anyone who sells a ticket for more than its face value (with a suitable legal definition of "face value") would be hit in a big way. Any tickets they are in possession of would be forfeited back to the event organizer (who could go ahead and resell them)
If the penalty is serious enough (say jail or huge fines) scalpers wont bother.
Event organizers/ticket sellers could limit the number of tickets they will sell to any one person (so scalpers cant come in and buy 50-100 tickets or whatever)
I mean the current owner of the Atari name.
The #1 reason I HATE Atari right now is the crap they pulled when they took the new Ghostbusters game and sold the rights for Europe/Australia to Sony and the game became limited-time-PlayStation-exclusive. Its that reason I refuse to buy any product that says Atari on it. I also refuse to buy any games or gaming hardware that says Sony on it for this and other reasons.
Add Atari (if they still exist) to the list, they have done some scummy things too.
TI is charging so much for the things because they have a near monopoly.
Most schools have designed their lesson plans around the TI calculator and therefore require the purchase of TI calculators by their students.
When I was in high school, I was one of the first group to be allowed to use graphics calculators in the math classes, specifically the Casio CFX-9850G. Great calculator, still have one, used it all the way through University too (well in the one math unit where I was allowed/needed graphics calculators)
what will happen is that the smart kids will write the programs and the dumb kids will copy them from the smart kids (or from the Internet) and then just run them and copy the results (including the "working" displayed by the program), thus learning nothing.
When in the real world are you going to be doing anything beyond basic math in your head anyway?
Why not just recognize that and allow full calculator use on these exams?
As someone who has worked with Cisco routers running IOS, I can tell you that there are plenty of situations where a console cable (which plugs into a serial port) is essential.
Vermont Yankee is not a Heavy Water reactor, its a Boiling Water Reactor using Light Water.
Of course the real answer is to recognize that coal is dirty, ban the construction of any new coal power plants and start building replacements for the ones already operating.
If we arent using coal, there is no need to mine it. And then no-one will die in the mines.
Do TiVO continue to make it hard to copy the videos OFF the device or to replace the kernel and root software?
Are there still PVRs out there where you CAN copy the files off the device right out of the box or have all of them been forced to remove this functionality at the behest of the content providers?
Since the update is being performed by a Toyota dealer, any problems caused by the update will be fixed at no cost by the dealer.
If the dealer installs the update and in doing so bricks the cars computer units, the dealer is obligated to fix the bricked computer units for free (especially since the update is done as part of a recall)
Cable is crap and will always be crap due to the way that its shared bandwidth.
At least with my 1.5Mbps ADSL, I can actually GET 1.5Mbps even in peak time.
Given all the stories I see about how health insurance in the US sucks and how even if you have it you are highly unlikely to actually get much in the way of benefits back should you HAVE a serious illness or injury, why would having insurance be better than just putting the same amount of money in a high interest savings account and spending that money should you need it.
Or does having health insurance get you other benefits vs just saving the money and paying out of pocket?
Given the way these worms/trojans spread and the sort of PCs they are most likely to infect, even if you COULD compile a list of valid IP addresses its a good bet that those machines would be
A.No longer infected (because its been cleaned by the Windows Malicious Software Removal Tool or by anti-virus or by a re-image of the computer from a recovery partition/CD/DVD or a standard corporate disk image)
B.Firewalled off (corporate networks etc)
C.Running behind NAT (again corporate networks using NAT or home users with a router and a single world-routeable IP address from their ISP)
or D.Running on a different IP address (home broadband users with no computer know-how at all, a PC directly connected to the internet via a broadband modem in bridge mode, no firewall and a dynamic IP address assigned by their ISP are one of the biggest groups when it comes to bot infected PCs)
Presumably if Microsoft have done their homework, they have identified every possible machine that these bots could try to contact to receive new instructions (such as new SPAM messages to send) and had VeriSign disable every domain name so it cant be registered or used.
Does this mean the botnet is dead?
If so, great. And lets hope people are working to repeat the excercise and block the domain names used for control of any other botnets that talk to specific servers by name for instructions.
Take Stargate Universe for example, TEN aired a few episodes and then took it off just as it was getting good. My guess is that pretty much anyone who is likely to care about the show has already downloaded the remaining episodes (those that have aired to date) and will not care to watch it on TEN.
Had TEN continued to air the show (even in a late night 10:30 or even 11:30 timeslot), most people would have continued to watch it (including the ads) and would not have bothered pirating it.
The problem with your idea is that there are a LOT of people out there (many of whom believe in some kind of non-existent god) who think its their god-given right to dictate what other people can and cannot do.
The problem with chip-and-pin is that the implementation is broken because it relies on the security of the card reader. My method does not rely on the security of the card reader and is not vulnerable to hacked card readers (wasnt there a recent story on here about chip-and-pin being broken?)
Designed right, its possible to even protect the account number so that only the smart card and the bank can see it (and since you never present enough of the mag strip to the mag strip reader, it cant read data from there)
One solution to these problems is to require either an RSA SecurID type rolling number which is added to the packet by the smart card chip. That way, each packet is only valid long enough to send it to the bank and get a response and replay attacks (or stored packets) are as good as useless.
Equip all cards with a simple chip. This chip contains an encryption algorithim (something strong enough to not be easily cracked by running brute force on data packets). It would also contain a secret key unique to your account. And it should not give the key itself out.
Then the reader sends a formatted packet containing the PIN (if entered), the options (credit vs debit etc) and the amount of the purchase. The card encrypts this data and hands the reader a data packet saying "this is a chip-and-pin transaction" and containing the encrypted data. The reader sends this through the bank networks to the issuing bank.
The issuing bank has another copy of the secret key which it uses to decrypt the data packet and validate that the transaction is possible (i.e. enough money there etc) and returns a "yes, proceed" result to the card reader. The bank would ONLY record the transaction as a chip-and-pin if it was sent through this process (thus preventing dodgy or compromised swipe-only terminals reading the mag stripe and running up the transaction like a mag stripe transaction but telling the bank its chip-and-pin)
Yep, the problem is that even today Android devices are being released with 1.6 (or worse 1.5).
Google should have had greater platform control and insisted that any released device must be running the latest android build.
Half the time though, the problem is that devices come out running 1.x because vendors like HTC and Motorola have overlays like Blur and Sense that they havent yet gotten ported to 2.x. So they have no choice but to release phones on 1.x just to get the phone out the door.
Even if it doesn't stop every threat, its still a good simple cheap idea that requires no extra hardware, software or electronics and nothing you would need to carry around with you.
And like any security, if an attack appears that can acquire enough information to steal money, it can be modified or replaced with something better. Just like DES was used for security in the past and was broken so newer stronger crypto was invented.
A good solution to phishing is PassWindow (no I have no connection to their product, I just think its a damn good idea). See www.passwindow.com for details of the system.
Basically your card (ATM card, credit card, bank card or whatever) has a translucent window on it (translucent to make it hard to photocopy). This window contains segments like those on a 7 segment LED display. These segments are in a pre-defined pattern.
When you log in, the bank generates another set of 7-segment patterns. When you hold your card over the pattern, the segments on the card and the segments on the screen match up to generate 1 or more numbers that you then key into the login form.
Each time you login, the set of segments generated by the bank will be different (resulting in different numbers)
This system has the following advantages:
1.Unlike calculators and key-fobs and similar, it requires no batteries to operate. Plus, it is something you would carry with you anyway.
2.Unlike card/pin pads, special certificates and dongles and other devices that plug into your computer, PassWindow cards will work with any device that is capable of rendering the PassWindow image (including cellphones, internet cafe/kiosk computers and work PCs where plugging things in is not allowed)
3.The PassWindow system is essentially totally resistant to social engineering (due to the fact that its not easy to describe in words the layout of the PassWindow markings)
4.Unlike on-screen-keyboards, "click the right picture" and other such systems, the PassWindow system is resistant to trojan horses, keyloggers and any other software or hardware that may be running when you access the bank as the number generated by the PassWindow is 1-time-use-only and will not be valid if the trojan/hacker attempts to log in with it (if the trojan/hacker simply stores it and returns a "bank not working" error instead of actually logging in with it, it wont be valid since it will have expired)
5.The PassWindow system is resistant to brute force due to the number of possible combinations of PassWindow patterns that could be on the card (and the fact that the random image returned by the bank each time you try and log in is different each time)
Now I am not saying its perfect but its better than any other solution I have seen to date. (and cheaper than anything requiring a seperate electronic device of some sort)
If anyone knows of any ways in which the PassWindow technology would be insecure (or more to the point, less secure than alternatives that are currently in use) please speak up.
If Google opens up VP8, the same thing that happened to Microsoft when they opened up Windows Media as VC-1 will happen.
When MS opened up Windows Media as VC-1 a bunch of companies claimed patents on it (including some that claim they have patents on MPEG4/H.264) and everyone had to join the patent pool and/or buy a license.