Plenty of precedent for an event serious enough to cause a depressurization to also cause failure in aircraft systems (which could include transponders)
Or does it cost $100k PLUS the cost of labor and maintanence to install the device PLUS the huge cost of taking the plane out of service for x amount of time while the device is being installed (even if its installed at the same time as other maintanence is done, its still a non-zero cost)
Great except that I doubt you would be able to find any mainstream (read: affordable to normal people) car that isn't sold by at least one dealer who is anti-Tesla. (whether in New Jersey or Texas or Ohio or elsewhere)
The bank I used to be with before I recently switched upgraded their security a few months ago. Prior to the upgrade, they actually limited passwords to 10 characters maximum. Thankfully, both this bank after the security upgrade and my current bank don't have any such maximums and I can use a longer password. (and no, the security stuff wasn't why I switched, I switched because I moved to a new area where my old bank didn't have any branches)
Any web site that limits the maximum amount of characters in this way is stupid, as is any web site that makes passwords case-insensitive or doesn't allow numbers or symbols)
Here in Australia I pay $19.99 per month and get $300 worth of cap value to use on everything except international calls, premium rate calls/SMS and international roaming. (3 services I never use)
I also get 1000 minutes per month free calls to other people on the same MVNO plus 1GB of included data.
I pay 40c per 30sec and 35c flagfall for normal voice calls, 25.3c for SMS, 50c for international SMS, 50c for national MMS, 75c for international MMS, 0.2c for 10kb data (above the 1GB included in my plan). $1.02 per minute plus 35c flagfall to 13/1300 numbers and 62c per minute plus 35c flagfall to 1800 numbers.
I have never once in my reasonably heavy use of my phone (lots of mobile data, lots of calls etc) hit my $300 cap.
Oh and I am not locked into a contract, nor does my provider care what phone I use or whether I use it for tethering. And they claim 98.5% population coverage with their network so I dont have to worry about coverage.
Oh and as long as I continue to use the same company for ADSL service, I can get $5 off (making it $15.99 per month)
The problem with a liability waiver is that you can end up with a situation where a students parents have signed the liability waiver, student accesses something "bad", parents decide to sue despite the waiver and the legal system decides in favor of the parents.
+1 to this, I have no problems whatsoever with Windows 7 and use it every day as my primary OS. But I wouldn't use Windows 8 even if someone paid me to use it.
The restrictions should stay in place and in fact should be tightened. The US is a net importer of both crude oil and derivative products like gasoline, diesel, jet fuel, lubricant oils etc and should be doing everything it can to supply as much of that demand from domestic supply as possible to reduce the dependance on foreign oil.
But what about all the stuff they dont put on the streaming sites.
Plenty of sporting events aired on OTA TV but which you cant legally stream over the internet (or cant legally stream live or cant legally stream unless you have a specific ISP or provider).
Or for that matter try finding a stream of something like the local news and weather forecast from he local network. Or even the national news programming (including things like the Today Show on NBC).
Aereo will (if you are in their service area) give you all that programming.
Thats the whole reason the networks are fighting Aereo so much, everyone who uses Aereo to get OTA TV is (as far as they are concerned) one less person paying Comcast or Time Warner or whoever else for that same TV. And therefore its one less person paying x amount per month (via their cable provider) to the networks. (i.e. Aereo = lost revenue)
By far the best security measures I have seen for banks are: 1.Devices that look like the machines you see at retailers that you use to pay with credit/debit/bank cards (but connect via USB or bluetooth to a PC or phone) and that take your card and PIN and securely encrypt it all before sending it to the bank, meaning even a compromised local PC/phone wont give an attacker any ability to steal money and 2.A device that looks like a calculator where you input the account number and transaction amount for the transaction and it mixes that with a unique stored-only-in-the-device key and then gives you a number you key into the transaction form alongside the transaction details. If the special number doesn't match what the bank calculates at its end, the transaction is denied. Again, basically completly resistant to attacks via a compromised local PC/phone (as the secret value never leaves the device)
All on Windows as I currently dont have a Linux box. Miranda IM (open-source multi protocol IM client that does IRC, ICQ, AIM,. Yahoo and MSN) WinAmp (music player with a nice clean simple interface that plays my entire music collection) SeaMonkey (open-source all-in-one browser/email solution sharing a lot of code with Firefox and Thunderbird) CDEx (open source program for ripping music CDs on the rare occasion I want to do that for some reason) Filezilla (open source FTP client with every feature you could possibly need in an FTP client) Universal Extractor (great tool for unpacking installers and other things that Winrar and 7-zip cant handle) Process Monitor (great for finding out e.g. just where some program I am running is looking for a particular file or registry key or just which files its reading or all sorts of other useful stuff) Wireshark (open source, great for monitoring network traffic to e.g. figure out unknown protocols or to identify what URLs a particular program is downloading) XVI (great hex editor and fairly light weight) TortoiseGit (open source shell extention for GIT repositories) TortoiseSVN (open source shell extention for SVN repositories) ZtreeWin (modern windows-console-based clone of the old XTree file manager, perfect for searching a bunch of files for a particular keyword then searching inside the file with the built-in text viewer. Or any number of other things that would require more steps/effort if done with other tools)
Apple Maps is still better than the out-of-date-before-it-even-launches navigation systems in most cars these days. The ones where you might (if you are lucky) be able to get a set of 2-year-old maps as an "update" to your system if you can find a dealer willing to sell it to you and you are willing to pay the big price.
What I meant was more along the lines of preventing someone like, say, an IT shop at a big company from being able to install a "trusted client certificate" from one of those SSL proxy server things (websense etc) and MITM SSL that way.
(cue IT guys saying "but we have to do that because xyz stupid law requires we monitor everything going in and out and if we cant monitor SSL traffic, we would have to block it and break half the internet")
We need to replace both SSL/TLS AND the broken CA cert model with a new security system specifically designed so its NOT possible to build such a "trusted proxy" or otherwise MITM the connection even if you control the client (i.e. all those corporate solutions that require a special root certificate on the client and then use that to proxy SSL in a way that users generally wont notice unless they start looking at the certificate details)
If the video core in the BCM21553 is so close to the one in the BCM2835 (Raspberry PI CPU) that its possible to port from one to the other, why cant they release the source for the BCM2835 bits so no port is necessary?
Or is it too hard to disconnect all the video codec stuff (MPEG etc) that they cant legally release from the OpenGL stuff in the PI firmware?
At least Terrafugia has shown their vehicle in both full driving mode and full flight mode (i.e. not the limited tethered tests that are all that Moller ever showed)
They have even managed to convince both the FAA (who regulate planes) and NHTSB (who regulate cars) to come to the party and agree on waivers for certain requirements where both agencies differ in the requirements.
So all the "hard stuff" seems to me to have been solved and its just a matter of getting the production right.
Introduce a "use it or loose it" rule for spectrum allocations. Stop carriers from buying spectrum to sit on it or sell it around and around with no-one actually using it.
What I want to know is why German gamers and other younger people (who are presumably sick and tired of getting censored versions of games and other media with e.g. robots replacing humans or e.g. suicide bombers who "run away" instead of blowing themselves up) aren't rising up and using some sort of political influence/lobbying/petitioning/etc to get the censorship crap removed...
It worked in Australia and got the government to change the laws on video game censorship and classification with the addition of an R rating (although it still doesn't go far enough IMO with all the stupid stuff that remains banned like things that depict certain kinds of drug use) so whats different about Germany?
The #1 cause of the industries woes right now is that the industry as a whole is unwilling to give up the "TV" model of linear channels in favor of a model where people can watch what they want when they want and don't have to pay big dollars for content they dont want just to get the content they do.
They are fighting tooth and nail to hold onto a dying distribution method when they should be embracing the internet and finding ways to sell their content to as many people as possible.
I bet a big chunk of people who pirate only pirate because there is no legal way to obtain the content they want to watch at the time they want to watch it.
ALL wholesale surveillance programs (including Echelon, cellphone monitoring, SMS monitoring, email monitoring and anything else) should be ended. Only people and organizations who are considered threats should be able to be spied on and only after showing an independent judge why that person or organization is a threat.
ALL attempts to gain access to computers or networks belonging to people who aren't threats (e.g. access to Google systems) should cease and any data required should only be available after going to the judge mentioned in #1
ALL attempts to insert backdoors into software, weaken cryptography, keep vulnerabilities secret or otherwise weaken computer security should cease. And all previous efforts along those lines should be disclosed so people can switch away from systems that are globally vulnerable. This also includes any instances where the NSA has asked for/obtained encryption keys or other global things that would let them target more than just the one individual of interest.
The only acceptable methods of intelligence gathering should be A.Going to an entity (cellphone provider, internet company, email provider or whatever) with a warrant and asking for data on specific targeted individuals or organizations or B.Using targeted attacks (again with a warrant) to target a specific individual or organization (e.g. all of the targeted programs Bruce has been talking about on his blog)
Attacks that involve compromising security more generally in order to get at the specific individual of interest should be prohibited (e.g. attacks that involve using fake SSL certificates)
This wouldn't rely on signature authorities. This would rely on a private key held only by the car maker in a highly secure place and the matching public half being in the car update logic.
Plenty of devices have exactly this (signed firmware updates where only the manufacturer has the private key) and I have not heard of any compromise involving the private key being leaked. Only instances I have heard of either involve breaking the software without breaking the encryption (if you limit the attack surface you can reduce that possibility plus these attacks have generally not been of the sort that could allow an unsigned over-the-air firmware to be properly installed) or a few case where the encryption was weak or wrong (e.g. Sony PlayStation 3 crack or those calculators that used RSA with small key lengths that were vulnerable to a distributed crack)
Slashdot Mirror
Plenty of precedent for an event serious enough to cause a depressurization to also cause failure in aircraft systems (which could include transponders)
Or does it cost $100k PLUS the cost of labor and maintanence to install the device PLUS the huge cost of taking the plane out of service for x amount of time while the device is being installed (even if its installed at the same time as other maintanence is done, its still a non-zero cost)
Great except that I doubt you would be able to find any mainstream (read: affordable to normal people) car that isn't sold by at least one dealer who is anti-Tesla. (whether in New Jersey or Texas or Ohio or elsewhere)
The bank I used to be with before I recently switched upgraded their security a few months ago. Prior to the upgrade, they actually limited passwords to 10 characters maximum. Thankfully, both this bank after the security upgrade and my current bank don't have any such maximums and I can use a longer password. (and no, the security stuff wasn't why I switched, I switched because I moved to a new area where my old bank didn't have any branches)
Any web site that limits the maximum amount of characters in this way is stupid, as is any web site that makes passwords case-insensitive or doesn't allow numbers or symbols)
Here in Australia I pay $19.99 per month and get $300 worth of cap value to use on everything except international calls, premium rate calls/SMS and international roaming. (3 services I never use)
I also get 1000 minutes per month free calls to other people on the same MVNO plus 1GB of included data.
I pay 40c per 30sec and 35c flagfall for normal voice calls, 25.3c for SMS, 50c for international SMS, 50c for national MMS, 75c for international MMS, 0.2c for 10kb data (above the 1GB included in my plan). $1.02 per minute plus 35c flagfall to 13/1300 numbers and 62c per minute plus 35c flagfall to 1800 numbers.
I have never once in my reasonably heavy use of my phone (lots of mobile data, lots of calls etc) hit my $300 cap.
Oh and I am not locked into a contract, nor does my provider care what phone I use or whether I use it for tethering. And they claim 98.5% population coverage with their network so I dont have to worry about coverage.
Oh and as long as I continue to use the same company for ADSL service, I can get $5 off (making it $15.99 per month)
All figures are in Australian Dollars.
The problem with a liability waiver is that you can end up with a situation where a students parents have signed the liability waiver, student accesses something "bad", parents decide to sue despite the waiver and the legal system decides in favor of the parents.
+1 to this, I have no problems whatsoever with Windows 7 and use it every day as my primary OS. But I wouldn't use Windows 8 even if someone paid me to use it.
The restrictions should stay in place and in fact should be tightened. The US is a net importer of both crude oil and derivative products like gasoline, diesel, jet fuel, lubricant oils etc and should be doing everything it can to supply as much of that demand from domestic supply as possible to reduce the dependance on foreign oil.
But what about all the stuff they dont put on the streaming sites.
Plenty of sporting events aired on OTA TV but which you cant legally stream over the internet (or cant legally stream live or cant legally stream unless you have a specific ISP or provider).
Or for that matter try finding a stream of something like the local news and weather forecast from he local network.
Or even the national news programming (including things like the Today Show on NBC).
Aereo will (if you are in their service area) give you all that programming.
Thats the whole reason the networks are fighting Aereo so much, everyone who uses Aereo to get OTA TV is (as far as they are concerned) one less person paying Comcast or Time Warner or whoever else for that same TV. And therefore its one less person paying x amount per month (via their cable provider) to the networks. (i.e. Aereo = lost revenue)
By far the best security measures I have seen for banks are:
1.Devices that look like the machines you see at retailers that you use to pay with credit/debit/bank cards (but connect via USB or bluetooth to a PC or phone) and that take your card and PIN and securely encrypt it all before sending it to the bank, meaning even a compromised local PC/phone wont give an attacker any ability to steal money
and 2.A device that looks like a calculator where you input the account number and transaction amount for the transaction and it mixes that with a unique stored-only-in-the-device key and then gives you a number you key into the transaction form alongside the transaction details. If the special number doesn't match what the bank calculates at its end, the transaction is denied. Again, basically completly resistant to attacks via a compromised local PC/phone (as the secret value never leaves the device)
Unless you personally witnessed the beans being ground, its not proper coffee :)
All on Windows as I currently dont have a Linux box.
Miranda IM (open-source multi protocol IM client that does IRC, ICQ, AIM,. Yahoo and MSN)
WinAmp (music player with a nice clean simple interface that plays my entire music collection)
SeaMonkey (open-source all-in-one browser/email solution sharing a lot of code with Firefox and Thunderbird)
CDEx (open source program for ripping music CDs on the rare occasion I want to do that for some reason)
Filezilla (open source FTP client with every feature you could possibly need in an FTP client)
Universal Extractor (great tool for unpacking installers and other things that Winrar and 7-zip cant handle)
Process Monitor (great for finding out e.g. just where some program I am running is looking for a particular file or registry key or just which files its reading or all sorts of other useful stuff)
Wireshark (open source, great for monitoring network traffic to e.g. figure out unknown protocols or to identify what URLs a particular program is downloading)
XVI (great hex editor and fairly light weight)
TortoiseGit (open source shell extention for GIT repositories)
TortoiseSVN (open source shell extention for SVN repositories)
ZtreeWin (modern windows-console-based clone of the old XTree file manager, perfect for searching a bunch of files for a particular keyword then searching inside the file with the built-in text viewer. Or any number of other things that would require more steps/effort if done with other tools)
Yeah Google Navigation as an in-car GPS would be awesome.
Apple Maps is still better than the out-of-date-before-it-even-launches navigation systems in most cars these days. The ones where you might (if you are lucky) be able to get a set of 2-year-old maps as an "update" to your system if you can find a dealer willing to sell it to you and you are willing to pay the big price.
What I meant was more along the lines of preventing someone like, say, an IT shop at a big company from being able to install a "trusted client certificate" from one of those SSL proxy server things (websense etc) and MITM SSL that way.
(cue IT guys saying "but we have to do that because xyz stupid law requires we monitor everything going in and out and if we cant monitor SSL traffic, we would have to block it and break half the internet")
We need to replace both SSL/TLS AND the broken CA cert model with a new security system specifically designed so its NOT possible to build such a "trusted proxy" or otherwise MITM the connection even if you control the client (i.e. all those corporate solutions that require a special root certificate on the client and then use that to proxy SSL in a way that users generally wont notice unless they start looking at the certificate details)
If the video core in the BCM21553 is so close to the one in the BCM2835 (Raspberry PI CPU) that its possible to port from one to the other, why cant they release the source for the BCM2835 bits so no port is necessary?
Or is it too hard to disconnect all the video codec stuff (MPEG etc) that they cant legally release from the OpenGL stuff in the PI firmware?
At least Terrafugia has shown their vehicle in both full driving mode and full flight mode (i.e. not the limited tethered tests that are all that Moller ever showed)
They have even managed to convince both the FAA (who regulate planes) and NHTSB (who regulate cars) to come to the party and agree on waivers for certain requirements where both agencies differ in the requirements.
So all the "hard stuff" seems to me to have been solved and its just a matter of getting the production right.
Introduce a "use it or loose it" rule for spectrum allocations. Stop carriers from buying spectrum to sit on it or sell it around and around with no-one actually using it.
I have a family member with a Ford Focus. This has reversing sensors that warn you if you are about to reverse into something.
Whatever tech those are using seems like it would be good to try out.
What I want to know is why German gamers and other younger people (who are presumably sick and tired of getting censored versions of games and other media with e.g. robots replacing humans or e.g. suicide bombers who "run away" instead of blowing themselves up) aren't rising up and using some sort of political influence/lobbying/petitioning/etc to get the censorship crap removed...
It worked in Australia and got the government to change the laws on video game censorship and classification with the addition of an R rating (although it still doesn't go far enough IMO with all the stupid stuff that remains banned like things that depict certain kinds of drug use) so whats different about Germany?
The #1 cause of the industries woes right now is that the industry as a whole is unwilling to give up the "TV" model of linear channels in favor of a model where people can watch what they want when they want and don't have to pay big dollars for content they dont want just to get the content they do.
They are fighting tooth and nail to hold onto a dying distribution method when they should be embracing the internet and finding ways to sell their content to as many people as possible.
I bet a big chunk of people who pirate only pirate because there is no legal way to obtain the content they want to watch at the time they want to watch it.
ALL wholesale surveillance programs (including Echelon, cellphone monitoring, SMS monitoring, email monitoring and anything else) should be ended. Only people and organizations who are considered threats should be able to be spied on and only after showing an independent judge why that person or organization is a threat.
ALL attempts to gain access to computers or networks belonging to people who aren't threats (e.g. access to Google systems) should cease and any data required should only be available after going to the judge mentioned in #1
ALL attempts to insert backdoors into software, weaken cryptography, keep vulnerabilities secret or otherwise weaken computer security should cease. And all previous efforts along those lines should be disclosed so people can switch away from systems that are globally vulnerable. This also includes any instances where the NSA has asked for/obtained encryption keys or other global things that would let them target more than just the one individual of interest.
The only acceptable methods of intelligence gathering should be A.Going to an entity (cellphone provider, internet company, email provider or whatever) with a warrant and asking for data on specific targeted individuals or organizations or B.Using targeted attacks (again with a warrant) to target a specific individual or organization (e.g. all of the targeted programs Bruce has been talking about on his blog)
Attacks that involve compromising security more generally in order to get at the specific individual of interest should be prohibited (e.g. attacks that involve using fake SSL certificates)
This wouldn't rely on signature authorities. This would rely on a private key held only by the car maker in a highly secure place and the matching public half being in the car update logic.
Plenty of devices have exactly this (signed firmware updates where only the manufacturer has the private key) and I have not heard of any compromise involving the private key being leaked. Only instances I have heard of either involve breaking the software without breaking the encryption (if you limit the attack surface you can reduce that possibility plus these attacks have generally not been of the sort that could allow an unsigned over-the-air firmware to be properly installed) or a few case where the encryption was weak or wrong (e.g. Sony PlayStation 3 crack or those calculators that used RSA with small key lengths that were vulnerable to a distributed crack)