...and how about private keys? Especially in the console world, that would come in quite handy so paying for quantum computer time via crowdfunding to discover Sony's, Nintendo's, etc. private signing keys could become a thing.
The encryption only gets easier to break, not trivial. We would only have to double the number of bits.
They deliberately advertise the two things together to give people the impression the autopilot is like that. On top of that the full self-driving capabilities is a border line scam as the hardware can not do that, and they software wouldn't be ready before the car is scrap worthy anyway.
So yes, they are not doing provable fraud, but you have to be a fool to not see how they deliberately trying to give customer an impression that better than what they actually deliver. This is typical for many companies and is called advertisement, but in this case that advertisement kills their customers.
They owe everything to their overexposure in the media and how the media has carried the story about how the autopilot was autonomous driving (when it was not). Now they they have to deal with the fallback of overexposure and overselling their products, even if some would argue they only did it by winks and nodges.
Chromium is hard to compile because it is now a compiler monoculture. Gcc 4.9 has all the features it needs, but because Google now only use a single version of a single compiler, other compilers will be lacking the same bugs as that clang version.
It is particularly incorrect use of constexpr and noexcept clang has trouble with and thus plagues the Chromium code everywhere as their developers are just scattering it around without understanding it.
Apple Mail is fine, and I'm sure others are too, if you turn off "Load remote content". I did that a while ago because it's one of the ways FB and Google both track you.
True, but it really should be default off, and be warned against turning on.
I'm no security expert, but allowing HTML mail to arbitrarily download embedded graphics in a mail client is just dumb. From my reading of the articles, doing that doesn't disable the problem, but keeps the information from escaping back to the malicious parties. This is a mail client problem triggering PGP to decrypt, then allowing the information to escape through embedded graphics, not a fundamental problem in PGP itself. Turning off HTML mail support at the client and just taking the text representation of the message looks like it completely defeats the hack. Tell me if I'm wrong.
As a KMail user I have the default to never download HTML content. You would be surprised how many emails rely on it, though mostly newsletter that can usually be ignored, but sometimes website-integration messages are equally crappy. In Kmail it fortunately an option to override the external content for a single email at a time, so this bug would only affect you if you did a warned against security override on an encrypted email, in which case you are asking for it, and you can't really leak more than what the original idiot send as partially encrypted content.
Isn't this supposed to be a peer reviewed protocol that was guaranteed to be secure? How long has this program existed? Holy shit.
The problem is in how email program plugins handle the mail after it's been decrypted, not in the underlying PGP/SMIME code.
And only for HTML emails, and only in Thunderbird, Apple Mail, Postbox and Airmail. So if you are using a better email client especially a non-Mac one you are fine.
PGP is broken now? It's only had fairly infrequent and minor issues over time. If this is broken now, then it's the final sign that anyone who thinks computers can be secured is wrong. If you want something secure, write it down in a notebook. It'll be about 100x more secure than putting it on a computer simply by not being networked. Even if someone steals and reads your notebook it's better than someone having it on their phone (or PGP, now I guess) for the ENTIRE WORLD to come along and steal. Computers are great for games, everything else is debatable.
PGP is not broken. The way a few bad email clients are using it is broken. If you are not using Thunderbird you are safe with PGP. While S/MIME is comprised in every email client except modern Outlook, KMail, and mutt.
Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email.
In other news, lock picks can be used to open up your model of door lock. We advise you to remove all door locks from your door until a lock pick proof lock can be engineered and installed.
Yeah, I can't help but think however said that had an agenda. It does appear Thunderbird is fully compromised, while most other email clients including outlook are only compromised for S/MIME, and even for that it is for Outlook only 2007 and earlier.
TFA seems to indicate they believe this to be an unexpected and curious flaw in the software, but the fact that this works as well as it does, from up to 25 feet away, is inaudible to humans, and nearly all these PA devices can hear and respond to these types of ostensibly surreptitious commands.. well, maybe I'm paranoid, but maybe they just stumbled onto another NSA backdoor. Or even a Google/Apple/Amazon backdoor. I find this creepy and suspicious as hell.
No just a result of masquerading corporate spydevices as smart home devices with AI. They are not smart and they are not working for you.
They should use AI technology to determine if the user wants the audio to start automatically or not. Can't AI do that?
No, only poorly. And don't give them any ideas.
Google has already added technology to track the collective user-interaction with a site, to authorize some feature automatically if it thinks you are interacting enough with the site. Once that goes out of experimental, everything will become non-deterministic, and full of security holes.
Pretending to be a service for unsubscibing, while actually being a data-mining company...
You do realize that false advertising has always been illegal in the EU? Perhaps the real problem is that the fines for false advertising is too low, and the GDPR fines are large enough that companies care about them.
Plus data-mining has also been illegal for some 30 years. GDPR is just a minor update of existing rules to enable better enforcement.
The autonomous programming detects items around the vehicle and operators fine-tune its sensitivity to make sure it only reacts to true threats (solid objects instead of bags, for example).
Then it's an easy fix. Just move the "sensitivity" slider a little to the left.
Actually, it's kind of terrifying that all that stands between life and death is a sensitivity setting.
It is not the setting that is the problem. The problem is socalled AIs with less intelligence than a cockroach being put behind the wheel of cars.
The law has been in effect for a little over 30 years now, and not caused any troubles. The GDPR is only an update of the enforcement. It is the very same set of laws that forced Facebook to not merge data it bought from WhatsApp, and forced Google to not merge Youtube and Google Plus accounts.
Well, the idea many people have of what a self-driving car is, will have to take a fall, but self-driving cars are coming, they will just not be self-driving all the time, but instead either need constant supervision (bad), or only be self-driving on registered road (most likely highways) where the road is up to spec for the computer to navigate it faster and safer than humans.
It is not like anyone knowning anything about AI could have told them it isn't ready for general roads, and only for special roads. It is not like allowing them on special roads first is exactly the plan in Europe where government listens to experts.
I don't see a huge problem with it either, but the few women I know in Open Sources hates it, as they appreciate being treated as equals, and don't how some parts are now trying to treat them special.
This is simply not true. Speculative execution has real benefits on real code. Disabling it makes processors drastically slower, not just in benchmarks.
Luckily it looks like we can get to keep most of the benefits without the security flaws.
Yeah, and fetching things from memory during speculative execution has replaced prefetching, and removing that would get is back to needing instrumented prefetching, so they need to be smarter in undoing an invalid fetch.
Why not summon the head of Facebook's UK operations first? I don't understand their obsession. Did they ask the UK based employees already and not get a satisfactory answer, or something that can only be answered by the CEO?
Because they want a charade of an interrogation instead of actually doing anything.
If they really wanted to do something, they would be doing it, and not setting up a show.
Slashdot Mirror
...and how about private keys? Especially in the console world, that would come in quite handy so paying for quantum computer time via crowdfunding to discover Sony's, Nintendo's, etc. private signing keys could become a thing.
The encryption only gets easier to break, not trivial. We would only have to double the number of bits.
Why are alert even triggered for missing kids???
Alarms are for things that pose a general risk to the public, not for manhunts.
In my home country of Denmark you can't go 870 miles in any direction from any point in the country without ending up in another country altogether.
Or the ocean.
I suspect this is true for a lot of the smaller European countries, though I can't be bothered to pull up a bunch of maps to check for certain.
And still the Danish equivalent alert system can be alerted for a single city at a time.
They deliberately advertise the two things together to give people the impression the autopilot is like that. On top of that the full self-driving capabilities is a border line scam as the hardware can not do that, and they software wouldn't be ready before the car is scrap worthy anyway.
So yes, they are not doing provable fraud, but you have to be a fool to not see how they deliberately trying to give customer an impression that better than what they actually deliver. This is typical for many companies and is called advertisement, but in this case that advertisement kills their customers.
Exactly. Live by the sword, die by the sword.
They owe everything to their overexposure in the media and how the media has carried the story about how the autopilot was autonomous driving (when it was not). Now they they have to deal with the fallback of overexposure and overselling their products, even if some would argue they only did it by winks and nodges.
Tesla has not been calling AP "self-driving"
Yes they have. Have you checked their webpage on it, it is literally what it says RIGHT NOW.
Chromium is hard to compile because it is now a compiler monoculture. Gcc 4.9 has all the features it needs, but because Google now only use a single version of a single compiler, other compilers will be lacking the same bugs as that clang version.
It is particularly incorrect use of constexpr and noexcept clang has trouble with and thus plagues the Chromium code everywhere as their developers are just scattering it around without understanding it.
Apple Mail is fine, and I'm sure others are too, if you turn off "Load remote content". I did that a while ago because it's one of the ways FB and Google both track you.
True, but it really should be default off, and be warned against turning on.
I'm no security expert, but allowing HTML mail to arbitrarily download embedded graphics in a mail client is just dumb. From my reading of the articles, doing that doesn't disable the problem, but keeps the information from escaping back to the malicious parties. This is a mail client problem triggering PGP to decrypt, then allowing the information to escape through embedded graphics, not a fundamental problem in PGP itself. Turning off HTML mail support at the client and just taking the text representation of the message looks like it completely defeats the hack. Tell me if I'm wrong.
As a KMail user I have the default to never download HTML content. You would be surprised how many emails rely on it, though mostly newsletter that can usually be ignored, but sometimes website-integration messages are equally crappy. In Kmail it fortunately an option to override the external content for a single email at a time, so this bug would only affect you if you did a warned against security override on an encrypted email, in which case you are asking for it, and you can't really leak more than what the original idiot send as partially encrypted content.
Isn't this supposed to be a peer reviewed protocol that was guaranteed to be secure? How long has this program existed? Holy shit.
The problem is in how email program plugins handle the mail after it's been decrypted, not in the underlying PGP/SMIME code.
And only for HTML emails, and only in Thunderbird, Apple Mail, Postbox and Airmail. So if you are using a better email client especially a non-Mac one you are fine.
PGP is broken now? It's only had fairly infrequent and minor issues over time. If this is broken now, then it's the final sign that anyone who thinks computers can be secured is wrong. If you want something secure, write it down in a notebook. It'll be about 100x more secure than putting it on a computer simply by not being networked. Even if someone steals and reads your notebook it's better than someone having it on their phone (or PGP, now I guess) for the ENTIRE WORLD to come along and steal. Computers are great for games, everything else is debatable.
PGP is not broken. The way a few bad email clients are using it is broken. If you are not using Thunderbird you are safe with PGP. While S/MIME is comprised in every email client except modern Outlook, KMail, and mutt.
In other news, lock picks can be used to open up your model of door lock. We advise you to remove all door locks from your door until a lock pick proof lock can be engineered and installed.
Yeah, I can't help but think however said that had an agenda. It does appear Thunderbird is fully compromised, while most other email clients including outlook are only compromised for S/MIME, and even for that it is for Outlook only 2007 and earlier.
TFA seems to indicate they believe this to be an unexpected and curious flaw in the software, but the fact that this works as well as it does, from up to 25 feet away, is inaudible to humans, and nearly all these PA devices can hear and respond to these types of ostensibly surreptitious commands.. well, maybe I'm paranoid, but maybe they just stumbled onto another NSA backdoor. Or even a Google/Apple/Amazon backdoor.
I find this creepy and suspicious as hell.
No just a result of masquerading corporate spydevices as smart home devices with AI. They are not smart and they are not working for you.
They should use AI technology to determine if the user wants the audio to start automatically or not. Can't AI do that?
No, only poorly. And don't give them any ideas.
Google has already added technology to track the collective user-interaction with a site, to authorize some feature automatically if it thinks you are interacting enough with the site. Once that goes out of experimental, everything will become non-deterministic, and full of security holes.
Imagine those config files are shared with non-windows computers.
No, MacOS is ancient, macOS is new..ish.
Yeah..
Pretending to be a service for unsubscibing, while actually being a data-mining company...
You do realize that false advertising has always been illegal in the EU? Perhaps the real problem is that the fines for false advertising is too low, and the GDPR fines are large enough that companies care about them.
Plus data-mining has also been illegal for some 30 years. GDPR is just a minor update of existing rules to enable better enforcement.
Then it's an easy fix. Just move the "sensitivity" slider a little to the left.
Actually, it's kind of terrifying that all that stands between life and death is a sensitivity setting.
It is not the setting that is the problem. The problem is socalled AIs with less intelligence than a cockroach being put behind the wheel of cars.
The law has been in effect for a little over 30 years now, and not caused any troubles. The GDPR is only an update of the enforcement. It is the very same set of laws that forced Facebook to not merge data it bought from WhatsApp, and forced Google to not merge Youtube and Google Plus accounts.
Well, the idea many people have of what a self-driving car is, will have to take a fall, but self-driving cars are coming, they will just not be self-driving all the time, but instead either need constant supervision (bad), or only be self-driving on registered road (most likely highways) where the road is up to spec for the computer to navigate it faster and safer than humans.
In Europe, they define experts as those who are paid by government leaders to say the things the leaders like to hear.
Possibly, but fortunately we then have whole lot of governments with different idea, leading to a lot of different experts in debating field.
It is not like anyone knowning anything about AI could have told them it isn't ready for general roads, and only for special roads. It is not like allowing them on special roads first is exactly the plan in Europe where government listens to experts.
I don't see a huge problem with it either, but the few women I know in Open Sources hates it, as they appreciate being treated as equals, and don't how some parts are now trying to treat them special.
This is simply not true. Speculative execution has real benefits on real code. Disabling it makes processors drastically slower, not just in benchmarks.
Luckily it looks like we can get to keep most of the benefits without the security flaws.
Yeah, and fetching things from memory during speculative execution has replaced prefetching, and removing that would get is back to needing instrumented prefetching, so they need to be smarter in undoing an invalid fetch.
Why not summon the head of Facebook's UK operations first? I don't understand their obsession. Did they ask the UK based employees already and not get a satisfactory answer, or something that can only be answered by the CEO?
Because they want a charade of an interrogation instead of actually doing anything.
If they really wanted to do something, they would be doing it, and not setting up a show.