If there's one thing Microsoft has comprehensively and irrefutably established over the last 35 years of their existence, it's that they haven't the faintest clue how to identify or eradicate viruses.
Well, not quite. You see, before decimalization, there were pence, shillings, and pounds. 12 pence made one shilling; 20 shillings made one pound (also referred to by the slang term "quid"). However, there was also another informal unit composed of 21 shillings, called a guinea.
How many people are using DirectX 9 vs 10 vs 11. Which rendering functions are used most often, and thus should be optimized. Are they running in an environment where power usage should be conserved or where there is effectively limitless power?
I can think of dozens of questions with legitimate engineering purpose which are not clear at the point of sale. Don't pretend there is no legitimate use for this data. [... ]
Pure sophistry. NVIDIA already has this information, either directly via relationships with game developers and publishers, or indirectly via Microsoft's crash reports. Demanding a cloud login provides them no technical information they didn't already have.
I wrote about this last week, when I installed the latest update, and found myself unable to access any of the additional features without creating a cloud-based login -- to access locally-hosted features. Apparently someone at NVIDIA with severe cranial intrusion injuries took a look at what Razer did with their Synapse 2.0 software, and thought it was so fabulous they had to do it, too.
The only vaguely useful feature GeForce Experience provided was ShadowPlay, NVIIDA's own screen capture video recorder. However, there are plenty of third-party offerings that accomplish the same thing. I could create a fake ephemeral email address or hack the registry to make it work, but frankly the features it provides do not merit the effort. I have since uninstalled GeForce Experience 3.0, leaving just the drivers.
Now that they've (unnecessarily and gratuitously) made the cloud login mandatory, I would also be interested to see some security researchers dig in to GFE3 to see how well NVIDIA is protecting people's login credentials...
Some years ago, I was privileged to engage in a discussion on headphone detection with some Apple engineers, who had clearly worked on the issue for some time, and I learned something surprising:
The 3.5mm headphone jack standard... isn't.
Even after you set aside the issue of cheap manufacturers releasing shoddy products, you're still left with the fact that there is no actual standard dictating dimensions, number of contacts, location of contacts, size of contacts, separation distance between contacts, etc. Different manufacturers can and do make them slightly differently. More crucially, there's also no validation authority to check that your products meet all the specs.
Let's just take the most obvious dimension: 3.5mm. For ages, those phone plugs were advertised not as 3.5mm, but as 1/8 inch (3.175mm). So if you wanted to make something compatible with a "1/8 inch" plug, you might get your dimensions wrong. Apply this principle to every other contact's position and size on the plug, and you can see where this is going.
Moreover, some phone plugs have five contacts (Apple's own, for example). The "meaning" of each contact is not standardized -- that ring in the middle may be microphone input, or the contact switch (answer/hangup) on the cable, depending on who made it and what it was intended to be plugged in to. Further, if the rings in your cheap knock-off aren't lined up with the socket contacts, then bumping the plug could cause the socket contacts to short across the rings, which would get interpreted as a button press, and your call gets dropped.
The result of all this mish-mash was the Apple engineers found designing a (cost-effective) headphone jack that worked reliably with all headphones and headsets one might encounter in the world was simply impossible. You couldn't position the contacts in such a way that they would never short across two rings (some idiot may have placed their rings very badly). You couldn't know ahead of time which contacts did what, and probing at insertion time was fraught with other perils, especially if your contacts created a short across two rings. Despite their extensive research and massive efforts, they still got tons of support calls about how someone's cheap-ass headset didn't work in what has long been assumed to be a standard phone jack.
So my theory is: They declared the problem insoluble, yanked the phone plug, and designed a new digital interface.
An adapter for "3.5mm" stereo headphones will almost certainly be made available. Yes, you still have the compatibility problem with other "3.5mm" devices, but now the problem is in a $30 adapter, and not a $750 phone. It will be interesting to see how liberally Apple licenses their connector so that third parties can also furnish adapters.
The TrendMicro article off-handedly mentions that this malware is installed manually, suggesting physical access to the victim machine is required. This isn't so ridiculous an idea if the victim's machine doesn't have their screensaver set to lock the console (by default, xscreensaver doesn't do this); and if the victim's 'sudo' timeout is sufficiently long (default: 15 minutes).
I haven't been keeping up with the details of the pie fight. Apart from the licensing issue (which, for your typical end-user, is not an issue at all), what features separate Apache OpenOffice from LibreOffice.org?
You can socially engineer a SIM redirect to a handset in your control. Once done, you get all the victim's SMS messages: https://www.wired.com/2016/06/...
From there, on-screen instructions will walk you through the process of using a text message to confirm your mobile device as a secondary layer of security [... ]
Fscking idiots. SMS is NOT SECURE! They had five years to work on the problem, and this is what they came up with?
Just so I understand your latest directive from Minitrue correctly: When one witnesses gross engineering incompetence, and then publicly describes said gross engineering incompetence as gross engineering incompetence brands one as an asshole.
The service, according to Comcast, allows you to download a 5GB HD movie in 40 seconds, [...marketing blather... ]
Uh-huh. I notice they're being conspicuously silent on upload speeds. "Gee, how nice I can download a movie in a couple minutes, but how long will I have to wait to upload the video of my daughter's ${WINTER_HOLIDAY} pageant?"
Redis is designed to be accessed by trusted clients inside trusted environments. This means that usually it is not a good idea to expose the Redis instance directly to the internet or, in general, to an environment where untrusted clients can directly access the Redis TCP port or UNIX socket. [ emphasis mine ]
There is an "authentication" feature, but it's amazingly primitive, and the credentials are sent in the clear -- in other words, next to useless. The rest of the page makes it fairly clear: If you are running a Redis server accepting connections from the open Internet, you are an idiot.
Just curious is anyone knows whether MS can claim copyright in their master key?
Probably not. Copyright protects creative expression. There is no creativity involved in the creation of a cryptographic key, so copyright would almost certainly not apply.
Shorter IOC: "No dissemination of audio, photos, video, or any other form of media recording Olympic(R) events, participants, or organizers is permitted without the express permission of the IOC, granted solely to organizations that have agreed to all of our non-negotiable terms, and paid us a usurious fee."
Seriously, I'm having trouble deciding whether this is old-fashioned out-of-control money-grubbing, or it's the IOC trying to keep a lid what is shaping up to be a gigantic figurative (and, in the case of the swimming events, literal) shit-show.
It can't. Obviously. But Microsoft will claim that it can, and set up a rigged demo to "prove" it works. *Poof!* A Bill appears in Congress mandating the technology be incorporated on all computing platforms.
That presupposes that the household also has a local network with other computing devices on it, which is not always the case.
It seems the "Smart" TV kids are beginning to learn what some of us have known for decades -- that a rubber-domed joypad is a terrible input device, barely good enough for games, much less controlling a complex computing device.
Regardless of how the regulatory arcana reads ("information service" vs. "telephone service"), the expectation of subscribers to Internet service is the same expectation they have for telephone service -- namely, that The Phone Company will operate as a Common Carrier and will not listen in on phone calls.
It would be interesting to know if Comcast makes any attempt to differentiate VoIP calls from other IP traffic and avoid snooping on it.
The point of signing the extensions is so that some compromised or malicious developer doesn't put malware into an extension's update stream; which can be (and has been) a huge problem, [... ]
Slashdot Mirror
"It looks like you're trying to cure cancer. Bing Search(TM) can direct you to the most relevant medical research most quickly..."
If there's one thing Microsoft has comprehensively and irrefutably established over the last 35 years of their existence, it's that they haven't the faintest clue how to identify or eradicate viruses.
Tom Lehrer explains all this very clearly.
Pure sophistry. NVIDIA already has this information, either directly via relationships with game developers and publishers, or indirectly via Microsoft's crash reports. Demanding a cloud login provides them no technical information they didn't already have.
The only vaguely useful feature GeForce Experience provided was ShadowPlay, NVIIDA's own screen capture video recorder. However, there are plenty of third-party offerings that accomplish the same thing. I could create a fake ephemeral email address or hack the registry to make it work, but frankly the features it provides do not merit the effort. I have since uninstalled GeForce Experience 3.0, leaving just the drivers.
Now that they've (unnecessarily and gratuitously) made the cloud login mandatory, I would also be interested to see some security researchers dig in to GFE3 to see how well NVIDIA is protecting people's login credentials...
Suit: "Explain the man-hour and spares costs to me."
Engineer: "Certainly." (*brains him with a fried 24-port managed switch*) "Would you like it explained again?"
The 3.5mm headphone jack standard... isn't.
Even after you set aside the issue of cheap manufacturers releasing shoddy products, you're still left with the fact that there is no actual standard dictating dimensions, number of contacts, location of contacts, size of contacts, separation distance between contacts, etc. Different manufacturers can and do make them slightly differently. More crucially, there's also no validation authority to check that your products meet all the specs.
Let's just take the most obvious dimension: 3.5mm. For ages, those phone plugs were advertised not as 3.5mm, but as 1/8 inch (3.175mm). So if you wanted to make something compatible with a "1/8 inch" plug, you might get your dimensions wrong. Apply this principle to every other contact's position and size on the plug, and you can see where this is going.
Moreover, some phone plugs have five contacts (Apple's own, for example). The "meaning" of each contact is not standardized -- that ring in the middle may be microphone input, or the contact switch (answer/hangup) on the cable, depending on who made it and what it was intended to be plugged in to. Further, if the rings in your cheap knock-off aren't lined up with the socket contacts, then bumping the plug could cause the socket contacts to short across the rings, which would get interpreted as a button press, and your call gets dropped.
The result of all this mish-mash was the Apple engineers found designing a (cost-effective) headphone jack that worked reliably with all headphones and headsets one might encounter in the world was simply impossible. You couldn't position the contacts in such a way that they would never short across two rings (some idiot may have placed their rings very badly). You couldn't know ahead of time which contacts did what, and probing at insertion time was fraught with other perils, especially if your contacts created a short across two rings. Despite their extensive research and massive efforts, they still got tons of support calls about how someone's cheap-ass headset didn't work in what has long been assumed to be a standard phone jack.
So my theory is: They declared the problem insoluble, yanked the phone plug, and designed a new digital interface.
An adapter for "3.5mm" stereo headphones will almost certainly be made available. Yes, you still have the compatibility problem with other "3.5mm" devices, but now the problem is in a $30 adapter, and not a $750 phone. It will be interesting to see how liberally Apple licenses their connector so that third parties can also furnish adapters.
The TrendMicro article off-handedly mentions that this malware is installed manually, suggesting physical access to the victim machine is required. This isn't so ridiculous an idea if the victim's machine doesn't have their screensaver set to lock the console (by default, xscreensaver doesn't do this); and if the victim's 'sudo' timeout is sufficiently long (default: 15 minutes).
I haven't been keeping up with the details of the pie fight. Apart from the licensing issue (which, for your typical end-user, is not an issue at all), what features separate Apache OpenOffice from LibreOffice.org?
I think they just re-invented geo-caching, only with books.
You can socially engineer a SIM redirect to a handset in your control. Once done, you get all the victim's SMS messages: https://www.wired.com/2016/06/...
Fscking idiots. SMS is NOT SECURE! They had five years to work on the problem, and this is what they came up with?
Got it.
Uh-huh. I notice they're being conspicuously silent on upload speeds. "Gee, how nice I can download a movie in a couple minutes, but how long will I have to wait to upload the video of my daughter's ${WINTER_HOLIDAY} pageant?"
Meanwhile, Google Fiber is 1Gb/sec symmetric.
I see. Because squirting 720p or 1080p video as uncompressed YUYV over a USB2 link never results in performance problems...
There is an "authentication" feature, but it's amazingly primitive, and the credentials are sent in the clear -- in other words, next to useless. The rest of the page makes it fairly clear: If you are running a Redis server accepting connections from the open Internet, you are an idiot.
Probably not. Copyright protects creative expression. There is no creativity involved in the creation of a cryptographic key, so copyright would almost certainly not apply.
Seriously, I'm having trouble deciding whether this is old-fashioned out-of-control money-grubbing, or it's the IOC trying to keep a lid what is shaping up to be a gigantic figurative (and, in the case of the swimming events, literal) shit-show.
Too stupid to actually happen? So was the DMCA.
It seems the "Smart" TV kids are beginning to learn what some of us have known for decades -- that a rubber-domed joypad is a terrible input device, barely good enough for games, much less controlling a complex computing device.
It would be interesting to know if Comcast makes any attempt to differentiate VoIP calls from other IP traffic and avoid snooping on it.
You misspelled "imposes". HTH. HAND.
No idea; go visit the manufacturer's Web site for your router and see if there's a new firmware release that removes the deprecated ciphers.
[ Citation required ]
I'm more of an Inkscape guy...