That man in the middle would still be selling dial-up if it weren't for the Google offerings that consumers want, specifically Youtube. There are others too such as Hulu and Veoh and even the major TV networks' sites that stream episodes on demand, plus all the Shoutcast streaming radio stations.
What this is really about is whether the ISPs still have common carrier status, and how that conflicts with their vertical service integration for services like TV and phone. These ISPs are charging for what is either free or for less money elsewhere.
The solution is very simple. The FCC grants the ability for these anti-net-neutrality ISPs to charge whatever they like for whatever content they choose to carry over their networks, in exchange for the return of every government subsidy and grant given over the last five decades, with interest, in addition to the rescission of their common carrier status. The government can then take that money and give it to companies that will act like common carriers and build net-neutral data infrastructure.
One of the consequences of Rambus' actions is that standards bodies now take extraordinary measures to ensure that all contributors fully disclose all ideas that could be patented by the company so that they don't get submarined by them. Evem VESA, which is a video standards body, got to the point where all of their calls start out with a disclaimer by the moderator saying something to the effect of: "You cannot discuss patented or soon-to-be-patented ideas, and the contributor releases all claims to the same for use by members of the organization." All of this because of the way the Rambus situation panned out legally over the last decade.
On a slightly related note, there are all sorts of Rambus fanboi trolls who go around and post some nonsense that JEDEC is an evil cartel and that Rambus helped teach the industry how to build memory. A recent story on this subject on the EE Times website had deleted a post saying exactly this, and I've seen it in many different forums, financial and technical. The stock story being foisted all over the web s especially funny considering the old P4 i815 chipset could never take more than two RAMBUS RIMMs (despite having three slots) because of unresolvable signal integrity issues.
I also hold an H-1B, although I'm a Canadian citizen.
Here are two other problems:
1. No medical checks until the very end of the (optional) green card process. Presumably, an employee running around with TB could be spreading it for years without knowing who it was. Bad for US citizens and lawful aliens. A medical exam should be completed prior to entry into the country.
2. Lack of grace period upon job loss. I'm expected to leave in 10 days flat. If you have an apartment full of stuff, it's kinda tough to pull it all together in that timeframe, lest the BCIS agents come to take you away.
3. Lack of typical state benefits upon job loss. If I lose my job, I pay into unemployment but I'm not allowed to collect even to get back what I paid in. Furthermore, I can't collect unemployment from my home country. That means I need to stash money away for that contingency that I could've used elsewhere.
The solution is an indexed and independently audited visa system whereby visa holders get a provisional permanent green card pending medical, educational and experience qualifications at a rate that doesn't exceed the displacement of professionals already in the country above NAIRU, applicant-funded with additional funds set aside automatically for otherwise standard benefits of a citizen. This is the problem that Canada has in dumping a bunch of people from other countries into the workforce where there are already too few tech jobs (although Canada's bigger problem is where professionals can't be credentialed and end up having a worse standard of living than back in their home country driving a taxi).
I find myself coming back to chemistry as an engineer, voluntarily or involuntarily, at various points. It's intermittently important to understand how the devices I'm using work, but still important.
I'd say it's necessary to have a good understanding of the underlying basic science if you're an applied scientist.
If the city can't even complete one of the most basic network administration tasks of finding a physical device on a network, I think they have absolutely no right to accuse anyone of "hijacking" their network. I hope the defense attorney for Terry Childs brings this up.
I understand that this may or may not be true, but scientists still don't really understand what the gravitational force is, nor do they understand the role of dark matter or dark energy. I think we have a long ways to go before we can make any realistic conjecture on any of this.
A balance needs to be struck between the negatives of two strategies:
* Perpetual archiving of e-mail - wastes server disk space, increases tape backup volume, and (more notoriously) can leave "clues" that predatory litigators salivate over.
* Non-archival of e-mail - internal accusations and decisions can't be resolved, difficult to track decisions and their history, circumventable by printing the e-mail with headers.
The solution is as follows:
1. Digest only the final decisions of e-mails and the essential reasoning thereof, or make a digest of the decisions in a collaborative project wiki where buy-in from the stakeholders can be tracked.
2a. Upon project completion (ISO9000-type project gating), archive all project files, documentation and essential digest e-mails.
2b. Simultaneously destroy all other e-mails using secure forensically-unrecoverable techniques to prevent accidental recovery by thieves.
3. Any other e-mails regarding general architectural or administrative decisions which have implications for future development in the company should be digested, placed on a company wiki, and then the remainder securely destroyed.
Using this method, any questionable or potentially illegal decisions can be greatly avoided or reduced from a purely legal perspective while retaining sufficient information to continue operations and development. This policy won't end all legal issues, but the key is to have procedures that are centered around the guise of IT efficiency and operational simplicity to purposely dispel any other alleged intent by third parties that expressed or implies destruction of future evidence.
The banking sector is probably one of the slowest in terms of uptake of new crypto technologies. A huge number are still using 3DES or RC4 for symmetric to protect customers transactions. If you don't believe me, check out Citibank's Online Banking with "highly modern" RC4. I've seen 40-bit encryption on current express-pay keytags at a certain coffee chain which is almost trivial to crack with little cost by today's computers. In too many cases, it's the same old HSMs accelerating crypto transactions in servers as were in the last decade.
Granted, 3DES is actually not truly that bad in terms of its 112-bit effective security compared to AES-128 (though it's not the weak point when you use 80-bit effective RSA1024). However, just because ANSI X9 has started including modern technologies like ECC and AES or other technologies like quantum crypto are promising, you can bet that the banking industry will be one of the last groups to take up more modern crypto technology. Heck, even the NSA is mandating Suite B with ECC and AES by 2010 for government security! It's one of the few government agencies to actually act faster than the private sector.
Finally, I wonder if the original poster could show the relevant ANSI X9 aka banking security standard which calls out quantum crypto. I don't think I've seen one, and the banking industry typically lives and dies by X9.
All of these boutique conditional access companies (NDS, Nagra/Kudelski, Irdeto, Conax, etc.) have a big stake in developing their own unique flavors of crypto and security to avoid payment of royalties to various providers of security IP. Some examples are Certicom for elliptic curve public key and digital signature, Cryptographic Research Inc. for smart card differential power analysis. The truth is that there are only so many ways to accomplish what they're tasked to do, and the trade secret route is used as much as the patent route where they would not disclose key secrets. Yeah, security by obscurity is wrong, but they even have ways to fight this type of reverse engineering. Custom secure execution environments as found in Irdeto Secure Silicon, Nagra On-Chip Security, and NDS Trusted Secure Kernel are probably running very customized code and OS. Most of the non-secure part of the code is still Linux, but I doubt they even want that released just because the hooks may provide hints at attack vectors.
These conditional access companies are also going through extensive background and security checks of anyone working with the implementation of their systems, as well as hiding multiple root keys/certs in obscenely secure environments such as mountain vaults. Frankly, I don't blame them on this part since inside jobs have killed these guys in the past (AVR anyone?), but they'll also go through the trouble of de-capping and de-layering chips to find the secrets.
Ultimately, I have a strong feeling that the code may provide hints to either their proprietary system of security or what crypto they're using that would open them up to legal action. Consider that these guys would rather go up against a non-profit entity like the FSF as opposed to a more well-funded commercial company and will continue to take the risk. Then again, even the well-funded companies need tens of millions to reverse engineer these solutions, so why bother helping them out?
I expected the standard arguments of physical trespass onto the house to litter the comments, but it all boils down to whether an access point gives me a DHCP lease or not. I don't crack WEP/WPA and never have or will, nor will I try to crack SSH on the VPN that sits behind the access point. Unfortunately, the technologically proficient are not part of the process of making laws or setting up all access points.
The real tragedy is that it will create more law breakers out of people who might not otherwise be. After all, when I go through the Las Vegas airport and see the "MCCARRAN" access point, will I know it's set up for public use the next time I go through because of a change in the airport's disposition on use, or will the police come haul me away for me leaving my radio switch on?
Having been through two degrees in engineering, I can tell you that assignments can be hell if you don't understand the "trick" or the specific approach to solving the problem. It's not always intuitive as to how this happens. For example, when one is solving a polynomial derivative by first principles, isolating terms in the denominator by multiplying by "one" (where "one" is actually a polynomial expression divided by itself) is not intuitively obvious. When you do see it, however, you say "Ahhh, THAT'S how you do it!" and you can keep going.
And that's the crux of why you want to collaborate. Problems aren't entirely obvious to solve and involve subtleties outside of the context which most students would typically approach. It frustrated me personally to no end to have this type of nonsense foisted on me over and over again, particularly as these subtleties get more and more obscure. In my electromagnetics class, which is mostly vector calculus anyway, I happened to get it but lots of my friends didn't, and I helped them learn the tricks. Similarly, in my complex variable calculus class, I struggled with a bad prof while friends in another section would be able to help me out because their prof constantly gave them an "approach methodology". I dropped out of my RF electronics class because the prof from old Mother Russia was a known hard-ass who eventually was formally reprimanded and endangered his own tenure for failing almost half of a section of Electronics I. None of them would've had a hope in passing without collaboration.
Ultimately, when I taught a 100-person section of an electronics lab and marked assignments and lab reports, I made sure that the students knew what was going on. As long as they weren't ad-verbatim copies, I let it go. Even scribing solutions can help you do well if you understand the workings of the problem as opposed to blind copying. But I warned all of my students on the ultimate lesson I learned in the whole situation: whether or not you copy an assignment, you will be dead in the water come exam time or in your career if you don't fundamentally understand the basics of the material. And that's the ultimate lesson in school, the reason why your profs don't chase you down like they do in grade school and the reason that people who copy without learning almost always get weeded out during exam time, and the reason why assignments are only 10% of the grade!
The only question here is whether this student is really guilty of 147 counts of academic misconduct, as opposed to the other 147-some individuals. Why aren't they in here too? I'd have serious legal questions regarding the equal application of regulations and wouldn't be surprised if this ends up in a real court. The university regulation itself is insanely vague, and my experience with discipline officers is that they are very rigid and determined to justify their position by being hard-asses. These people are hardly administering justice; they're just out to screw one kids entire academic career because it was more systematically organized than the undercurrent that's been doing the same thing for years.
One last thing, boys and girls: make sure when you collaborate that you don't use any personally-identifiable information in your group. Use anonymous networks like Tor to access sites, and don't use your own name. That way, all the court orders in the world won't help these academic clowns with fangs sharpen them on your carcass.
Most of you who know something about semiconductors understand that customization of semiconductors happens after the manufacturing process, usually by insertion using big IC testers, laser trimming, customized package bond-outs, and so on. If the control of a central authority (i.e. root certificate) is necessary, as opposed to control from the semiconductor (which affords no protection), then a digital certificate still needs to be injected with a root certificate residing at a properly protected certificate authority with standard protections like FIPS-certified hardware security modules. Simply creating a unique ID by which one would somehow use a public/private key scheme would still be subject to a man-in-the-middle attack.
Now, the problem is that you need to get that certificate into the chip securely. If you do it at the initial tester level (i.e. wafer sort), then you have a gaping hole because someone can analyze the communication into the chip using digital oscilloscope data capture off of the load board or probe card and create their own root certificate. One still needs to mount a man-in-the-middle attack to accomplish this, but it is definitely possible to attack the system. Combine this with the mask duplication that already occurs in IC theft or the "extra shift" problem where the chips are overproduced, and this scheme can be entirely bypassed. If one embeds a temporary or permanent certificate in ROM, then the masks can easily be reverse-engineered to determine the secrets. This could take more time, but is ultimately insecure.
The only way one could really prevent this problem is if you could physically prevent someone in the test house from getting physical access to the tester. Something along the lines of FIPS 140 Level 3 would be necessary to prevent the type of intrusion on the data insertion from the tester, and this would be prohibitively expensive and logistically nightmarish. Most of these FIPS 140 Level 3 systems are usually hermetically sealed one-way and not meant to constantly cycle physical items through like wafer boats or chip trays. In short, it's not really a feasible scheme.
Threat models aside, the ultimate goal of security is not to make it impenetrable but to make it economically infeasible. Unfortunately, with the very high volume devices that this type of scheme might be intended on protecting and the economics of piracy, it's unlikely that determined thieves with big bank accounts to bribe folks in low-cost countries will be able to ultimately resist the temptation.
Ridiculous given viewing distances and screen size
on
33 MegaPixel TV in 2015
·
· Score: 4, Interesting
One of the things that TV manufacturers contend with is what screen size versus resolution. The uptake of true 1080p on screen sizes of 32" or less has been slow because there's virtually no visual difference between 720p/WXGA screens at those screen sizes for the average viewing distance in a living room. I'm also not talking about computer output, though you wouldn't be able to read much unless you bumped the font size up by quite a bit at 1080p.
Now, 37" is marginal and 42" is where it really starts getting to be noticeable. This is also the sweet spot for a primary panel for the next few years. Beyond this resolution, you'll start noticing 1080p from the next highest resolution (i.e. quad-720p or 1440p) at the 56-63" screen size. But there's one problem with 63" and larger screens: they are close to the limit for what most homes can pass through their door!. In fact, a monolithic 71" 1080p plasma that a large Korean company allowed us to borrow for our lab work wouldn't go properly around normal corners and with standard door widths. So all your dreams of 102" LCDs in your living rooms may be short lived given you won't be able to get it around any corners. Most luxury homes these days, by the way, usually have this in mind when the house is architected so that there's enough room to get these sets into the house from outside. Also, bear in mind that the scaling technology, although advancing rapidly, can only do so much with standard definition material and it just looks worse as you get a larger screen size.
Now, even if it's possible to build a seamless, high-reliability large screen like a flexible screen that can fit in your room, you start hitting a visual limit again at around quad-1080p (3840x2160) for the height of an average room in most of the developed world without even considering how much eye/neck strain this will cause for the average viewer. In case you weren't counting already, we're at around ~8 Megapixels at that size. So, having an 8k x 4k resolution system like the one proposed will require a double size wall which - surprise! - is pretty much where most theaters are going for online distribution of movies. Heck, they already get away with 4k x 2k resolution in digital theaters anyway and most people don't even notice it. And when I saw their demo of 4k, my entire field of view needed to be taken up to see any differences.
As for the audio, never mind that 24 position audio is completely impractical from an installation perspective in the average home and can be easily emulated using far fewer speakers and using virtual surround positioning techniques. This is why it's funny when DTS versus DTS-HD gets brought up - unless you're an audiophile or are in a movie theater, you probably won't care about or notice the difference.
And this gets us back to one immutable point - that this technology is complete overkill for broadcast applications. If broadcast is the target market, and given the rise of personalized on-demand/online video, then this an essentially completely futile effort.
First off, all ePassport and RFID chips need to go through rigorous secure design practices such as those offered by Common Criteria aka ISO 15408. This means every aspect of the design is documented to a particular level (in this case, Common Criteria EAL5 at a minimum) and ensures that the design has no back doors or other unintended "features" put in by the designers, as well as being designed in a secure environment (special rooms with multiple levels of physical protection, security monitoring, no outside communications). It is also designed to a particular security specification depending on the application. So, for example, one would choose something like BSI-PP-02 which is what most smart cards for this type of application are designed to these days anyway. This ensures that not only can direct attacks on cryptography and protocol be mounted, but also that side channel attacks such as differential power analysis are prevented.
In addition, the setup enrolls each card with a unique ID or digital certificate unique and known only to the upstream readers. Non-destructive extraction of these keys from the chips on the ID or from the hardware security modules that take care of the crypto on the reader side is practially not possible. There is dedicated on-board cryptographic acceleration for both symmetric (typically 3DES or AES) and asymmmetric (typically 1024-bit or 2048-bit RSA, or 160-bit to 256-bit ECC) cryptography. So, just like digital certificates on the Internet ensure that you are really talking to Google when you use a browser and not to a man in the middle, nobody can really intercept communications between reader and card.
The real concern isn't what criminals or hackers will do with this, but what governments will. Vicinity card, aka ISO 15693, may allow for surreptitious monitoring by readers because of the physical layer implementations that allow long-distance reading without the knowledge of the card's owner. That, of course, can be subverted by building a Faraday cage around the card (yes, I mean tin foil), but there was no reason in my opinion to go any further than contact smart card aka ISO 7816. For one thing, the power constraints make turn-around times on cryptography notoriously difficult on non-contact cards to stay within a decent cost and design budget - and that would've been greatly alleviated on the contact style cards. For another thing, there is really no reason for the physical person to not be present with the card, which means they could've easily made rows of ISO 7816 readers that you simply insert your card into at the same time it takes your picture and/or collects biometric information before presenting yourself to a BCIS agent. In any case, this is pretty much the top and bottom of what's going on with electronic ID of the future, so be aware of what you're carrying and how.
The assertion that Nintendo would build an entire factory to satisfy the console demand is ludicrous. They would and should simply hire a contract manufacturer like a Foxconn or Solectron or Sanmina and get the product out. If quality issues are that important, they can put their own support in-factory to ensure that their standards are met. It's done on a regular basis in the electronics industry.
What you also don't take into account in your analysis is how pent-up demand means lost dollars on licensing revenue. Each system that gets sold nets Nintendo additional dollars from the 3-5 games that will be purchased with the system. Don't forget things like additional Wiimotes, Nunchuks, the online classic game store, and other content. That doesn't even include the good press to see you tromp your competitors by another whole factor of their sales and the subsequent pop to Nintendo's stock price. In short, it makes no sense to delay revenue because basic finance demands money in now is better than money in later, particularly among a very fickle public who may very well buy a 360 or PS3 basic system and not look back no matter what the cachet of the Wii may be.
This is simply an example of Nintendo's poor launch planning that is persisting more than a year since the console's introduction. The product managers ought to be fried for not contingency planning.
...and as for DLP, it's a valid question especially given that they oscillate rapidly thousands of times a second to simulate brightness levels (they're pulse width modulated to full reflect or full absorb mirror positions). However, the NIST abstract says that their test is done with a spherical indenter presumably imparting impulsive loads of some magnitude. I don't know how big the sphere is or what material it's made of since I don't have the full article, but I'll assume it's some microscale silicon ball; hopefully they didn't do something like ceramic shattering glass easily with little force. DLP stresses would normally be torsional stress along the micromirror hinge of a magnitude dependent on the deceleration at the limit of the DLP motion and the mass of the mirror. Now, if TI was clever and didn't modulate the mirror past the elastic limit of the material, they might be able to largely overcome this problem. Cantilever-style micromirrors might not fare as well because the material is always being deformed, though I again assume they do a stress-strain plot to ensure they don't go past the elasticity limit. On that note and to come full circle, one would assume that sensors do not exceed their ductile elasticity limit except in critical situations, such as high shock as is found in an abrupt movement of an accident. Then again, they're typically single-use.
Do a firmware push to turn this feature off of all phones enabled with it ASAP. Someone will be in a compromised situation who needs to call 911, alert a criminal and be killed or seriously hurt because of this.
RAID is most definitely about reliability and recoverability as well as availability. It all depends on the level you choose. Your argument that multiple disks increases your likelihood of failure is trumped by one simple fact: how do you know that the single drive you buy for the job will be more reliable than the one next to it?
You can't, and that's why using at least something like RAID1 is a smart way to go. When one drive fails, your data doesn't all go with that one drive. I've seen drives from batches fail literally within a couple of days of each other. If you're smart and rebuild offline as soon as a failure occurs, your chances of losing all your data are very small. Reliability engineering is all about probabilities, and the mirroring and parity concepts of RAID facilitate this reliability. The only place where your argument holds sway is on RAID0, and that's a pretty specialized application to be sure.
If you want to swap drives without disassembling the machine, get case with enough 5.25" bays for the drives you need and buy some removable trays for $10 a piece. When one drive fails, you turn a key, pull the tray, swap the drive and back in it goes for a rebuild.
CableCard is expensive to deploy and difficult to do correctly, as many consumers have had problems and the finger pointing between the Consumer Electronics companies and the cable companies continues. Couple that with fragmentation on emerging standards (e.g. unidirectional multi-stream cable card vs. bidirectional M-card and its head-end equipment implications) and you can see that this is a huge problem.
The real path in digital cable is ClearQAM (i.e. unencrypted digital cable) that will eventually transition to DCAS, with CableCard being the lame horse in the race. The Downloadable Conditional Access System (DCAS) is better to the cable companies because:
1. They don't have to deal with any kind of external hardware in terms of inventories and so on.
2. Nobody from the cable company needs to go and activate the hardware (i.e. tens of billions in deployment costs for personnel, vehicles and equipment), because it's all done from the head end.
3. The Conditional Access system is inherently downloadable, meaning it can be renewed if cracked (similar to BD+ on Blu-Ray).
4. The Conditional Access system is embedded inside the chip with special design methods that prevent it from being hacked from the outside. Before you go off on me on this one, note that it's part of the contract when you license the IP that the hardware has a very specific path to transfer information that can't be addressed by additional logic and subjects you to an economic death penalty if you do - no more peeking into internal registers or external memory since all of that has to be encrypted from the inside and done so by design from the beginning.
5. Even if you do go to the extent of de-lidding the chip and attempting to find the secrets, the cable companies can send electronic bullets to disable a cracked device if so found.
6. Content recording and sharing is automatically DRM protected from the head-end's instructions, so only compliant devices within a particular approved secure media sharing framework can transfer the content.
It's a content producer's and cable company's simultaneous wet dream. The cable guys are interested ultimately in selling gravy (i.e. programming), not leasing or selling hardware that needs to be maintained, stocked, etc.. Even the satellite guys that I've talked to have said as much. When you also consider that Broadcom, the very dominant player in Set Top Box chips, is itself pushing DCAS, you can see where this is going. Heck, even Verizon last year tried to throw a monkey wrench in the works by writing a letter to the FCC so it could use DCAS for its new Fiber-to-the-Premises IPTV network. The poor bastards who get the shaft now are the companies providing digital TV chips with cable box functionality embedded, although this is also why Broadcom is intent on pushing this through as a first-mover advantage in the DTV chip market.
Don't fret too much on this one - it's all already essentially been decided for you. The unfortunate aspect of this is that the early adopters are going to get the shaft.
[Tour of Accounting]
Accounting Troll: "Over here we have our random number generator"
Number Generator Troll: "Nine Nine Nine Nine Nine Nine"
Dilbert: "Are you sure that's random?"
Accounting Troll: "That's the problem with randomness: you can never be sure"
How does this reconcile with reality as we see it?
From my perspective, even if this mathematical "proof" is true, it is only true in the ontological sense, i.e. that these branches can happen and maybe do happen, but not in reality. Then again, I believe the entire basis for the universe is ultimately ontological but that's a different matter.
My point is that these alternate "universes" may only exist in infinitesimally-small times (possibly below the Planck time threshold) and then simply cease to exist again as compared with our reality in the next moment, moment after moment.
That's exactly the problem. Using RSA around the 1k-bit key strength is equivalent to 80 bits of symmetric key strength. AES-256 is a waste otherwise because all you need to do is attack the public key encryption to extract the symmetric key, and voila.
Although they don't have a public key scheme strong enough for the AES-256 (requires 15360-bit RSA or 256-bit ECC for public key), you should always be logging in using https://gmail.google.com/ from all locations (even home) to ensure the entire session is encrypted.
Slashdot Mirror
That man in the middle would still be selling dial-up if it weren't for the Google offerings that consumers want, specifically Youtube. There are others too such as Hulu and Veoh and even the major TV networks' sites that stream episodes on demand, plus all the Shoutcast streaming radio stations.
What this is really about is whether the ISPs still have common carrier status, and how that conflicts with their vertical service integration for services like TV and phone. These ISPs are charging for what is either free or for less money elsewhere.
The solution is very simple. The FCC grants the ability for these anti-net-neutrality ISPs to charge whatever they like for whatever content they choose to carry over their networks, in exchange for the return of every government subsidy and grant given over the last five decades, with interest, in addition to the rescission of their common carrier status. The government can then take that money and give it to companies that will act like common carriers and build net-neutral data infrastructure.
One of the consequences of Rambus' actions is that standards bodies now take extraordinary measures to ensure that all contributors fully disclose all ideas that could be patented by the company so that they don't get submarined by them. Evem VESA, which is a video standards body, got to the point where all of their calls start out with a disclaimer by the moderator saying something to the effect of: "You cannot discuss patented or soon-to-be-patented ideas, and the contributor releases all claims to the same for use by members of the organization." All of this because of the way the Rambus situation panned out legally over the last decade.
On a slightly related note, there are all sorts of Rambus fanboi trolls who go around and post some nonsense that JEDEC is an evil cartel and that Rambus helped teach the industry how to build memory. A recent story on this subject on the EE Times website had deleted a post saying exactly this, and I've seen it in many different forums, financial and technical. The stock story being foisted all over the web s especially funny considering the old P4 i815 chipset could never take more than two RAMBUS RIMMs (despite having three slots) because of unresolvable signal integrity issues.
I also hold an H-1B, although I'm a Canadian citizen.
Here are two other problems:
1. No medical checks until the very end of the (optional) green card process. Presumably, an employee running around with TB could be spreading it for years without knowing who it was. Bad for US citizens and lawful aliens. A medical exam should be completed prior to entry into the country.
2. Lack of grace period upon job loss. I'm expected to leave in 10 days flat. If you have an apartment full of stuff, it's kinda tough to pull it all together in that timeframe, lest the BCIS agents come to take you away.
3. Lack of typical state benefits upon job loss. If I lose my job, I pay into unemployment but I'm not allowed to collect even to get back what I paid in. Furthermore, I can't collect unemployment from my home country. That means I need to stash money away for that contingency that I could've used elsewhere.
The solution is an indexed and independently audited visa system whereby visa holders get a provisional permanent green card pending medical, educational and experience qualifications at a rate that doesn't exceed the displacement of professionals already in the country above NAIRU, applicant-funded with additional funds set aside automatically for otherwise standard benefits of a citizen. This is the problem that Canada has in dumping a bunch of people from other countries into the workforce where there are already too few tech jobs (although Canada's bigger problem is where professionals can't be credentialed and end up having a worse standard of living than back in their home country driving a taxi).
I find myself coming back to chemistry as an engineer, voluntarily or involuntarily, at various points. It's intermittently important to understand how the devices I'm using work, but still important.
I'd say it's necessary to have a good understanding of the underlying basic science if you're an applied scientist.
If the city can't even complete one of the most basic network administration tasks of finding a physical device on a network, I think they have absolutely no right to accuse anyone of "hijacking" their network. I hope the defense attorney for Terry Childs brings this up.
I understand that this may or may not be true, but scientists still don't really understand what the gravitational force is, nor do they understand the role of dark matter or dark energy. I think we have a long ways to go before we can make any realistic conjecture on any of this.
A balance needs to be struck between the negatives of two strategies:
* Perpetual archiving of e-mail - wastes server disk space, increases tape backup volume, and (more notoriously) can leave "clues" that predatory litigators salivate over.
* Non-archival of e-mail - internal accusations and decisions can't be resolved, difficult to track decisions and their history, circumventable by printing the e-mail with headers.
The solution is as follows:
1. Digest only the final decisions of e-mails and the essential reasoning thereof, or make a digest of the decisions in a collaborative project wiki where buy-in from the stakeholders can be tracked.
2a. Upon project completion (ISO9000-type project gating), archive all project files, documentation and essential digest e-mails.
2b. Simultaneously destroy all other e-mails using secure forensically-unrecoverable techniques to prevent accidental recovery by thieves.
3. Any other e-mails regarding general architectural or administrative decisions which have implications for future development in the company should be digested, placed on a company wiki, and then the remainder securely destroyed.
Using this method, any questionable or potentially illegal decisions can be greatly avoided or reduced from a purely legal perspective while retaining sufficient information to continue operations and development. This policy won't end all legal issues, but the key is to have procedures that are centered around the guise of IT efficiency and operational simplicity to purposely dispel any other alleged intent by third parties that expressed or implies destruction of future evidence.
The banking sector is probably one of the slowest in terms of uptake of new crypto technologies. A huge number are still using 3DES or RC4 for symmetric to protect customers transactions. If you don't believe me, check out Citibank's Online Banking with "highly modern" RC4. I've seen 40-bit encryption on current express-pay keytags at a certain coffee chain which is almost trivial to crack with little cost by today's computers. In too many cases, it's the same old HSMs accelerating crypto transactions in servers as were in the last decade.
Granted, 3DES is actually not truly that bad in terms of its 112-bit effective security compared to AES-128 (though it's not the weak point when you use 80-bit effective RSA1024). However, just because ANSI X9 has started including modern technologies like ECC and AES or other technologies like quantum crypto are promising, you can bet that the banking industry will be one of the last groups to take up more modern crypto technology. Heck, even the NSA is mandating Suite B with ECC and AES by 2010 for government security! It's one of the few government agencies to actually act faster than the private sector.
Finally, I wonder if the original poster could show the relevant ANSI X9 aka banking security standard which calls out quantum crypto. I don't think I've seen one, and the banking industry typically lives and dies by X9.
If WoW chills him out, I'd hate to see what he looks like when he's wound up.
This is an interview with the same guy, by the way, relaxing with a stogie and alcohol, the old fashioned way.
All of these boutique conditional access companies (NDS, Nagra/Kudelski, Irdeto, Conax, etc.) have a big stake in developing their own unique flavors of crypto and security to avoid payment of royalties to various providers of security IP. Some examples are Certicom for elliptic curve public key and digital signature, Cryptographic Research Inc. for smart card differential power analysis. The truth is that there are only so many ways to accomplish what they're tasked to do, and the trade secret route is used as much as the patent route where they would not disclose key secrets. Yeah, security by obscurity is wrong, but they even have ways to fight this type of reverse engineering. Custom secure execution environments as found in Irdeto Secure Silicon, Nagra On-Chip Security, and NDS Trusted Secure Kernel are probably running very customized code and OS. Most of the non-secure part of the code is still Linux, but I doubt they even want that released just because the hooks may provide hints at attack vectors.
These conditional access companies are also going through extensive background and security checks of anyone working with the implementation of their systems, as well as hiding multiple root keys/certs in obscenely secure environments such as mountain vaults. Frankly, I don't blame them on this part since inside jobs have killed these guys in the past (AVR anyone?), but they'll also go through the trouble of de-capping and de-layering chips to find the secrets.
Ultimately, I have a strong feeling that the code may provide hints to either their proprietary system of security or what crypto they're using that would open them up to legal action. Consider that these guys would rather go up against a non-profit entity like the FSF as opposed to a more well-funded commercial company and will continue to take the risk. Then again, even the well-funded companies need tens of millions to reverse engineer these solutions, so why bother helping them out?
I expected the standard arguments of physical trespass onto the house to litter the comments, but it all boils down to whether an access point gives me a DHCP lease or not. I don't crack WEP/WPA and never have or will, nor will I try to crack SSH on the VPN that sits behind the access point. Unfortunately, the technologically proficient are not part of the process of making laws or setting up all access points.
The real tragedy is that it will create more law breakers out of people who might not otherwise be. After all, when I go through the Las Vegas airport and see the "MCCARRAN" access point, will I know it's set up for public use the next time I go through because of a change in the airport's disposition on use, or will the police come haul me away for me leaving my radio switch on?
Having been through two degrees in engineering, I can tell you that assignments can be hell if you don't understand the "trick" or the specific approach to solving the problem. It's not always intuitive as to how this happens. For example, when one is solving a polynomial derivative by first principles, isolating terms in the denominator by multiplying by "one" (where "one" is actually a polynomial expression divided by itself) is not intuitively obvious. When you do see it, however, you say "Ahhh, THAT'S how you do it!" and you can keep going.
And that's the crux of why you want to collaborate. Problems aren't entirely obvious to solve and involve subtleties outside of the context which most students would typically approach. It frustrated me personally to no end to have this type of nonsense foisted on me over and over again, particularly as these subtleties get more and more obscure. In my electromagnetics class, which is mostly vector calculus anyway, I happened to get it but lots of my friends didn't, and I helped them learn the tricks. Similarly, in my complex variable calculus class, I struggled with a bad prof while friends in another section would be able to help me out because their prof constantly gave them an "approach methodology". I dropped out of my RF electronics class because the prof from old Mother Russia was a known hard-ass who eventually was formally reprimanded and endangered his own tenure for failing almost half of a section of Electronics I. None of them would've had a hope in passing without collaboration.
Ultimately, when I taught a 100-person section of an electronics lab and marked assignments and lab reports, I made sure that the students knew what was going on. As long as they weren't ad-verbatim copies, I let it go. Even scribing solutions can help you do well if you understand the workings of the problem as opposed to blind copying. But I warned all of my students on the ultimate lesson I learned in the whole situation: whether or not you copy an assignment, you will be dead in the water come exam time or in your career if you don't fundamentally understand the basics of the material. And that's the ultimate lesson in school, the reason why your profs don't chase you down like they do in grade school and the reason that people who copy without learning almost always get weeded out during exam time, and the reason why assignments are only 10% of the grade!
The only question here is whether this student is really guilty of 147 counts of academic misconduct, as opposed to the other 147-some individuals. Why aren't they in here too? I'd have serious legal questions regarding the equal application of regulations and wouldn't be surprised if this ends up in a real court. The university regulation itself is insanely vague, and my experience with discipline officers is that they are very rigid and determined to justify their position by being hard-asses. These people are hardly administering justice; they're just out to screw one kids entire academic career because it was more systematically organized than the undercurrent that's been doing the same thing for years.
One last thing, boys and girls: make sure when you collaborate that you don't use any personally-identifiable information in your group. Use anonymous networks like Tor to access sites, and don't use your own name. That way, all the court orders in the world won't help these academic clowns with fangs sharpen them on your carcass.
Most of you who know something about semiconductors understand that customization of semiconductors happens after the manufacturing process, usually by insertion using big IC testers, laser trimming, customized package bond-outs, and so on. If the control of a central authority (i.e. root certificate) is necessary, as opposed to control from the semiconductor (which affords no protection), then a digital certificate still needs to be injected with a root certificate residing at a properly protected certificate authority with standard protections like FIPS-certified hardware security modules. Simply creating a unique ID by which one would somehow use a public/private key scheme would still be subject to a man-in-the-middle attack.
Now, the problem is that you need to get that certificate into the chip securely. If you do it at the initial tester level (i.e. wafer sort), then you have a gaping hole because someone can analyze the communication into the chip using digital oscilloscope data capture off of the load board or probe card and create their own root certificate. One still needs to mount a man-in-the-middle attack to accomplish this, but it is definitely possible to attack the system. Combine this with the mask duplication that already occurs in IC theft or the "extra shift" problem where the chips are overproduced, and this scheme can be entirely bypassed. If one embeds a temporary or permanent certificate in ROM, then the masks can easily be reverse-engineered to determine the secrets. This could take more time, but is ultimately insecure.
The only way one could really prevent this problem is if you could physically prevent someone in the test house from getting physical access to the tester. Something along the lines of FIPS 140 Level 3 would be necessary to prevent the type of intrusion on the data insertion from the tester, and this would be prohibitively expensive and logistically nightmarish. Most of these FIPS 140 Level 3 systems are usually hermetically sealed one-way and not meant to constantly cycle physical items through like wafer boats or chip trays. In short, it's not really a feasible scheme.
Threat models aside, the ultimate goal of security is not to make it impenetrable but to make it economically infeasible. Unfortunately, with the very high volume devices that this type of scheme might be intended on protecting and the economics of piracy, it's unlikely that determined thieves with big bank accounts to bribe folks in low-cost countries will be able to ultimately resist the temptation.
One of the things that TV manufacturers contend with is what screen size versus resolution. The uptake of true 1080p on screen sizes of 32" or less has been slow because there's virtually no visual difference between 720p/WXGA screens at those screen sizes for the average viewing distance in a living room. I'm also not talking about computer output, though you wouldn't be able to read much unless you bumped the font size up by quite a bit at 1080p.
Now, 37" is marginal and 42" is where it really starts getting to be noticeable. This is also the sweet spot for a primary panel for the next few years. Beyond this resolution, you'll start noticing 1080p from the next highest resolution (i.e. quad-720p or 1440p) at the 56-63" screen size. But there's one problem with 63" and larger screens: they are close to the limit for what most homes can pass through their door!. In fact, a monolithic 71" 1080p plasma that a large Korean company allowed us to borrow for our lab work wouldn't go properly around normal corners and with standard door widths. So all your dreams of 102" LCDs in your living rooms may be short lived given you won't be able to get it around any corners. Most luxury homes these days, by the way, usually have this in mind when the house is architected so that there's enough room to get these sets into the house from outside. Also, bear in mind that the scaling technology, although advancing rapidly, can only do so much with standard definition material and it just looks worse as you get a larger screen size.
Now, even if it's possible to build a seamless, high-reliability large screen like a flexible screen that can fit in your room, you start hitting a visual limit again at around quad-1080p (3840x2160) for the height of an average room in most of the developed world without even considering how much eye/neck strain this will cause for the average viewer. In case you weren't counting already, we're at around ~8 Megapixels at that size. So, having an 8k x 4k resolution system like the one proposed will require a double size wall which - surprise! - is pretty much where most theaters are going for online distribution of movies. Heck, they already get away with 4k x 2k resolution in digital theaters anyway and most people don't even notice it. And when I saw their demo of 4k, my entire field of view needed to be taken up to see any differences.
As for the audio, never mind that 24 position audio is completely impractical from an installation perspective in the average home and can be easily emulated using far fewer speakers and using virtual surround positioning techniques. This is why it's funny when DTS versus DTS-HD gets brought up - unless you're an audiophile or are in a movie theater, you probably won't care about or notice the difference.
And this gets us back to one immutable point - that this technology is complete overkill for broadcast applications. If broadcast is the target market, and given the rise of personalized on-demand/online video, then this an essentially completely futile effort.
First off, all ePassport and RFID chips need to go through rigorous secure design practices such as those offered by Common Criteria aka ISO 15408. This means every aspect of the design is documented to a particular level (in this case, Common Criteria EAL5 at a minimum) and ensures that the design has no back doors or other unintended "features" put in by the designers, as well as being designed in a secure environment (special rooms with multiple levels of physical protection, security monitoring, no outside communications). It is also designed to a particular security specification depending on the application. So, for example, one would choose something like BSI-PP-02 which is what most smart cards for this type of application are designed to these days anyway. This ensures that not only can direct attacks on cryptography and protocol be mounted, but also that side channel attacks such as differential power analysis are prevented.
In addition, the setup enrolls each card with a unique ID or digital certificate unique and known only to the upstream readers. Non-destructive extraction of these keys from the chips on the ID or from the hardware security modules that take care of the crypto on the reader side is practially not possible. There is dedicated on-board cryptographic acceleration for both symmetric (typically 3DES or AES) and asymmmetric (typically 1024-bit or 2048-bit RSA, or 160-bit to 256-bit ECC) cryptography. So, just like digital certificates on the Internet ensure that you are really talking to Google when you use a browser and not to a man in the middle, nobody can really intercept communications between reader and card.
The real concern isn't what criminals or hackers will do with this, but what governments will. Vicinity card, aka ISO 15693, may allow for surreptitious monitoring by readers because of the physical layer implementations that allow long-distance reading without the knowledge of the card's owner. That, of course, can be subverted by building a Faraday cage around the card (yes, I mean tin foil), but there was no reason in my opinion to go any further than contact smart card aka ISO 7816. For one thing, the power constraints make turn-around times on cryptography notoriously difficult on non-contact cards to stay within a decent cost and design budget - and that would've been greatly alleviated on the contact style cards. For another thing, there is really no reason for the physical person to not be present with the card, which means they could've easily made rows of ISO 7816 readers that you simply insert your card into at the same time it takes your picture and/or collects biometric information before presenting yourself to a BCIS agent. In any case, this is pretty much the top and bottom of what's going on with electronic ID of the future, so be aware of what you're carrying and how.
The assertion that Nintendo would build an entire factory to satisfy the console demand is ludicrous. They would and should simply hire a contract manufacturer like a Foxconn or Solectron or Sanmina and get the product out. If quality issues are that important, they can put their own support in-factory to ensure that their standards are met. It's done on a regular basis in the electronics industry.
What you also don't take into account in your analysis is how pent-up demand means lost dollars on licensing revenue. Each system that gets sold nets Nintendo additional dollars from the 3-5 games that will be purchased with the system. Don't forget things like additional Wiimotes, Nunchuks, the online classic game store, and other content. That doesn't even include the good press to see you tromp your competitors by another whole factor of their sales and the subsequent pop to Nintendo's stock price. In short, it makes no sense to delay revenue because basic finance demands money in now is better than money in later, particularly among a very fickle public who may very well buy a 360 or PS3 basic system and not look back no matter what the cachet of the Wii may be.
This is simply an example of Nintendo's poor launch planning that is persisting more than a year since the console's introduction. The product managers ought to be fried for not contingency planning.
...and as for DLP, it's a valid question especially given that they oscillate rapidly thousands of times a second to simulate brightness levels (they're pulse width modulated to full reflect or full absorb mirror positions). However, the NIST abstract says that their test is done with a spherical indenter presumably imparting impulsive loads of some magnitude. I don't know how big the sphere is or what material it's made of since I don't have the full article, but I'll assume it's some microscale silicon ball; hopefully they didn't do something like ceramic shattering glass easily with little force. DLP stresses would normally be torsional stress along the micromirror hinge of a magnitude dependent on the deceleration at the limit of the DLP motion and the mass of the mirror. Now, if TI was clever and didn't modulate the mirror past the elastic limit of the material, they might be able to largely overcome this problem. Cantilever-style micromirrors might not fare as well because the material is always being deformed, though I again assume they do a stress-strain plot to ensure they don't go past the elasticity limit. On that note and to come full circle, one would assume that sensors do not exceed their ductile elasticity limit except in critical situations, such as high shock as is found in an abrupt movement of an accident. Then again, they're typically single-use.
Do a firmware push to turn this feature off of all phones enabled with it ASAP. Someone will be in a compromised situation who needs to call 911, alert a criminal and be killed or seriously hurt because of this.
RAID is most definitely about reliability and recoverability as well as availability. It all depends on the level you choose. Your argument that multiple disks increases your likelihood of failure is trumped by one simple fact: how do you know that the single drive you buy for the job will be more reliable than the one next to it?
You can't, and that's why using at least something like RAID1 is a smart way to go. When one drive fails, your data doesn't all go with that one drive. I've seen drives from batches fail literally within a couple of days of each other. If you're smart and rebuild offline as soon as a failure occurs, your chances of losing all your data are very small. Reliability engineering is all about probabilities, and the mirroring and parity concepts of RAID facilitate this reliability. The only place where your argument holds sway is on RAID0, and that's a pretty specialized application to be sure.
If you want to swap drives without disassembling the machine, get case with enough 5.25" bays for the drives you need and buy some removable trays for $10 a piece. When one drive fails, you turn a key, pull the tray, swap the drive and back in it goes for a rebuild.
CableCard is expensive to deploy and difficult to do correctly, as many consumers have had problems and the finger pointing between the Consumer Electronics companies and the cable companies continues. Couple that with fragmentation on emerging standards (e.g. unidirectional multi-stream cable card vs. bidirectional M-card and its head-end equipment implications) and you can see that this is a huge problem.
The real path in digital cable is ClearQAM (i.e. unencrypted digital cable) that will eventually transition to DCAS, with CableCard being the lame horse in the race. The Downloadable Conditional Access System (DCAS) is better to the cable companies because:
1. They don't have to deal with any kind of external hardware in terms of inventories and so on.
2. Nobody from the cable company needs to go and activate the hardware (i.e. tens of billions in deployment costs for personnel, vehicles and equipment), because it's all done from the head end.
3. The Conditional Access system is inherently downloadable, meaning it can be renewed if cracked (similar to BD+ on Blu-Ray).
4. The Conditional Access system is embedded inside the chip with special design methods that prevent it from being hacked from the outside. Before you go off on me on this one, note that it's part of the contract when you license the IP that the hardware has a very specific path to transfer information that can't be addressed by additional logic and subjects you to an economic death penalty if you do - no more peeking into internal registers or external memory since all of that has to be encrypted from the inside and done so by design from the beginning.
5. Even if you do go to the extent of de-lidding the chip and attempting to find the secrets, the cable companies can send electronic bullets to disable a cracked device if so found.
6. Content recording and sharing is automatically DRM protected from the head-end's instructions, so only compliant devices within a particular approved secure media sharing framework can transfer the content.
It's a content producer's and cable company's simultaneous wet dream. The cable guys are interested ultimately in selling gravy (i.e. programming), not leasing or selling hardware that needs to be maintained, stocked, etc.. Even the satellite guys that I've talked to have said as much. When you also consider that Broadcom, the very dominant player in Set Top Box chips, is itself pushing DCAS, you can see where this is going. Heck, even Verizon last year tried to throw a monkey wrench in the works by writing a letter to the FCC so it could use DCAS for its new Fiber-to-the-Premises IPTV network. The poor bastards who get the shaft now are the companies providing digital TV chips with cable box functionality embedded, although this is also why Broadcom is intent on pushing this through as a first-mover advantage in the DTV chip market.
Don't fret too much on this one - it's all already essentially been decided for you. The unfortunate aspect of this is that the early adopters are going to get the shaft.
[Tour of Accounting] Accounting Troll: "Over here we have our random number generator" Number Generator Troll: "Nine Nine Nine Nine Nine Nine" Dilbert: "Are you sure that's random?" Accounting Troll: "That's the problem with randomness: you can never be sure"
How does this reconcile with reality as we see it?
From my perspective, even if this mathematical "proof" is true, it is only true in the ontological sense, i.e. that these branches can happen and maybe do happen, but not in reality. Then again, I believe the entire basis for the universe is ultimately ontological but that's a different matter.
My point is that these alternate "universes" may only exist in infinitesimally-small times (possibly below the Planck time threshold) and then simply cease to exist again as compared with our reality in the next moment, moment after moment.
Sorry, that should've been 521-bit ECC since PK strength for ECC is half the number of bits.
That's exactly the problem. Using RSA around the 1k-bit key strength is equivalent to 80 bits of symmetric key strength. AES-256 is a waste otherwise because all you need to do is attack the public key encryption to extract the symmetric key, and voila.
Although they don't have a public key scheme strong enough for the AES-256 (requires 15360-bit RSA or 256-bit ECC for public key), you should always be logging in using https://gmail.google.com/ from all locations (even home) to ensure the entire session is encrypted.