I probably should not have used the term "SIM Locked" as its usual meaning is that there is a locked relationship between the SIM and the phone which requires carrier assistance to change. I was thinking about "locking" the relationship between the SIM and your federated or second factor identity. Meaning if your phone got a new SIM (or you got a new phone and SIM), that all the external applications / websites would no longer recognize the phone has an identity factor. In this case you would have to re-establish your identity with your applications (relying parties) via some external process. While this would be inconvenient, it would raise the social engineering bar from simply convincing the carrier that you were who you are trying to impersonate, to convincing the carrier *and* all of the applications. Of course social engineering is still a threat, but by "locking" the SIM to your common identity, you would not have all of your security eggs in one basket as we do now when using the phone / SMS as a single security factor.
So when your SIM card changes do does it count as new identity and do you have to re-authorize applications to use the new identity? The summary lists "SIM card details" as a factor, but doesn't specify if the changing of a SIM invalidates exiting identity / registrations with applications. This is important because without it, you still have the issues of social engineering attacks where the attacker calls up the phone company and says "I have lost my phone, can you activate my replacement phone with this new SIM?", granting the attacker access to your email, text messages which also grants the attacker access to your second factor and password reset procedures.
Setting aside the scary privacy and tracking implications of a common ID baked into the phone, if the identity is locked to the SIM, it would help alleviate the social engineering attacks and make your phone a viable second factor for security operations.
Search engines want the be the source of all information and knowledge. It's reasonable to expect them to be responsible, and I'm sure they would mostly agree.
While it is reasonable to expect responsibility, the challenge is that the definition of "responsible" can vary based on your point of view.
If a search engine wants to filter information for correctness or even skew the information they reference to meet their political believes, that should be up to the search engine. Of course if a search information does too much filtering, is too biased, or is viewed by the majority of users as irresponsible, it opens up opportunities for the market to decide that some other engine is better.
My concern is wrapping a legal process around this and using the force of law instead of the force of market to control what a search engine can choose to reference (or not). I agree that in some cases regulation is appropriate for speech (yelling "fire" in a crowed theater as a classic example). It is when you start regulating speech about speech that you get into dangerous territory.
Personally I think it is insane that a search engine or indexing company should be in any way responsible for pointing to content that is publicly available on the Internet. I can see take down orders to ISPs hosting content (assuming the content is illegal in the jurisdiction where the servers are), but going after people telling you where the content exists is scary.
It's a slippery slope and not that far from making the statement "If you go to the library, you can learn out to build a bomb" illegal.
Humans *are* to blame for all self driving car crashes in California (and everywhere else). Humans are creating the software and hardware to enable self driving cars. Humans are building the cars (or building the machines to build the cars). Humans are driving the manually operated cars that are colliding with the human designed and engineered automated cars. No matter how good or bad the technology is, humans are to blame.
Perhaps the headline should have been Human drivers are to blame for most accidents...
Statistics may prove that *people* are not good drivers or that they are not as good as they think they are. Statistics don't prove that a particular individual driver is not a good driver. Not unless there is sufficient statistical data that was collected on said particular individual.
Statistics may prove that people are not good at math and science, but that doesn't mean that Einstein was bad at math and science.
The point of turn signals is not to engage when the turn is in progress, but to indicate the intent of a turn. Doing it when the drive is pulling on the wheel to make the turn will go against the road rules of many locales.
In the addition, turn signals are supposed to be used whether *or not* there are other cars around. Technically some jurisdictions don't require signaling if there are no other vehicles around, but good driving practices suggest always signaling because 1) you might be wrong about no other vehicles being around (and if you haven't seen the other vehicle that is actually there, your signaling might just give the other driver enough warning that you are about to encroach on their space), and 2) always signaling builds a good habit and reduces one piece of driving cognitive load. If your brain isn't thinking about "do I have to single at this time" it has more cycles to think about other driving safety related issues.
For average daily commute (round trip), the daily time seems off.
Agreed. The numbers indicate that the average commute time in Longview, WA is 48 minutes. You can drive from one side of Longview to the other in 10-15 mins. If you are commuting to Vancouver, WA (Northern edge of the Portland, OR metro area), it would be around 45 mins. So the numbers may be for commutes to the nearest large metropolitan area? They certainly are not for local commutes.
First you have to believe that voter fraud is actually a statistically significant problem. Many studies have indicated that it is not. Even if voter fraud is a statistically significant problem, you would have to argue that some other mechanism (than signature verification) would more effectively eliminate or reduce the fraud.
You visually verify that the signature on the ballot envelope matches the signature on the voter registration card. Yes, we do that here for every vote.
That does not audit the election, that is the first and only validation of the initial vote. Once that step FAILS, as it is bound to if the person attempting the fraud is any good at it at all, there is NO way to audit the election. Once you count that ballot, it's counted. There is no way to exclude it from any recount, or to go back and validate it again.
The first validation is the voter registration process itself where the identity of the voter is determined and the baseline signature is obtained. Signature verification on the ballot envelope is the second or subsequent validation. Sure, it's possible that people could fraudulently register to vote. However voter ID regulations don't typically fix this. Voter ID regulations are about showing ID to actually vote, not to register to vote.
Ballots are "fill in the bubble" forms so counting is done by optical readers. Human manual recounting can be performed if necessary.
You apparently missed where I referred to having perfect security after the by-eye signature validation, didn't you? This is irrelevant to the security and integrity of the election if the fraud took place long before you count the ballot.
Didn't miss it. My point isn't about after the signature validation, it is about at the signature validation. I argue that signature validation is sufficient to reduce fraud at the time of the vote. You mentioned concern about fraud that occurs before the vote, which I assume you mean at voter registration time.
I would agree that more stringent procedures could be done to verify voters at voter registration time. That being said, I would want to know that there is actually a statistically significant problem before risking denying or discouraging anyone who is entitled to vote to do so.
Oregon is a state with a lot of logging that supports papermaking plants. It is also a state that mails ballots out to every registered voter, losing all control of where they wind up and who actually votes them. How do you audit a voting system like that?
You visually verify that the signature on the ballot envelope matches the signature on the voter registration card. Yes, we do that here for every vote. After validating the signature and recording the voter as having voted, the ballot is securely separated from the mailing envelope and then counted by another person to ensure vote secrecy. Ballots are "fill in the bubble" forms so counting is done by optical readers. Human manual recounting can be performed if necessary. In my county not only is the signature on the ballot envelope verified with the registration card, the signatures on the last several ballots (from the last several elections) are all compared. If anything is weird, the ballot (still sealed in the envelope) is set aside and the voter is contacted by the elections office.
My Dr. suggested that I take a Vitamin D supplement. I purchased a bottle of 600 capsules at Costco for something like $12. So it costs me less than $10 per year for a little piece of mind. Do I need it? Maybe, maybe not. There is some cost to manufacturing the vitamins and getting them to the store, so it doesn't seem like there is tremendous profit in Vitamin D. Sure, if there are a couple dollars profit per bottle and everyone purchased the supplement, we are talking about decent money, but everyone doesn't purchase the stuff. It seems like a focus on things that almost everyone buys and that has a higher margin (like cable TV, Internet service, cellular service, etc.) would be a better thing to focus on for profit.
Naked I came into this world. I surely can't take anything with me.
While those two statements are true, for everyone's sake, please wear some clothes in the meantime.
I started naked and will probably end up that way, in the meantime I aim to live comfortably. For me living living comfortably includes clothes, a house, a vehicle, tools of my trade, toys (tools for entertainment), etc.
While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results.
While the preliminary results are by definition not final and not official, they do matter. What people *think* the results are can lead to riots. If the preliminary results are radically different than the final results, people lose confidence in the election process. If results (accurate or not) are published prior to the polls closing, people supporting the "winning" candidate may opt not to vote at the last minute, whereas those in support of the "losing" candidate may rush to the polls. If one wanted candidate A to win, they could hack the web server, and publish early results indicating that candidate B was winning, thus encouraging the desired turnout prior to polls closing.
It's marketings job to make people want to buy products with the label. If they're doing their job, the label is big, flashy, and reads something like "Proudly GMO"
It's been done before. Better living through chemistry was DuPont's slogan for almost 50 years. While at the end it may have been kind of a joke, it was a solid marketing effort for a long time.
If for the concessions a city makes (without regard to the negotiation process), will the city be guaranteed 50,000 jobs and $5 Billion in construction, in writing, with legal and financial penalties if it doesn't happen? If not, cities should pass. If the cities will get only some of the jobs and some of the construction dollars, then Amazon should just get some of the tax or other breaks - as dependent on job creation.
If you are a short term trader, it really sucks to have a 20% drop. If you are a long term trader, Facebook as done well. After the IPO it was publicly available for about $40, which makes up up about 350%. The average annual return over the life of the stock is about 27%, well over the market's annual average return of about 10%.
Sounds like due to renewables there is at times extra power that can be stored (by pumping water uphill.) You also need excess water to be pumped uphill. Does California also have this excess water? When you consider the value of the water, does it still make economic sense to put it back behind the dam? I don't know the answer or have an opinion on this, but I do keep hearing about water shortages in California, so it makes me wonder.
Are these miles fully autonomous (meaning no human in the car) or are the miles with assistance (human in the car, ready to take over or "assist")? If with assistance, what is the rate of help the cars get on some sort of statistic that can be compared over time? (Maybe "assists" per 1000 miles or something like that.)
The statistic in the headline sounds impressive, but is it?
Test should use a less annoying tone that doesn't scare the hell out of people when driving. So should less-important stuff like weather and Amber alerts. I wonder how many people have been startled into an accident by another Amber or severe weather alert.
The "annoying tone" is actually a data stream that triggers automated equipment. Changing the tone would not trigger (and not test) this equipment. Originally the trigger tone was just two different frequencies mixed together and it turned automated equipment on. Many years ago the trigger tone was updated to be a data stream (think old dial up) that could selectively trigger equipment. I don't know the details, but I assume the data stream contains geographic information as to what physical locations should "trigger" and receive the alert.
My vote will be dependent on who the candidates are in the next election. Since I have no idea who is going to run against Trump next cycle, I really can't say at this point if I would vote for them or not (and if not, if I would vote for Trump or just abstain.) It also isn't guaranteed that Trump will run again; who knows what might happen prior to the next election.
Keep the compiler, keep all the powerful capabilities of C++, and add an alternative syntax - a friendlier one [...] There is your "new" language - C+++.
Go one step farther and make it four pluses, arrange them in two rows of two and you have C#.
Moss Landing generates 1020 MW, net. This battery provides about (182/1020 * 60) 10 minutes of backup capacity. I don't know if it's at all realistic to think you can find and repair a downed power line in 10 minutes.
No but in 10 minutes you may be able to switch to other transmission lines or bring additional generation online. If you can use batteries to buffer the load while other power sources become available, you can avoid brownouts and more importantly cascading failures.
C++ is not necessarily a horrible language, but it does allow you to write horrible code. You can also write easy to read well organized code that is "good" - it's entirely up to the developer. With great power comes great responsibility, yadda yadda.
You can write really good or really bad code in pretty much any language. Generally if your code ends up unreadable, you are doing it wrong.
That being said, if the semantics of a language tend to encourage people to write horrible code, does it make it a bad language? Good question. Discuss.
So, If some country is hellbent on injecting adverts into every http website; What would stop them from injecting adverts into every https session?
HTTPS?
I was at first going to (try to) be sarcastic and just post the above all on it's own, but maybe there are those out there that don't actually know that the function of the HTTPS protocol is to prevent exactly that. HTTPS ensures that that the browser can have confidence that it is talking to the correct web server on the other end, and that nothing on the network between the browser and the web server can see or alter the information as it goes across the network. In cases where someone tries to alter content (inject advertisements) or send you to a fake website, the browser will warn you that the certificates don't validate.
I suppose if the country had an extreme level of control to the point that they could control what browser you used and what the trusted set of root certificate authorities were configured in the browser and if they could force the ISPs to perform man in the middle attacks, it could happen, but it would take an extreme level of state control.
Slashdot Mirror
I probably should not have used the term "SIM Locked" as its usual meaning is that there is a locked relationship between the SIM and the phone which requires carrier assistance to change. I was thinking about "locking" the relationship between the SIM and your federated or second factor identity. Meaning if your phone got a new SIM (or you got a new phone and SIM), that all the external applications / websites would no longer recognize the phone has an identity factor. In this case you would have to re-establish your identity with your applications (relying parties) via some external process. While this would be inconvenient, it would raise the social engineering bar from simply convincing the carrier that you were who you are trying to impersonate, to convincing the carrier *and* all of the applications. Of course social engineering is still a threat, but by "locking" the SIM to your common identity, you would not have all of your security eggs in one basket as we do now when using the phone / SMS as a single security factor.
So when your SIM card changes do does it count as new identity and do you have to re-authorize applications to use the new identity? The summary lists "SIM card details" as a factor, but doesn't specify if the changing of a SIM invalidates exiting identity / registrations with applications. This is important because without it, you still have the issues of social engineering attacks where the attacker calls up the phone company and says "I have lost my phone, can you activate my replacement phone with this new SIM?", granting the attacker access to your email, text messages which also grants the attacker access to your second factor and password reset procedures.
Setting aside the scary privacy and tracking implications of a common ID baked into the phone, if the identity is locked to the SIM, it would help alleviate the social engineering attacks and make your phone a viable second factor for security operations.
Search engines want the be the source of all information and knowledge. It's reasonable to expect them to be responsible, and I'm sure they would mostly agree.
While it is reasonable to expect responsibility, the challenge is that the definition of "responsible" can vary based on your point of view. If a search engine wants to filter information for correctness or even skew the information they reference to meet their political believes, that should be up to the search engine. Of course if a search information does too much filtering, is too biased, or is viewed by the majority of users as irresponsible, it opens up opportunities for the market to decide that some other engine is better.
My concern is wrapping a legal process around this and using the force of law instead of the force of market to control what a search engine can choose to reference (or not). I agree that in some cases regulation is appropriate for speech (yelling "fire" in a crowed theater as a classic example). It is when you start regulating speech about speech that you get into dangerous territory.
Yeah, that is what I thought.
Personally I think it is insane that a search engine or indexing company should be in any way responsible for pointing to content that is publicly available on the Internet. I can see take down orders to ISPs hosting content (assuming the content is illegal in the jurisdiction where the servers are), but going after people telling you where the content exists is scary.
It's a slippery slope and not that far from making the statement "If you go to the library, you can learn out to build a bomb" illegal.
Oh right. Land sharks.
Humans *are* to blame for all self driving car crashes in California (and everywhere else). Humans are creating the software and hardware to enable self driving cars. Humans are building the cars (or building the machines to build the cars). Humans are driving the manually operated cars that are colliding with the human designed and engineered automated cars. No matter how good or bad the technology is, humans are to blame.
Perhaps the headline should have been Human drivers are to blame for most accidents...
Statistics prove otherwise.
Statistics may prove that *people* are not good drivers or that they are not as good as they think they are. Statistics don't prove that a particular individual driver is not a good driver. Not unless there is sufficient statistical data that was collected on said particular individual.
Statistics may prove that people are not good at math and science, but that doesn't mean that Einstein was bad at math and science.
The point of turn signals is not to engage when the turn is in progress, but to indicate the intent of a turn. Doing it when the drive is pulling on the wheel to make the turn will go against the road rules of many locales.
In the addition, turn signals are supposed to be used whether *or not* there are other cars around. Technically some jurisdictions don't require signaling if there are no other vehicles around, but good driving practices suggest always signaling because 1) you might be wrong about no other vehicles being around (and if you haven't seen the other vehicle that is actually there, your signaling might just give the other driver enough warning that you are about to encroach on their space), and 2) always signaling builds a good habit and reduces one piece of driving cognitive load. If your brain isn't thinking about "do I have to single at this time" it has more cycles to think about other driving safety related issues.
For average daily commute (round trip), the daily time seems off.
Agreed. The numbers indicate that the average commute time in Longview, WA is 48 minutes. You can drive from one side of Longview to the other in 10-15 mins. If you are commuting to Vancouver, WA (Northern edge of the Portland, OR metro area), it would be around 45 mins. So the numbers may be for commutes to the nearest large metropolitan area? They certainly are not for local commutes.
You visually verify that the signature on the ballot envelope matches the signature on the voter registration card. Yes, we do that here for every vote.
That does not audit the election, that is the first and only validation of the initial vote. Once that step FAILS, as it is bound to if the person attempting the fraud is any good at it at all, there is NO way to audit the election. Once you count that ballot, it's counted. There is no way to exclude it from any recount, or to go back and validate it again.
The first validation is the voter registration process itself where the identity of the voter is determined and the baseline signature is obtained. Signature verification on the ballot envelope is the second or subsequent validation. Sure, it's possible that people could fraudulently register to vote. However voter ID regulations don't typically fix this. Voter ID regulations are about showing ID to actually vote, not to register to vote.
Ballots are "fill in the bubble" forms so counting is done by optical readers. Human manual recounting can be performed if necessary.
You apparently missed where I referred to having perfect security after the by-eye signature validation, didn't you? This is irrelevant to the security and integrity of the election if the fraud took place long before you count the ballot.
Didn't miss it. My point isn't about after the signature validation, it is about at the signature validation. I argue that signature validation is sufficient to reduce fraud at the time of the vote. You mentioned concern about fraud that occurs before the vote, which I assume you mean at voter registration time.
I would agree that more stringent procedures could be done to verify voters at voter registration time. That being said, I would want to know that there is actually a statistically significant problem before risking denying or discouraging anyone who is entitled to vote to do so.
Oregon is a state with a lot of logging that supports papermaking plants. It is also a state that mails ballots out to every registered voter, losing all control of where they wind up and who actually votes them. How do you audit a voting system like that?
You visually verify that the signature on the ballot envelope matches the signature on the voter registration card. Yes, we do that here for every vote. After validating the signature and recording the voter as having voted, the ballot is securely separated from the mailing envelope and then counted by another person to ensure vote secrecy. Ballots are "fill in the bubble" forms so counting is done by optical readers. Human manual recounting can be performed if necessary. In my county not only is the signature on the ballot envelope verified with the registration card, the signatures on the last several ballots (from the last several elections) are all compared. If anything is weird, the ballot (still sealed in the envelope) is set aside and the voter is contacted by the elections office.
My Dr. suggested that I take a Vitamin D supplement. I purchased a bottle of 600 capsules at Costco for something like $12. So it costs me less than $10 per year for a little piece of mind. Do I need it? Maybe, maybe not. There is some cost to manufacturing the vitamins and getting them to the store, so it doesn't seem like there is tremendous profit in Vitamin D. Sure, if there are a couple dollars profit per bottle and everyone purchased the supplement, we are talking about decent money, but everyone doesn't purchase the stuff. It seems like a focus on things that almost everyone buys and that has a higher margin (like cable TV, Internet service, cellular service, etc.) would be a better thing to focus on for profit.
Naked I came into this world. I surely can't take anything with me.
While those two statements are true, for everyone's sake, please wear some clothes in the meantime.
I started naked and will probably end up that way, in the meantime I aim to live comfortably. For me living living comfortably includes clothes, a house, a vehicle, tools of my trade, toys (tools for entertainment), etc.
While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results.
While the preliminary results are by definition not final and not official, they do matter. What people *think* the results are can lead to riots. If the preliminary results are radically different than the final results, people lose confidence in the election process. If results (accurate or not) are published prior to the polls closing, people supporting the "winning" candidate may opt not to vote at the last minute, whereas those in support of the "losing" candidate may rush to the polls. If one wanted candidate A to win, they could hack the web server, and publish early results indicating that candidate B was winning, thus encouraging the desired turnout prior to polls closing.
It's marketings job to make people want to buy products with the label. If they're doing their job, the label is big, flashy, and reads something like "Proudly GMO"
It's been done before. Better living through chemistry was DuPont's slogan for almost 50 years. While at the end it may have been kind of a joke, it was a solid marketing effort for a long time.
If for the concessions a city makes (without regard to the negotiation process), will the city be guaranteed 50,000 jobs and $5 Billion in construction, in writing, with legal and financial penalties if it doesn't happen? If not, cities should pass. If the cities will get only some of the jobs and some of the construction dollars, then Amazon should just get some of the tax or other breaks - as dependent on job creation.
If you are a short term trader, it really sucks to have a 20% drop. If you are a long term trader, Facebook as done well. After the IPO it was publicly available for about $40, which makes up up about 350%. The average annual return over the life of the stock is about 27%, well over the market's annual average return of about 10%.
Sounds like due to renewables there is at times extra power that can be stored (by pumping water uphill.) You also need excess water to be pumped uphill. Does California also have this excess water? When you consider the value of the water, does it still make economic sense to put it back behind the dam? I don't know the answer or have an opinion on this, but I do keep hearing about water shortages in California, so it makes me wonder.
Are these miles fully autonomous (meaning no human in the car) or are the miles with assistance (human in the car, ready to take over or "assist")? If with assistance, what is the rate of help the cars get on some sort of statistic that can be compared over time? (Maybe "assists" per 1000 miles or something like that.) The statistic in the headline sounds impressive, but is it?
Test should use a less annoying tone that doesn't scare the hell out of people when driving. So should less-important stuff like weather and Amber alerts. I wonder how many people have been startled into an accident by another Amber or severe weather alert.
The "annoying tone" is actually a data stream that triggers automated equipment. Changing the tone would not trigger (and not test) this equipment. Originally the trigger tone was just two different frequencies mixed together and it turned automated equipment on. Many years ago the trigger tone was updated to be a data stream (think old dial up) that could selectively trigger equipment. I don't know the details, but I assume the data stream contains geographic information as to what physical locations should "trigger" and receive the alert.
My vote will be dependent on who the candidates are in the next election. Since I have no idea who is going to run against Trump next cycle, I really can't say at this point if I would vote for them or not (and if not, if I would vote for Trump or just abstain.) It also isn't guaranteed that Trump will run again; who knows what might happen prior to the next election.
Keep the compiler, keep all the powerful capabilities of C++, and add an alternative syntax - a friendlier one [...] There is your "new" language - C+++.
Go one step farther and make it four pluses, arrange them in two rows of two and you have C#.
Moss Landing generates 1020 MW, net. This battery provides about (182/1020 * 60) 10 minutes of backup capacity. I don't know if it's at all realistic to think you can find and repair a downed power line in 10 minutes.
No but in 10 minutes you may be able to switch to other transmission lines or bring additional generation online. If you can use batteries to buffer the load while other power sources become available, you can avoid brownouts and more importantly cascading failures.
C++ is not necessarily a horrible language, but it does allow you to write horrible code. You can also write easy to read well organized code that is "good" - it's entirely up to the developer. With great power comes great responsibility, yadda yadda.
You can write really good or really bad code in pretty much any language. Generally if your code ends up unreadable, you are doing it wrong.
That being said, if the semantics of a language tend to encourage people to write horrible code, does it make it a bad language? Good question. Discuss.
So, If some country is hellbent on injecting adverts into every http website; What would stop them from injecting adverts into every https session?
HTTPS?
I was at first going to (try to) be sarcastic and just post the above all on it's own, but maybe there are those out there that don't actually know that the function of the HTTPS protocol is to prevent exactly that. HTTPS ensures that that the browser can have confidence that it is talking to the correct web server on the other end, and that nothing on the network between the browser and the web server can see or alter the information as it goes across the network. In cases where someone tries to alter content (inject advertisements) or send you to a fake website, the browser will warn you that the certificates don't validate.
I suppose if the country had an extreme level of control to the point that they could control what browser you used and what the trusted set of root certificate authorities were configured in the browser and if they could force the ISPs to perform man in the middle attacks, it could happen, but it would take an extreme level of state control.