As I said, if it's not using WiFi (the WiFi vulnerability can be exploited by anyone in broadcast range, even if they're not on the same network), and if it's not ever connected to a network with untrusted devices (some of the network stack vulnerabilities can be exploited by anyone who can send packets on your network), then you're probably fine. As long as your in-house appliance is on a trusted network with no external access and no data coming in from outside, then you're fine.
Thinking about it a bit more, Amazon does tailor the recommendations to you, so maybe the people who are complaining are ones that the recommendations algorithm has decided are terrorists.
The surprising thing is that enough people were buying bomb-making ingredients together to train their algorithm. Most things that you use to make bombs are dual-use items, and I'd expect a lot more people to have been buying them to not make bombs than were buying them to make bombs.
I don't argue that phones have crappy support lifetimes, but I contest the assertion that Apple is particularly bad at this. They're probably the least bad of the bunch in terms of first-party support, though that's not a very high bar.
If you run it inhouose as appliance... what exactly is insecure then?
Does it connect to the WiFi? If so, the vulnerability in the WiFi firmware that allows an attacker to run arbitrary privileged code probably matters. Do you use the web browser? If so, there are several known Safari vulnerabilities that could be exploited if you look at any pages other than ones that you control. Do you allow anything (including WebGL) to access a GPU context? If so, you might care about the (several) memory management vulnerabilities in the kernel's part of the graphics stack that allow privilege escalation (and therefore sandbox escape).
If it's only running trusted software on a trusted network with trusted users, then it's probably fine. Otherwise... take a look at the security vulnerabilities that Apple publishes with each security update and ask yourself how many of those you'd be happy to leave unpatched.
My issue is physics... do you have any idea how much energy it takes to make something fly?
The theoretical best case: none. You gain gravitational potential energy taking off, you lose it again coming down. You gain kinetic energy accelerating, you lose it again decelerating. Practically, you probably don't get any of the potential energy back when landing, so getting a 500kg craft up to 1km requires around 5MJ (about 1.4kWh). Once you're up, it gets more complicated because you can either do the helicopter or rocket thing (displace air or propellant directly downwards to generate lift), or the fixed-wing thing of trading lift for drag.
In terms of fuel economy, large airliners beat cars in fuel consumption per passenger-mile, but they have economies of scale (they don't, for example, beat trains) that are lost in smaller aircraft. For example, a microlight (in the UK, under 450Kg dry weight) typically gets around 10km per litre, so 10L/100km. To put that in perspective in the US, the average for cars is around 6.6L/100km, in the EU it's 5L/km. That said, planes can travel in a straight line, whereas cars often have to go a long away around obstacles to follow roads, so the numbers are a bit closer when you compare point-to-point distances.
You're complaining about usability in the mail app on iOS? This is probably the poster child for poor UI design (hey, let's make phishing easier by having no way of displaying the actual From address, only whatever the sender put as their name!). Anything that Apple did to make it worse in iOS 11 is in the noise.
The real problem is that, after Apple stops providing security updates, the bootloader is still locked and there's no possibility of ever running another OS on the device. The iPad 2 is fairly underpowered by modern standards. It has a dual-core ARM Cortex A9 (in-order, dual issue) at 1GHz and 512MB of RAM. There are still a lot of things that it could do. We've got an old tablet mounted on the wall reading the output from our Jenkins server, for example. It needs to run a web browser and render some simple HTML. An iPad 2 is fine for this kind of thing, or to control a MusicPD server, or for a myriad of uses where being small and portable are the only real requirements, but Apple forces you to either run a known insecure OS or throw them away.
How many phones run Windows 7? My partner had a Nokia Lumina 1020 that came with Windows Phone 8 in 2013. It got an upgrade to Windows Phone 8.1 some time in 2014. It hasn't had security updates for well over a year. I think it got somewhere between 2 and 3 years of security updates, for a fairly high-end Windows Phone device.
The nicest way of doing this would be to add a permission to see MAC addresses. The problem is then explaining this to most end users. If you have too many permissions, users get into the habit of simply approving all of the ones that they don't understand. Given the ratio of apps that use the MAC address for useful-to-the-user purposes vs apps that use the MAC address for spying on the user, I can't immediately think of a way of doing this that would work well.
I wonder what the real world is, because even half that should be enough for a city bus (500 miles = 20 hours at 25 mph).
That depends on how efficient the regenerative breaking is. The big efficiency killer for busses is the frequency of stops. Going fast doesn't take much energy in a streamlined vehicle, but accelerating does.
The problem is revocation. If I steal your smartcard, I can immediately transfer all of your money elsewhere. You need to race me to your backup and transfer all of your money to another wallet before I can steal it. If I steal your debit card then your bank can simply reverse the transactions.
This is both the advantage and disadvantage of block chains. They're immutable public ledgers. Once a transaction has gone through and the network has agreed that it's taken place, it is public and irreversible. This is great for some things, but not so great for financial transactions where some percentage are expected to be fraudulent.
Part of the problem with that logic is that people use SMS as a second factor when the client is the phone. In that case, it's just a second channel. It's hard to compromise both the SMS and the IP channels, unless you've compromised the endpoint, and that's one of the use cases where 2FA is supposed to actually help: if someone has malware on your computer, needing your phone to log in limits the damage that they can do. If someone compromises your phone, then needing your phone to log in gives them complete control.
SMS is intended for two-factor authentication when the phone is a thing that you have and is separate from the thing that you know. The problem that TFA points out is that 'having the phone' and 'being the only one who can receive SMS to that number' are not even slightly the same thing. The other problem is that an increasing amount of stuff is done on the phone, so the phone stops being a separate 'something you have' and is just your terminal, which is as likely to be controlled by the attacker as any other terminal (probably more so, given how many run unpatched operating systems with known vulnerabilities).
In theory, you are correct. In practice, keeping a private key that controls access to real money secret is very difficult and with most such systems if you have access to someone's private key then you have complete and permanent control over their accounts. If I steal your credit card and make some fraudulent transactions, the Visa (or whoever) can reverse those transactions and won't be able to take the money from me. This is guaranteed by law in a lot of places (even for debit cards though not, I believe, in the USA). In contrast, if I steal your private key (or the card that it's embedded in), then I can immediately transfer all of your money to another account over which you have no control. There is a public ledger saying where that account went, but there's no mechanism for retrieving the money and it can be accessed from any jurisdiction in the world, so I can take it to a market in any country in the world to convert it into local currency and then take that money to another exchange and convert it back into the cryptocurrency, at which point it's untraceable. I may pay a big transaction fee, but I don't care, because it's your money.
To stop me from doing this, you must keep your private key secure. For most people, this probably means having a bank store it in their vault and carrying around the private key for a smaller wallet that doesn't have access to most of your money.
In the UK, you can't smoke in a pub, but you can smoke in the pub's garden (which is typically an enclosed space with no wind, so a good place for passive smoking) and you can smoke just outside the door, so non-smokers have to walk through a thick cloud of smoke to get inside. Actually, Dublin was worse for this than anywhere I've been in the UK: a load of pubs had a dozen or more people huddled around the doorway smoking.
It probably depends on where in China. I was in Xi'an and there were a lot of taxis there. They mostly spoke little or no English and I speak approximately no Mandarin, but it was still possible to haggle via Google Translate. They seemed to enjoy the haggling a lot, so I'd do a moderate amount, but when their opening offer for a taxi ride to the airport that's about an hour's drive away works out at about $30, there would be little incentive for me to try hard even if I were the one paying. Oh, and they all took cash.
Entirely correct, though it's worth noting that J9 does look pretty interesting as a JIT. I've reviewed quite a few paper from IBM recently about it that mostly ended up being rejected on the grounds that J9 was an internal IBM thing and there wasn't much reproduceable science in them. IBM seems to be doing quite a lot of research on top of J9. Hopefully, open sourcing it will encourage other researchers to look at it.
I turned off my voicemail a few years ago. It combines the worst aspects of email and telephones: it's not instant and it's not easily searchable. If you call me and I don't answer, then it means that I'm not paying attention to my phone. The primary purpose of old answering machines was to let you know that you'd missed a call and who it was from, but I get that information far more concisely from the call log on my phone now.
You are an engineer and you can't afford $40/month for a cheap plan?
First: $40/month is a cheap plan?!?! How much do expensive plans cost where you live?
Second, there are lots of things I could do with $40/month, and there are far more things that cost $40/month than I could afford if I decided to buy all of them. Budgeting isn't usually a question of 'can I afford X?', it's 'is the value of X to me greater than the cost of X?' Unless you have so much money that you can buy anything that you might ever want (including a warehouse to store all of our crap in, and some servants to keep it sorted), then 'can't you afford X?' is the wrong question.
In the UK, you don't need a mobile to receive SMS - if they're sent to a landline they'll be read out using text-to-speech (sometimes with amusing results). That said, in the UK, there's no landline plan that works out cheaper than having a mobile, so not having a mobile means either living somewhere where BT is the sole supplier for broadband and getting the landline because they refuse to unbundle their offerings, or having no phone at all.
Upon checking out the next morning, I asked the desk agent what a taxi ride from SFO should run... she gave a range which was ~50% less than what I had paid.
I've noticed that most US hotels have no idea how much taxis cost, as a policy as part of their advertising - people are far likely to stay somewhere that's a $20 taxi ride from the airport than one that's a $40 taxi ride. I've taken to doubling their estimates and found that this usually gives me a pretty accurate number.
My mother was at a company business event and later noted that the taxi had charged her card $5 more than what was on her receipt
That's usually nice and easy to fix: call the card company, send them a copy of the receipt, and they'll cancel the payment in full. It's then up to the taxi company to try to get it back from you, which can be hard if you've left the country.
I rode in an Uber (my second, the first was to my destination that morning) on my ride back to the airport... it cost 1/4th what the taxi did.
I've had a similar experience visiting Redmond. I thought I'd save some money by taking the bus to the nearest bus stop and then a taxi the rest of the way. The bus didn't give change (or take credit cards), so I was overcharged there. The 5-minute taxi ride then cost almost $15 more. Uber on the way back cost about $25 - only slightly more than the bus plus taxi.
If you're running a conference and you want people to present on your computer, then macOS makes the most sense. It can happily be configured to display PowerPoint, Keynote, {Libre,Open}Office, Google Docs, or PDF presentations and can be tested with all of these in advance. Any other platform is going to lose at least one of these options and end up with cranky speakers sulking that they can't use their fancy animations. Of course, PowerPoint doesn't embed fonts by default anymore, so the PowerPoint slide decks will look crappy if they use any custom fonts...
Unfortunately, no macro preprocessor or templating system at all which means that everyone invents their own. I've seen Java code that had sed, awk, Perl, Python, and Ruby as preprocessing steps (and a few projects that used more than one).
Slashdot Mirror
As I said, if it's not using WiFi (the WiFi vulnerability can be exploited by anyone in broadcast range, even if they're not on the same network), and if it's not ever connected to a network with untrusted devices (some of the network stack vulnerabilities can be exploited by anyone who can send packets on your network), then you're probably fine. As long as your in-house appliance is on a trusted network with no external access and no data coming in from outside, then you're fine.
Thinking about it a bit more, Amazon does tailor the recommendations to you, so maybe the people who are complaining are ones that the recommendations algorithm has decided are terrorists.
The surprising thing is that enough people were buying bomb-making ingredients together to train their algorithm. Most things that you use to make bombs are dual-use items, and I'd expect a lot more people to have been buying them to not make bombs than were buying them to make bombs.
I don't argue that phones have crappy support lifetimes, but I contest the assertion that Apple is particularly bad at this. They're probably the least bad of the bunch in terms of first-party support, though that's not a very high bar.
If you run it inhouose as appliance ... what exactly is insecure then?
Does it connect to the WiFi? If so, the vulnerability in the WiFi firmware that allows an attacker to run arbitrary privileged code probably matters. Do you use the web browser? If so, there are several known Safari vulnerabilities that could be exploited if you look at any pages other than ones that you control. Do you allow anything (including WebGL) to access a GPU context? If so, you might care about the (several) memory management vulnerabilities in the kernel's part of the graphics stack that allow privilege escalation (and therefore sandbox escape).
If it's only running trusted software on a trusted network with trusted users, then it's probably fine. Otherwise... take a look at the security vulnerabilities that Apple publishes with each security update and ask yourself how many of those you'd be happy to leave unpatched.
My issue is physics... do you have any idea how much energy it takes to make something fly?
The theoretical best case: none. You gain gravitational potential energy taking off, you lose it again coming down. You gain kinetic energy accelerating, you lose it again decelerating. Practically, you probably don't get any of the potential energy back when landing, so getting a 500kg craft up to 1km requires around 5MJ (about 1.4kWh). Once you're up, it gets more complicated because you can either do the helicopter or rocket thing (displace air or propellant directly downwards to generate lift), or the fixed-wing thing of trading lift for drag.
In terms of fuel economy, large airliners beat cars in fuel consumption per passenger-mile, but they have economies of scale (they don't, for example, beat trains) that are lost in smaller aircraft. For example, a microlight (in the UK, under 450Kg dry weight) typically gets around 10km per litre, so 10L/100km. To put that in perspective in the US, the average for cars is around 6.6L/100km, in the EU it's 5L/km. That said, planes can travel in a straight line, whereas cars often have to go a long away around obstacles to follow roads, so the numbers are a bit closer when you compare point-to-point distances.
I will accept 'folds up small and light enough to carry in one hand' as an adequate substitute for 'drives on the road'.
You're complaining about usability in the mail app on iOS? This is probably the poster child for poor UI design (hey, let's make phishing easier by having no way of displaying the actual From address, only whatever the sender put as their name!). Anything that Apple did to make it worse in iOS 11 is in the noise.
The real problem is that, after Apple stops providing security updates, the bootloader is still locked and there's no possibility of ever running another OS on the device. The iPad 2 is fairly underpowered by modern standards. It has a dual-core ARM Cortex A9 (in-order, dual issue) at 1GHz and 512MB of RAM. There are still a lot of things that it could do. We've got an old tablet mounted on the wall reading the output from our Jenkins server, for example. It needs to run a web browser and render some simple HTML. An iPad 2 is fine for this kind of thing, or to control a MusicPD server, or for a myriad of uses where being small and portable are the only real requirements, but Apple forces you to either run a known insecure OS or throw them away.
How many phones run Windows 7? My partner had a Nokia Lumina 1020 that came with Windows Phone 8 in 2013. It got an upgrade to Windows Phone 8.1 some time in 2014. It hasn't had security updates for well over a year. I think it got somewhere between 2 and 3 years of security updates, for a fairly high-end Windows Phone device.
The nicest way of doing this would be to add a permission to see MAC addresses. The problem is then explaining this to most end users. If you have too many permissions, users get into the habit of simply approving all of the ones that they don't understand. Given the ratio of apps that use the MAC address for useful-to-the-user purposes vs apps that use the MAC address for spying on the user, I can't immediately think of a way of doing this that would work well.
I wonder what the real world is, because even half that should be enough for a city bus (500 miles = 20 hours at 25 mph).
That depends on how efficient the regenerative breaking is. The big efficiency killer for busses is the frequency of stops. Going fast doesn't take much energy in a streamlined vehicle, but accelerating does.
The problem is revocation. If I steal your smartcard, I can immediately transfer all of your money elsewhere. You need to race me to your backup and transfer all of your money to another wallet before I can steal it. If I steal your debit card then your bank can simply reverse the transactions.
This is both the advantage and disadvantage of block chains. They're immutable public ledgers. Once a transaction has gone through and the network has agreed that it's taken place, it is public and irreversible. This is great for some things, but not so great for financial transactions where some percentage are expected to be fraudulent.
Part of the problem with that logic is that people use SMS as a second factor when the client is the phone. In that case, it's just a second channel. It's hard to compromise both the SMS and the IP channels, unless you've compromised the endpoint, and that's one of the use cases where 2FA is supposed to actually help: if someone has malware on your computer, needing your phone to log in limits the damage that they can do. If someone compromises your phone, then needing your phone to log in gives them complete control.
SMS is intended for two-factor authentication when the phone is a thing that you have and is separate from the thing that you know. The problem that TFA points out is that 'having the phone' and 'being the only one who can receive SMS to that number' are not even slightly the same thing. The other problem is that an increasing amount of stuff is done on the phone, so the phone stops being a separate 'something you have' and is just your terminal, which is as likely to be controlled by the attacker as any other terminal (probably more so, given how many run unpatched operating systems with known vulnerabilities).
In theory, you are correct. In practice, keeping a private key that controls access to real money secret is very difficult and with most such systems if you have access to someone's private key then you have complete and permanent control over their accounts. If I steal your credit card and make some fraudulent transactions, the Visa (or whoever) can reverse those transactions and won't be able to take the money from me. This is guaranteed by law in a lot of places (even for debit cards though not, I believe, in the USA). In contrast, if I steal your private key (or the card that it's embedded in), then I can immediately transfer all of your money to another account over which you have no control. There is a public ledger saying where that account went, but there's no mechanism for retrieving the money and it can be accessed from any jurisdiction in the world, so I can take it to a market in any country in the world to convert it into local currency and then take that money to another exchange and convert it back into the cryptocurrency, at which point it's untraceable. I may pay a big transaction fee, but I don't care, because it's your money.
To stop me from doing this, you must keep your private key secure. For most people, this probably means having a bank store it in their vault and carrying around the private key for a smaller wallet that doesn't have access to most of your money.
In the UK, you can't smoke in a pub, but you can smoke in the pub's garden (which is typically an enclosed space with no wind, so a good place for passive smoking) and you can smoke just outside the door, so non-smokers have to walk through a thick cloud of smoke to get inside. Actually, Dublin was worse for this than anywhere I've been in the UK: a load of pubs had a dozen or more people huddled around the doorway smoking.
It probably depends on where in China. I was in Xi'an and there were a lot of taxis there. They mostly spoke little or no English and I speak approximately no Mandarin, but it was still possible to haggle via Google Translate. They seemed to enjoy the haggling a lot, so I'd do a moderate amount, but when their opening offer for a taxi ride to the airport that's about an hour's drive away works out at about $30, there would be little incentive for me to try hard even if I were the one paying. Oh, and they all took cash.
Entirely correct, though it's worth noting that J9 does look pretty interesting as a JIT. I've reviewed quite a few paper from IBM recently about it that mostly ended up being rejected on the grounds that J9 was an internal IBM thing and there wasn't much reproduceable science in them. IBM seems to be doing quite a lot of research on top of J9. Hopefully, open sourcing it will encourage other researchers to look at it.
All cell phones have answering machines
I turned off my voicemail a few years ago. It combines the worst aspects of email and telephones: it's not instant and it's not easily searchable. If you call me and I don't answer, then it means that I'm not paying attention to my phone. The primary purpose of old answering machines was to let you know that you'd missed a call and who it was from, but I get that information far more concisely from the call log on my phone now.
You are an engineer and you can't afford $40/month for a cheap plan?
First: $40/month is a cheap plan?!?! How much do expensive plans cost where you live?
Second, there are lots of things I could do with $40/month, and there are far more things that cost $40/month than I could afford if I decided to buy all of them. Budgeting isn't usually a question of 'can I afford X?', it's 'is the value of X to me greater than the cost of X?' Unless you have so much money that you can buy anything that you might ever want (including a warehouse to store all of our crap in, and some servants to keep it sorted), then 'can't you afford X?' is the wrong question.
In the UK, you don't need a mobile to receive SMS - if they're sent to a landline they'll be read out using text-to-speech (sometimes with amusing results). That said, in the UK, there's no landline plan that works out cheaper than having a mobile, so not having a mobile means either living somewhere where BT is the sole supplier for broadband and getting the landline because they refuse to unbundle their offerings, or having no phone at all.
Upon checking out the next morning, I asked the desk agent what a taxi ride from SFO should run... she gave a range which was ~50% less than what I had paid.
I've noticed that most US hotels have no idea how much taxis cost, as a policy as part of their advertising - people are far likely to stay somewhere that's a $20 taxi ride from the airport than one that's a $40 taxi ride. I've taken to doubling their estimates and found that this usually gives me a pretty accurate number.
My mother was at a company business event and later noted that the taxi had charged her card $5 more than what was on her receipt
That's usually nice and easy to fix: call the card company, send them a copy of the receipt, and they'll cancel the payment in full. It's then up to the taxi company to try to get it back from you, which can be hard if you've left the country.
I rode in an Uber (my second, the first was to my destination that morning) on my ride back to the airport... it cost 1/4th what the taxi did.
I've had a similar experience visiting Redmond. I thought I'd save some money by taking the bus to the nearest bus stop and then a taxi the rest of the way. The bus didn't give change (or take credit cards), so I was overcharged there. The 5-minute taxi ride then cost almost $15 more. Uber on the way back cost about $25 - only slightly more than the bus plus taxi.
If you're running a conference and you want people to present on your computer, then macOS makes the most sense. It can happily be configured to display PowerPoint, Keynote, {Libre,Open}Office, Google Docs, or PDF presentations and can be tested with all of these in advance. Any other platform is going to lose at least one of these options and end up with cranky speakers sulking that they can't use their fancy animations. Of course, PowerPoint doesn't embed fonts by default anymore, so the PowerPoint slide decks will look crappy if they use any custom fonts...
No dirty macro preprocessor
Unfortunately, no macro preprocessor or templating system at all which means that everyone invents their own. I've seen Java code that had sed, awk, Perl, Python, and Ruby as preprocessing steps (and a few projects that used more than one).