I recently tried out the shield and it's awesome. The only platform I have found where you can seamlessly use Netflix, Plex and Kodi.
Some 'vendor' apps are not available on Android TV yet (Rogers and Bell, I am looking at you!), but it's only a matter of time until they update their existing Android clients to run on Android TV as it gets more popular.
So I have had a replaced lockscreen on my HTC One (M7) for a few months now. It's really annoyed me but I was too lazy to find out what was doing it. I had assumed it was HTC or my phone provider and was just 'happy' being annoyed about it.
Then when I saw this article, I thought it may have been the problem but, alas, I had already removed ES File explorer previously.
It got me to looking and I found out that it was in fact the TouchPal keyboard app doing it on my phone. - http://forums.androidcentral.c...
While I was searching for the above, I found some other apps that had apparently done the same. Dirty dirty dirty:(
I have probably plugged my HTC One M7 in about 10 times a day. No issue whatsoever with the port.
Some people may be unnecessarily rough with their connectors though. Dunno.
One thing I do know is that when they designed micro-usb, they did it such that the male connectors die and not the ports. This was a problem with mini-usb as ports would die rendering devices junk. I have had this failure-by-design on a few cheapie micro-usb cables so I am happy it's workign as expected.
Maybe he meant mini-usb...
I hope usb-c will be turn out to be more resilient, however.
Still running my M7 here and it's doing great. Still fine for gaming too (I only really play Real Racing 3 on it).
Thinking of what to get next and this HTC 10 will be on my list of options. I need to buy outright this time though as I won't be able to retain my good data plan if I get a new contract.
As we all know this was worked around more than a decade ago and all browsers save an ancient Safari outlier are not vulnerable to it.
Yes, but due to the CVSS score, using CBC based ciphers in TLS 1.0 is a fail. Sure, the risks have been mitigated and they are good to use, but you can't if you want to be PCI compliant.
We all know that cipher suites can be turned on and off independent of TLS version.
Yes, but if you turn off the RC4 ciphers and turn off the CBC based ciphers in TLS 1.0, there are no TLS 1.0 browsers that have a compatible cipher. This results in TLS 1.0 browsers no longer working in such a configuration. Hence the problem here.
I would love for someone to provide a reference where in PCI a CVE scoring regime for PCI compliance is even mentioned.
"With a few exceptions (see the Compliance Determination—Overall and by Component section below for details), any vulnerability with a CVSS base score of 4.0 or higher will result in a non-compliant scan, and all such vulnerabilities must be remediated by the scan customer. "
Regardless these problems are not vulnerabilities when you turn off a broken cipher suite and implement workarounds having existed for more than a decade.
Sure, not vulnerabilities, but still a PCI fail due to the NIST CVSS scoring, which is the point here. (Bureaucracy)
I have vague memories of people trying this nonsense but it didn't last long.
Earlier this year when I was researching this, there were very many financial sites that used RC4 ciphers. They had no choice but to do this if they wanted to support TLS 1.0 browsers AND be PCI compliant.
Curse you NIST... or NASA or GEOINT or KGB or whoever for a completely broken chain of incoherent nonsense.
Indeed.
My personal opinion this is a CONSPIRACY.. more trivial work / check boxes for the Nessus button pushers to run while they abstract absurd amounts of cash from their victims.
Not so. I was there when this came about. In fact, I kinda seeded the notion that this had to be dealt with by fixing the CVSS scoring with the NIST. I was just frustrated with the problem and wanted to find a 'correct' fix. But it blew up as explained previously - damn you, NIST.
The change in the PCI compliance was due to the reclassification of a vulnerability. To understand how this came about, you need to consider the following two vulnerabilities.
CVE-2011-3389 has a CVSS v2 Base Score of 4.3. Earlier this year, CVE-2013-2566 had a base score of 2.9.
Any vulnerability with a score higher than 4 is a PCI fail. As a result of this, PCI compliant TLS 1.0 servers were all using RC4 ciphers instead of CBC ciphers - pretty crappy given that BEAST was mitigated long ago and CBC ciphers were generally accepted as more secure than RC4.
So to get around that, someone wrote to the NIST to see if the score for CVE-2011-3389 could be reduced so that system admins could run PCI compliant TLS 1.0 servers without having to resort to the very risky RC4 ciphers. Some said, the NIST never changes CVSS scores so it was pointless, but the request was made.
And this is where it went wrong. Instead of reducing the score for CVE-2011-3389, they INCREASED the score for CVE-2013-2566. It now has a CVSS v2 Base Score of 4.3.:(
This decision by the NIST, essentially put the final nail in the coffin for PCI compliance using TLS 1.0.:(
If you leave insecure connections open for XP clients, you are leaving insecure connections open for anyone as it's likely trivial for the client to say "Yeah, i'm using XP honest, gimme the insecure shit so I can hack away"
Even if you do find a way to leave the insecure protocols in place, it won't do much help as when TLS certificates expire from now onwards, you need to replace them with SHA-2 certificates (The main certificate vendors will no longer create SHA-1 certs for you going forwards). Good luck using an SHA-2 certificate with the XP SP2 SSL libraries:)
Hopefully all the XPs out there are on SP3 and this won't be an issue, but who knows. We are finding plenty of clients still using SP2 and we are just having to cut them off.
This stuff needs to be turned off, sucks to be an XP user. (I loved XP too, but all good things must come to an end).
You can't have an app that uses secure SSL/TLS protocols on XP SP2 or older. It likely won't be long until the same applies to SP3 (i.e. if they disable TLS1.0 - a good idea).
I suppose they could write their own TLS stack into the iTunes product for XP, but that just seems overkill. If an app relies on the system-wide security libraries then you are out of luck supporting this (officially unsupported) OS.
I have no clue if this is the problem at hand but it's a good candidate.
Sounds like we have gone through similar. I too am working on a project and had to take a 'detour' while I learned about GIS. Also ending up with PostGIS, osm2pgsql and huge scads of time looking around the OSM data trying to work out route data & relations.
It's been a taxing ride, but I think I have what I need from the GIS side of things now and can get back to the main part of the app. GIS is a tricky subject field and learning which areas you need to learn is a daunting task in itself when you are a complete newb.
Just fyi, and you may be aware of this as you are getting mails both with & without the period. Gmail essentially ignores them so you can send a mail to yourname@gmail.com, your.name@gmail.com or y.ourna.m....e@gmail.com and they will all work just fine:)
I too have this gmail phenomenon. There are some instances where I have received e-mails from multiple sources, all to the same 'other me' (A little more ambiguous in my case as it's first initial then surname).
Some people just assume they have this e-mail.
And in true spirit of 'there's an XKCD of this', this one was always pretty relevant for me lol... http://xkcd.com/1279/
That's because I don't believe if a god(s) exist or not.
Firstly, that sentence doesn't parse. You can't "not believe if something exists or not", it's like saying "I don't believe if the light is on or off" - you can only KNOW (or not know) if the light is on or off. You can believe it is on, or not believe it is on, or believe it is off, but you cannot believe that it's both on or off (ignoring Schroedingers experiments for now:) )
I think what you mean is - "That's because I don't know if a god(s) exists or not" - In this case, it is a statement of knowledge, not belief - i.e. Agnosticism.
Or maybe you mean "That's because I don't have an opinion on whether or not a god exists or not" (Not meaning to put words in your mouth, just trying to understand what you mean). If this is what you mean, then would I be correct in assuming that you have no belief that a god exists? If so then you are not a theist. If so, then you are by definition an atheist.
You may counter with "Yes, I have no belief that a god exists, but I also have no belief that a god does not exist", but this would still leave you as an atheist due to the first part of your sentence "I have no belief that a god exists". If there was a word for 'belief that a god does not exist' (maybe there is one, I do not know) then you would be an a-that as well.
Poppycock. You can believe in one or more deities and still pray to none.
Yes, and you'd be a theist. However, without contradicting oneself, can you pray to a god without believing that one exists?
I mean, sure, you could say the words of prayer, but if you don't believe there is a god, you aren't *really* praying.
Slashdot Mirror
You mean this?
https://www.youtube.com/watch?...
You mean anti-laboratory.
Not to be confused with an anti-lavatory. Messy.
Good Moning.
THIS!
I recently tried out the shield and it's awesome. The only platform I have found where you can seamlessly use Netflix, Plex and Kodi.
Some 'vendor' apps are not available on Android TV yet (Rogers and Bell, I am looking at you!), but it's only a matter of time until they update their existing Android clients to run on Android TV as it gets more popular.
So I have had a replaced lockscreen on my HTC One (M7) for a few months now. It's really annoyed me but I was too lazy to find out what was doing it. I had assumed it was HTC or my phone provider and was just 'happy' being annoyed about it.
Then when I saw this article, I thought it may have been the problem but, alas, I had already removed ES File explorer previously.
It got me to looking and I found out that it was in fact the TouchPal keyboard app doing it on my phone. - http://forums.androidcentral.c...
While I was searching for the above, I found some other apps that had apparently done the same. Dirty dirty dirty :(
I dunno, make them president?
Now put that camera and console in your pocket. Also, now play games on the console while you are bored, sitting on a train.
I have probably plugged my HTC One M7 in about 10 times a day. No issue whatsoever with the port.
Some people may be unnecessarily rough with their connectors though. Dunno.
One thing I do know is that when they designed micro-usb, they did it such that the male connectors die and not the ports. This was a problem with mini-usb as ports would die rendering devices junk. I have had this failure-by-design on a few cheapie micro-usb cables so I am happy it's workign as expected.
Maybe he meant mini-usb...
I hope usb-c will be turn out to be more resilient, however.
Still running my M7 here and it's doing great. Still fine for gaming too (I only really play Real Racing 3 on it).
Thinking of what to get next and this HTC 10 will be on my list of options. I need to buy outright this time though as I won't be able to retain my good data plan if I get a new contract.
And yes, I think $20/mo is worth it.
What about Disaster Area's ship?
Say What again!
As we all know this was worked around more than a decade ago and all browsers save an ancient Safari outlier are not vulnerable to it.
Yes, but due to the CVSS score, using CBC based ciphers in TLS 1.0 is a fail. Sure, the risks have been mitigated and they are good to use, but you can't if you want to be PCI compliant.
We all know that cipher suites can be turned on and off independent of TLS version.
Yes, but if you turn off the RC4 ciphers and turn off the CBC based ciphers in TLS 1.0, there are no TLS 1.0 browsers that have a compatible cipher. This results in TLS 1.0 browsers no longer working in such a configuration. Hence the problem here.
I would love for someone to provide a reference where in PCI a CVE scoring regime for PCI compliance is even mentioned.
Here you go - Page 22
"With a few exceptions (see the Compliance Determination—Overall and by Component section below for
details), any vulnerability with a CVSS base score of 4.0 or higher will result in a non-compliant scan, and
all such vulnerabilities must be remediated by the scan customer. "
Regardless these problems are not vulnerabilities when you turn off a broken cipher suite and implement workarounds having existed for more than a decade.
Sure, not vulnerabilities, but still a PCI fail due to the NIST CVSS scoring, which is the point here. (Bureaucracy)
I have vague memories of people trying this nonsense but it didn't last long.
Earlier this year when I was researching this, there were very many financial sites that used RC4 ciphers. They had no choice but to do this if they wanted to support TLS 1.0 browsers AND be PCI compliant.
Curse you NIST... or NASA or GEOINT or KGB or whoever for a completely broken chain of incoherent nonsense.
Indeed.
My personal opinion this is a CONSPIRACY.. more trivial work / check boxes for the Nessus button pushers to run while they abstract absurd amounts of cash from their victims.
Not so. I was there when this came about. In fact, I kinda seeded the notion that this had to be dealt with by fixing the CVSS scoring with the NIST. I was just frustrated with the problem and wanted to find a 'correct' fix. But it blew up as explained previously - damn you, NIST.
The change in the PCI compliance was due to the reclassification of a vulnerability. To understand how this came about, you need to consider the following two vulnerabilities.
CVE-2011-3389 (BEAST attack)
CVE-2013-2566 (RC4 ciphers enabled)
CVE-2011-3389 has a CVSS v2 Base Score of 4.3.
Earlier this year, CVE-2013-2566 had a base score of 2.9.
Any vulnerability with a score higher than 4 is a PCI fail. As a result of this, PCI compliant TLS 1.0 servers were all using RC4 ciphers instead of CBC ciphers - pretty crappy given that BEAST was mitigated long ago and CBC ciphers were generally accepted as more secure than RC4.
So to get around that, someone wrote to the NIST to see if the score for CVE-2011-3389 could be reduced so that system admins could run PCI compliant TLS 1.0 servers without having to resort to the very risky RC4 ciphers. Some said, the NIST never changes CVSS scores so it was pointless, but the request was made.
And this is where it went wrong. Instead of reducing the score for CVE-2011-3389, they INCREASED the score for CVE-2013-2566. It now has a CVSS v2 Base Score of 4.3. :(
This decision by the NIST, essentially put the final nail in the coffin for PCI compliance using TLS 1.0. :(
You are in luck! Your three words are:
off.the.radar
I think you missed my meaning about the cert. When they renew the cert for the online service, it will have to be an SHA-2 cert.
The Win XP SP2 network stack does not support SHA-2 certs, you cannot connect.
If you leave insecure connections open for XP clients, you are leaving insecure connections open for anyone as it's likely trivial for the client to say "Yeah, i'm using XP honest, gimme the insecure shit so I can hack away"
Even if you do find a way to leave the insecure protocols in place, it won't do much help as when TLS certificates expire from now onwards, you need to replace them with SHA-2 certificates (The main certificate vendors will no longer create SHA-1 certs for you going forwards). Good luck using an SHA-2 certificate with the XP SP2 SSL libraries :)
Hopefully all the XPs out there are on SP3 and this won't be an issue, but who knows. We are finding plenty of clients still using SP2 and we are just having to cut them off.
This stuff needs to be turned off, sucks to be an XP user. (I loved XP too, but all good things must come to an end).
This.
You can't have an app that uses secure SSL/TLS protocols on XP SP2 or older. It likely won't be long until the same applies to SP3 (i.e. if they disable TLS1.0 - a good idea).
I suppose they could write their own TLS stack into the iTunes product for XP, but that just seems overkill. If an app relies on the system-wide security libraries then you are out of luck supporting this (officially unsupported) OS.
I have no clue if this is the problem at hand but it's a good candidate.
Sounds like we have gone through similar. I too am working on a project and had to take a 'detour' while I learned about GIS. Also ending up with PostGIS, osm2pgsql and huge scads of time looking around the OSM data trying to work out route data & relations.
It's been a taxing ride, but I think I have what I need from the GIS side of things now and can get back to the main part of the app. GIS is a tricky subject field and learning which areas you need to learn is a daunting task in itself when you are a complete newb.
Thank you!
I still think of this game EVERY time I see the ROTT13 joke lol.
Good grief. Is this really the interior of a flying saucer?
It is a bypass! You've got to build bypasses!
Just fyi, and you may be aware of this as you are getting mails both with & without the period. Gmail essentially ignores them so you can send a mail to yourname@gmail.com, your.name@gmail.com or y.ourna.m....e@gmail.com and they will all work just fine :)
I too have this gmail phenomenon. There are some instances where I have received e-mails from multiple sources, all to the same 'other me' (A little more ambiguous in my case as it's first initial then surname).
Some people just assume they have this e-mail.
And in true spirit of 'there's an XKCD of this', this one was always pretty relevant for me lol... http://xkcd.com/1279/
Yeah this, lol. My employer just finished with the Win7 rollout last year!
And on my personal device, I have not had any desire to leave Win7 as of yet. I skipped over Vista so I will likely do the same with 8.
That's because I don't believe if a god(s) exist or not.
Firstly, that sentence doesn't parse. You can't "not believe if something exists or not", it's like saying "I don't believe if the light is on or off" - you can only KNOW (or not know) if the light is on or off. You can believe it is on, or not believe it is on, or believe it is off, but you cannot believe that it's both on or off (ignoring Schroedingers experiments for now :) )
I think what you mean is - "That's because I don't know if a god(s) exists or not" - In this case, it is a statement of knowledge, not belief - i.e. Agnosticism.
Or maybe you mean "That's because I don't have an opinion on whether or not a god exists or not" (Not meaning to put words in your mouth, just trying to understand what you mean). If this is what you mean, then would I be correct in assuming that you have no belief that a god exists? If so then you are not a theist. If so, then you are by definition an atheist.
You may counter with "Yes, I have no belief that a god exists, but I also have no belief that a god does not exist", but this would still leave you as an atheist due to the first part of your sentence "I have no belief that a god exists". If there was a word for 'belief that a god does not exist' (maybe there is one, I do not know) then you would be an a-that as well.
Poppycock. You can believe in one or more deities and still pray to none.
Yes, and you'd be a theist. However, without contradicting oneself, can you pray to a god without believing that one exists?
I mean, sure, you could say the words of prayer, but if you don't believe there is a god, you aren't *really* praying.