The gestures could easily be "learned" from the user. There is no reason that the gestures need to remain predefined. So if you tap your desk you would probably want to unbind tap gestures and re-bind them to something more suitable to your personal preferences. I do think it would be difficult to tell the difference between users. It might be possible that some characteristics of the user's scratch are distinct enough to identify them uniquely. It might require a better input sensor to get that level of sensitivity. Speculating at this point. There is a lot of information embedded in the scratch. If the input system had more than one sensor it seems likely that position on the surface could be determined as well, potentially giving even more clues as to the identity.
--
The original voice recognition first available in Mac OS 7 is still supported in OS X. Just go to the speech control panel and turn it on. There is an API (that I am not sure is still supported) that allow(ed) creation of custom command trees using either predefined words in the recognition dictionary, or developer defined entries using the same phonetic symbol set that the text-to-speech system uses. The speech recognition system was designed to be command oriented and is not capable of continuous speech recognition. The user dictionary tree can be configured to handle arbitrarily complex grammars, but there is a trade off between complexity and accuracy of recognition. The more words that need to be recognized at a node the worse the accuracy might be depending on how distinct the words are to the recognition core.
You can specify a user defined modifier key binding to prompt the recognition system. There is also no reason you couldn't use a head-set mic, and adjust the gain for close micing to prevent cross-talk between systems, or to avoid contamination from ambient noise.
The attention phrase is optional, as well as user definable. Almost any word or short phrase works reasonably well. You might have to play with the spelling of it to get a good hit rate. In OS 7 you could use the phonetic symbols directly in the text field to get a more precise pronunciation match. I have not looked to see if the phonetic input method still works in OS X. By defining sufficiently unique attention phrases, multiple systems could easily be listening to the same user, assuming ambient noise is not an issue.
The system is designed to be speaker neutral, so don't expect it to identify specific voices, though for app developers it might be possible monitor the audio input channel for voice traits.
The most useful application I ever saw the speech input system used for was the Apple Telephone Interface. The system supported inbound voice mail, a phone robot that could be programmed in AppleScript, and a Fax-modem. It ran as a background task on OS 8.X and OS 9.x and could use voice commands and touch tone inputs from the inbound call, as well as make calls. It could use voice prompts composed of predefined sound files (a large library was included), user supplied sound files, or via the Text-To-Speech converter. I don't believe that the app would work under OS X, but the potential that a telephone interface could be created for OS X is still there since the relevant APIs still exist for the most part.
In the "A Book of Five Rings" by Miyamoto Musashi, the author describes a situation where an opponent might be too powerful to defeat with a decisive attack. Musashi, in such a situation advocates applying the principle of "Death by a thousand cuts."
Applying this idea to Microsoft we can look at each of the various factors that is 'cutting' their profit growth, and see that the powerful giant that cannot be struck a decisive blow, would appear to be slowly bleeding out.
The 9th Appellate court recently ordered the State of California to come up with a plan to reduce their prison population by at least 27% over the next 2 to 3 years. http://www.nytimes.com/2009/08/05/us/05calif.html?hp
The order recommends, among many things, a drastic reduction in sentencing non-violent criminals to prison terms. So far the CA AG has taken the position that he will force an appeal to the Supreme Court to fight this ruling. Most Republican/Law and Order mouth-pieces in the State are screaming about the Fed over-reaching it's authority and meddling in State's rights.
Let's see, State violates well established Federal prohibition on cruel and unusual treatment of prison inmates due to gross negligence, over crowding, and over-zealous enforcement/sentencing. Previous order in 2005 is upheld on appeal, but CA GA and Governator pretty much succeed in undermining attempts by court appointed stewards to reform the state prison system.
Now the State has been ordered again on the same cases that appeal failed to stop in 2005. CA GA and the Governator again refuses to cooperate.
The DMCA is pretty clear.... good law or bad law, it is the law. This kid is probably going to get convicted, mostly for being a stoopid git. Hopefully the 9th Circuit order will lead to this kid getting no more than fines and home detention; a more reasonable sentence fitting of the 'crime.'
Look, ae1294, attacking my credibility is a bullshit debating tactic.
You clearly don't understand the practical limitations of working in computing spaces so small that there is nowhere near enough room for printf(), let alone any useful subset of glibc. Some of these systems are so resource constrained that they cannot be programmed in anything but their native machine language. They simply do not have the resources to handle the overhead of even a minimal C-runtime. For most HID implementations, it takes a significant amount of shoehorning to get a USB stack running, and still have enough room for your app.
To be sure, drive-by re-flashing of peripherals is a serious threat. However, the demoed exploit on this particular keyboard doesn't get an attacker very far. There is plenty of low hanging fruit at the OS level, making such exploits largely an academic exercise.
Hardware vendors do need to start taking more proactive steps to secure their firmware upgrade processes. And the approach could be very simple in some cases, or very difficult depending on the amount of user interaction that the OEM is willing to risk. Typically more user interaction is risky as it can cause bricking, or increased support calls from users who do not understand the steps.
Keyboards, and many HID units are extremely cost sensitive products. Adding the extra code space, and ram to implement robust re-flash authentication might easily break the budget for the device. In most cases the risk that an attacker can deploy a viable exploit (as opposed to a tech demo) is very low.
For larger embedded peripherals, with more substantial resources, present a higher risks to the host. I believe that authenticated re-flashing is eventually going to be mandatory. From a business perspective, the potential for increased customer support issues due to compromised peripherals is going to be the driver. User security rides shotgun in that analysis.
I worry more about having my RAID controller, HDD, DVD, video card, or BIOS re-flashed, than my keyboard. Those devices present a greater win for an attacker than an HID unit.
These attacks all require that the host is already profoundly compromised. If an attacker already has your system by the 'short hairs' why bother with trying to shoehorn additional malware into a small subset of exploitable peripherals the target might have attached to the system? The system is already pwnd. Beyond hooking the BIOS, which is also a dubious exploit at best, why would a criminal dev team bother?
As much as people complain about the iPhone being a closed platform, the fact that it can be jailbroken shows how difficult and expensive securing an embedded system can be, and how little comparable effort a determined attacker needs to expend.
The key point here is motivation. For a keyboard exploit I just don't see that it's going to generate much motivation.
In the late 80's and early 90's Seagate went from a respected leader to Seize-Gate, and Sleaze-Gate the worst and least trusted manufacturer of HDD in the market. During that time one of their minor competitors, Quantum became a dominant manufacturer for SCSI drives and Western Digital was able to jump in on the IDE side. During that time Seagate had to cut their prices below profitability just to stay in the game.
It took almost a decade for Seagate to restore their reputation, and by then the market had a number of strong competitors.
In my experience, it will only take one serious screwup on Intel's part to put them on the sidelines of the market. While I don't think this bug is going to kill their reputation, it's a sign they need to tighten up their QA processes right quick.
It's going to give itself away pretty quickly. And with all the XSS going around these days, you think a semi savvy user isn't going to notice a sudden unexpected redirect? My history is going to point to the domain I visited, and contain the URL the hackeyboard built.... I would quickly change my keyboard and hunt the asshat down. "Release the hounds!!!!"
I type URLs by hand in a lot of different contexts... about half of which are not directed at the browser. So it wouldn't take long for this exploit to get caught adding text to a URL in the wrong context.
And you can tell me to think outside the box all you want, but the exploit and it's cockroach-ninja state machine have to fit INSIDE a very tiny box that has almost no resources to support such code.
This exploit doesn't get to log enough keystrokes to get more than my local password and a few sentences of my first email of the day. The state machine would have a rough time figuring out what to keep and what to junk due to it's very limited foot print.
Maybe you should look into it? Developing firmware for embedded systems is something I do as a regular part of my life. And evaluating how these peripheral systems interact with hosts is essential information in assessing a new threat. To be fair I didn't expect this specific attack, but at the same time it did not surprise me.
It's been possible for a long time to conscript peripherals. So why hasn't it been more common? Key reason..... too many unknowns.
And how is a passive device like an HID going to get notified that the host is ready to accept input and which input it is expecting to receive? HID has no visibility to the context of the rest of the system that it is attached to. That information can only come from the monkey at the keyboard. And if the monkey sees said HID doing something when it should not be.... and again the HID has no idea if the monkey is watching, then how is it going to pull of taking over, with less than 1K of code space? While atm there is a potential threat for keylogging.... not much more would fit in the margins.
I do not see a keyboard getting more resources than it has now. The economics of a keyboard will not allow for it.... Typically the resources for a specific function diminish over time to save costs.
While other devices will be compromised each in turn to create new vectors, how is any different than what is going on now in the OS space?
Just because some highly skilled Blackhat finds, and demo's a half-assed exploit, does not mean that that it's going to be practical to exploit on a larger scale....
That the exploit was demoed on a Mac is more telling than the notion that any number of non-mac systems are vulnerable to the same exploit.
As other's have pointed out this exploit can only be applied when your system has already been compromised by a far more serious threat. Ignoring that potential makes any further discussion of this vector moot.
While I have no doubt I could make you a sandwich that you would find appealing, I have considerable doubts about making music that you would enjoy. Many attempt the sandwich and succeed. Many attempt music and fail.
" It's like getting the death penalty for stealing a CD (note, by the way--downloading music is not the same as stealing a CD--that record store had to pay for that CD)." I tend to think of it more as the financial equivalent of having one's hand cut off.
Bankruptcy won't ameliorate the debt, so this kid is going to be hamstrung for the rest of his life if he gets a multi-million dollar judgement against him.
People don't die from poverty it just makes life suck for a long time.
"Oh please, this has nothing to do with lobbyists having more power that the people. The voters clearly do not care about this issue. During this last presidential election process, did anyone at any campaign event or town hall ever ask about eliminating or reducing the penalties for copyright infringement? No. People just do see this as a problem."
I strongly disagree with your position. The town hall forum gets stacked by the candidate and their handlers. They decide who is going to be invited, and set the tone for the 'discussion'. Additionally the media is gonna sound bite the record of such an event, and they don't want the issue raised in anyone's mind either. Any discussion of it in the town hall is going to end up on the cutting room floor.
Politicians don't want to hear it, or answer to it, because it puts their ability to court the **AA lobbyists for campaign funds, and other perks at risk. The news media doesn't want it heard lest it resonates into a loud enough clamor that they cannot squelch it through the editorial process. The media has a big dog in this fight, and they would love to see the **AA win it, and win it quietly.
Kennedy coaxed us into the hare approach and it put boot prints on the moon, but when it finally came time to answer some serious questions about the moon environment, the American public changed the channel...
Joe and Jane Six-Pack get the excitement of "One small step for Man..." but a PhD geologist(the only card carrying scientist to set foot on the moon) puttering around in a golf-cart, picking up rocks and whacking flakes off of boulders is a snooze-fest to them. The reality is that Joe and Jane don't have the time or the education to get excited about the science. It doesn't float their boat.
Fact is that you need Joe and Jane Six-Pack to pay attention and be engaged in the endeavor even if they are just recliner-bound spectators. That gets ratings, and advertising dollars. That gets commercial interest.
There is lots of resources on the moon that can be used in situ. There's water ice, there's metals, there may even be stuff we don't know about, and there is plenty of access to high quality solar energy.
Going back to the moon makes sense for a lot of reasons. It does not make sense if we just putter around in multi-million dollar golf-carts looking at rocks. You want to get Joe and Jane excited? You want to get industry excited? Put infrastructure on the moon. Put enough infrastructure on it to mine, manufacture, and fuel industry. The water is there; the minerals are there; the power is there. All that's missing is the commercial interest to start the ball rolling. Destination tourism may not make money at first, but it generates buzz. People come back and talk about walking on the moon, more people want to go. More people want to stay and work there. Multi-nationals want their cut of the moon and easier access to near-earth snowballs and boulders... We cannot keep lifting our missions off the earth using earth based resources.... they are too expensive to transport, and we need them here. Putting a kernel of industrial resources on the moon makes far more sense, even if at first all we send back to earth is a few bags of rocks to sell on ebay and amazon as 'certified lunar chatchkas' to the highest bidder.
Eventually Titan might become a viable target. I think you could get the hydrocarbon industry pretty excited about that if there is already a platform on the moon to start from, and snowballs in reach to drag back to the moon.
It all adds up to lower costs to send human resources to the moon and back...
If we don't do it Asia will, but they might just send robots, which cuts Joe and Jane, and their kids out of the loop. We need them to care, and we need them care enough to get involved.
So now we have to do the Tortoise thing, and we have to figure out how to sell it. We need to sell chunks of the moon, and chunks of NEAs and snowballs.... In the grand scheme of things it's all academics and entertainment until there are new and unique widgets coming back down into the gravity well.
Shoving marginally laptop class computing resources into a palmtop with a thumb keyboard and a dinky, even if cool OLED screen is just stoopid. Either ya have to go bigger and be a netbook, or smaller and be a phone. This OQO concept was a tinker's wet dream, wishing for a market.
When the state of the art gets to the point where a laptop class CPU can operate in a compact mobile phone-sized format there might be some potential for a few vertical markets.. Beowulf cluster in a briefcase anyone?.... Beuler?.... Beuler?
At least for the next few years it's gonna be netbooks and iPhone clones.
How about a firmware mod that disabled the firmware update process, or makes it's use contingent on an unused GPIO pin on the MCU, eg a custom 'write protect' switch.
I don't know about other manufacturers, but I'm pretty sure the Microchip PIC microcontrollers I use, several of which have USB built-in and would be perfect for a keyboard, can only be re-flashed by an external programmer which provides a +12V programming voltage (which you don't normally supply in such a circuit, only +5V from the USB bus), and are not programmable at all over the USB bus, only certain pins on the MCU.
This is untrue. Only in the oldest PIC16 MCUs was it impossible for code running on the chip reflash the program space.
Almost all of the PIC18 and later MCUs support direct programming of flash by the code running on the device without ANY change in voltages or signals applied to the device.
NOW it is possible for the OEM to DISABLE the ability for code on the device to reflash, by changing the FLASH configuration bits. IT might even be possible for a savvy end user to harden their keyboard in this way.
"Data is Data is Data, whether it's voip from google, or someone else, or an app, or whatever it's none of AT&T's business."
I don't know how this got modded insightful, since it overlooks the obvious fact that iPhones have a WiFi transceiver.
This allows high bandwidth connectivity that AT&T doesn't get to bill for. A few mobile providers have WiFi PoP networks, AFAIK AT&T doesn't. Since most WiFi PoP networks are directly or indirectly billed through the RBOCs, or cable providers, I can see why AT&T would twist Apple's arm on supporting VOIP apps, and related solutions.
Everything a child is exposed to affects the developing brain, for better or for worse. That's how development works. A key reason that Nature vs. Nurture will most likely never be resolved is that genetic effects and environmental effects have a huge area of overlap in child development.
Slashdot Mirror
The gestures could easily be "learned" from the user. There is no reason that the gestures need to remain predefined. So if you tap your desk you would probably want to unbind tap gestures and re-bind them to something more suitable to your personal preferences. I do think it would be difficult to tell the difference between users. It might be possible that some characteristics of the user's scratch are distinct enough to identify them uniquely. It might require a better input sensor to get that level of sensitivity. Speculating at this point. There is a lot of information embedded in the scratch. If the input system had more than one sensor it seems likely that position on the surface could be determined as well, potentially giving even more clues as to the identity.
--
The original voice recognition first available in Mac OS 7 is still supported in OS X. Just go to the speech control panel and turn it on. There is an API (that I am not sure is still supported) that allow(ed) creation of custom command trees using either predefined words in the recognition dictionary, or developer defined entries using the same phonetic symbol set that the text-to-speech system uses. The speech recognition system was designed to be command oriented and is not capable of continuous speech recognition. The user dictionary tree can be configured to handle arbitrarily complex grammars, but there is a trade off between complexity and accuracy of recognition. The more words that need to be recognized at a node the worse the accuracy might be depending on how distinct the words are to the recognition core.
You can specify a user defined modifier key binding to prompt the recognition system. There is also no reason you couldn't use a head-set mic, and adjust the gain for close micing to prevent cross-talk between systems, or to avoid contamination from ambient noise.
The attention phrase is optional, as well as user definable. Almost any word or short phrase works reasonably well. You might have to play with the spelling of it to get a good hit rate. In OS 7 you could use the phonetic symbols directly in the text field to get a more precise pronunciation match. I have not looked to see if the phonetic input method still works in OS X.
By defining sufficiently unique attention phrases, multiple systems could easily be listening to the same user, assuming ambient noise is not an issue.
The system is designed to be speaker neutral, so don't expect it to identify specific voices, though for app developers it might be possible monitor the audio input channel for voice traits.
The most useful application I ever saw the speech input system used for was the Apple Telephone Interface. The system supported inbound voice mail, a phone robot that could be programmed in AppleScript, and a Fax-modem. It ran as a background task on OS 8.X and OS 9.x and could use voice commands and touch tone inputs from the inbound call, as well as make calls. It could use voice prompts composed of predefined sound files (a large library was included), user supplied sound files, or via the Text-To-Speech converter. I don't believe that the app would work under OS X, but the potential that a telephone interface could be created for OS X is still there since the relevant APIs still exist for the most part.
Ticks, Lice, Crabs, Spiders share a common ancestor. So it is not surprising at all that a 300Myo spider might look like a tick or a louse.
In the "A Book of Five Rings" by Miyamoto Musashi, the author describes a situation where an opponent might be too powerful to defeat with a decisive attack. Musashi, in such a situation advocates applying the principle of "Death by a thousand cuts."
Applying this idea to Microsoft we can look at each of the various factors that is 'cutting' their profit growth, and see that the powerful giant that cannot be struck a decisive blow, would appear to be slowly bleeding out.
The key point of M$ mentioning competition from Linux in their filing is clearly intended as an attempt to astroturf their monopoly status.
It's a very lame and laughable attempt.
The 9th Appellate court recently ordered the State of California to come up with a plan to reduce their prison population by at least 27% over the next 2 to 3 years. http://www.nytimes.com/2009/08/05/us/05calif.html?hp
The order recommends, among many things, a drastic reduction in sentencing non-violent criminals to prison terms. So far the CA AG has taken the position that he will force an appeal to the Supreme Court to fight this ruling. Most Republican/Law and Order mouth-pieces in the State are screaming about the Fed over-reaching it's authority and meddling in State's rights.
Let's see, State violates well established Federal prohibition on cruel and unusual treatment of prison inmates due to gross negligence, over crowding, and over-zealous enforcement/sentencing. Previous order in 2005 is upheld on appeal, but CA GA and Governator pretty much succeed in undermining attempts by court appointed stewards to reform the state prison system.
Now the State has been ordered again on the same cases that appeal failed to stop in 2005. CA GA and the Governator again refuses to cooperate.
The DMCA is pretty clear.... good law or bad law, it is the law.
This kid is probably going to get convicted, mostly for being a stoopid git. Hopefully the 9th Circuit order will lead to this kid getting no more than fines and home detention; a more reasonable sentence fitting of the 'crime.'
You conveniently take my quote out of context. I was talking about specifically about the keyboard hack in the earlier post.
But then you know that...
Fuck off.
I didn't change my opinion from post to post.
So now you agree with me. Thats nice.
What this really come down to is:
The meaning of the communication is the result I got.
I'll be sure and spell it out for you in the future the first time.
Look, ae1294, attacking my credibility is a bullshit debating tactic.
You clearly don't understand the practical limitations of working in computing spaces so small that there is nowhere near enough room for printf(), let alone any useful subset of glibc. Some of these systems are so resource constrained that they cannot be programmed in anything but their native machine language. They simply do not have the resources to handle the overhead of even a minimal C-runtime. For most HID implementations, it takes a significant amount of shoehorning to get a USB stack running, and still have enough room for your app.
To be sure, drive-by re-flashing of peripherals is a serious threat. However, the demoed exploit on this particular keyboard doesn't get an attacker very far. There is plenty of low hanging fruit at the OS level, making such exploits largely an academic exercise.
Hardware vendors do need to start taking more proactive steps to secure their firmware upgrade processes. And the approach could be very simple in some cases, or very difficult depending on the amount of user interaction that the OEM is willing to risk. Typically more user interaction is risky as it can cause bricking, or increased support calls from users who do not understand the steps.
Keyboards, and many HID units are extremely cost sensitive products. Adding the extra code space, and ram to implement robust re-flash authentication might easily break the budget for the device. In most cases the risk that an attacker can deploy a viable exploit (as opposed to a tech demo) is very low.
For larger embedded peripherals, with more substantial resources, present a higher risks to the host. I believe that authenticated re-flashing is eventually going to be mandatory. From a business perspective, the potential for increased customer support issues due to compromised peripherals is going to be the driver. User security rides shotgun in that analysis.
I worry more about having my RAID controller, HDD, DVD, video card, or BIOS re-flashed, than my keyboard. Those devices present a greater win for an attacker than an HID unit.
These attacks all require that the host is already profoundly compromised. If an attacker already has your system by the 'short hairs' why bother with trying to shoehorn additional malware into a small subset of exploitable peripherals the target might have attached to the system? The system is already pwnd. Beyond hooking the BIOS, which is also a dubious exploit at best, why would a criminal dev team bother?
As much as people complain about the iPhone being a closed platform, the fact that it can be jailbroken shows how difficult and expensive securing an embedded system can be, and how little comparable effort a determined attacker needs to expend.
The key point here is motivation. For a keyboard exploit I just don't see that it's going to generate much motivation.
You wanna spread FUD. Go for it. Peace out.
In the late 80's and early 90's Seagate went from a respected leader to Seize-Gate, and Sleaze-Gate the worst and least trusted manufacturer of HDD in the market. During that time one of their minor competitors, Quantum became a dominant manufacturer for SCSI drives and Western Digital was able to jump in on the IDE side. During that time Seagate had to cut their prices below profitability just to stay in the game.
It took almost a decade for Seagate to restore their reputation, and by then the market had a number of strong competitors.
In my experience, it will only take one serious screwup on Intel's part to put them on the sidelines of the market. While I don't think this bug is going to kill their reputation, it's a sign they need to tighten up their QA processes right quick.
It's going to give itself away pretty quickly.
And with all the XSS going around these days, you think a semi savvy user isn't going to notice a sudden unexpected redirect?
My history is going to point to the domain I visited, and contain the URL the hackeyboard built.... I would quickly change my keyboard and hunt the asshat down. "Release the hounds!!!!"
I type URLs by hand in a lot of different contexts... about half of which are not directed at the browser. So it wouldn't take long for this exploit to get caught adding text to a URL in the wrong context.
And you can tell me to think outside the box all you want, but the exploit and it's cockroach-ninja state machine have to fit INSIDE a very tiny box that has almost no resources to support such code.
This exploit doesn't get to log enough keystrokes to get more than my local password and a few sentences of my first email of the day. The state machine would have a rough time figuring out what to keep and what to junk due to it's very limited foot print.
Good luck with that.
I have a central problem with TFA?
Has anyone been able to determine if the customer's assertion is TRUE?
All of this customer service noise is just that.
And if there is a problem, that shit is going to come out in court.
Let's just see where this goes before we haul out the marsupial jurisprudence. (Kangaroo court)
WTF do I still have an active account here?
Maybe you should look into it? Developing firmware for embedded systems is something I do as a regular part of my life. And evaluating how these peripheral systems interact with hosts is essential information in assessing a new threat. To be fair I didn't expect this specific attack, but at the same time it did not surprise me.
It's been possible for a long time to conscript peripherals. So why hasn't it been more common? Key reason..... too many unknowns.
And how is a passive device like an HID going to get notified that the host is ready to accept input and which input it is expecting to receive? HID has no visibility to the context of the rest of the system that it is attached to. That information can only come from the monkey at the keyboard. And if the monkey sees said HID doing something when it should not be.... and again the HID has no idea if the monkey is watching, then how is it going to pull of taking over, with less than 1K of code space? While atm there is a potential threat for keylogging.... not much more would fit in the margins.
I do not see a keyboard getting more resources than it has now. The economics of a keyboard will not allow for it.... Typically the resources for a specific function diminish over time to save costs.
While other devices will be compromised each in turn to create new vectors, how is any different than what is going on now in the OS space?
Just because some highly skilled Blackhat finds, and demo's a half-assed exploit, does not mean that that it's going to be practical to exploit on a larger scale....
That the exploit was demoed on a Mac is more telling than the notion that any number of non-mac systems are vulnerable to the same exploit.
As other's have pointed out this exploit can only be applied when your system has already been compromised by a far more serious threat. Ignoring that potential makes any further discussion of this vector moot.
While I have no doubt I could make you a sandwich that you would find appealing, I have considerable doubts about making music that you would enjoy. Many attempt the sandwich and succeed. Many attempt music and fail.
Let me know what you think:
http://www.meta-forest.net/jellophane.mp3
" It's like getting the death penalty for stealing a CD (note, by the way--downloading music is not the same as stealing a CD--that record store had to pay for that CD)."
I tend to think of it more as the financial equivalent of having one's hand cut off.
Bankruptcy won't ameliorate the debt, so this kid is going to be hamstrung for the rest of his life if he gets a multi-million dollar judgement against him.
People don't die from poverty it just makes life suck for a long time.
With no lube and no reach-around.
"Oh please, this has nothing to do with lobbyists having more power that the people. The voters clearly do not care about this issue. During this last presidential election process, did anyone at any campaign event or town hall ever ask about eliminating or reducing the penalties for copyright infringement? No. People just do see this as a problem."
I strongly disagree with your position. The town hall forum gets stacked by the candidate and their handlers. They decide who is going to be invited, and set the tone for the 'discussion'. Additionally the media is gonna sound bite the record of such an event, and they don't want the issue raised in anyone's mind either. Any discussion of it in the town hall is going to end up on the cutting room floor.
Politicians don't want to hear it, or answer to it, because it puts their ability to court the **AA lobbyists for campaign funds, and other perks at risk. The news media doesn't want it heard lest it resonates into a loud enough clamor that they cannot squelch it through the editorial process. The media has a big dog in this fight, and they would love to see the **AA win it, and win it quietly.
The Tortoise and the Hare
Kennedy coaxed us into the hare approach and it put boot prints on the moon, but when it finally came time to answer some serious questions about the moon environment, the American public changed the channel...
Joe and Jane Six-Pack get the excitement of "One small step for Man..." but a PhD geologist(the only card carrying scientist to set foot on the moon) puttering around in a golf-cart, picking up rocks and whacking flakes off of boulders is a snooze-fest to them. The reality is that Joe and Jane don't have the time or the education to get excited about the science. It doesn't float their boat.
Fact is that you need Joe and Jane Six-Pack to pay attention and be engaged in the endeavor even if they are just recliner-bound spectators. That gets ratings, and advertising dollars. That gets commercial interest.
There is lots of resources on the moon that can be used in situ. There's water ice, there's metals, there may even be stuff we don't know about, and there is plenty of access to high quality solar energy.
Going back to the moon makes sense for a lot of reasons. It does not make sense if we just putter around in multi-million dollar golf-carts looking at rocks. You want to get Joe and Jane excited? You want to get industry excited? Put infrastructure on the moon. Put enough infrastructure on it to mine, manufacture, and fuel industry. The water is there; the minerals are there; the power is there. All that's missing is the commercial interest to start the ball rolling. Destination tourism may not make money at first, but it generates buzz. People come back and talk about walking on the moon, more people want to go. More people want to stay and work there. Multi-nationals want their cut of the moon and easier access to near-earth snowballs and boulders... We cannot keep lifting our missions off the earth using earth based resources.... they are too expensive to transport, and we need them here. Putting a kernel of industrial resources on the moon makes far more sense, even if at first all we send back to earth is a few bags of rocks to sell on ebay and amazon as 'certified lunar chatchkas' to the highest bidder.
Eventually Titan might become a viable target. I think you could get the hydrocarbon industry pretty excited about that if there is already a platform on the moon to start from, and snowballs in reach to drag back to the moon.
It all adds up to lower costs to send human resources to the moon and back...
If we don't do it Asia will, but they might just send robots, which cuts Joe and Jane, and their kids out of the loop. We need them to care, and we need them care enough to get involved.
So now we have to do the Tortoise thing, and we have to figure out how to sell it. We need to sell chunks of the moon, and chunks of NEAs and snowballs.... In the grand scheme of things it's all academics and entertainment until there are new and unique widgets coming back down into the gravity well.
Shoving marginally laptop class computing resources into a palmtop with a thumb keyboard and a dinky, even if cool OLED screen is just stoopid. Either ya have to go bigger and be a netbook, or smaller and be a phone. This OQO concept was a tinker's wet dream, wishing for a market.
When the state of the art gets to the point where a laptop class CPU can operate in a compact mobile phone-sized format there might be some potential for a few vertical markets.. Beowulf cluster in a briefcase anyone?.... Beuler? .... Beuler?
At least for the next few years it's gonna be netbooks and iPhone clones.
With what? you have almost no extra room in the keyboard micro to even add a keylogger, and you are suggesting a hostile take over of the host?
Good luck with that.
Yeah.
How about a firmware mod that disabled the firmware update process, or makes it's use contingent on an unused GPIO pin on the MCU, eg a custom 'write protect' switch.
I don't know about other manufacturers, but I'm pretty sure the Microchip PIC microcontrollers I use, several of which have USB built-in and would be perfect for a keyboard, can only be re-flashed by an external programmer which provides a +12V programming voltage (which you don't normally supply in such a circuit, only +5V from the USB bus), and are not programmable at all over the USB bus, only certain pins on the MCU.
This is untrue. Only in the oldest PIC16 MCUs was it impossible for code running on the chip reflash the program space.
Almost all of the PIC18 and later MCUs support direct programming of flash by the code running on the device without ANY change in voltages or signals applied to the device.
NOW it is possible for the OEM to DISABLE the ability for code on the device to reflash, by changing the FLASH configuration bits. IT might even be possible for a savvy end user to harden their keyboard in this way.
Google Voice IS a VOIP service...
http://en.wikipedia.org/wiki/Google_Voice
It's in the first damn sentence.
"Data is Data is Data, whether it's voip from google, or someone else, or an app, or whatever it's none of AT&T's business."
I don't know how this got modded insightful, since it overlooks the obvious fact that iPhones have a WiFi transceiver.
This allows high bandwidth connectivity that AT&T doesn't get to bill for. A few mobile providers have WiFi PoP networks, AFAIK AT&T doesn't. Since most WiFi PoP networks are directly or indirectly billed through the RBOCs, or cable providers, I can see why AT&T would twist Apple's arm on supporting VOIP apps, and related solutions.
Everything a child is exposed to affects the developing brain, for better or for worse. That's how development works. A key reason that Nature vs. Nurture will most likely never be resolved is that genetic effects and environmental effects have a huge area of overlap in child development.