What the fuck are they thinking? Whatever it is, they're not thinking about users - wanting to replace simple, universal, very low power port with something which requires the use of more expensive, power sucking, intelligent accessories. So, next, we'll need to buy some approved, licensed, "Made for Apple/Intel", clunky adapter to go between a simple pair of ear/head phones/plugs and the phone? Uggh. As Jobs once said - That's brain dead.
Sure, put a USB3 port in there to replace the current USB/iThing one. But don't get rid of the headphone jack.
"Higher temps will increase the plant life on this planet like crazy."
...and it's flora which sequestered all that carbon in the first place. It's fauna's duty to restore the natural balance by releasing it to whence it came. We need to correct for the present FGC (floramorphic global cooling).
"trying to focus them in on space as an alternate"
Trade one boondoggle for another? No thanks. You want to fund space, contribute to The Space Society, or whatever. Vote with your dollars, instead of trying to take mine for the things which interest you.
The US spends more on the military than the next 12 countries combined. Those who want a strong military would do better to make them more efficient in their spending, rather than increasing it. And, the US military budget could easily be cut in half without losing a bit of security against the current bogeyman.
It's a free speech issue. Whether someone chooses to speak in plain English, Swahili, or encryption, it all falls under an absolute right to speak as they wish.
Sure, the anarchists/communists/terrorists/boogyman may get away with something, but that's the cost of freedom. With liberty comes risk. And it's liberty which we've been guaranteed, not security against all comers.
I think you missed the point of the GP - Google also support s 2FA for the PC web browser, which requires you have the phone in order to complete the sign on. The authors say they "assume that the attacker already has control over the victim's PC," but that's not right. They assume that they not only have the PC, but a running browser which the user left logged into Google services. The paper just glosses over this.
Simply having access to someone's PC and Google credentials is not enough if they have turned 2FA on for the web, they would also need the phone to complete the sign on on the PC. If they have control of both factors (name/password and phone), it is not a failure of 2FA, that's exactly how 2FA is intended to work. And, if you're going to base a claim on such a poor premise, why not simply premise it on the attacker having the phone itself, already logged into Google services, which makes the whole thing even easier?
This is a very poor paper. Having started with that faulty premise, they go on through a bunch of stuff which simply doesn't matter. Perhaps I'll write a similar paper about how water is wet. I'll also point out that the paper also claims a similar vulnerability for Apple's iOS, which the summary ignores. That seems pointedly biased.
CMs don't route anything. They're more like Ethernet to DOCSIS bridges. They use IP for configuration/management, but you could theoretically use non-IP protocols through them (Good luck finding a service provider who would do anything with an IPX or AppleTalk packet)
"If the modem is using an RFC1918 address and is sitting on the WAN side of the router and the router is blocking RFC1918 on its WAN interface, what do you think will happen?"
Depends. It may mean you won't be able to get to the very useful diagnostic screens on the modem.
Or, it may not do what you imply at all. The modem may use a simple stateful firewall and only be blocking unassociated inbound packets with an RFC 1918 source IP. Outbound connections to a private IP may still be allowed, along with the return flow. So, the GET would still go to the modem, and cause a reset.
Blocking the modem's IP is not a good solution. Blocking a couple of specific URIs would be much better. Requiring even minimal authentication, such as the modem's MAC address as part of the URI, would be best.
Hell, businesses should be able to pick and choose their customers as they wish. If they discriminate (and don't they all, beginning with the ability to pay?), then people who disagree can vote with their dollars and go elsewhere.
There's no "right" to use a restroom, regardless of your sexual orientation. PB4UGO.
"Basically, they need that clause to transmit your user-generated content without it leading to copyright infringement."
No, they need a clause similar to that to allow their service to work as users expect. As is, it takes much more than needed. For instance, if a user decides to remove their content, Oculus doesn't need to honor that, because they've received perpetual, irrevocable rights. There's absolutely no need for that, or for them to be able to sublicense perpetual, irrevocable rights.
That would be odd, since the distinction was made as early as 1982, in RFC 823:
This document explains the design of the Internet gateway used in the Defense Advanced Research Project Agency (DARPA) Internet program... The gateway's primary purpose is to route internet datagrams to their destination networks.
"The phone company actually has to do stuff on their side to switch service to a new CDMA device, which usually requires a phone call to their customer service team."
Welcome to 2016. I've had to do nothing but move the UICC ("SIM") card to a new phone for the past several phones (so, going back at least 6-8 years). Prior to that, one could do an ESN change via the web, so again no interaction with customer service needed. I think the last time I had to call CS to get an ESN change was in the 1990's. I'm on Verizon.
Slashdot Mirror
What the fuck are they thinking? Whatever it is, they're not thinking about users - wanting to replace simple, universal, very low power port with something which requires the use of more expensive, power sucking, intelligent accessories. So, next, we'll need to buy some approved, licensed, "Made for Apple/Intel", clunky adapter to go between a simple pair of ear/head phones/plugs and the phone? Uggh. As Jobs once said - That's brain dead.
Sure, put a USB3 port in there to replace the current USB/iThing one. But don't get rid of the headphone jack.
"Higher temps will increase the plant life on this planet like crazy."
...and it's flora which sequestered all that carbon in the first place. It's fauna's duty to restore the natural balance by releasing it to whence it came. We need to correct for the present FGC (floramorphic global cooling).
"if you're doing nothing wrong you've got nothing to hide"
If I've done nothing wrong, they have no reason to spy on me.
"It is not about me and my desires it is about them and theirs and redirecting it to cause less harm."
Disingenuous bullshit.
"trying to focus them in on space as an alternate"
Trade one boondoggle for another? No thanks. You want to fund space, contribute to The Space Society, or whatever. Vote with your dollars, instead of trying to take mine for the things which interest you.
The US spends more on the military than the next 12 countries combined . Those who want a strong military would do better to make them more efficient in their spending, rather than increasing it. And, the US military budget could easily be cut in half without losing a bit of security against the current bogeyman.
Eisenhower warned about the dangers of the military-industrial complex, and he was right. The national debt is a greater threat to the country than any foreign foe.
FCK the NSA.
It's a free speech issue. Whether someone chooses to speak in plain English, Swahili, or encryption, it all falls under an absolute right to speak as they wish.
Sure, the anarchists/communists/terrorists/boogyman may get away with something, but that's the cost of freedom. With liberty comes risk. And it's liberty which we've been guaranteed, not security against all comers.
I have a bumper sticker which says "Authorized Vehicle." It lets me make u-turns on the highway.
I think you missed the point of the GP - Google also support s 2FA for the PC web browser, which requires you have the phone in order to complete the sign on. The authors say they "assume that the attacker already has control over the victim's PC," but that's not right. They assume that they not only have the PC, but a running browser which the user left logged into Google services. The paper just glosses over this.
Simply having access to someone's PC and Google credentials is not enough if they have turned 2FA on for the web, they would also need the phone to complete the sign on on the PC. If they have control of both factors (name/password and phone), it is not a failure of 2FA, that's exactly how 2FA is intended to work. And, if you're going to base a claim on such a poor premise, why not simply premise it on the attacker having the phone itself, already logged into Google services, which makes the whole thing even easier?
This is a very poor paper. Having started with that faulty premise, they go on through a bunch of stuff which simply doesn't matter. Perhaps I'll write a similar paper about how water is wet. I'll also point out that the paper also claims a similar vulnerability for Apple's iOS, which the summary ignores. That seems pointedly biased.
CMs don't route anything. They're more like Ethernet to DOCSIS bridges. They use IP for configuration/management, but you could theoretically use non-IP protocols through them (Good luck finding a service provider who would do anything with an IPX or AppleTalk packet)
"If the modem is using an RFC1918 address and is sitting on the WAN side of the router and the router is blocking RFC1918 on its WAN interface, what do you think will happen?"
Depends. It may mean you won't be able to get to the very useful diagnostic screens on the modem.
Or, it may not do what you imply at all. The modem may use a simple stateful firewall and only be blocking unassociated inbound packets with an RFC 1918 source IP. Outbound connections to a private IP may still be allowed, along with the return flow. So, the GET would still go to the modem, and cause a reset.
Blocking the modem's IP is not a good solution. Blocking a couple of specific URIs would be much better. Requiring even minimal authentication, such as the modem's MAC address as part of the URI, would be best.
Hell, consumer routers barely qualify as routers. Even top of the line Netgear and Linksys ones don't support any routing protocols (RIP/OSPF/BGP).
Sounds like there are lots of business opportunities for you to make money on.
Hmmm. It looks like English, but makes no sense.
Hell, businesses should be able to pick and choose their customers as they wish. If they discriminate (and don't they all, beginning with the ability to pay?), then people who disagree can vote with their dollars and go elsewhere.
There's no "right" to use a restroom, regardless of your sexual orientation. PB4UGO.
GLBT protections? I self-identify with short lines at the restroom. What about me, shouldn't I be able to go in any door I wish to?
Because he heart NY?
HP isn't HP. Keysight is the real HP (which was built upon test equipment).
"the app hasn't been installed on more than 11,000 devices."
Which implies that this Android app has been installed on about 1.1 billion devices.
"Basically, they need that clause to transmit your user-generated content without it leading to copyright infringement."
No, they need a clause similar to that to allow their service to work as users expect. As is, it takes much more than needed. For instance, if a user decides to remove their content, Oculus doesn't need to honor that, because they've received perpetual, irrevocable rights. There's absolutely no need for that, or for them to be able to sublicense perpetual, irrevocable rights.
But this one goes to 11. "Think of the dead children!"
"The phone company actually has to do stuff on their side to switch service to a new CDMA device, which usually requires a phone call to their customer service team."
Welcome to 2016. I've had to do nothing but move the UICC ("SIM") card to a new phone for the past several phones (so, going back at least 6-8 years). Prior to that, one could do an ESN change via the web, so again no interaction with customer service needed. I think the last time I had to call CS to get an ESN change was in the 1990's. I'm on Verizon.
Traditions can't be stupid, only people can be stupid.