So the single byte key is derived in some undiscovered manner from the password. Given how weak the encryption is known to be already, I wonder if one out of 256 encryption keys turn out to be a zero byte. In such a case, the encryption would leave the file unchanged. (Could be patched with "key=key?key:1;")
There's an outfit in Florida that's advertising your choice of new or restored 1964.5 Ford Mustangs. If you get one "new" they create a VIN that refers to their company - if you get one restored, you get the VIN of the donor car they rebuild. They upgrade safety and emissions to some degree, but I don't know how they meet modern requirements for their "new" cars. (See http://revologycars.com/faqs/ )
The real issue that we're going to be up against is whether 3rd parties will be permitted to continue to manufacture replacement parts. Soon every part incorporates an RFID, and the car refuses to start without all the RFID tags matching the authorization database. Perhaps they'll start with all the parts that they can justify as safety-critical, 'cause, you know, for the children. The government could even push for this in order to make sure that mileage and pollution critical parts are kept unmodified, 'cause, you know, for the environment. Then when the complaints pour in that it's anticompetitive, they'll authorize third parties so long as they tithe back to the original manufacturer, 'cause, you know, for the corporations. Finally, after some number of years, they'll just deauthorize all the parts, so you have to scrap the car, 'cause, you know, you need a new car, or just because they can't be bothered to keep supplying security updates for the buggy software.
I'm not defending the insane assortment of completely unnecessary sizes of barrel connectors. I'd agree that it's all horseshit - it would only make some sense if the sizes were related to the voltage, such as one size for 5v, one size for 12V, one size for 29V, etc. It's hard to imagine that manufacturers really get big money out of continually changing power connectors and battery pack designs - it never takes very long for ebay & amazon to start selling third party supplies and batteries. My personal bugaboo is how far laptops need to be torn apart to replace these connectors - and - stiff connectors that seem designed to stick out just perfectly far enough and stiff enough to maximally damage the receptacle.
In any case, two conductive contacts ought to be enough for any small or mobile device's power and data needs, and neither is there any no good justification having distinct connectors for networks, disk drives, displays and accessories. USB is among the most phenomical kludges of all time, with all the different connectors, profiles, and adapters - and Apple, as well as HP, and others have gunked it up with all manner of proprietary kludges to negotiate high power charging. The USB-C "standard" connector actually has 24 teeny little pins, doubled up from 12 just so the connector can be rotated 180 degrees. I really don't think it's a step forward to use a 24-pin connector to power a laptop.
One connector is enough when the data is wireless. And it seems like you already got started on the insane assortment of completely unnecessary sizes of barrel connectors just by mentioning them.
If you insist on data being passed over a connector, packets of serial data could be passed over the power connector by modulating the power of the supply or the impedance of the device. Think of POE.
There are more than TWO orientations. A simple cylindrical connector could allow "any" orientation (OK, any orientation that's pointing in the right general direction.), in the manner of almost every non-Apple laptop power connector and pre-USB cellphones.
Especially now that there's all number of wireless data connections, going back to a simple "retro" power connector should be easier than any connector that has to handle both power and data.
When the code executing the CPU resides on the hard drive, compromising the hard drive gives you everything. In addition, hard drive controllers and network controllers could be compromised to provide direct leak paths without involving the CPU using DMA.
If you cannot audit the source code of the hard drive firmware, you must keep hard drives outside of your circle of trust. That means that all hard drive traffic should be encrypted with keys not available to the hard drive. Digital signatures and time stamps can also be employed to ensure that the drive isn't utilizing replay attacks or swapping blocks around. As a bonus, this protects against failures in the transmission path, in even stronger ways than ZFS uses checksums. And remember, once you're out, you're out. There's no coming back.
Oh, it's been reported that the headphone jack doesn't turn off the speakers. So there's that. Some were hoping that a firmware update would somehow fix that. Haven't tried that myself, as I'm using the speakers and the headphone jack probably wouldn't kill the OSD.
I've got some Seiki 4k TVs, and I'd agree that their good for the money and have minimal features like the OP asked for. The 39" and 55" work out of the box perfectly with the HDMI port on an Apple MacBookPro.
There's one glaring problem I've had though, and that's with the built-in sound. The volume control responds to almost any input on a Charter cable box remote, usually by raising the volume. I have to keep punching it back down as I use the remote. Since the OP doesn't want sound, it might be OK for him, though the on-screen volume display would pop up, and if you didn't block the sound input on HDMI, it might start blaring if you didn't open it up and disconnect the speakers. You could cover the IR input, except that I think it powers up in the OFF state, needing the remote to turn it on.
It also means that foreign goverments can tax income at 19% at no further cost to the corporation, making it politically simple to raise taxes to that level. That helps create a level playing field - if every government taxed income at 19%, there'd be no further incentive for US corporations to pretend their income is earned abroad. It also means that foreign companies can't offer "incentives" to move business overseas, as taxing income below 19% doesn't reduce the business's tax.
There's a huge side effect of the Foreign Tax Credit. Because foreign taxes are completely deductible, there's no incentive for payers of foreign taxes to try to minimize the tax paid. It effectively means that it's up to the IRS to police foreign tax deductions to make sure corporations (and personal taxpayers) are paying only as much foreign tax as they have to. Every dollar in foreign tax collected is a dollar less for the Federal Treasury.
If you're Republican-oriented, tired of having every scandal called back to Watergate, you can always use the alternate name: "BallGhazi"
How do you measure your balls?
If they stick a pin into the football to measure the pressure, it'll let out a little air each time.
If they measure at a lower temperature than when the ball was inflated, they'll get a lower pressure.
How do you blow up your balls?
Compressing air raises the temperature, so putting recently-compressed air, such as running a pump output directly into the football, will inflate with hot air. The pressure will decrease as the gas cools.
If you bubble the compressed air through a water tank before running it into the football, you can put water vapor into the football, and if the vapor condenses inside the ball as the gas cools, the pressure will further decrease because water vapor of much less dense than liquid water.
If you inflate from an storage tank at hight pressure and ambient temperature, you can get the opposite effect, because expanding the gas inside the football will cool the gas, making the pressure increase as the gas warms back to ambient.
If you inflate with hydrogen, you make them just a smidge lighter, but also use a gas that'll diffuse through the rubber and leather a little faster.
How do you treat your balls?
If you rub your balls, as for roughing up the surface, the fricton will warm the balls, temporarily raising the pressure at the time of inflation and initial pressure checks.
If you ream out the inflation hole, you can make it gape open a little, leaking air at a slow rate.
If you keep your balls warm before each pressure check, you can more easily pass the test, then let them cool down for the play.
So, if you fill your balls all hot and sweaty, you can pass the tests and have a nice soft balls to play with later. If the NFL doesn't update their standards, soon all the teams will figure this out. To avoid this, they should be inflating their balls from a big tank at ambient temperature and relatively low pressure.
If the NFL specifies the gas mix, a minimum tank size and maximum tank pressure there won't be such ability to cheat.
Software could rate limit side-road detours, giving priority to (1) law-abiding drivers who follow speed limit regulations and come to a full-stop at stop signs or (2) drivers who pay a premium for the application or (3) click on high-value advertising. They could (4) abstain from sending drivers onto side-road detours during the specific times and areas that children are travelling to/from school (even (5) detecting this by use of commonly available cellphones for school-age children). Traffic that's at a complete standstill might be (6) targeted for high-value advertising, or even (7) offer a detour for a fee. Detours could be prioritized based on carbon or other pollution emissions - depending on whether one prefers (8) to incentivize low-carbon vehicles or (9) temporarily reduce emissions on those "spare the air days" by getting high-pollution vehicles to their destination more quickly.
If Google/Waze failed to create these modifications, they could be imposed by local or state legislation, and/or agreed to by a standards working group to encourage universal compliance. Legislators could even use "virtual HOT lanes" as funding sources, raising "sorely needed funding for high speed rail" or "community improvement projects."
Slashdot Mirror
when she was CEO of HP......obviously she must be against women's rights and gay rights. Thanks for letting us know, Carly.
Seriously, Tim should be proud to have brought out the schoolyard bully in Carly.
So the single byte key is derived in some undiscovered manner from the password. Given how weak the encryption is known to be already, I wonder if one out of 256 encryption keys turn out to be a zero byte. In such a case, the encryption would leave the file unchanged. (Could be patched with "key=key?key:1;")
But in this case the key size is 1 byte, and only applied to the first 128 bytes of the file. So there's that.
Well, the OTP was an 8-bit integer, and only applied to the first 128 bytes, if that makes it even more mind-blowingly insecure and even stupider.
There's an outfit in Florida that's advertising your choice of new or restored 1964.5 Ford Mustangs. If you get one "new" they create a VIN that refers to their company - if you get one restored, you get the VIN of the donor car they rebuild. They upgrade safety and emissions to some degree, but I don't know how they meet modern requirements for their "new" cars. (See http://revologycars.com/faqs/ )
The real issue that we're going to be up against is whether 3rd parties will be permitted to continue to manufacture replacement parts. Soon every part incorporates an RFID, and the car refuses to start without all the RFID tags matching the authorization database. Perhaps they'll start with all the parts that they can justify as safety-critical, 'cause, you know, for the children. The government could even push for this in order to make sure that mileage and pollution critical parts are kept unmodified, 'cause, you know, for the environment. Then when the complaints pour in that it's anticompetitive, they'll authorize third parties so long as they tithe back to the original manufacturer, 'cause, you know, for the corporations. Finally, after some number of years, they'll just deauthorize all the parts, so you have to scrap the car, 'cause, you know, you need a new car, or just because they can't be bothered to keep supplying security updates for the buggy software.
If a malevolent SWF file could be copied and hosted elsewhere, how could Adobe reasonably claim to have corrected the vulnerability at all?
I'm not defending the insane assortment of completely unnecessary sizes of barrel connectors. I'd agree that it's all horseshit - it would only make some sense if the sizes were related to the voltage, such as one size for 5v, one size for 12V, one size for 29V, etc. It's hard to imagine that manufacturers really get big money out of continually changing power connectors and battery pack designs - it never takes very long for ebay & amazon to start selling third party supplies and batteries. My personal bugaboo is how far laptops need to be torn apart to replace these connectors - and - stiff connectors that seem designed to stick out just perfectly far enough and stiff enough to maximally damage the receptacle.
In any case, two conductive contacts ought to be enough for any small or mobile device's power and data needs, and neither is there any no good justification having distinct connectors for networks, disk drives, displays and accessories. USB is among the most phenomical kludges of all time, with all the different connectors, profiles, and adapters - and Apple, as well as HP, and others have gunked it up with all manner of proprietary kludges to negotiate high power charging. The USB-C "standard" connector actually has 24 teeny little pins, doubled up from 12 just so the connector can be rotated 180 degrees. I really don't think it's a step forward to use a 24-pin connector to power a laptop.
One connector is enough when the data is wireless. And it seems like you already got started on the insane assortment of completely unnecessary sizes of barrel connectors just by mentioning them.
If you insist on data being passed over a connector, packets of serial data could be passed over the power connector by modulating the power of the supply or the impedance of the device. Think of POE.
There are more than TWO orientations. A simple cylindrical connector could allow "any" orientation (OK, any orientation that's pointing in the right general direction.), in the manner of almost every non-Apple laptop power connector and pre-USB cellphones.
Especially now that there's all number of wireless data connections, going back to a simple "retro" power connector should be easier than any connector that has to handle both power and data.
When the code executing the CPU resides on the hard drive, compromising the hard drive gives you everything. In addition, hard drive controllers and network controllers could be compromised to provide direct leak paths without involving the CPU using DMA.
If you cannot audit the source code of the hard drive firmware, you must keep hard drives outside of your circle of trust. That means that all hard drive traffic should be encrypted with keys not available to the hard drive. Digital signatures and time stamps can also be employed to ensure that the drive isn't utilizing replay attacks or swapping blocks around. As a bonus, this protects against failures in the transmission path, in even stronger ways than ZFS uses checksums. And remember, once you're out, you're out. There's no coming back.
Oh, it's been reported that the headphone jack doesn't turn off the speakers. So there's that. Some were hoping that a firmware update would somehow fix that. Haven't tried that myself, as I'm using the speakers and the headphone jack probably wouldn't kill the OSD.
Seiki 39" UHDs are cheap and can work just fine for text display.
Or if they put in a cell-phone data link, like the non-Android Kindles (and some Android Kindles) and preauthorize the data services.
I've got some Seiki 4k TVs, and I'd agree that their good for the money and have minimal features like the OP asked for. The 39" and 55" work out of the box perfectly with the HDMI port on an Apple MacBookPro.
There's one glaring problem I've had though, and that's with the built-in sound. The volume control responds to almost any input on a Charter cable box remote, usually by raising the volume. I have to keep punching it back down as I use the remote. Since the OP doesn't want sound, it might be OK for him, though the on-screen volume display would pop up, and if you didn't block the sound input on HDMI, it might start blaring if you didn't open it up and disconnect the speakers.
You could cover the IR input, except that I think it powers up in the OFF state, needing the remote to turn it on.
It also means that foreign goverments can tax income at 19% at no further cost to the corporation, making it politically simple to raise taxes to that level.
That helps create a level playing field - if every government taxed income at 19%, there'd be no further incentive for US corporations to pretend their income is earned abroad. It also means that foreign companies can't offer "incentives" to move business overseas, as taxing income below 19% doesn't reduce the business's tax.
There's a huge side effect of the Foreign Tax Credit. Because foreign taxes are completely deductible, there's no incentive for payers of foreign taxes to try to minimize the tax paid. It effectively means that it's up to the IRS to police foreign tax deductions to make sure corporations (and personal taxpayers) are paying only as much foreign tax as they have to. Every dollar in foreign tax collected is a dollar less for the Federal Treasury.
No need for it to be passive. A little wireless charger would do nicely, and we already have pressure monitors in car tires.
It hardly matters what happened to the other 11 balls if they knew which ball was 2lbs under and kept using that ball whenever it mattered.
A "tick" is how much exactly? Why such imprecise reporting?
If you're Republican-oriented, tired of having every scandal called back to Watergate, you can always use the alternate name: "BallGhazi"
How do you measure your balls?
If they stick a pin into the football to measure the pressure, it'll let out a little air each time.
If they measure at a lower temperature than when the ball was inflated, they'll get a lower pressure.
How do you blow up your balls?
Compressing air raises the temperature, so putting recently-compressed air, such as running a pump output directly into the football, will inflate with hot air. The pressure will decrease as the gas cools.
If you bubble the compressed air through a water tank before running it into the football, you can put water vapor into the football, and if the vapor condenses inside the ball as the gas cools, the pressure will further decrease because water vapor of much less dense than liquid water.
If you inflate from an storage tank at hight pressure and ambient temperature, you can get the opposite effect, because expanding the gas inside the football will cool the gas, making the pressure increase as the gas warms back to ambient.
If you inflate with hydrogen, you make them just a smidge lighter, but also use a gas that'll diffuse through the rubber and leather a little faster.
How do you treat your balls?
If you rub your balls, as for roughing up the surface, the fricton will warm the balls, temporarily raising the pressure at the time of inflation and initial pressure checks.
If you ream out the inflation hole, you can make it gape open a little, leaking air at a slow rate.
If you keep your balls warm before each pressure check, you can more easily pass the test, then let them cool down for the play.
So, if you fill your balls all hot and sweaty, you can pass the tests and have a nice soft balls to play with later. If the NFL doesn't update their standards, soon all the teams will figure this out. To avoid this, they should be inflating their balls from a big tank at ambient temperature and relatively low pressure.
If the NFL specifies the gas mix, a minimum tank size and maximum tank pressure there won't be such ability to cheat.
I thought it was IEFBR14 running on an RTL emulation of an IBM 360/91.
No, you read the inaccurate story. RTFA and you will be demisinformed.
Software could rate limit side-road detours, giving priority to (1) law-abiding drivers who follow speed limit regulations and come to a full-stop at stop signs or (2) drivers who pay a premium for the application or (3) click on high-value advertising. They could (4) abstain from sending drivers onto side-road detours during the specific times and areas that children are travelling to/from school (even (5) detecting this by use of commonly available cellphones for school-age children). Traffic that's at a complete standstill might be (6) targeted for high-value advertising, or even (7) offer a detour for a fee. Detours could be prioritized based on carbon or other pollution emissions - depending on whether one prefers (8) to incentivize low-carbon vehicles or (9) temporarily reduce emissions on those "spare the air days" by getting high-pollution vehicles to their destination more quickly.
If Google/Waze failed to create these modifications, they could be imposed by local or state legislation, and/or agreed to by a standards working group to encourage universal compliance. Legislators could even use "virtual HOT lanes" as funding sources, raising "sorely needed funding for high speed rail" or "community improvement projects."
Now who's being evil?
This may be fundamental to the variable pricing model. It takes time to negotiate a price, and as the well-known adage goes, t=$.