This is more similar to something like SELinux and AppArmor.
e.g.: some attachments that you clicked on in your e-mail client, even if run as your credentials, should NOT have a valid reason to write anywhere on your folders (and attachements should not be run to begin with).
e.g.: any sub-process launched by the browser should only exclusively have the rights to write into the cache and download folder, and not anything else, even if they still inherit your session (even if the sub processes aren't changing their user id to "nobody").
The file permissions on Windows filesystems are far more granular and not just based on an xxx field of bitmaps like on vintage OSes like Unix.
Non-vintage Unix don't rely exclusively on xxx field bitmap neither.
Modern unix filesystems do support ACL for more complex access control. Modern features like SELinux and AppArmor also help having application-level control.
What I would like to see for the defanging of ransomware is a way to permanently disable filesystem encryption unless it is re-enabled by a very-restricted-access tool
And how would that prevent a ransomware from implementing its own encryption ? (e.g.: moving all data it can manage to get access to into a huge password-encrypted.ZIP file ?)
The flip side is that if any one of the exit points are monitored by an entity, and your browser traffic can be fingerprinted, they now have you on the radar, and can obtain data matching your fingerprint to a person from sites that collect the data (like online payment sites and banks, and ad aggregators that are partners with shopping sites).
This is explicitly addressed by TOR : - TOR itself constantly changes routes. An entity that doesn't control all or a very large fraction of all exit nodes will only see occasional glimpses of out traffic. - You are definitely not alone on TOR, some people simply use it for general anonymity or just for shit and giggles, meaning that your traffic will by mixed with traffic of lots of other people, even on the same exit-node - TOR is a high latency network (multiple jump point) - All of the above simultaneously make very hard to correlate input and output traffic. Which is one way to diminish risks of de-anonymisation.
TOR also provides package with a Tor Browser, which is a special built of Firefox consigured to be as un-noticeable as possible (its fingerprints match an excessively large amount of other browsers), and includes additional measures to block other risk (Flash is blocked and thus a flash App could not be used to de-anonymise). Means that any information that an entity could collect during the short glimpses on one of its controlled exit node will perfectly match hundreds of thousands of other browsers. (You can't rely on a trick like "which of your users have a browser that has the late 90s font Quake.TTF installed ? Which of these browser has Raetho-Romansh as a listed requested language ?", etc.) This makes it horribly difficult to use fingerprints to match an user.
Again, If you're not hunted by the NSA, the FSB or the Mossad, chances are you won't be found on TOR.
Last and third peculiarity :.onion addresses. Some server are entirely on the TOR network and do not require any exit-node to be accessed. The Piratebay is a known example with http://uj3wazyk5u4hnvtk.onion/ Another one is DuckDuckGo with http://3g2upl4pq6kufc4m.onion/
Traffic to these addresses will NEVER leave the TOR network and cannot be witnessed by adversary-controlled exit-nodes. As such, that's yet a third way de-anonymising is prevented. Also, these addresses will prevent DNS-based access blocks. (They do not even point to an IP address, DNS are useless). So no matter how often someone tries to block Pirate Bay at the ISP level, the.onion address will be unblockable.
It might be a good point to also introduce the notions of onion routing.
Comparing TOR to VPN :
If VPN is a cable that runs to your home, TOR is a tangled mess of wires that runs to all your neighborhood, including your friends, but also including that new weird guy that moved recently. And one of your friend has trips the main fuse or put his house on fire every other week. And also that trigger happy redneck neighbor.
Whereas VPN creates a single jump point through which you route all traffic, TOR uses multiple successive jump points each can one out of a very long list to blurry the leads.
This has several consequence :
- it's a bit better than VPN at hiding your activity from 3rd parties, because there's no single entity that has a complete overview over all your traffic. Everyone only sees small bits of your traffic mixed with small bits of every one else on TOR. To keep the "cable" metaphore, it would take the police to post one officer in each of your neighborhood's house (including to the redneck that will proudly shoot anyone step un-invited on his home ground) to monitor as many exit points as possible, and another officer at the McDonalds trying to notice when traffic goes out to try to correlate with the observations spread over all the potential exit points. In real world, trying to de-anonymize TOR is a task that can only be attempted by government-level entities.
- due to the multiple end-point vs a single known VPN vendor with a nice data center, the traffic tend to be a bit unreliable and bandwidth is erratic. (The friend that is basically as walking destruction of his home won't be a good exit point).
- it's difficult for random people to run exit nodes without special agreement with service providers : you never know what will come out of your end-point. (The weird neighbor might be into midget porn, or worse).
- people tend to look suspiciously to TOR and automatically assume it's for nefarious purpose. (You could be accused to be a drug dealer, just because of the tangled wires). In practice that means that content distribution networks such as cloudflare will always ask you to solve captcha before proceeding further.
Trying to put expensive computers in front on generations of very average students. Did the UK become a computing exporting super power? The average students who wanted "computers" enjoyed using and supporting brands like Apple, Intel, Microsoft, Cyrix and the later more powerful console games.
Putting computers in front of a generation of students won't suddenly make a country a "computing exporting super power". On the other hand, putting computers in front of a generation of students will make them more comfortable to *use* computers.
To take your preceding post's example : if one of those student decides to become a musician, he's more likely to use software to do their edits in a garage band as opposed to needing to go to a more professional studio, more likely to leverage online platforms and apps for distribution rather needing to sign with a label, etc. That student won't be designing the Apple laptop, the Cubase software, the Spotify ecosystem. But he'll be more likely to leverage them in his artistic career.
All that effort and educational funding, projections of UK production lines exporting to the world resulted in US imports. US products and service and hardware from very low cost nations.
...which is a completely different problem. You raised a generation of average student who know that computer are useful.
That the UK wasn't able to provide them with what hardware/software they needed is due to the *other* career, the "Computer Scientist" career.
(And by the way, it is false. UK did produce computer-careers in the late 80s and 90s, as can be attested by small software companies and a few not-small-at-all and rather successful companies : game companies such as Bitmap Brothers, Psygnosis, Bullfrog, etc. But again those have nothing to do with "put a computer in front of every one" policies)
Computing literacy now needs math.
"Computer literacy" and "maths" are two different things, and that's the whole point I'm trying to make.
To take a book metaphor: - You're confusing all the engineers and artisans that developed and built presses since the original by Gutemberg, with the need for the general population to be able to read and write. They help each other (a population that can read and write makes a public to target with printed media. And easier access to printed media makes it much simpler to have material on which to learn to read and write, as opposed to back when it needed to be painstakingly manually copied by monks), but they are two distinct things.
Or to make a much-loved by/. *car* analogy: - You're confusing "holding a drivers' license" and "building the actual car". General population needs to be able to drive in order to be part of a mobile society (though it's a lot less important on our side of the Atlantic pond with big cities and good public transportation, as opposed to the widely spread structure that the US is seeing. But still, being mobile in the modern world helps. Even if you don't own the car but use a shared car). And engineers and other scientists, and designers, and manufacturing jobs are important to produce the cars.
Your rant would be like complaining that generations of average people having easy access to a drivers' license (even if yours happens to be on the wrong side of the road:-D ) didn't make Bentley, Rolls-Royce, Mini, Asron-Martin, Jaguar, the world dominant exporters, and only increased the import of current car-king nations (US, DE, etc.)
Nope, it's two things.
Same here: putting kids in front of a computer is one thing (general computer litteracy) spending resource to train an elite of scientists is another (computer scientist careers).
The later will build the computer and the software that the former will use in t
Also, making an electric car that people actually want to buy? Just a few years ago almost all engineers in the automobile industry (including, and especially those with well over 35 years of experience) would have told you that was impossible too.
And those engineers would have been fools themselves for completely ignoring all the other companie who have been successful at building electric vehicles, some of them for 35 years or more too.
(Random example : Citroen has been making electric trucks and minivan used by the french postal service - the extremely frequent strart/stops and the rather short distances make EV way better than ICE. Even on the only NiCd battery tech available back then)
(Other random example : a few swiss mountain touristic regions have been completely closed to cars, and have been using electrical vehicles instead for several decade already).
Elon Musk didn't really start a revolution here. Actually what he managed was to take a concept and tweak it enough to make it palatable to the very peculiar north American market. Which by itself is no small feat. But nearly everyone speaking against EV is completely ignoring past successes.
You're speaking about two different types of paths :
What you mention the US having done right in1950-1980 with math education is creating computer scientist : student with a strong core knowledge in hard sciences (e.g.: maths, as you mention), that then went on in academics with computer as their main scientific domain. This is what gives you the big brains behind some of the top computing revolutions.
What the current spreading of resources on as many student as possible, over an entire generation, is trying to do is completely different. The point is not to force them to be the next computer big brains. Let them be doctory, lawyers, mucisian, artists, sportsmen or graduate of vocational schools. The point is to bring in some basic computing literacy. The idea is that now in 2017, no matter what your actual job is, being able to work with computers is becoming as important as being able to read and write. There is virtually no job where sooner or later you'll have to deal with computers.
Also another important point, that is not currently considered in the US but is very seriously considered in some European countries like France : *media eduction*. Most of said computers that every one will have to deal eventual with, are connected to the internet. From a very young age, the student will be exposed to tons of bullshit, hoaxes, fake news, conspiracy theories, etc. Theaching some critical thinking, and how to react when exposed to information coming online on the computer should also be something as basic as read and writing skills.
If that it true then there should be some hard evidence, i.e. documentation of the reason he was fired. Tesla could be in real trouble if it turns out to be true.
Not necessarily. The guy was working on assembly lines. i.e.: a physical job, that requires physical fitness.
Tesla could actually get into real trouble in the case that the guy was improperly hired and then hurt himself due to doing a physical job for which he was unfit.
If the guy did lie back when he was hired (e.g.: provided a bogus medical certificate) to hide his disability, and it happened to only be discovered now, Tesla would be in their right to fire him.
Again keep in mind that we're not speaking about a desk job, were rejecting somebody on ground of being disabled would be discrimination. We're speaking about a physical job, that requires a certain degree of physical fitness and the guys could have been lying and providing forget medical documents.
Those games were cracked in under 10 hours no less, they had a good run but CDProjekt showed how wrong the whole DRM scheme is. If you make a good game people will buy it, if you make shit people won't.
Yup I totally agree. If you've made a good game and there are tons of fan liking it, they'll line up to buy it EVEN if it is DRM-free.
A cracked game, if the game is good won't necessarily cause a big drop of sales. (Some people might decide not to pay for it, but it's going to be a small fraction of the fans. On the other hand another fraction of the fans might finally decide to buy it, now that there's a way to take their legit copies and "disinfect it" from the DRM : that might end up being my case regarding Sonic Mania and Denuvo)
If your game is shitty, it's a stupid excuse to blame it on piracy.
The standard modus operandi for most 3G/4G.enabled devices is to use the baseband modem.
With very few exceptions (OMAP-based devices used in things like the Pyra handheld, or the upcoming Librem 5 by Purism), the modem isn't a separate segregated chip, but is part of the main chipset, and sometime even work as a kind of Northbridge, and is directly in charge of sensitive part of the phone like the RAM (Hello Qualcomm, I'm pointing fingers to you).
For obvious radio frequency licensing reasons, this baseband runs proprietary closed blobs (just ask the guys at LineageOS, formely CaynogenMod, what they think of these proprietary bullshit - they can't even bring up such a basic function as the RAM using opensource code, the blobs are mandatory to do anything on these chipsets). Part of the code that is executed by the modem comes from the chipset manufacturer who owns the necessary license, part of the code are instructionx sent over the air by the cell operator (also licensed). Same "proprietary closed blobs" situation also apply on the SIM card itself.
Means that, it's very easy for a government agency that has the proper clearance and access to just remotely access whatever they need simply by sending the corresponding instruction over the air.
In the case of the iPhone, the situation is easier for China, because they are issued only with government approved SIM cards.
In the case of the Apple Watch, the situation is a bit more difficult for China than the US because they do not control the SIM card inside the watch.
Hence, I imagine they probably aren't happy about being "second class spies" compared to the US and that is I think the reason for delaying the authorisation of Apple Watch over there.
It's a little ironic that Alphabet is putting this much money into Lyft given that back in 2013 Google Venture's largest deal to date was to invest in Uber.
I really think that the whole point of this investment is to send a big "Fuck You !!!" to Uber, in the wake of their IP lawsuite.
Looks like a breaking-up couple that has reached the "throwing your stuff out of the window" and the "I'll cheat on you with the whole football / cheerleaders team" point.
The problem is that the current open source implementation, CalmAV, was bought by and is currently developed by... Cisco.
Okay, it's opensource, so at least independent researcher can go and check whether it contains any underhanded code. But still, it's not an international cooperation of several vendors.
Also, currently it's not the top performing of the pack.
On the other hand, that doesn't prevent me from using it.
I do not have nor is it even remotely likely I'll ever have a smartphone.
So "I don't have a smartphone" has become the new "I don't have a TV" thing to be proud of !~~~
Jokes aside....
They're a security nightmare, completely incapable of being secured against intrusion in even the most basic ways, due to a complete lockdown of the OS and the software loaded onto the phone. Worse, many of them have been found to be completely compromised right out of the factory.
On the other hand, there are viable alternative :
- Sailfish OS by jolla is an example of a system that is not locked down, vast parts of it are opensource (under copyleft licesne), most of the remaining not yet copylefted parts are "source available" in practice due to being written in QML + Javascript, and only a few bits are actually closed source (the alien-dalvik android compatibility layer, predictive text and microsoft exchange client). Currently they are launching a new official version for the Xperia X smartphone, in partnership with Sony's Open Devices program.
There are even ways to run android app using opensource component (currently SFDroid, with Andbox aimed by the community somewhere in the future).
That covers your problem of "The OS that came with my phone contains crap and I'm not even allowed to remove it, because I'm shut off admin access on my own hardware".
And if you are not comfortable with blobs (like the platform driver) running on your phone (nearly all current chipsets). Or even worse - the remote-blob running baseband modem working as a the chipset's northbridge and being in charge of sensitive component like RAM (like on most Qualcomm chipset) ; there are alternatives too :
- Purism has managed to finance their Librem "sort of crowdfunding" campaign and will build a smartphone based around opensource. Yup, indeed, it's an awfully old and under-powered chipset (currently prototyping with i.MX 6, with hopes to more to i.MX 8 if that one gets similar upstream vanilla kernel support). But this chipset will run 100% copyleft opensource code, and the problematic parts (like modem) will be isolated in separate chips that don't have access to any sensitive part (can't see the main system RAM, unlike Qualcomm's modems) and will be restricted to only talk over a standard protocol with the main system.
That covers you problem of "NSA can remotely turn on my phone and start spying on me". Just flip the hardware switch and disconnect the modem, the rest of your phone will continue to work as *you* intended.
I don't know how Chrome is handling video streaming, But on the Mozilla side, all video streaming are opt-in. Unless you authorize a website, it won't be able to stream video.
They also boot dramatically faster than any other Android handset on the market, in as little as 10 seconds.
And my Xperia running Sailfish X (by the former Nokia engineer who were developing Maemo/Meego before the whole Elop/Microsoft blunder happened), boots even faster, in a couple of seconds. Yay for GNU/Linux OSes ! (in this case, using systemd as a init system).
The whole "boot loader unlocked" warning that Sony displays is actually longer than the OS boot procedure.
Still quite valuable in that account access typically gives not only allows spoofing and surveillance, but also retroactive surveillance of all non-deleted communications,
Neither Mailveloppe plugin for webmails, nor any standard PGP and S/MIME enabled client (e.g.: Thunderbird (S/MIME) with Enigmail plugin (PGP) ) will ever store the clear text e-mails. E-mails are kept encrypted in all storages (remote IMAP folders on the server, local mail folder storage, HTML sent by the webmail) and only decrypted on-the-fly before displaying.
Thus it also prevents retroactive suveillance as long as the private keys are kept secret.
and the ability to revoke the legitimate user's access.
Which is not a limitation of public keys (like PGP and S/MIME) per se, but a limitation of google not using user-certs. (Unlike some enterprises or cacert.org who can require the user to log using a client certificate on their browser).
One major nitpick - "2 factor authentication" typically involves both "something you have" and "something you know", for the specific reason that stealing a "thing you have" is *far* different challenge than stealing a "thing you know". And Bob's private key, as a passive piece of information, is still firmly in the "things you know" territory. Easily stolen, especially in a time when it's pretty safe to assume that at least a couple major governments already have covert control of your computer, and quite possibly a few criminal organizations as well.
Depends on how paranoid you are.
- Private key stored (perhaps even un-encrypted) on your on-line device ? Yes, it is hackable. (And as much as a lot of OTP smartphone apps used by banks are).
- Separate "encryption laptop" ? (e.g.: see the opsec used by journalists during the Snowden files) That is going to be rather hard for the government to hack into (they'll be needing methods that work on an air-gapped laptop - e.g.: the various ultra-sound based communications - and hope that a networked device is within range of the anti-air-gap method. And they need the method to have been hacked in advance into the laptop before it was taken offline - basically they need the exploit to have been available in Tails for quite some time) Still possible, but a hell lot more complicated. At that point hiring a burglar becomes the simpler solution (or using dictatorial abuse of power, if local government can manage it).
(Note that even USB dongle device are still limited to how much their firmware is secure).
- 2 factor identification (like the suggested bluetooth and usb dongles) only solve 1 single problem : identity.
Making sure that when Alice receives an e-mail from "bob@gmail.com" it's indeed written by Bob, and not by Eve trying to steal bob's gmail credential by hacking the SMS 2 factors.
But any exchange between Alice and Bob can still be read on Google servers 100% for sure (that's how GMail's Ads work), and maybe by any goverment agency that has agreements (or plain just did an inside jobs without Google's knowledge) and eventually on any mail transmitting node (or, worse case scenario : on any internet router, if some of the mail transmitting nodes use un-encrypted traffic).
- public keys systems (like PGP implementation, and like S/MIME standard) on the other hand solve 2 problems : identity and privacy.
Identity : well, Eve could try to hack bob's Gmail credentials all she likes, she still won't have access to Bob's private key, and thus cannot sign any new e-mail with the same key. Basically, the private key stored on bob's computer acts as a second factor for establishing the authenticity of the writer. (On the other hand, if bob uses gmail's access on any other site, e.g.: as OAuth provider, or as recovery e-mail, then those sites will be toast - e.g.: because no site currently uses GPG or S/MIME encryption when clicking on "forgoten password". It's not a fault of GPG nor S/MIME, it's a fault of most other providers not using it for the password reset e-mails, and Google's fault of not supporting client certs as an additional security measure when doing OAuth).
Privacy : Without access to Alice's private key, nobody could either read the message : it stay encrypted on the whole trajectory - on Google's servers, on all relaying nodes and even on router, no matter if non encrypted protocols are used. (On the other hand, if non encrypted protocols are used, Eve could at least guess that Alice and Bob are communicating, even if she can't read the content of the encrypted e-mails. GPG S/MIME encryption only hides the content - that's their limitation. Use HTTPS or even better Tor if you want to hide traffic).
My reaction too was "Nope, not the most secure. Just slightly more secure than before, and never as secure as any random provider as long as you use PGP implementation such as GPG" (or eventually if you use S/MIME, as long as you trust enough the authority that certified the keys).
Again people, in terms of privacy and security, it's hard to beat full end-to-end encryption.
For the webmail-using crowd : Mailvelope is an extension that allows you to use openPGP in the "TextArea" field used by webmail client (e.g.: gmail's website)
It just sucks that unlike desktop clients (e.g.: Thunderbird), the built-in default smartphone e-mail clients very often don't PGP or S/MIME encryption.
Congratulations, you figured it out in 30 seconds when it otherwise took a team of 20+ engineers a considerable amount of time to come up with a working solution.
This thing is litteraly something that has been already known and even actually used in production. The company suing each other haven't invented something revolutionary and never though of.
The wireless engineer were probably paid to make incremental improvement (better protocol and signal processing) and these micro-improvement are probably patentable (in 2017 technology, you can probably achieve multi-gigabits !)
But if their sole "secret sauce" relies on "holding to things close to each other to achieve fast wireless transmission" : Sorry guys there's so much prior art on this, a lot of which is so old that their respective patent has expired by now.
In other words :
- if their technology is "by applying XyZ modern variation of CODFM on our Wireless Connector, we can finally reach 20Gbit/s !" - yes, it could be considered business intelligence. - if their technology is "we have a Wireless Connector Technology" - fuck you, the late 90s have called, they wanted their fancy car keyfob technology back.
Car keyfobs are an everyday example (and ob/. car analogy) : - There's a mechanical connector that grabs and holds firmly the key fob/card on the dashboard's receptacle. (e.g.: Volvo, Mercedes Benz, Saab, Renault, etc.) - There are no electrical contact at all. All transmission happens over wireless (most) or by infrared (some older Mercedes), charging/powering is done wireless by induction (most).
It's literally a wireless connector.
This has the benefit of making a perfect alignment between the fob/card and receptacle and thus insuring perfect alignment of the wireless inductor and antennas, which guarantees best possible data transmission and power efficiency.
Similar problems have been solved by Palm's Touchstone to optimize wirless charging of Palm/HP's Pre smartphone by aligning them magnetically. (And by unreleased HP Touchstone by aligning the NFC antenna too).
Similar problem ARE NOT currently solved by Qi, which relies to be just vaguely in the correct position but is a lot inefficient as a consequence.
Making a Tesla autonomous is not going to require something in the range of 10 times as much computing power than what 'auto pilot' currently needs.
Depends on whether this additionnal processing capability will be fighting against diminishing returns.
Might by that the last 10% of processing capability to get it right require 90% more computations.
On the other hand, the processes used (deep-neural nets, etc) tend to be extremely friendly to parallel processing (they love multicore, GPUs, etc.) and to specific ASICs (think GPUs or even Google's TPU). They aren't as much reliant on huge technological progress (you don't necessarily need a single chip clocked at 50Ghz and built with a 0.1 nm process).
So even if today's prototype consume as much as a small beowulf cluster of linux nodes in the trunk, chances are by the time the thing goes into production, it could be handled by much reasonnably power-hungry hardware.
(Also, none of the current fleets of autonomous car deployed in production is suffering due to power budget.)
The Long Earth series, collaboration between Setphen Baxter tand he late Terry Pratchett (expanding the idea Pratchett played with in this "high mega" short story), speculate exactly around this idea.
There are US projects testing controlled demolition of Yellowstone done in one of the alternate earths. (And Chinese project similarly playing with Nukes and Himalaya)
By an ironic twist of fate, the Yellowstone on the original Earth completly blows up in the meantine and plunges the original Earth in a ice age, forcing the civilisation to massively emigrates to alternative earths (and marses).
Slashdot Mirror
This is more similar to something like SELinux and AppArmor.
e.g.: some attachments that you clicked on in your e-mail client, even if run as your credentials, should NOT have a valid reason to write anywhere on your folders (and attachements should not be run to begin with).
e.g.: any sub-process launched by the browser should only exclusively have the rights to write into the cache and download folder, and not anything else, even if they still inherit your session (even if the sub processes aren't changing their user id to "nobody").
The file permissions on Windows filesystems are far more granular and not just based on an xxx field of bitmaps like on vintage OSes like Unix.
Non-vintage Unix don't rely exclusively on xxx field bitmap neither.
Modern unix filesystems do support ACL for more complex access control.
Modern features like SELinux and AppArmor also help having application-level control.
What I would like to see for the defanging of ransomware is a way to permanently disable filesystem encryption unless it is re-enabled by a very-restricted-access tool
And how would that prevent a ransomware from implementing its own encryption ? .ZIP file ?)
(e.g.: moving all data it can manage to get access to into a huge password-encrypted
The flip side is that if any one of the exit points are monitored by an entity, and your browser traffic can be fingerprinted, they now have you on the radar, and can obtain data matching your fingerprint to a person from sites that collect the data (like online payment sites and banks, and ad aggregators that are partners with shopping sites).
This is explicitly addressed by TOR :
- TOR itself constantly changes routes. An entity that doesn't control all or a very large fraction of all exit nodes will only see occasional glimpses of out traffic.
- You are definitely not alone on TOR, some people simply use it for general anonymity or just for shit and giggles, meaning that your traffic will by mixed with traffic of lots of other people, even on the same exit-node
- TOR is a high latency network (multiple jump point)
- All of the above simultaneously make very hard to correlate input and output traffic.
Which is one way to diminish risks of de-anonymisation.
TOR also provides package with a Tor Browser, which is a special built of Firefox consigured to be as un-noticeable as possible (its fingerprints match an excessively large amount of other browsers), and includes additional measures to block other risk (Flash is blocked and thus a flash App could not be used to de-anonymise).
Means that any information that an entity could collect during the short glimpses on one of its controlled exit node will perfectly match hundreds of thousands of other browsers. (You can't rely on a trick like "which of your users have a browser that has the late 90s font Quake.TTF installed ? Which of these browser has Raetho-Romansh as a listed requested language ?", etc.)
This makes it horribly difficult to use fingerprints to match an user.
Again, If you're not hunted by the NSA, the FSB or the Mossad, chances are you won't be found on TOR.
Last and third peculiarity : .onion addresses.
Some server are entirely on the TOR network and do not require any exit-node to be accessed.
The Piratebay is a known example with http://uj3wazyk5u4hnvtk.onion/
Another one is DuckDuckGo with http://3g2upl4pq6kufc4m.onion/
Traffic to these addresses will NEVER leave the TOR network and cannot be witnessed by adversary-controlled exit-nodes. .onion address will be unblockable.
As such, that's yet a third way de-anonymising is prevented.
Also, these addresses will prevent DNS-based access blocks. (They do not even point to an IP address, DNS are useless). So no matter how often someone tries to block Pirate Bay at the ISP level, the
It might be a good point to also introduce the notions of onion routing.
Comparing TOR to VPN :
If VPN is a cable that runs to your home, TOR is a tangled mess of wires that runs to all your neighborhood, including your friends, but also including that new weird guy that moved recently. And one of your friend has trips the main fuse or put his house on fire every other week. And also that trigger happy redneck neighbor.
Whereas VPN creates a single jump point through which you route all traffic,
TOR uses multiple successive jump points each can one out of a very long list to blurry the leads.
This has several consequence :
- it's a bit better than VPN at hiding your activity from 3rd parties, because there's no single entity that has a complete overview over all your traffic. Everyone only sees small bits of your traffic mixed with small bits of every one else on TOR.
To keep the "cable" metaphore, it would take the police to post one officer in each of your neighborhood's house (including to the redneck that will proudly shoot anyone step un-invited on his home ground) to monitor as many exit points as possible, and another officer at the McDonalds trying to notice when traffic goes out to try to correlate with the observations spread over all the potential exit points.
In real world, trying to de-anonymize TOR is a task that can only be attempted by government-level entities.
- due to the multiple end-point vs a single known VPN vendor with a nice data center, the traffic tend to be a bit unreliable and bandwidth is erratic. (The friend that is basically as walking destruction of his home won't be a good exit point).
- it's difficult for random people to run exit nodes without special agreement with service providers : you never know what will come out of your end-point. (The weird neighbor might be into midget porn, or worse).
- people tend to look suspiciously to TOR and automatically assume it's for nefarious purpose. (You could be accused to be a drug dealer, just because of the tangled wires). In practice that means that content distribution networks such as cloudflare will always ask you to solve captcha before proceeding further.
Again, I think you didn't follow my point above.
That's two entirely different phenomenons.
Trying to put expensive computers in front on generations of very average students.
Did the UK become a computing exporting super power?
The average students who wanted "computers" enjoyed using and supporting brands like Apple, Intel, Microsoft, Cyrix and the later more powerful console games.
Putting computers in front of a generation of students won't suddenly make a country a "computing exporting super power".
On the other hand, putting computers in front of a generation of students will make them more comfortable to *use* computers.
To take your preceding post's example : if one of those student decides to become a musician, he's more likely to use software to do their edits in a garage band as opposed to needing to go to a more professional studio, more likely to leverage online platforms and apps for distribution rather needing to sign with a label, etc.
That student won't be designing the Apple laptop, the Cubase software, the Spotify ecosystem. But he'll be more likely to leverage them in his artistic career.
All that effort and educational funding, projections of UK production lines exporting to the world resulted in US imports. US products and service and hardware from very low cost nations.
...which is a completely different problem.
You raised a generation of average student who know that computer are useful.
That the UK wasn't able to provide them with what hardware/software they needed is due to the *other* career, the "Computer Scientist" career.
(And by the way, it is false. UK did produce computer-careers in the late 80s and 90s, as can be attested by small software companies and a few not-small-at-all and rather successful companies : game companies such as Bitmap Brothers, Psygnosis, Bullfrog, etc.
But again those have nothing to do with "put a computer in front of every one" policies)
Computing literacy now needs math.
"Computer literacy" and "maths" are two different things, and that's the whole point I'm trying to make.
To take a book metaphor :
- You're confusing all the engineers and artisans that developed and built presses since the original by Gutemberg, with the need for the general population to be able to read and write.
They help each other (a population that can read and write makes a public to target with printed media. And easier access to printed media makes it much simpler to have material on which to learn to read and write, as opposed to back when it needed to be painstakingly manually copied by monks), but they are two distinct things.
Or to make a much-loved by /. *car* analogy :
- You're confusing "holding a drivers' license" and "building the actual car".
General population needs to be able to drive in order to be part of a mobile society (though it's a lot less important on our side of the Atlantic pond with big cities and good public transportation, as opposed to the widely spread structure that the US is seeing. But still, being mobile in the modern world helps. Even if you don't own the car but use a shared car).
And engineers and other scientists, and designers, and manufacturing jobs are important to produce the cars.
Your rant would be like complaining that generations of average people having easy access to a drivers' license (even if yours happens to be on the wrong side of the road :-D ) didn't make Bentley, Rolls-Royce, Mini, Asron-Martin, Jaguar, the world dominant exporters, and only increased the import of current car-king nations (US, DE, etc.)
Nope, it's two things.
Same here: putting kids in front of a computer is one thing (general computer litteracy)
spending resource to train an elite of scientists is another (computer scientist careers).
The later will build the computer and the software that the former will use in t
Also, making an electric car that people actually want to buy? Just a few years ago almost all engineers in the automobile industry (including, and especially those with well over 35 years of experience) would have told you that was impossible too.
And those engineers would have been fools themselves for completely ignoring all the other companie who have been successful at building electric vehicles, some of them for 35 years or more too.
(Random example : Citroen has been making electric trucks and minivan used by the french postal service - the extremely frequent strart/stops and the rather short distances make EV way better than ICE. Even on the only NiCd battery tech available back then)
(Other random example : a few swiss mountain touristic regions have been completely closed to cars, and have been using electrical vehicles instead for several decade already).
Elon Musk didn't really start a revolution here. Actually what he managed was to take a concept and tweak it enough to make it palatable to the very peculiar north American market. Which by itself is no small feat.
But nearly everyone speaking against EV is completely ignoring past successes.
You're speaking about two different types of paths :
What you mention the US having done right in1950-1980 with math education is creating computer scientist :
student with a strong core knowledge in hard sciences (e.g.: maths, as you mention), that then went on in academics with computer as their main scientific domain.
This is what gives you the big brains behind some of the top computing revolutions.
What the current spreading of resources on as many student as possible, over an entire generation, is trying to do is completely different. The point is not to force them to be the next computer big brains. Let them be doctory, lawyers, mucisian, artists, sportsmen or graduate of vocational schools.
The point is to bring in some basic computing literacy. The idea is that now in 2017, no matter what your actual job is, being able to work with computers is becoming as important as being able to read and write. There is virtually no job where sooner or later you'll have to deal with computers.
Also another important point, that is not currently considered in the US but is very seriously considered in some European countries like France : *media eduction*. Most of said computers that every one will have to deal eventual with, are connected to the internet. From a very young age, the student will be exposed to tons of bullshit, hoaxes, fake news, conspiracy theories, etc. Theaching some critical thinking, and how to react when exposed to information coming online on the computer should also be something as basic as read and writing skills.
If that it true then there should be some hard evidence, i.e. documentation of the reason he was fired. Tesla could be in real trouble if it turns out to be true.
Not necessarily. The guy was working on assembly lines.
i.e.: a physical job, that requires physical fitness.
Tesla could actually get into real trouble in the case that the guy was improperly hired and then hurt himself due to doing a physical job for which he was unfit.
If the guy did lie back when he was hired (e.g.: provided a bogus medical certificate) to hide his disability, and it happened to only be discovered now, Tesla would be in their right to fire him.
Again keep in mind that we're not speaking about a desk job, were rejecting somebody on ground of being disabled would be discrimination.
We're speaking about a physical job, that requires a certain degree of physical fitness and the guys could have been lying and providing forget medical documents.
Those games were cracked in under 10 hours no less, they had a good run but CDProjekt showed how wrong the whole DRM scheme is. If you make a good game people will buy it, if you make shit people won't.
Yup I totally agree.
If you've made a good game and there are tons of fan liking it, they'll line up to buy it EVEN if it is DRM-free.
A cracked game, if the game is good won't necessarily cause a big drop of sales.
(Some people might decide not to pay for it, but it's going to be a small fraction of the fans. On the other hand another fraction of the fans might finally decide to buy it, now that there's a way to take their legit copies and "disinfect it" from the DRM : that might end up being my case regarding Sonic Mania and Denuvo)
If your game is shitty, it's a stupid excuse to blame it on piracy.
The standard modus operandi for most 3G/4G.enabled devices is to use the baseband modem.
With very few exceptions (OMAP-based devices used in things like the Pyra handheld, or the upcoming Librem 5 by Purism), the modem isn't a separate segregated chip, but is part of the main chipset, and sometime even work as a kind of Northbridge, and is directly in charge of sensitive part of the phone like the RAM (Hello Qualcomm, I'm pointing fingers to you).
For obvious radio frequency licensing reasons, this baseband runs proprietary closed blobs (just ask the guys at LineageOS, formely CaynogenMod, what they think of these proprietary bullshit - they can't even bring up such a basic function as the RAM using opensource code, the blobs are mandatory to do anything on these chipsets). Part of the code that is executed by the modem comes from the chipset manufacturer who owns the necessary license, part of the code are instructionx sent over the air by the cell operator (also licensed). Same "proprietary closed blobs" situation also apply on the SIM card itself.
Means that, it's very easy for a government agency that has the proper clearance and access to just remotely access whatever they need simply by sending the corresponding instruction over the air.
In the case of the iPhone, the situation is easier for China, because they are issued only with government approved SIM cards.
In the case of the Apple Watch, the situation is a bit more difficult for China than the US because they do not control the SIM card inside the watch.
Hence, I imagine they probably aren't happy about being "second class spies" compared to the US and that is I think the reason for delaying the authorisation of Apple Watch over there.
It's a little ironic that Alphabet is putting this much money into Lyft given that back in 2013 Google Venture's largest deal to date was to invest in Uber.
I really think that the whole point of this investment is to send a big "Fuck You !!!" to Uber, in the wake of their IP lawsuite.
Looks like a breaking-up couple that has reached the "throwing your stuff out of the window" and the "I'll cheat on you with the whole football / cheerleaders team" point.
Lyft is the football / cheerleaders team.
The problem is that the current open source implementation,
CalmAV,
was bought by and is currently developed by... Cisco.
Okay, it's opensource, so at least independent researcher can go and check whether it contains any underhanded code.
But still, it's not an international cooperation of several vendors.
Also, currently it's not the top performing of the pack.
On the other hand, that doesn't prevent me from using it.
I do not have nor is it even remotely likely I'll ever have a smartphone.
So "I don't have a smartphone" has become the new "I don't have a TV" thing to be proud of !~~~
Jokes aside....
They're a security nightmare, completely incapable of being secured against intrusion in even the most basic ways, due to a complete lockdown of the OS and the software loaded onto the phone. Worse, many of them have been found to be completely compromised right out of the factory.
On the other hand, there are viable alternative :
- Sailfish OS by jolla is an example of a system that is not locked down, vast parts of it are opensource (under copyleft licesne), most of the remaining not yet copylefted parts are "source available" in practice due to being written in QML + Javascript, and only a few bits are actually closed source (the alien-dalvik android compatibility layer, predictive text and microsoft exchange client).
Currently they are launching a new official version for the Xperia X smartphone, in partnership with Sony's Open Devices program.
There are even ways to run android app using opensource component (currently SFDroid, with Andbox aimed by the community somewhere in the future).
That covers your problem of "The OS that came with my phone contains crap and I'm not even allowed to remove it, because I'm shut off admin access on my own hardware".
And if you are not comfortable with blobs (like the platform driver) running on your phone (nearly all current chipsets). Or even worse - the remote-blob running baseband modem working as a the chipset's northbridge and being in charge of sensitive component like RAM (like on most Qualcomm chipset) ; there are alternatives too :
- Purism has managed to finance their Librem "sort of crowdfunding" campaign and will build a smartphone based around opensource.
Yup, indeed, it's an awfully old and under-powered chipset (currently prototyping with i.MX 6, with hopes to more to i.MX 8 if that one gets similar upstream vanilla kernel support). But this chipset will run 100% copyleft opensource code, and the problematic parts (like modem) will be isolated in separate chips that don't have access to any sensitive part (can't see the main system RAM, unlike Qualcomm's modems) and will be restricted to only talk over a standard protocol with the main system.
That covers you problem of "NSA can remotely turn on my phone and start spying on me". Just flip the hardware switch and disconnect the modem, the rest of your phone will continue to work as *you* intended.
I don't know how Chrome is handling video streaming,
But on the Mozilla side, all video streaming are opt-in.
Unless you authorize a website, it won't be able to stream video.
Yup, I agree that we should try to move to large-scale encryption (no matter the form).
They also boot dramatically faster than any other Android handset on the market, in as little as 10 seconds.
And my Xperia running Sailfish X (by the former Nokia engineer who were developing Maemo/Meego before the whole Elop/Microsoft blunder happened), boots even faster, in a couple of seconds.
Yay for GNU/Linux OSes ! (in this case, using systemd as a init system).
The whole "boot loader unlocked" warning that Sony displays is actually longer than the OS boot procedure.
Still quite valuable in that account access typically gives not only allows spoofing and surveillance, but also retroactive surveillance of all non-deleted communications,
Neither Mailveloppe plugin for webmails, nor any standard PGP and S/MIME enabled client (e.g.: Thunderbird (S/MIME) with Enigmail plugin (PGP) ) will ever store the clear text e-mails.
E-mails are kept encrypted in all storages (remote IMAP folders on the server, local mail folder storage, HTML sent by the webmail) and only decrypted on-the-fly before displaying.
Thus it also prevents retroactive suveillance as long as the private keys are kept secret.
and the ability to revoke the legitimate user's access.
Which is not a limitation of public keys (like PGP and S/MIME) per se, but a limitation of google not using user-certs.
(Unlike some enterprises or cacert.org who can require the user to log using a client certificate on their browser).
One major nitpick - "2 factor authentication" typically involves both "something you have" and "something you know", for the specific reason that stealing a "thing you have" is *far* different challenge than stealing a "thing you know". And Bob's private key, as a passive piece of information, is still firmly in the "things you know" territory. Easily stolen, especially in a time when it's pretty safe to assume that at least a couple major governments already have covert control of your computer, and quite possibly a few criminal organizations as well.
Depends on how paranoid you are.
- Private key stored (perhaps even un-encrypted) on your on-line device ?
Yes, it is hackable. (And as much as a lot of OTP smartphone apps used by banks are).
- Separate "encryption laptop" ? (e.g.: see the opsec used by journalists during the Snowden files)
That is going to be rather hard for the government to hack into (they'll be needing methods that work on an air-gapped laptop - e.g.: the various ultra-sound based communications - and hope that a networked device is within range of the anti-air-gap method. And they need the method to have been hacked in advance into the laptop before it was taken offline - basically they need the exploit to have been available in Tails for quite some time)
Still possible, but a hell lot more complicated. At that point hiring a burglar becomes the simpler solution (or using dictatorial abuse of power, if local government can manage it).
(Note that even USB dongle device are still limited to how much their firmware is secure).
To elaborate more :
- 2 factor identification (like the suggested bluetooth and usb dongles) only solve 1 single problem : identity.
Making sure that when Alice receives an e-mail from "bob@gmail.com" it's indeed written by Bob, and not by Eve trying to steal bob's gmail credential by hacking the SMS 2 factors.
But any exchange between Alice and Bob can still be read on Google servers 100% for sure (that's how GMail's Ads work), and maybe by any goverment agency that has agreements (or plain just did an inside jobs without Google's knowledge) and eventually on any mail transmitting node (or, worse case scenario : on any internet router, if some of the mail transmitting nodes use un-encrypted traffic).
- public keys systems (like PGP implementation, and like S/MIME standard) on the other hand solve 2 problems : identity and privacy.
Identity : well, Eve could try to hack bob's Gmail credentials all she likes, she still won't have access to Bob's private key, and thus cannot sign any new e-mail with the same key.
Basically, the private key stored on bob's computer acts as a second factor for establishing the authenticity of the writer.
(On the other hand, if bob uses gmail's access on any other site, e.g.: as OAuth provider, or as recovery e-mail, then those sites will be toast - e.g.: because no site currently uses GPG or S/MIME encryption when clicking on "forgoten password".
It's not a fault of GPG nor S/MIME, it's a fault of most other providers not using it for the password reset e-mails, and Google's fault of not supporting client certs as an additional security measure when doing OAuth).
Privacy :
Without access to Alice's private key, nobody could either read the message : it stay encrypted on the whole trajectory - on Google's servers, on all relaying nodes and even on router, no matter if non encrypted protocols are used.
(On the other hand, if non encrypted protocols are used, Eve could at least guess that Alice and Bob are communicating, even if she can't read the content of the encrypted e-mails. GPG S/MIME encryption only hides the content - that's their limitation. Use HTTPS or even better Tor if you want to hide traffic).
Yup, indeed.
My reaction too was "Nope, not the most secure. Just slightly more secure than before, and never as secure as any random provider as long as you use PGP implementation such as GPG" (or eventually if you use S/MIME, as long as you trust enough the authority that certified the keys).
Again people, in terms of privacy and security, it's hard to beat full end-to-end encryption.
For the webmail-using crowd : Mailvelope is an extension that allows you to use openPGP in the "TextArea" field used by webmail client (e.g.: gmail's website)
It just sucks that unlike desktop clients (e.g.: Thunderbird), the built-in default smartphone e-mail clients very often don't PGP or S/MIME encryption.
Congratulations, you figured it out in 30 seconds when it otherwise took a team of 20+ engineers a considerable amount of time to come up with a working solution.
He didn't even need to *figure out*.
Using mechanical coupling to increase wireless charging power efficiency or better data transmission has been used for ages in car's keyfob and some (non-QI) smartphone charging docks or toothbrush wireless charging cables (yep, it's a cable but it charges wirelessly. Because fuck everything).
This thing is litteraly something that has been already known and even actually used in production.
The company suing each other haven't invented something revolutionary and never though of.
The wireless engineer were probably paid to make incremental improvement (better protocol and signal processing) and these micro-improvement are probably patentable (in 2017 technology, you can probably achieve multi-gigabits !)
But if their sole "secret sauce" relies on "holding to things close to each other to achieve fast wireless transmission" : Sorry guys there's so much prior art on this, a lot of which is so old that their respective patent has expired by now.
In other words :
- if their technology is "by applying XyZ modern variation of CODFM on our Wireless Connector, we can finally reach 20Gbit/s !" - yes, it could be considered business intelligence.
- if their technology is "we have a Wireless Connector Technology" - fuck you, the late 90s have called, they wanted their fancy car keyfob technology back.
Tooth brushes use literally wireless charging cables (e.g.: BRaun's Oral B)
There's a *cable* bringing power to within a receptacle in the tooth brush.
Inside the receptacle, the power transmission doesn't use any contact, only *wireless* charging.
As I've mentioned in my car analogy, this has the benefit of aligning everything and insurance best possible power transmission efficiency.
Actually that really exists in the real world.
Car keyfobs are an everyday example (and ob /. car analogy) :
- There's a mechanical connector that grabs and holds firmly the key fob/card on the dashboard's receptacle.
(e.g.: Volvo, Mercedes Benz, Saab, Renault, etc.)
- There are no electrical contact at all. All transmission happens over wireless (most) or by infrared (some older Mercedes), charging/powering is done wireless by induction (most).
It's literally a wireless connector.
This has the benefit of making a perfect alignment between the fob/card and receptacle and thus insuring perfect alignment of the wireless inductor and antennas, which guarantees best possible data transmission and power efficiency.
Similar problems have been solved by Palm's Touchstone to optimize wirless charging of Palm/HP's Pre smartphone by aligning them magnetically.
(And by unreleased HP Touchstone by aligning the NFC antenna too).
Similar problem ARE NOT currently solved by Qi, which relies to be just vaguely in the correct position but is a lot inefficient as a consequence.
Making a Tesla autonomous is not going to require something in the range of 10 times as much computing power than what 'auto pilot' currently needs.
Depends on whether this additionnal processing capability will be fighting against diminishing returns.
Might by that the last 10% of processing capability to get it right require 90% more computations.
On the other hand, the processes used (deep-neural nets, etc) tend to be extremely friendly to parallel processing (they love multicore, GPUs, etc.) and to specific ASICs (think GPUs or even Google's TPU). They aren't as much reliant on huge technological progress (you don't necessarily need a single chip clocked at 50Ghz and built with a 0.1 nm process).
So even if today's prototype consume as much as a small beowulf cluster of linux nodes in the trunk, chances are by the time the thing goes into production, it could be handled by much reasonnably power-hungry hardware.
(Also, none of the current fleets of autonomous car deployed in production is suffering due to power budget.)
Well, technically, THAT is clean coal.
As in : this is a technology designed to clean the air, and at the end it produce stone out of the captured CO2 - i.e.: (sort-of) coal (-ish).
The Long Earth series, collaboration between Setphen Baxter tand he late Terry Pratchett (expanding the idea Pratchett played with in this "high mega" short story), speculate exactly around this idea.
There are US projects testing controlled demolition of Yellowstone done in one of the alternate earths.
(And Chinese project similarly playing with Nukes and Himalaya)
By an ironic twist of fate, the Yellowstone on the original Earth completly blows up in the meantine and plunges the original Earth in a ice age, forcing the civilisation to massively emigrates to alternative earths (and marses).