The intent of second amendment was never to give citizens the power to overthrow the legitimate government.
I don't believe that is entirely clear.
"it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness."... "... it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security."... seems there are some strong indications that they would want the citizens to be able to do so if needed.
If that's true then how exactly will the scanners we're talking about ever do anything useful to deter or recover after vehicle theft?
Not that I'm defending it, but it'd be a simple matter of checking all plates against the registry, which would only be feasible on the backend: 1. collect all plates seen 2. run each to see if it's listed as stolen (naive check for stolen plate found). If found, do manual review of the car, and possibly dispatch. 3. run each to see if it's registered. If not, then do manual review, etc. If yes, then attempt other checks (does the vehicle match description (color, type (truck/car/bike/etc), make/model if possible, etc), and flag for manual review if it does not appear to match with some level of certainty.
Having the stored history of plates found may also allow them to look back a little in cases where the vehicle was reported stolen some time after it was actually stolen (possible days or weeks... like if someone goes on vacation).
I do think it's a realization of the slippery slope that was assuredly feared when registration was first mandated, and could open the door to other uses/abuses. That said, I'm really torn on this one. The best reasons I can come up with for not wanting automated plate logging is if someone was trying to get away with something like dumping a body, or sneaking off to another city to do something bad (robbery, murder, etc). Even if it were more of a civil matter (cheating on ones partner), it's still not a good reason to not want tracking. The examples from the summary are, however, pretty good - one should have some level of privacy regarding their meeting places for religion, AA, strip clubs, gay bars, etc... but those things aren't illegal, and I doubt this data will be used for that purpose (unless it's leaked, which should be a major concern).
There is no reason they couldn't remain distinct and sortable by various means (by datetime, by thread, by source, etc) and any combo of those. One huge benefit... if I happen upon some article today, I have no idea if its been on slashdot (or any other place). If I could comment right on that page through slashdot (or my system of choice), that'd bring those worlds together - maybe even getting rid of slashdot dupes! This system is almost in place already - most pages have a stupid tweet and facebook link, but the comment and moderation system in those places, IMO, sucks.
Then you may not want to read this article on Wired, "10 Guns, Bombs, and Weapons You Can Build at the Airport": http://www.wired.com/2013/12/t... Let alone the myriad of books that have been published on exactly the topic you describe, and loads and loads of "fiction" in movies, tv, books, etc following the same. You must really hate Dexter.
I also have a huge issue with Beerdood's statement that, "Maybe it's time to re-think your principles and realize that "information" that supports or promotes illegal activity should be taken down, regardless of how severe the crime is". Fuck that.
Laws change, and that change often comes through education of others. Promoting women's suffrage in the 1800's should not be illegal. Documenting how a Jewish person might escape Germany in 1945 should not be illegal. I'm not surprised that those in power want it to be illegal to simply document how to do something that might have an impact on their bottom line and may violate copyright laws in some (ok, most) jurisdictions, but we should not consider that acceptable. One may argue otherwise, but I feel this would fall directly under Amendment I of the US Bill of Rights (and yes, I realize this is not taking place in the US, but these are an enumeration of what many believe to be unalienable rights).
They're not forcing anyone to read those pages; They're not distributing copyrighted works, or even links to copyrighted works; The wrong parties are being sought out there - those that are violating the copyrights should be the targets. The problem with that is that Beerdood would likely be charged, just as would most of the RIAA, MPAA, the lawyers, and most of society as well.
300 x 15 min = over 75 man-hours lost per day. That's nearly two weeks, each day. The same productivity loss as firing ten people.
I mean, dude, do you even math?
They've been doing this for 4 years. 4 years is about 250 working days (52 weeks in year - 2 weeks vacation * 5 days a week). 250 x 75hr a day = 18750 hours = 468 weeks of work, all down the toilet since they're moving back.
With that amount of time invested into the move already, they should have virtually all issues worked out. If not, they're doing something wrong.
* by "virtually", I mean enough to put it on par with what it'd be like operating any other office suite, which will also run into compatibility, formatting, training, etc issues.
Blows my mind that they are fairly blatantly admitting that proprietary formats caused great difficulties in freeing up their data to use as they like, and yet their making the decision to move back to that. Lucky for them, moving from open formats back to.docx should go very smoothly.
The excuses used by the daily dot for disabling comments include (paraphrased): * very few people were using what they had * they were spending non-insignificant amounts of time moderating what they had * they are interacting with their users via 3rd party commenting systems (reddit, tumblr, facebook, twitter, etc) * someday, they may bring it back via facebook integration
So, as far as I can tell, it has almost nothing to do with getting rid of a commenting system, but that spreading themselves too thin working on comments on 3rd party sites. I don't know why the fuck they'd do that if they want their own site to succeed.
Personally, I look forward to a day where the 3rd party comments on articles (such as these here) can be interlaced with all/most other 3rd party comments. For example, comments on dailydot would include facebook comments on the article, tweets, slashdot posts, reddit comments, etc. They'd need some intelligent filters (ex. only show slashdot comments; show ones moderated to various levels; ignore anonymous; etc), but it'd allow the interaction to occur where the content lives, and their "moderators" to work in one place.
I'm a bit shocked that all the replies here latched on to the "I don't mind ads" part, and mostly ignored the rest of the comment - how to block autoplay, audio, and video.
Flash is an open invitation for dozens of sites you aren't even visiting to allow dozens of their affiliates run arbitrary code on your machine.
Whatever.... so is HTML+Javascript. However, the big difference is that you can easily block ALL flash from loading, and selectively load flash elements so that the main content is run (ex. a video or music player), and the ads don't run. AFAICT, that's not so simple under HTML5 (the browser option to disable autoplay disables the autoplay tag, but that doesn't mean the page won't be able to rewrite parts of the page, trigger actions, and make things play... and what keeps them from loading at all besides ad blockers and similar tools?)
I think we'll get there, but there's a lot to re-invent. On the side of those using flash, there may be significant rewrites needed, and there's no simple way to do it. It's a big re-tooling (for anyone actually using it; and fwiw, I do not use it). Major sites like Facebook and Youtube are still not getting it right, and that's just for the relatively simple act of streaming some video.
Right now, cars are pretty much like every other consumer device.. the companies want to make them all shiny and digital, but they don't know (or don't care) how to make them secure.... Pretty much any car with a system like OnStar is going to be remotely accessible even if you don't use it, and the car companies have admitted this.
IMO, the features are (almost) incompatible with the goal of security. Build in a backdoor that lets a remote party do stuff, and other remote parties will be MUCH more likely to be able to do stuff. Build in a "feature" that allows something to plug into a port and control things in real time, and someone will be able to do just that (and add a bridge to the outside world, ala the Corvette hack).
I don't count the things that require physical access to the port to be of much concern. However, bridging in via the entertainment system's remote access - that's just really really bad design from the get go. The key fob locks... I wish those never became popular - ditto to keyless start... I wish one could easily opt out of those.
So if you have a a Chip+PIN card, and the store has a magstripe reader, even though their bank supports EMV, any fraud goes to the merchant. If instead the bank doesn't support EMV, then the bank pays out.... And to be honest, we've had EMV so long in Canada, I forget about signing the slip on those exceedingly rare times they only have a magstripe reader.
Except that, in the US, they'll be doing chip+signature, not chip+pin. They plan to eventually migrate to chip+pin once EMV is widely adopted (years from now).
And for US folks with a chip+signature card, those still won't work in EU kiosks, since those strictly require chip+pin. IMO, it's a pretty stupid baby-step.
... this phone thing doesn't really anything except for maybe being easier to find in a purse than the wallet that has the credit card in it.
As I've commented before, I think the marketing for NFC (and pay systems like these) was completely botched. It's not about convenience (or shouldn't be), but should be about security: http://slashdot.org/comments.p...
I can get to my credit card in my wallet that is ALWAYS in my pocket, and always in the same pocket, and the card always in the same slot in my wallet, WAAAY faster than I can get my phone out, unlock, do pay thing, lock, put it away (and I don't always carry my phone). Even in extreme cases, like going to the beach or skydiving, I'll have my credit card with me (even in the water), but will probably leave my phone somewhere (back in the room; in the car; at home; etc).
However, the security measures in place for these payment systems are far better than magstripe. That said, I'd rather just go chip-and-pin in the card, and I'm pissed that the US is going chip-and-signature (WTF does the signature add?).
... some additional info to save others the trouble: * BQ is selling them for €199.90 and €169.90 respectively (E5 HD, E4.5) * Engadget apparently converted that wrong. That is currently $223.82 and $189.21 respectively. * http://store.bq.com/gl/ * ebay seems to have these at around $300 - $400 right now
This (and more) is the kind of information I fully expect to find in the article. I realize no one reads the articles, but I made the mistake of reading this one. The summary is just a (rather well done) paraphrasing of the entire article, which weighs in at 275 words (vs 87 for the summary), and it includes zero additional information; not even a link to a full article elsewhere!
Thank you PhotoJim for the info. Personally, I'd appreciate it if there was a clear statement by the manufacturer, or the carriers themselves, and would like to have it detail exactly what limitations there are. I think I'd be ok with 3g. Otherwise, I think I'll just hope to find them on ebay to pick one up for wifi-only use.
GP said, "external raided enclosures get rather pricey", which you've proven. That Pegasus2 (promise) 4 bay, 4tb, raid array weighs in at $1,199.00. That thing actually has 4x 2tb drives, so I suspect it could be configured in RAID5 for ~6tb of usable space, but that's still over a grand for that.
Or go a bit more pro level but get it used. For example, a Dell MD1000 for $199 with 15 SAS/SATA bays: http://www.ebay.com/itm/Dell-P...... throw in a bunch of 3tb WD Red's at about $120 each, and come out far below the price of that promise stuff.
AC or not, that sure seems like it's very likely to be a photo of you. The page it's hosted on has a profile of you that is a damn good match: http://www.monorails.org/tmspa... I'd be surprised if they posted a photo of someone else, but who knows.
kinda weird... if you do a google search by image, using that image, one of the 23 results is Dwight from the office: with his police drawing of himself: https://pbs.twimg.com/media/CE...
Do you honestly think that he or his parents made a big deal about the race of the donor?
From the second link:
And, of course, the hands had to fit. Based on Zion’s needs, doctors estimated that only about 15 donors per year might meet his age, gender, skin color, and size needs.
While I don't like the tone of "honkey hands" or much of anything about that poster, apparently they did take that into account when waiting for an appropriate donor. They also evaluated him for 18 months before concluding they would go forward with this, so they apparently took whatever time was needed. I suspect (but have no idea) that there are fewer risks if the gender and race match, much as I would imagine that a matching blood type would be beneficial. On size, they allowed for +/- 20% of what they considered to be ideal.
They get no benefit from enabling or pushing a migration to Linux unless they can steal customers from nVidia/Intel that way, which seems highly unlikely.
I get the sentiment of this, but there are several scenarios where pushing people to Linux (and getting existing Linux users) would benefit them. First that comes to my mind is that users that build systems from scratch at home overlap quite a bit with Linux users, and most of those users go for best bang for the buck, which has traditionally been AMD. You can also get more enterprise-level features from AMD in consumer level cpus (ex. ECC memory support; ex. latest features (sata, usb3, etc) come to AMD motherboards first - at least traditionally). Take into account the cpu distribution in dell/hp/etc systems, which is almost all intel, and I think it makes sense to make sure their market share where they are strongest stays strong. As you implied though, there's plenty of reason to focus on the wintel market at all costs.
There really aren't any NFC capable stores anywhere, and the only one I know of requires you to show a physical ID, which defeats the purpose, as it's less hassle using a card.
IMO, the marketing for NFC was completely botched. There are so many people that keep hearing "convenience" being associated with it, and anyone with half a brain can tell that is bullshit. I have to get my phone out, unlock it (hopefully nfc doesn't bypass that), possibly enable nfc (it chews battery and is a possible security risk to keep on 100% of the time), swipe it, probably click something on my phone then, then lock my phone again and put it back. Versus a magswipe credit card, where I take it out (possible out of the card slot in my phone wallet, or out of my wallet, or just out of my pocket), swipe, sign, put it away. The magswipe is also lighter, replaceable, and very cheap.
IE. the NFC conversation should avoid the "convenience" topic, not make it the focus (unless they're trying to kill it).
NFC has some very very very strong benefits over magstripe. Some implementations are better than others, and there are some trade offs (ex. apple pay versus the way google wallet did it versus chip-and-pin versus chip-and-signature). Finding out how these are implemented is difficult** and confusing. It should be the front and center selling point.
Examples of the "convenient/easy" push:
https://www.google.com/wallet/ : "An easier way to pay. Google Wallet makes it easy to pay - in stores, online or to anyone in the US with a Gmail address. It works with any debit or credit card, on every mobile carrier".
http://www.apple.com/apple-pay... : "Your wallet. Without the wallet. Paying in stores or within apps has never been easier. Gone are the days of searching for your wallet. The wasted moments finding the right card."
Come the fuck on. I've never had a problem finding my credit cards, and those "wasted moments" are less time than it takes me to unlock my phone. Even if the phone was faster somehow, it's just a minute amount of time that it's not the thing I need to be faster. It takes far longer for them to run the number (do the transaction). At restaurants (my most frequent use), I get a check and have plenty of time to ready my card before the waiter comes back, and then plenty more time before it's run. Finding my card is not the problem.
** yes, you can find the info, and a lmgtfy.com link won't suprise me, but it's not obvious or clear and no one is making it readily apparent when marketing their digital wallets. They just keep saying they are so convenient and easy.
Keepass is also (correct me if I'm wrong: I'd love to hear there is another) the only password manager I know of which is fully cross platform.
I like keepass, especially since there are so many ports of it to so many platforms. However, if someone is looking for something more akin to lastpass, here's a few open source ones:
https://clipperz.is/ - clipperz seems most similar IMO. It's open source and all in the browser via javascript, thought signup and site desire are a little wonky.
http://www.fpx.de/fp/Software/... - Password Gorilla (also on github: https://github.com/zdia/gorill...). It's also open source, but it's a TCL/TK application. I'm not sure what their andriod status is (there is some info on their site regarding use of HECL to port the TCL parts to android, but I don't know the status).
https://www.passpack.com/ - Passpack works on chrome, firefox, ie, and safari. It's similar to lastpass in many ways. It's not fully open source, but they did open source a bunch of the libraries they use/made (aes/rindael, xxtea, json2, sha-256 in js, etc: https://code.google.com/p/pass... ).
https://www.passlet.com/ - passlet. The SSL cert for that site expired in 2010, so I don't think I'd use this, but it is cross platform and built according to the host-proof-hosting concepts. They open sourced their PBKDF2 methods: http://anandam.name/pbkdf2/
http://aaronboodman.com/halfno... - halfnote is just a notepad, but it's encrypted in browser, and it's open source (https://code.google.com/p/halfnote/)
All that said, I'd probably stick with keepass and/or lastpass.
These modifications that would affect message signatures happen in many places.
I was having a hell of a time picturing someone manually inserting malicious headers into emails via MITM attacks...
FYI, S/MIME signatures do NOT sign the email headers. For example, you can alter the "Subject" header of a valid signed message you got from somewhere else, then bounce it off to a different recipient (ie. send as if from that same person), and the recipient will see a valid signature on the message with an altered subject line. The signature is on the message body only (more specifically, it's on a mime part and everything below that, so you can forward a signed message, add your message in a new part above it, and sign the combined message with your cert while the forwarded message will retain the original and valid sig).
Issue Definition: Edge Transport Server mangles S/MIME encrypted payloads
That one affected their IMAP adapter. Viewing the message in MS Outlook via the Exchange protocol, the signature was valid. Viewing the same message in MS Outlook (same client) via the IMAP protocol showed an invalid signature. Their description is flawed.. it was not related to encryption, but just a message signature, which was also unrelated, as it's really just a means to detect the alteration of the message.
You won't be able to view that bug unless you have a premier account with microsoft, but if you search for it via google you'll find a little more info (mostly an email I sent to the alpine list).
This was not the only issue like this. Prior to this, similar symptoms were seen, but it was then solved by adding "SkipDigitalSignedMessageFromAttachmentFilterAgent" key to the edgetransport exchange config.
Note, these two examples don't even have anything to do with systems in transit. It's just the last hop delivery to the user, and the problem is seen via MS clients to MS servers (and also seen from other clients).
Your example of an email account that gets loads of email, especially phishing emails, and you've never seen any altered messages... how would you know? How many of those have S/MIME signatures? I've never seen a single spam/phishing email that had a valid S/MIME signature. Your example would have to be turned on its head to be valid... you'd have to be receiving a lot of legitimate and valid signed messages with no bad signature validations (or sending a LOT of signed messages, and never hearing anyone complain... but then that's quite subjective cause most people don't pay any attention to the warnings).
All it takes to ruin a cryptographic signature is adding an extra linefeed between a Text/PLAIN part and the corresponding Text/HTML part, and you'd never notice that if the message didn't have a crypto sig or you weren't checking it. IE. without a sig, you don't know that the messages you think are legit weren't tampered with (on purpose, or accidentally).
I'm no fan of the "two party system", but a large part of the blame falls on the people and the constant repetition that this is a 2 party system, which re-enforces the doubts/beliefs that keep people from going outside the party lines.
Right now, there are 2 independents in the US Senate (out of 100). It's not a lot; I'd like that number to be higher; But it is not a zero.
It was not long ago that there was a third party presidential candidate that jockeyed for the lead in the polls throughout the election (1992, Ross Perot). He led the polls in June (39%, versus 31% for bush, and 25% for clinton). He was on all 50 state ballots. He was in the debates. He ended up with 18.9% of the popular vote.
The disbelief that a 3rd party can win is what is harming the 3rd parties the most. The majority of people I talk to do not associate strongly with republican nor democrat, but consider voting independent or 3rd party as "throwing away their vote". That mind set must change. Grow some balls and check a different box. No other changes are needed, though there's lots of other changes that would be beneficial.
IMO, the arguments get quite muddy when shifting between a country wide perspective, and a presidential perspective. They are very different beasts (ex. there isn't a standard and widely broadcast debate for every office seat, but the presidential election has one - one which, IMO, needs some overhauling ever since the LWV stopped running it, and should allow any candidate to join as long as they get on the ballot in at least 50% of the states (or some other reasonable number)).
In short, we the people of the USA need to vote honestly. As it stands, we deserve the bipartisanship that we've put in place.
There is a handy link in the summary. I was curious about the same thing you are, so I clicked it, and the first sentence explains it (which should have been included in the, otherwise clickbait, summary):
Nike and Apple have agreed to settle in a class action lawsuit alleging that the two sold the Nike FuelBand fitness tracker in spite of knowing that the device’s biometrics measurements were inaccurate.
Based on the wording in the summary, I expected it to be about the "tracking" part. I was guessing that the band doesn't actually log any thing locally, so it can't be said to track anything on its own. I have no idea if that's the case or not.
Slashdot Mirror
The intent of second amendment was never to give citizens the power to overthrow the legitimate government.
I don't believe that is entirely clear.
"it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness." ... ... seems there are some strong indications that they would want the citizens to be able to do so if needed.
"... it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security."
The first thing theives do is change the plate.
If that's true then how exactly will the scanners we're talking about ever do anything useful to deter or recover after vehicle theft?
Not that I'm defending it, but it'd be a simple matter of checking all plates against the registry, which would only be feasible on the backend:
1. collect all plates seen
2. run each to see if it's listed as stolen (naive check for stolen plate found). If found, do manual review of the car, and possibly dispatch.
3. run each to see if it's registered. If not, then do manual review, etc. If yes, then attempt other checks (does the vehicle match description (color, type (truck/car/bike/etc), make/model if possible, etc), and flag for manual review if it does not appear to match with some level of certainty.
Having the stored history of plates found may also allow them to look back a little in cases where the vehicle was reported stolen some time after it was actually stolen (possible days or weeks... like if someone goes on vacation).
I do think it's a realization of the slippery slope that was assuredly feared when registration was first mandated, and could open the door to other uses/abuses. That said, I'm really torn on this one. The best reasons I can come up with for not wanting automated plate logging is if someone was trying to get away with something like dumping a body, or sneaking off to another city to do something bad (robbery, murder, etc). Even if it were more of a civil matter (cheating on ones partner), it's still not a good reason to not want tracking. The examples from the summary are, however, pretty good - one should have some level of privacy regarding their meeting places for religion, AA, strip clubs, gay bars, etc... but those things aren't illegal, and I doubt this data will be used for that purpose (unless it's leaked, which should be a major concern).
There is no reason they couldn't remain distinct and sortable by various means (by datetime, by thread, by source, etc) and any combo of those.
One huge benefit... if I happen upon some article today, I have no idea if its been on slashdot (or any other place). If I could comment right on that page through slashdot (or my system of choice), that'd bring those worlds together - maybe even getting rid of slashdot dupes! This system is almost in place already - most pages have a stupid tweet and facebook link, but the comment and moderation system in those places, IMO, sucks.
Then you may not want to read this article on Wired, "10 Guns, Bombs, and Weapons You Can Build at the Airport": http://www.wired.com/2013/12/t...
Let alone the myriad of books that have been published on exactly the topic you describe, and loads and loads of "fiction" in movies, tv, books, etc following the same. You must really hate Dexter.
Well said.
I also have a huge issue with Beerdood's statement that, "Maybe it's time to re-think your principles and realize that "information" that supports or promotes illegal activity should be taken down, regardless of how severe the crime is". Fuck that.
Laws change, and that change often comes through education of others. Promoting women's suffrage in the 1800's should not be illegal. Documenting how a Jewish person might escape Germany in 1945 should not be illegal. I'm not surprised that those in power want it to be illegal to simply document how to do something that might have an impact on their bottom line and may violate copyright laws in some (ok, most) jurisdictions, but we should not consider that acceptable. One may argue otherwise, but I feel this would fall directly under Amendment I of the US Bill of Rights (and yes, I realize this is not taking place in the US, but these are an enumeration of what many believe to be unalienable rights).
They're not forcing anyone to read those pages; They're not distributing copyrighted works, or even links to copyrighted works; The wrong parties are being sought out there - those that are violating the copyrights should be the targets. The problem with that is that Beerdood would likely be charged, just as would most of the RIAA, MPAA, the lawyers, and most of society as well.
300 x 15 min = over 75 man-hours lost per day. That's nearly two weeks, each day. The same productivity loss as firing ten people.
I mean, dude, do you even math?
They've been doing this for 4 years.
4 years is about 250 working days (52 weeks in year - 2 weeks vacation * 5 days a week).
250 x 75hr a day = 18750 hours = 468 weeks of work, all down the toilet since they're moving back.
With that amount of time invested into the move already, they should have virtually all issues worked out. If not, they're doing something wrong.
* by "virtually", I mean enough to put it on par with what it'd be like operating any other office suite, which will also run into compatibility, formatting, training, etc issues.
Blows my mind that they are fairly blatantly admitting that proprietary formats caused great difficulties in freeing up their data to use as they like, and yet their making the decision to move back to that. Lucky for them, moving from open formats back to .docx should go very smoothly.
The excuses used by the daily dot for disabling comments include (paraphrased):
* very few people were using what they had
* they were spending non-insignificant amounts of time moderating what they had
* they are interacting with their users via 3rd party commenting systems (reddit, tumblr, facebook, twitter, etc)
* someday, they may bring it back via facebook integration
So, as far as I can tell, it has almost nothing to do with getting rid of a commenting system, but that spreading themselves too thin working on comments on 3rd party sites. I don't know why the fuck they'd do that if they want their own site to succeed.
Personally, I look forward to a day where the 3rd party comments on articles (such as these here) can be interlaced with all/most other 3rd party comments. For example, comments on dailydot would include facebook comments on the article, tweets, slashdot posts, reddit comments, etc. They'd need some intelligent filters (ex. only show slashdot comments; show ones moderated to various levels; ignore anonymous; etc), but it'd allow the interaction to occur where the content lives, and their "moderators" to work in one place.
I'm a bit shocked that all the replies here latched on to the "I don't mind ads" part, and mostly ignored the rest of the comment - how to block autoplay, audio, and video.
Flash is an open invitation for dozens of sites you aren't even visiting to allow dozens of their affiliates run arbitrary code on your machine.
Whatever.... so is HTML+Javascript. However, the big difference is that you can easily block ALL flash from loading, and selectively load flash elements so that the main content is run (ex. a video or music player), and the ads don't run. AFAICT, that's not so simple under HTML5 (the browser option to disable autoplay disables the autoplay tag, but that doesn't mean the page won't be able to rewrite parts of the page, trigger actions, and make things play... and what keeps them from loading at all besides ad blockers and similar tools?)
I think we'll get there, but there's a lot to re-invent. On the side of those using flash, there may be significant rewrites needed, and there's no simple way to do it. It's a big re-tooling (for anyone actually using it; and fwiw, I do not use it). Major sites like Facebook and Youtube are still not getting it right, and that's just for the relatively simple act of streaming some video.
Right now, cars are pretty much like every other consumer device .. the companies want to make them all shiny and digital, but they don't know (or don't care) how to make them secure. ...
Pretty much any car with a system like OnStar is going to be remotely accessible even if you don't use it, and the car companies have admitted this.
IMO, the features are (almost) incompatible with the goal of security. Build in a backdoor that lets a remote party do stuff, and other remote parties will be MUCH more likely to be able to do stuff. Build in a "feature" that allows something to plug into a port and control things in real time, and someone will be able to do just that (and add a bridge to the outside world, ala the Corvette hack).
I don't count the things that require physical access to the port to be of much concern. However, bridging in via the entertainment system's remote access - that's just really really bad design from the get go. The key fob locks... I wish those never became popular - ditto to keyless start... I wish one could easily opt out of those.
Yeah, cause use of the word "literally" has never been commonly used in jokes: https://www.youtube.com/watch?...
So if you have a a Chip+PIN card, and the store has a magstripe reader, even though their bank supports EMV, any fraud goes to the merchant. If instead the bank doesn't support EMV, then the bank pays out. ...
And to be honest, we've had EMV so long in Canada, I forget about signing the slip on those exceedingly rare times they only have a magstripe reader.
Except that, in the US, they'll be doing chip+signature, not chip+pin. They plan to eventually migrate to chip+pin once EMV is widely adopted (years from now).
And for US folks with a chip+signature card, those still won't work in EU kiosks, since those strictly require chip+pin. IMO, it's a pretty stupid baby-step.
... this phone thing doesn't really anything except for maybe being easier to find in a purse than the wallet that has the credit card in it.
As I've commented before, I think the marketing for NFC (and pay systems like these) was completely botched. It's not about convenience (or shouldn't be), but should be about security: http://slashdot.org/comments.p...
I can get to my credit card in my wallet that is ALWAYS in my pocket, and always in the same pocket, and the card always in the same slot in my wallet, WAAAY faster than I can get my phone out, unlock, do pay thing, lock, put it away (and I don't always carry my phone). Even in extreme cases, like going to the beach or skydiving, I'll have my credit card with me (even in the water), but will probably leave my phone somewhere (back in the room; in the car; at home; etc).
However, the security measures in place for these payment systems are far better than magstripe. That said, I'd rather just go chip-and-pin in the card, and I'm pissed that the US is going chip-and-signature (WTF does the signature add?).
... some additional info to save others the trouble:
* BQ is selling them for €199.90 and €169.90 respectively (E5 HD, E4.5)
* Engadget apparently converted that wrong. That is currently $223.82 and $189.21 respectively.
* http://store.bq.com/gl/
* ebay seems to have these at around $300 - $400 right now
This (and more) is the kind of information I fully expect to find in the article.
I realize no one reads the articles, but I made the mistake of reading this one. The summary is just a (rather well done) paraphrasing of the entire article, which weighs in at 275 words (vs 87 for the summary), and it includes zero additional information; not even a link to a full article elsewhere!
Thank you PhotoJim for the info. Personally, I'd appreciate it if there was a clear statement by the manufacturer, or the carriers themselves, and would like to have it detail exactly what limitations there are. I think I'd be ok with 3g. Otherwise, I think I'll just hope to find them on ebay to pick one up for wifi-only use.
Your not coming remotely close to the limits of external hard drive enclosures. See http://www.promise.com/us/prod... and http://shop.promise.com/index....
GP said, "external raided enclosures get rather pricey", which you've proven. That Pegasus2 (promise) 4 bay, 4tb, raid array weighs in at $1,199.00. That thing actually has 4x 2tb drives, so I suspect it could be configured in RAID5 for ~6tb of usable space, but that's still over a grand for that.
The inexpensive way to go is to use a dumb enclosure. For example:
* $99 - 4 bay USB3.0 & eSATA by mediasonic: http://www.newegg.com/Product/...
* $269 - 8 bay USB3.0 & eSATA : http://www.newegg.com/Product/...
Or go a bit more pro level but get it used. For example, a Dell MD1000 for $199 with 15 SAS/SATA bays: http://www.ebay.com/itm/Dell-P... ... throw in a bunch of 3tb WD Red's at about $120 each, and come out far below the price of that promise stuff.
AC or not, that sure seems like it's very likely to be a photo of you. The page it's hosted on has a profile of you that is a damn good match: http://www.monorails.org/tmspa...
I'd be surprised if they posted a photo of someone else, but who knows.
kinda weird... if you do a google search by image, using that image, one of the 23 results is Dwight from the office: with his police drawing of himself: https://pbs.twimg.com/media/CE...
FWIW, it seems CentOS 6 was not updated (though there is an SRPM from RHEL for it).
CentOS 5 and 7 both have the update. Example mirror:
http://mirror.atlanticmetro.ne...
http://mirror.atlanticmetro.ne...
http://mirror.atlanticmetro.ne...
I also checked the mirror status: http://mirror-status.centos.or...
And checked one that was JUST updated: http://mirror.millry.co/CentOS...
No update!!!
RHEL page on their 6.x update: https://rhn.redhat.com/errata/...
Do you honestly think that he or his parents made a big deal about the race of the donor?
From the second link:
And, of course, the hands had to fit. Based on Zion’s needs, doctors estimated that only about 15 donors per year might meet his age, gender, skin color, and size needs.
While I don't like the tone of "honkey hands" or much of anything about that poster, apparently they did take that into account when waiting for an appropriate donor. They also evaluated him for 18 months before concluding they would go forward with this, so they apparently took whatever time was needed. I suspect (but have no idea) that there are fewer risks if the gender and race match, much as I would imagine that a matching blood type would be beneficial. On size, they allowed for +/- 20% of what they considered to be ideal.
They get no benefit from enabling or pushing a migration to Linux unless they can steal customers from nVidia/Intel that way, which seems highly unlikely.
I get the sentiment of this, but there are several scenarios where pushing people to Linux (and getting existing Linux users) would benefit them. First that comes to my mind is that users that build systems from scratch at home overlap quite a bit with Linux users, and most of those users go for best bang for the buck, which has traditionally been AMD. You can also get more enterprise-level features from AMD in consumer level cpus (ex. ECC memory support; ex. latest features (sata, usb3, etc) come to AMD motherboards first - at least traditionally). Take into account the cpu distribution in dell/hp/etc systems, which is almost all intel, and I think it makes sense to make sure their market share where they are strongest stays strong.
As you implied though, there's plenty of reason to focus on the wintel market at all costs.
Maybe it's time underscore was its own key anyway...
How about where the capslock is now
There really aren't any NFC capable stores anywhere, and the only one I know of requires you to show a physical ID, which defeats the purpose, as it's less hassle using a card.
IMO, the marketing for NFC was completely botched. There are so many people that keep hearing "convenience" being associated with it, and anyone with half a brain can tell that is bullshit. I have to get my phone out, unlock it (hopefully nfc doesn't bypass that), possibly enable nfc (it chews battery and is a possible security risk to keep on 100% of the time), swipe it, probably click something on my phone then, then lock my phone again and put it back. Versus a magswipe credit card, where I take it out (possible out of the card slot in my phone wallet, or out of my wallet, or just out of my pocket), swipe, sign, put it away. The magswipe is also lighter, replaceable, and very cheap.
IE. the NFC conversation should avoid the "convenience" topic, not make it the focus (unless they're trying to kill it).
NFC has some very very very strong benefits over magstripe. Some implementations are better than others, and there are some trade offs (ex. apple pay versus the way google wallet did it versus chip-and-pin versus chip-and-signature). Finding out how these are implemented is difficult** and confusing. It should be the front and center selling point.
Examples of the "convenient/easy" push:
https://www.google.com/wallet/ : "An easier way to pay. Google Wallet makes it easy to pay - in stores, online or to anyone in the US with a Gmail address. It works with any debit or credit card, on every mobile carrier".
http://www.apple.com/apple-pay... : "Your wallet. Without the wallet. Paying in stores or within apps has never been easier. Gone are the days of searching for your wallet. The wasted moments finding the right card."
Come the fuck on. I've never had a problem finding my credit cards, and those "wasted moments" are less time than it takes me to unlock my phone. Even if the phone was faster somehow, it's just a minute amount of time that it's not the thing I need to be faster. It takes far longer for them to run the number (do the transaction). At restaurants (my most frequent use), I get a check and have plenty of time to ready my card before the waiter comes back, and then plenty more time before it's run. Finding my card is not the problem.
** yes, you can find the info, and a lmgtfy.com link won't suprise me, but it's not obvious or clear and no one is making it readily apparent when marketing their digital wallets. They just keep saying they are so convenient and easy.
Keepass is also (correct me if I'm wrong: I'd love to hear there is another) the only password manager I know of which is fully cross platform.
I like keepass, especially since there are so many ports of it to so many platforms. However, if someone is looking for something more akin to lastpass, here's a few open source ones:
https://clipperz.is/ - clipperz seems most similar IMO. It's open source and all in the browser via javascript, thought signup and site desire are a little wonky.
http://www.fpx.de/fp/Software/... - Password Gorilla (also on github: https://github.com/zdia/gorill...). It's also open source, but it's a TCL/TK application. I'm not sure what their andriod status is (there is some info on their site regarding use of HECL to port the TCL parts to android, but I don't know the status).
https://www.passpack.com/ - Passpack works on chrome, firefox, ie, and safari. It's similar to lastpass in many ways. It's not fully open source, but they did open source a bunch of the libraries they use/made (aes/rindael, xxtea, json2, sha-256 in js, etc: https://code.google.com/p/pass... ).
https://www.passlet.com/ - passlet. The SSL cert for that site expired in 2010, so I don't think I'd use this, but it is cross platform and built according to the host-proof-hosting concepts. They open sourced their PBKDF2 methods: http://anandam.name/pbkdf2/
http://aaronboodman.com/halfno... - halfnote is just a notepad, but it's encrypted in browser, and it's open source (https://code.google.com/p/halfnote/)
All that said, I'd probably stick with keepass and/or lastpass.
These modifications that would affect message signatures happen in many places.
I was having a hell of a time picturing someone manually inserting malicious headers into emails via MITM attacks...
FYI, S/MIME signatures do NOT sign the email headers. For example, you can alter the "Subject" header of a valid signed message you got from somewhere else, then bounce it off to a different recipient (ie. send as if from that same person), and the recipient will see a valid signature on the message with an altered subject line. The signature is on the message body only (more specifically, it's on a mime part and everything below that, so you can forward a signed message, add your message in a new part above it, and sign the combined message with your cert while the forwarded message will retain the original and valid sig).
Here's an example of an MS Exchange bug: https://premier.microsoft.com/...
Issue Definition: Edge Transport Server mangles S/MIME encrypted payloads
That one affected their IMAP adapter. Viewing the message in MS Outlook via the Exchange protocol, the signature was valid. Viewing the same message in MS Outlook (same client) via the IMAP protocol showed an invalid signature. Their description is flawed.. it was not related to encryption, but just a message signature, which was also unrelated, as it's really just a means to detect the alteration of the message.
You won't be able to view that bug unless you have a premier account with microsoft, but if you search for it via google you'll find a little more info (mostly an email I sent to the alpine list).
This was not the only issue like this. Prior to this, similar symptoms were seen, but it was then solved by adding "SkipDigitalSignedMessageFromAttachmentFilterAgent" key to the edgetransport exchange config.
Note, these two examples don't even have anything to do with systems in transit. It's just the last hop delivery to the user, and the problem is seen via MS clients to MS servers (and also seen from other clients).
Your example of an email account that gets loads of email, especially phishing emails, and you've never seen any altered messages... how would you know? How many of those have S/MIME signatures? I've never seen a single spam/phishing email that had a valid S/MIME signature. Your example would have to be turned on its head to be valid... you'd have to be receiving a lot of legitimate and valid signed messages with no bad signature validations (or sending a LOT of signed messages, and never hearing anyone complain... but then that's quite subjective cause most people don't pay any attention to the warnings).
All it takes to ruin a cryptographic signature is adding an extra linefeed between a Text/PLAIN part and the corresponding Text/HTML part, and you'd never notice that if the message didn't have a crypto sig or you weren't checking it. IE. without a sig, you don't know that the messages you think are legit weren't tampered with (on purpose, or accidentally).
I'm no fan of the "two party system", but a large part of the blame falls on the people and the constant repetition that this is a 2 party system, which re-enforces the doubts/beliefs that keep people from going outside the party lines.
Right now, there are 2 independents in the US Senate (out of 100). It's not a lot; I'd like that number to be higher; But it is not a zero.
It was not long ago that there was a third party presidential candidate that jockeyed for the lead in the polls throughout the election (1992, Ross Perot). He led the polls in June (39%, versus 31% for bush, and 25% for clinton). He was on all 50 state ballots. He was in the debates. He ended up with 18.9% of the popular vote.
The disbelief that a 3rd party can win is what is harming the 3rd parties the most. The majority of people I talk to do not associate strongly with republican nor democrat, but consider voting independent or 3rd party as "throwing away their vote". That mind set must change. Grow some balls and check a different box. No other changes are needed, though there's lots of other changes that would be beneficial.
IMO, the arguments get quite muddy when shifting between a country wide perspective, and a presidential perspective. They are very different beasts (ex. there isn't a standard and widely broadcast debate for every office seat, but the presidential election has one - one which, IMO, needs some overhauling ever since the LWV stopped running it, and should allow any candidate to join as long as they get on the ballot in at least 50% of the states (or some other reasonable number)).
In short, we the people of the USA need to vote honestly. As it stands, we deserve the bipartisanship that we've put in place.
There is a handy link in the summary. I was curious about the same thing you are, so I clicked it, and the first sentence explains it (which should have been included in the, otherwise clickbait, summary):
Nike and Apple have agreed to settle in a class action lawsuit alleging that the two sold the Nike FuelBand fitness tracker in spite of knowing that the device’s biometrics measurements were inaccurate.
Based on the wording in the summary, I expected it to be about the "tracking" part. I was guessing that the band doesn't actually log any thing locally, so it can't be said to track anything on its own. I have no idea if that's the case or not.