I think you're ignoring the aspect of social standing and prestige here.
The real takeaway from their research seemed to be the bit about promoting CS as a vehicle for social change / making a difference / getting noticed.... it's competing with the school play, which enables the girls to be the focus of an entire audience with much applause. It has weeks/months of buildup with ads in the school and community. It has a number of accessible topics that people who aren't in the play can take part in, and it has a hierarchy (their girls don't like hierarchy thing is pure hogwash) where different people can get "better" and "worse" parts in the play, as well as default exclusivity (not everyone can play the leading roles).
Perhaps you meant to reply to the parent? It's ALL about the prestige.
I'll bet if you tried an experiment in schools in India and China with kids being able to go into either a coding/robotics program or a school play production, you'd have vastly different results.
Exactly, although your country choices are bad: India has Bollywood, and China has a system where only the "perfect" people get the acting/TV jobs. The positions have the same prestige as in the US. However, going to pretty much any country in Africa and setting up this experiment could have very interesting results...
The very premise, prior to the attack, is that the user has opted to run the "hacker"'s malware.
All they're saying, is that if run malware which watches the accelerometer, the malware can infer your location. And then it still has to transmit this information from your computer to another (unless the malware itself, is what make decisions based on your position).
Oh Wow! So the hacker has installed something like MotionX -- commercial software for iOS that's been around forever and does pretty much this (although I don't think it contains subway lines in its accelerometer fingerprint list).
The real takeaway from their research seemed to be the bit about promoting CS as a vehicle for social change / making a difference / getting noticed.
Out of curiosity, what is the goal of the after school program? Is it just to build neat things, or are their goals or competitions associated with it?
In your case, it's competing with the school play, which enables the girls to be the focus of an entire audience with much applause. It has weeks/months of buildup with ads in the school and community. It has a number of accessible topics that people who aren't in the play can take part in, and it has a hierarchy (their girls don't like hierarchy thing is pure hogwash) where different people can get "better" and "worse" parts in the play, as well as default exclusivity (not everyone can play the leading roles). It also enables them to communicate under the guise of a fictional character. Beyond this, it likely involves a bit of fundraising and some costume building/time sunk in by parents where they're forced to spend time with their daughters helping them prepare.
I bet if you set up the after school program to check off all those qualities, you'd get girls flocking to it and the play would become a distant second. Maybe have an end-of-year project that encorporates what they've been doing all year, and the resulting "performance" goes up on youtube? Have some "milestones" throughout the year that they can share with friends in the same way? Create some sort of plot arc that can grab their imaginations?
You may already be doing all this, but it's what has always made school plays popular with the girls.
I recall all the people who used to head to Canada for summer holidays with their fish canning set-ups. I wonder if that stuff would make it through the border these days...?
And if you're using GoogleDNS or OpenDNS, you're back on the tracking bandwagon.
And maybe this is the way it should be... have the DNS providers be the tracking clearinghouse, and serve only relevant ads in a way that doesn't get in the way of the actual site content.
The fact that Apple sticks "Safari Reader" in the Safari browser says something about how bad things have got... not only do you end up loading a bunch of stuff you don't actually want that takes time/bandwidth, the end result is often bad enough that your browser needs to reformat it for you to be able to read it comfortably.
But how about more specialized websites (such as Slashdot) or non-essential relaxation websites (YouTube for the most part)? Would people really bother to chuck in donations if there were no advertisements?
That's kind of the point -- most people with Soviet roots have a somewhat negative outlook on Russia if they aren't Russian. And many Russians have a somewhat negative outlook on the soviet bloc. Soviet culture has shaped the societies of current ex-Soviet countries significantly -- promoting the strong work ethic and "must make things better for my kids" attitude that isn't so widely spread in North America anymore.
I think people on here are having a difficult time differentiating between two actions that have taken place here: 1) security research that discovered a hole and 2) unauthorized abuse of that hole to prove a point and demonstrate the severity of the flaw.
Starbucks is hostile to the second, not the first. If he'd stopped at discovering the flaw and bringing it to their attention, I doubt they'd be hostile.
If you parked your car and someone noticed the door was unlocked and the keys were in the ignition and came and told you, that'd be under 1) -- if instead, they got in, drove your car up to the door of your building and honked the horn to get your attention, that's under 2). And that's exactly what he did.
Looks like we also need a security researcher wall of shame that lists "researchers" who go beyond the research and commit federal crimes to demonstrate what the flaw allows them to do.
Any time you're inside a network you're not supposed to have access to, you've crossed the "hacker" line from "white" to "grey". If you don't immediately back out and report, you've slid all the way to "black".
I wish, when I was in school, I understood exactly what the permanent record was.
Of course, by the time I graduated and had the right to pull my record and see what was in it, I really didn't care anymore, as it said nothing that would influence the rest of my life in any way.
Bad part is, this would be middle of the newspaper, at best. Most people in the USA just don't care how badly our government is abusing everyone.
"The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept."
For those not in the know, CBC News is roughly equivalent to CBS News in the US. So on the one side, it's not going to be in the "middle of the newspaper." On the other, publishing this on the CBC News website is equivalent to publishing this on the CBS News website -- meaning, it didn't even make it into a newspaper in the first place. CBC News does television, radio, and web.
"Astoria is a usable substitute for the vanilla Tor client only in scenarios where security is a high priority."
And this means that only people requiring high levels of security will use Astoria, which means that its use/download will be an immediate red flag.
The only way to make something like this actually useful is for the same software (possibly with multiple user configurations) to be used by everyone and their dog. As soon as you can profile based on the software, then the exact organizations that it is attempting to escape the notice of will know exactly where to look.
they couldn't possibly hope to recover the $100k+ in legal fees.
$100,000? That's just a tiny bit inflated. My legal fees for two felonies were slightly more than $5,000. It's not going to cost six digits to get judicial relief in a circumstance like this. It probably doesn't even get the lawsuit stage, a demand letter sent to the school district and reviewed by their attorney would probably suffice. "Yeah, we're going to lose this one. Wipe the student's record clean, tell him you're sorry, and move on."
There's plenty of stupidity in the American legal system to make fun of without making stuff up.
I'm assuming that for that $5,000 your felony charges were dropped? If you were convicted, than that indicates that more expensive lawyers were required.
The suspension is not a legal relief, but as a legal ward, the school can issue suspension for all sorts of legal behavior that it disagrees with, if it feels it is in the best interests of the district as a whole. So while suspension is not a legal mechanism (in the sense that it doesn't use the legal system), it is also not an illegal mechanism (in the sense that suspending the kid for behavior deemed inappropriate, like releasing photos of children online without the proper release forms), and so suspension is perfectly fine. Of course, calling it a copyright issue is way off; it's a disciplinary issue, a privacy issue, and a "think of the children" issue.
It may seem like a solved problem based on reports and videos from laboratories, but it's never been exposed to real world use and everyday wear and tear like this.
That's from January 2010, which means it was actually written mid-2009. That's six years ago, and the original article documents at least one person who was using this technology every day for over six months, outside the lab.
So it was definitely not presented as a solved problem before, but it's also not really a breakthrough; more of a slow evolution and some PR.
Also depending on when you contributed you may have been under a different license which assigned the rights to Nicola.
Bingo! I was wondering why I hadn't thought of this in years. This was, in fact, the case. Of course, it's questionable whether such assignments are actually legal, but I for one am not about to question it; I'm not even in a position where I could easily prove the code was written by me at this point.
Mostly, I just want to ensure they've covered all bases so that the code can be properly freed up and not become the target of some copyright troll. Of course, so many hands have touched the code that dropping a particular chunk of code would be somewhat trivial to the project as a whole.
Yeah; I thought the same thing, and then my inner devil's advocate came along and said "yeah, but if they're converting wind into kinetic motion via magnetism, that's not really an electric motor, is it?"
And I responded with "This kinetic energy is then converted into electricity via an alternator" -- the only "kind of" is that it is only a part of the generator being described at that point.
As for licensing, The vast majority of contributors have been contacted, and responses are trickling in. In general the responses seem split across "I don't care", "GPLv2", and the stock BSD 3-clause that we're hoping to move toward. You can keep track of the ongoing per-source-file relicensing on MAME/MESS's Github page here: https://github.com/mamedev/mam...
As someone who contibuted to the MESS code over 10 years ago, I'll say that I can't even recall exactly what code I touched, or if my changes even still exist. And other than this note, they'd have pretty much no way to contact me, as my old addresses lapsed years ago. But I have no problems with a more libre license; I just can't quite figure out how they could possibly pull off moving to one, as there must be many other minor code contributors like me out there.
If a system like this was properly designed, the data would be encrypted against a key held by the customer, and the company would never have access to decrypted data. As it is, it appears that every person using the service was in effect providing the company with all the data from the phone in question. What the company did with it after this point is irrelevant, as the information is already compromised.
Based on the activities of the original owners, I wouldn't be surprised if someone got fired from the company, but didn't get their credentials revoked in time -- or they had already been making a backup of all the data. If one of the founders now owns a competitive product, this could be purely a method of taking out the competition.
Or, it could be just a case of bad/lapsed security.
Of course, another issue is why many Christians have no issue violating kosher law and mixing fibers, but then suddenly have issues when it comes to the already-mentioned adultery or things such as gay marriage.
The New Testament covers all this too (including addressing issues at one early church that decided marriage was useless, and they got together for mass orgies). This stuff falls under TL;DR for many people (but I'm not going to give it away).
Slashdot Mirror
I think you're ignoring the aspect of social standing and prestige here.
The real takeaway from their research seemed to be the bit about promoting CS as a vehicle for social change / making a difference / getting noticed. ... it's competing with the school play, which enables the girls to be the focus of an entire audience with much applause. It has weeks/months of buildup with ads in the school and community. It has a number of accessible topics that people who aren't in the play can take part in, and it has a hierarchy (their girls don't like hierarchy thing is pure hogwash) where different people can get "better" and "worse" parts in the play, as well as default exclusivity (not everyone can play the leading roles).
Perhaps you meant to reply to the parent? It's ALL about the prestige.
I'll bet if you tried an experiment in schools in India and China with kids being able to go into either a coding/robotics program or a school play production, you'd have vastly different results.
Exactly, although your country choices are bad: India has Bollywood, and China has a system where only the "perfect" people get the acting/TV jobs. The positions have the same prestige as in the US. However, going to pretty much any country in Africa and setting up this experiment could have very interesting results...
They don't tend to block acceleration, nor do they block data exfiltration when you remove your phone from them to make/receive calls.
The very premise, prior to the attack, is that the user has opted to run the "hacker"'s malware.
All they're saying, is that if run malware which watches the accelerometer, the malware can infer your location. And then it still has to transmit this information from your computer to another (unless the malware itself, is what make decisions based on your position).
Oh Wow! So the hacker has installed something like MotionX -- commercial software for iOS that's been around forever and does pretty much this (although I don't think it contains subway lines in its accelerometer fingerprint list).
FB image link appears to be down, or just not accessible for people not on FB.
The real takeaway from their research seemed to be the bit about promoting CS as a vehicle for social change / making a difference / getting noticed.
Out of curiosity, what is the goal of the after school program? Is it just to build neat things, or are their goals or competitions associated with it?
In your case, it's competing with the school play, which enables the girls to be the focus of an entire audience with much applause. It has weeks/months of buildup with ads in the school and community. It has a number of accessible topics that people who aren't in the play can take part in, and it has a hierarchy (their girls don't like hierarchy thing is pure hogwash) where different people can get "better" and "worse" parts in the play, as well as default exclusivity (not everyone can play the leading roles). It also enables them to communicate under the guise of a fictional character. Beyond this, it likely involves a bit of fundraising and some costume building/time sunk in by parents where they're forced to spend time with their daughters helping them prepare.
I bet if you set up the after school program to check off all those qualities, you'd get girls flocking to it and the play would become a distant second. Maybe have an end-of-year project that encorporates what they've been doing all year, and the resulting "performance" goes up on youtube? Have some "milestones" throughout the year that they can share with friends in the same way? Create some sort of plot arc that can grab their imaginations?
You may already be doing all this, but it's what has always made school plays popular with the girls.
I recall all the people who used to head to Canada for summer holidays with their fish canning set-ups. I wonder if that stuff would make it through the border these days...?
Another 5 or so by not using my ISPs DNS server.
And if you're using GoogleDNS or OpenDNS, you're back on the tracking bandwagon.
And maybe this is the way it should be... have the DNS providers be the tracking clearinghouse, and serve only relevant ads in a way that doesn't get in the way of the actual site content.
The fact that Apple sticks "Safari Reader" in the Safari browser says something about how bad things have got... not only do you end up loading a bunch of stuff you don't actually want that takes time/bandwidth, the end result is often bad enough that your browser needs to reformat it for you to be able to read it comfortably.
But how about more specialized websites (such as Slashdot) or non-essential relaxation websites (YouTube for the most part)? Would people really bother to chuck in donations if there were no advertisements?
http://news.slashdot.org/story...
http://slashdot.org/faq/subscr...
The answer appears to be "yes".
If your license is revoked, don't drive with a pressure cooker.
If your license is revoked, don't store a pressure cooker in your parked car.
That's kind of the point -- most people with Soviet roots have a somewhat negative outlook on Russia if they aren't Russian. And many Russians have a somewhat negative outlook on the soviet bloc. Soviet culture has shaped the societies of current ex-Soviet countries significantly -- promoting the strong work ethic and "must make things better for my kids" attitude that isn't so widely spread in North America anymore.
He's a Romanian living in Canada... Soviet roots.
I think people on here are having a difficult time differentiating between two actions that have taken place here: 1) security research that discovered a hole and 2) unauthorized abuse of that hole to prove a point and demonstrate the severity of the flaw.
Starbucks is hostile to the second, not the first. If he'd stopped at discovering the flaw and bringing it to their attention, I doubt they'd be hostile.
If you parked your car and someone noticed the door was unlocked and the keys were in the ignition and came and told you, that'd be under 1) -- if instead, they got in, drove your car up to the door of your building and honked the horn to get your attention, that's under 2). And that's exactly what he did.
Looks like we also need a security researcher wall of shame that lists "researchers" who go beyond the research and commit federal crimes to demonstrate what the flaw allows them to do.
Any time you're inside a network you're not supposed to have access to, you've crossed the "hacker" line from "white" to "grey". If you don't immediately back out and report, you've slid all the way to "black".
I wish, when I was in school, I understood exactly what the permanent record was.
Of course, by the time I graduated and had the right to pull my record and see what was in it, I really didn't care anymore, as it said nothing that would influence the rest of my life in any way.
Bad part is, this would be middle of the newspaper, at best. Most people in the USA just don't care how badly our government is abusing everyone.
"The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept."
For those not in the know, CBC News is roughly equivalent to CBS News in the US. So on the one side, it's not going to be in the "middle of the newspaper." On the other, publishing this on the CBC News website is equivalent to publishing this on the CBS News website -- meaning, it didn't even make it into a newspaper in the first place. CBC News does television, radio, and web.
"Astoria is a usable substitute for the vanilla Tor client only in scenarios where security is a high priority."
And this means that only people requiring high levels of security will use Astoria, which means that its use/download will be an immediate red flag.
The only way to make something like this actually useful is for the same software (possibly with multiple user configurations) to be used by everyone and their dog. As soon as you can profile based on the software, then the exact organizations that it is attempting to escape the notice of will know exactly where to look.
they couldn't possibly hope to recover the $100k+ in legal fees.
$100,000? That's just a tiny bit inflated. My legal fees for two felonies were slightly more than $5,000. It's not going to cost six digits to get judicial relief in a circumstance like this. It probably doesn't even get the lawsuit stage, a demand letter sent to the school district and reviewed by their attorney would probably suffice. "Yeah, we're going to lose this one. Wipe the student's record clean, tell him you're sorry, and move on."
There's plenty of stupidity in the American legal system to make fun of without making stuff up.
I'm assuming that for that $5,000 your felony charges were dropped? If you were convicted, than that indicates that more expensive lawyers were required.
The suspension is not a legal relief, but as a legal ward, the school can issue suspension for all sorts of legal behavior that it disagrees with, if it feels it is in the best interests of the district as a whole. So while suspension is not a legal mechanism (in the sense that it doesn't use the legal system), it is also not an illegal mechanism (in the sense that suspending the kid for behavior deemed inappropriate, like releasing photos of children online without the proper release forms), and so suspension is perfectly fine. Of course, calling it a copyright issue is way off; it's a disciplinary issue, a privacy issue, and a "think of the children" issue.
It may seem like a solved problem based on reports and videos from laboratories, but it's never been exposed to real world use and everyday wear and tear like this.
http://ngm.nationalgeographic....
That's from January 2010, which means it was actually written mid-2009. That's six years ago, and the original article documents at least one person who was using this technology every day for over six months, outside the lab.
So it was definitely not presented as a solved problem before, but it's also not really a breakthrough; more of a slow evolution and some PR.
Well if it ran Emacs it would be able to do anything anyone could possibly want.
If it runs emacs, does it contain some sort of hypervisor?
What would be more interesting is getting EMACS to boot off bare metal, and be recompiled in pure asm. Let's see vi do THAT!
Also depending on when you contributed you may have been under a different license which assigned the rights to Nicola.
Bingo! I was wondering why I hadn't thought of this in years. This was, in fact, the case. Of course, it's questionable whether such assignments are actually legal, but I for one am not about to question it; I'm not even in a position where I could easily prove the code was written by me at this point.
Mostly, I just want to ensure they've covered all bases so that the code can be properly freed up and not become the target of some copyright troll. Of course, so many hands have touched the code that dropping a particular chunk of code would be somewhat trivial to the project as a whole.
Yeah; I thought the same thing, and then my inner devil's advocate came along and said "yeah, but if they're converting wind into kinetic motion via magnetism, that's not really an electric motor, is it?"
And I responded with "This kinetic energy is then converted into electricity via an alternator" -- the only "kind of" is that it is only a part of the generator being described at that point.
As for licensing, The vast majority of contributors have been contacted, and responses are trickling in. In general the responses seem split across "I don't care", "GPLv2", and the stock BSD 3-clause that we're hoping to move toward. You can keep track of the ongoing per-source-file relicensing on MAME/MESS's Github page here: https://github.com/mamedev/mam...
As someone who contibuted to the MESS code over 10 years ago, I'll say that I can't even recall exactly what code I touched, or if my changes even still exist. And other than this note, they'd have pretty much no way to contact me, as my old addresses lapsed years ago. But I have no problems with a more libre license; I just can't quite figure out how they could possibly pull off moving to one, as there must be many other minor code contributors like me out there.
If a system like this was properly designed, the data would be encrypted against a key held by the customer, and the company would never have access to decrypted data. As it is, it appears that every person using the service was in effect providing the company with all the data from the phone in question. What the company did with it after this point is irrelevant, as the information is already compromised.
Based on the activities of the original owners, I wouldn't be surprised if someone got fired from the company, but didn't get their credentials revoked in time -- or they had already been making a backup of all the data. If one of the founders now owns a competitive product, this could be purely a method of taking out the competition.
Or, it could be just a case of bad/lapsed security.
Nah; next will be Wolfram, based on crowdsourcing.
Of course, another issue is why many Christians have no issue violating kosher law and mixing fibers, but then suddenly have issues when it comes to the already-mentioned adultery or things such as gay marriage.
The New Testament covers all this too (including addressing issues at one early church that decided marriage was useless, and they got together for mass orgies). This stuff falls under TL;DR for many people (but I'm not going to give it away).