Although I know this won't satisfy you, some context for others: Google dropped the price of their USB-C to 3.5mm dongle to $10, and Pixel 2 has stellar battery life, so charging while listening won't often be a concern. It also has very fast charging so downtime would be minimal in any case, and if that still doesn't satisfy you, there's BlueTooth.
Having said that, I also would like to see the 3.5mm jack back, and I'm annoyed they removed it, but I do have to say the Pixel 2 (non-XL) is a phenomenal phone, if a little over-priced.
Google really have done a great job with HDR and image enhancement on the Pixel 2. On the 5X, taking multiple HDR shots would make images queue up to be processed, slowing the whole phone down, making it hot, and after several shots prevented the camera from taking more photos until the queue emptied out a bit again. In some situations using HDR was definitely a risk to managing to capture the shot at all.
On Pixel 2 HDR shots are the default and the phone takes photos faster than non-HDR shots on the 5X.
It should be up to the customers to decide what devices they want and with what features or anti-features.
Disagree. We have become a horrifically wasteful society. We build and sell devices now that we know will become slow and painful to use in just a few years purely because we designed them in a way that they're not easy to service. Our electronic waste ends up all around the globe and especially in poor countries who don't even have means to process it. It is a disaster, and manufacturers are clearly going in the wrong direction, with phones and laptops that are approaching repairability scores of zero, from professionals who specialize in taking things apart.
There are very few devices I can think of that actually need to be designed this way -- glued shut and unservicable. A change in direction is needed on a large scale, and that's when you need laws, because consumers choose what's best for them in the moment, not what's reasonable for society in the medium-long term.
You can't ship ME in 2017 because there is no demand for it. It's been long superseded.
Kaspersky's problem isn't security, it's the accusation it is being intentionally used by foreign intelligence.
I agree it is about trade-offs, and that security is important. But it's always about evaluating what are the priorities for your business right now, projecting forward, and re-evaluating periodically. There's no blanket answer that applies to every case.
The right answer is both security and time to market matter, ignore either and your pretty much guaranteed to fail.
That's not true. We could easily list many companies large and small who are incredibly successful who have had advisories issued for their products, or data breaches, or where we reasonably suspect their products wouldn't be too hard to break if we put the effort in.
However, failure to get to market first can kill you dead. Can't invest in product security for a product that is cancelled. Security issues will cause you some pain and maybe a fine. And if you do get fined, it's likely going to be related to how negligent you were, how many people were affected, what were the damages. Unless you already have hundreds of thousands of users suffering real harm and you were totally negligent, it probably won't destroy you.
The correct answer is that time to market is likely to be essential for most but not all companies, and the level of investment in security should be a combination of law, ethics and risk management. Even large companies could spend 100% of their resources on security and still not produce an "unbreakable" product/service. You evaluate your user base, their expectations, the types of data you handle, the privileges given your product, the context in which it's used, the applicable laws, etc. Obviously these things vary between e.g. a streaming radio service and a banking service. Anyone who tries to say security is a mandatory one size fits all is delusional.
Kudos to Microsoft and Terry Myerson - great article with excellent details...
It's a well laid out article, but it's a shame they've shied away from posting any actual numbers, leaving us to guess what kind of impact they're talking about, and for everyone to have to run their own benchmarks. They could have said something like "typically xx-xx%, with workloads having heavy I/O most affected".
So you're not worried about the dozens of exploits fixed in browsers every month, in image decoding libraries, media libraries, etc.? Even sometimes in the SSL/TLS libraries.
Yep. Was not aware of Keeper before today, but now I'm making a mental note to never use their products. And not because they might have had a vulnerability, but because of the law suit. Vendors who welcome security discourse and can be seen taking prompt steps to address issues are going to win my loyalty.
What would be even better is if it didn't silently degrade it's performance without telling you it was doing it, why it was doing it, or how to fix it, and if Apple were open about it in the first place.
Under the hood, Plexamp uses the open source audio player Music Player Daemon (MPD)
So.. not related to Winamp whatsoever then. Maybe this is a decent player, maybe it's not, but if you aren't even using the same engine why reference the brand?
Denying global warming is denying scientific consensus.
If you want to be taken seriously please develop a scientific model that disproves global warming, have it peer reviewed, and then you ought to be able to submit it, discuss, and cite it here.
However, this topic has nothing to do with global warming, so an off-topic mod is appropriate.
So now most Android devices are, and will continue to be, vulnerable to both BlueBourne and WPA2 KRACK, meaning that essentially they are wide open to anyone pilfering whatever they want off the device itself and as they communicate over the air. With most manufacturers abandoning updates in 3 years or sooner, and for the small pool of supported devices having very infrequent updates available, many times 3-6 months behind the curve, why do we allow this kind of chronic insecurity?
It's insane that we allow businesses to behave like this: Give everyone computing devices they use to run their lives - healthcare, credit, banking, social, BYOD work, etc. and leave them open like Swiss cheese.
The fact that you are happy with your Sonos does not make this news FUD nor does it take away from forcing updated privacy terms of people after the sale in order that their devices keep working reliably.
One of the main reasons I don't use Firefox for Android is that you can't fling pages as fast/far as you can on Chrome. It sounds like a petty reason but when I want to move quickly around a page it's frustrating to have to exert extra effort or perceive lag.
I'd try Focus myself but it's not listed for me in the Play store search. Perhaps it's only available to certain devices initially?
I don't even want to use USB. I want to be able to NFC with my phone, or my watch. If I have to use USB it should be to plug an NFC device into in order to enable this.
Plugging things in is annoying, just let me do a quick touch action for couple of seconds while it does whatever crypto it needs. Make it wireless powered too so I don't have to charge it.
I have found Netgear to be no worse than any other consumer router manufacturer, and better than several. Many manufacturers have had similar vulnerabilities in recent years, at least they have (finally) responded, albeit under the perception that it is perhaps due to the bad press.
That said, I'm posting here to call them out for STILL not having any means to generate fresh VPN keys on their routers. If your VPN profile security was every in question there is nothing you could do about it short of buying a new router. And frankly, since you have no idea about the state of the keys that came from the factory, it should be.
Netgear, pleas add a button to the web console to generate new VPN keys with a decent key size, and make sure the old ones are wiped/revoked.
Uber's position is that they are testing their driving software, but that there is a human driver with their hands on the wheel ready to take over immediately if they feel uncomfortable. Because of this, the Uber vehicles aren't really autonomous, but more like the adaptive driving of a Tesla, which does not require a special autonomous car permit from the state.
Tesla is the opposite: They ask that the driver be in control at all times and keep hands on the wheel.
Technically the self driving systems are only augmenting the driver and not replacing them at this point.
Sounds more like the driver is augmenting the self driving system to me.
Most home routers have similar exploits (executing commands via a web interface while not authenticated), either currently or recently. While I can't defend Netgear in this instance, we also shouldn't falsely make people believe they are the worst of the bunch (IMO DLink is in the running for that honor).
For anyone affected, Netgear has a beta FW update on their support site today. You need to manually upload it to your router via the web console.
Slashdot Mirror
Google should fix the blurry panoramas:
https://productforums.google.c...
Although I know this won't satisfy you, some context for others: Google dropped the price of their USB-C to 3.5mm dongle to $10, and Pixel 2 has stellar battery life, so charging while listening won't often be a concern. It also has very fast charging so downtime would be minimal in any case, and if that still doesn't satisfy you, there's BlueTooth.
Having said that, I also would like to see the 3.5mm jack back, and I'm annoyed they removed it, but I do have to say the Pixel 2 (non-XL) is a phenomenal phone, if a little over-priced.
Google really have done a great job with HDR and image enhancement on the Pixel 2. On the 5X, taking multiple HDR shots would make images queue up to be processed, slowing the whole phone down, making it hot, and after several shots prevented the camera from taking more photos until the queue emptied out a bit again. In some situations using HDR was definitely a risk to managing to capture the shot at all.
On Pixel 2 HDR shots are the default and the phone takes photos faster than non-HDR shots on the 5X.
It should be up to the customers to decide what devices they want and with what features or anti-features.
Disagree. We have become a horrifically wasteful society. We build and sell devices now that we know will become slow and painful to use in just a few years purely because we designed them in a way that they're not easy to service. Our electronic waste ends up all around the globe and especially in poor countries who don't even have means to process it. It is a disaster, and manufacturers are clearly going in the wrong direction, with phones and laptops that are approaching repairability scores of zero, from professionals who specialize in taking things apart.
There are very few devices I can think of that actually need to be designed this way -- glued shut and unservicable. A change in direction is needed on a large scale, and that's when you need laws, because consumers choose what's best for them in the moment, not what's reasonable for society in the medium-long term.
And at $349, Apple's speaker is playing in a very different market than Amazon's and Google's primarily cheap and tiny speakers.
The Google Home Max is a direct competitor and so far very well reviewed.
You can't ship ME in 2017 because there is no demand for it. It's been long superseded.
Kaspersky's problem isn't security, it's the accusation it is being intentionally used by foreign intelligence.
I agree it is about trade-offs, and that security is important. But it's always about evaluating what are the priorities for your business right now, projecting forward, and re-evaluating periodically. There's no blanket answer that applies to every case.
The right answer is both security and time to market matter, ignore either and your pretty much guaranteed to fail.
That's not true. We could easily list many companies large and small who are incredibly successful who have had advisories issued for their products, or data breaches, or where we reasonably suspect their products wouldn't be too hard to break if we put the effort in.
However, failure to get to market first can kill you dead. Can't invest in product security for a product that is cancelled. Security issues will cause you some pain and maybe a fine. And if you do get fined, it's likely going to be related to how negligent you were, how many people were affected, what were the damages. Unless you already have hundreds of thousands of users suffering real harm and you were totally negligent, it probably won't destroy you.
The correct answer is that time to market is likely to be essential for most but not all companies, and the level of investment in security should be a combination of law, ethics and risk management. Even large companies could spend 100% of their resources on security and still not produce an "unbreakable" product/service. You evaluate your user base, their expectations, the types of data you handle, the privileges given your product, the context in which it's used, the applicable laws, etc. Obviously these things vary between e.g. a streaming radio service and a banking service. Anyone who tries to say security is a mandatory one size fits all is delusional.
... and let me guess, 90%+ of Anrdoid devices today will never receive updates that close all the exploits this thing takes advantage of.
Android: For when you want to receive only semi-regular security updates for only a handful of models from a few manufacturers for a few years tops.
Kudos to Microsoft and Terry Myerson - great article with excellent details...
It's a well laid out article, but it's a shame they've shied away from posting any actual numbers, leaving us to guess what kind of impact they're talking about, and for everyone to have to run their own benchmarks. They could have said something like "typically xx-xx%, with workloads having heavy I/O most affected".
1. Since when was Slashdot ever timely?
2. I've skimmed a bunch of Spectre and Meltdown articles, haven't seen the registry key mentioned before now.
So you're not worried about the dozens of exploits fixed in browsers every month, in image decoding libraries, media libraries, etc.? Even sometimes in the SSL/TLS libraries.
What are you browsing the web with, PuTTY?
Must be quite the experience.
Yep. Was not aware of Keeper before today, but now I'm making a mental note to never use their products. And not because they might have had a vulnerability, but because of the law suit. Vendors who welcome security discourse and can be seen taking prompt steps to address issues are going to win my loyalty.
What would be even better is if it didn't silently degrade it's performance without telling you it was doing it, why it was doing it, or how to fix it, and if Apple were open about it in the first place.
lexamp, Plex's Spin on the Classic Winamp Player
Cool!
Under the hood, Plexamp uses the open source audio player Music Player Daemon (MPD)
So.. not related to Winamp whatsoever then. Maybe this is a decent player, maybe it's not, but if you aren't even using the same engine why reference the brand?
Sure is! Can't wait until every cop who pulls you over clones your entire phone with the backdoor!
Denying global warming is denying scientific consensus.
If you want to be taken seriously please develop a scientific model that disproves global warming, have it peer reviewed, and then you ought to be able to submit it, discuss, and cite it here.
However, this topic has nothing to do with global warming, so an off-topic mod is appropriate.
So now most Android devices are, and will continue to be, vulnerable to both BlueBourne and WPA2 KRACK, meaning that essentially they are wide open to anyone pilfering whatever they want off the device itself and as they communicate over the air. With most manufacturers abandoning updates in 3 years or sooner, and for the small pool of supported devices having very infrequent updates available, many times 3-6 months behind the curve, why do we allow this kind of chronic insecurity?
It's insane that we allow businesses to behave like this: Give everyone computing devices they use to run their lives - healthcare, credit, banking, social, BYOD work, etc. and leave them open like Swiss cheese.
The fact that you are happy with your Sonos does not make this news FUD nor does it take away from forcing updated privacy terms of people after the sale in order that their devices keep working reliably.
Can't create a new tab. Can't open links in a new tab. Chances of me using this thing: zero.
One of the main reasons I don't use Firefox for Android is that you can't fling pages as fast/far as you can on Chrome. It sounds like a petty reason but when I want to move quickly around a page it's frustrating to have to exert extra effort or perceive lag.
I'd try Focus myself but it's not listed for me in the Play store search. Perhaps it's only available to certain devices initially?
I don't even want to use USB. I want to be able to NFC with my phone, or my watch. If I have to use USB it should be to plug an NFC device into in order to enable this.
Plugging things in is annoying, just let me do a quick touch action for couple of seconds while it does whatever crypto it needs. Make it wireless powered too so I don't have to charge it.
I have found Netgear to be no worse than any other consumer router manufacturer, and better than several. Many manufacturers have had similar vulnerabilities in recent years, at least they have (finally) responded, albeit under the perception that it is perhaps due to the bad press.
That said, I'm posting here to call them out for STILL not having any means to generate fresh VPN keys on their routers. If your VPN profile security was every in question there is nothing you could do about it short of buying a new router. And frankly, since you have no idea about the state of the keys that came from the factory, it should be.
Netgear, pleas add a button to the web console to generate new VPN keys with a decent key size, and make sure the old ones are wiped/revoked.
Uber's position is that they are testing their driving software, but that there is a human driver with their hands on the wheel ready to take over immediately if they feel uncomfortable. Because of this, the Uber vehicles aren't really autonomous, but more like the adaptive driving of a Tesla, which does not require a special autonomous car permit from the state.
Tesla is the opposite: They ask that the driver be in control at all times and keep hands on the wheel.
Technically the self driving systems are only augmenting the driver and not replacing them at this point.
Sounds more like the driver is augmenting the self driving system to me.
"Your watch will stop working soon, better buy a FitBit!"
Most home routers have similar exploits (executing commands via a web interface while not authenticated), either currently or recently. While I can't defend Netgear in this instance, we also shouldn't falsely make people believe they are the worst of the bunch (IMO DLink is in the running for that honor).
For anyone affected, Netgear has a beta FW update on their support site today. You need to manually upload it to your router via the web console.