Why not just have a decent aftermarket radio installed and be done with all those problems?
Assuming the manufacturer hasn't stuffed major functionality of the car inside the radio/nav system and you're willing to risk a hit on resale value by losing some of the standard features.
seriously, folks, I gotta tell ya, it drives 300 miles, period. there is one fuelling station in the country
So you're really saying unless you want to run out of fuel it has a maximum range of 150 miles from a fixed location. Doesn't seem to threaten Tesla too much...
I haven't really been following this too closely so this may be entirely impossible, but if Philae is located, could Rosetta be positioned to reflect enough sunlight onto Philae to help power it?
Google do everything with Wallet quietly. I bet a good chunk of Android users don't even know Wallet exists because Google never market it, which is a shame because it actually works really well.
Flashing the factory image will do a wipe if you follow the instructions on Google's download page because it has you unlock the bootloader, which causes the device to erase itself. There's also a command argument in flash-all.bat that causes a wipe.
Usually someone will capture and post a link to the OTA download (who knows why Google won't just post it themselves...) and you _can_ "sideload" that fairly easily using adb without losing all your user data. This is by far the easiest method if you don't need to update right this second but you don't want to wait until Google finally gets around to allowing the update for your device.
The reason Google Wallet has been a failure to-date is that it (and all other smartphone-based payment systems except ApplePay) is simply not convenient to use compared to swiping a credit card.
Bullshit. There is virtually no difference in the operation of either system except one has a fingerprint reader.
The reason ApplePay became the #1 smartphone payment mechanism overnight is because it's utterly trivial and convenient to use.
More bullshit. The reason ApplePay became the #1 mechanism overnight is because Apple leveraged their marketing and the media around it. Google hasn't ever done the same. In fact, it would be easy to be oblivious to the fact that Google Wallet even exists - it's almost as if Google doesn't give a crap in terms of marketing it (who knows why..)
It took me exactly 3 seconds at the local Whole Foods to pull out my phone, tap it with my finger on the finger print reader, and put it back in my pocket.
HCE eliminates the need for a hardware secure element.
If you think that some software sandboxing is the equivalent of a "secure enclave" chip in terms of secure-ness, you're sadly mistaken.
I was under the impression that where phones have hardware (e.g. Nexus 5) it'll use it, and it provides emulation elsewhere so that Wallet can work across all Android devices with NFC, and the idea was to broaden support for the platform, not to say emulation is better or even preferred.
Also, I can think at least 10 times faster than I can type... so I could get more stuff done in the same amount of time.
Brain-computer demo (internal voice): "Visit Slashdot" "Fucking beta..." "No no no, go back!" "Damn, Amazon ads are creepy, I was just searching for a new stereo system!" "no no no, I don't want to search for a stereo system, go back!" "reads post explaining vulnerability that tricks brain-computer interface into issuing commands using your internal reading voice select all files permanently delete confirm" "wait! fuck! nooooooooooooooooooooooo!!!!!!!!!!!"
I haven't really heard of you before but I thought those movies were okay. As someone currently thinking, "what kind of stupid question is this?", what kind of biscuit do you prefer with your tea?
Seems like something along the lines of Google Wallet or Apple Pay would be more secure, since they can require to be unlocked before processing NFC transactions. Something as simple as a pressure pad on a card (i.e. requiring it to be pressed while completing a transaction) could solve the vulnerability.
As soon as any government appoints a Czar, you know that they know bad things are going to happen.
Usually: * The person has little actual power * They are allocated minimal resources * Decisions come from the people above * Blame falls upon the Czar's shoulders * Appointing a Czar makes it look like you're doing something, even though you don't actually have to know what you're doing * Almost inevitably the Czar resigns or is fired later for being ineffective - because they were never actually there to do anything or even empowered to do anything
When you see a Czar being appointed you should immediately think, "they know the outcome here has a high probability of being very damaging politically, likely because they either don't have the answers and they know it, or the answers they have point to a very unpopular outcome".
Can you elaborate on what the problems are? You described having a PC in each room... so I don't see what's difficult about uninviting one and inviting another when moving.
Sure. Imagine it's a recurring meeting that someone else owns, or a short-term meeting where you're not the owner and the owner is late or doesn't have their laptop with them, etc. How are you going to change the invitation list? You can't, and neither can anyone else on remote teams, so you're screwed until someone goes and creates a new meeting and re-invites everyone, then hope the Chromebox picks that up fast enough, or at all, because technically the meeting has already started. Oh, and then also hope that nobody else has already booked the room you want to use, but simply hasn't showed up.
These are just some of the real problems I've found.
If having a Czar will concentrate more power in their hands then a Czar is what they'll create.
Czar's are usually there to be completely ineffective and take the fall when side A politically leverages hindsight and/or the situation that they themselves have helped create against side B.
The proper solution for that problem is for the conference room PC to have its own account, which is invited to the hangout, rather than logging in with some individual's account. From a security perspective, having a device that lots of people log into is a bad idea; it's an ideal target for compromise, regardless of whether or not you use 2FA.
I'm aware of "the proper solution" from an administrative perspective, and maybe what you suggest does work at Google. However, there is a vast difference between a company the size of Google and, say, a startup where people just "take" rooms as needed, or you have to find a free room for something at short notice, and moving the conference from one room to another in a hurry becomes a pain. As I say, I've "experienced" the Chromebox for Meetings in the startup setting, and I'm sure it would be great _if_ you're a larger company, but it was "unpleasant" shall we say for me - in fact, you could tell it was not designed to handle exceptions very easily.
Google should recognize that there are many smaller companies than large ones and provide a convenient solution.
I don't see how fumbling around with USB sticks is much better.
I use a YubKey NEO-n. It's a tiny device, only extends from the USB port by a millimeter or so... just enough that you can touch it to activate it. I just leave it plugged into my laptop all the time, so there's no "fumbling with USB sticks", I just run my finger along the side of the laptop until it hits the key. It's extremely convenient.
That's okay for you on your laptop. When you go to a conference room with a e.g. a PC set up for conference calls, and someone needs to log in to pull up the hangout, it's a different story (don't even get me started on Chromebox for Meetings...).
Here, having a little dongle sitting in the middle of the desk connected to the main system via USB would provide an easy option to provide at least the 2nd factor auth, without anyone typing in codes or plugging in additional devices. Lots of people walk into a conference room with their phone in hand as it is.
Let me know when they start selling cheap NFC dongles so we can just tap our phone on them to login. I'm sure our company would buy a bunch. 2-factor makes logging in to conference systems a pain in the ass - everyone is always looking to the guy who doesn't use 2-factor to login already. I don't see how fumbling around with USB sticks is much better.
It would be nice if router logs showed suspicious ARP packets and/or declined to forward them except for specially privileged connections (e.g. via a flag in the access list). The router knows the addresses of users connected over WiFi, and it's extremely unlikely those WiFi users will be routes for other devices. This seems like a good measure in general to make MITM harder.
Stuff like this is exactly why strong cryptographic solutions should be woven into the fabric of the internet ASAP (e.g. content signing in this case). Agencies globally have become extremely abusive - spying, manipulating, defrauding,denying - and work against the basic infrastructure elements that would prevent this at every turn. They really bring it on themselves with crap like this.
“It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy,”
Maybe it is, when law enforcement isn't brazenly violating every single principle of personal privacy for all persons without redress. You got us here, Bush and Obama administrations. You. Not us. You.
I'm in no way a dashboard hater, but reports are great because: * I can see them everywhere I can access my email. This is not always the case when a dashboard runs off an internal server. * Getting an email in the morning is a reminder to check the data. If I have to remember to go to a dashboard I'll forget if I'm busy and could miss something important. * Reports in my email are easily searchable without fiddling with date ranges in a console - assuming adequate history even exists since the latest time someone thought it would be a great idea to rebuild the dashboard.
Dashboards are great for sharing a realtime view but they aren't a replacement for reports. If you think they are, you probably seriously misunderstand your users.
Polygon-based engines support (and modern games heavily depend upon) things like: * Dynamic lightling and shadows * Deformable environments * Transparency * Reflections * Fast collision detection * AI route planning
Now go back and look at that demo video and tell us where you see those things.
Also, polygon based engines are still pretty efficient because of: * Texture re-use * Bump mapping to improve realism * Shaders to implement things like motion blur, ambient lighting, etc. * LOD maps * Spatial partitioning
Laser mapping is cool because it snapshots a static environment at a moment in time. It would take a lot of effort to produce a polygon model ground-up with the characteristics you'd want for high performance in a modern game. But there appear to be numerous benefits over what has been demonstrated here so far. Perhaps a better approach (for games, at least) would be to work on a project that helps generate or enhance a polygon-based model from the mapping.
I've seen demos of what I believe to be this technology before, but what it seems to lack is any kind of interactivity with the environment/objects in the environment. From what I can tell in this latest video they've added an FPS handgun overlay and some poorly animated ferns.
The point is: Cool, you can render a nice point cloud. Can you actually do interesting things with it / what we want in most games or virtual environments, or can you simply render a nice point cloud?
The only way to back up and restore is by uploading your data to Google's cloud servers, where your data is much more likely to be purloined than if you had just left your device unencrypted in the first place.
As an Android fan, let me just say that these problems do not just stop with encryption. Unless you root your phone, you can't back it up properly because Google doesn't let you have access to your own files on your own f'ing device. Apparently nobody sees a problem in the fact that users are forced to make the decisions to either run stock or be able to access all their files. I'm sure it's to reduce piracy or something, but it's a nightmare. Unless your apps keep their data in an accessible folder or you let them keep all your settings in the cloud (if they even support that), just upgrading your handset to this years Nexus is going to mean data loss.
I get that it makes the security stronger, but Android badly needs some kind of super-user mode that makes the entire filesystem accessible to selected apps.
Slashdot Mirror
Why not just have a decent aftermarket radio installed and be done with all those problems?
Assuming the manufacturer hasn't stuffed major functionality of the car inside the radio/nav system and you're willing to risk a hit on resale value by losing some of the standard features.
seriously, folks, I gotta tell ya, it drives 300 miles, period. there is one fuelling station in the country
So you're really saying unless you want to run out of fuel it has a maximum range of 150 miles from a fixed location. Doesn't seem to threaten Tesla too much...
To put this in perspective, California is aiming for 100 fueling stations by 2024 and as of May this year only 9 actually existed.
"California, Oregon, New York and five other states pledged to put more than three million zero-emission vehicles on their roads by 2025"
http://www.usatoday.com/story/...
http://www.pbs.org/newshour/bb...
I haven't really been following this too closely so this may be entirely impossible, but if Philae is located, could Rosetta be positioned to reflect enough sunlight onto Philae to help power it?
Google do everything with Wallet quietly. I bet a good chunk of Android users don't even know Wallet exists because Google never market it, which is a shame because it actually works really well.
Flashing the factory image will do a wipe if you follow the instructions on Google's download page because it has you unlock the bootloader, which causes the device to erase itself. There's also a command argument in flash-all.bat that causes a wipe.
Usually someone will capture and post a link to the OTA download (who knows why Google won't just post it themselves...) and you _can_ "sideload" that fairly easily using adb without losing all your user data. This is by far the easiest method if you don't need to update right this second but you don't want to wait until Google finally gets around to allowing the update for your device.
The reason Google Wallet has been a failure to-date is that it (and all other smartphone-based payment systems except ApplePay) is simply not convenient to use compared to swiping a credit card.
Bullshit. There is virtually no difference in the operation of either system except one has a fingerprint reader.
The reason ApplePay became the #1 smartphone payment mechanism overnight is because it's utterly trivial and convenient to use.
More bullshit. The reason ApplePay became the #1 mechanism overnight is because Apple leveraged their marketing and the media around it. Google hasn't ever done the same. In fact, it would be easy to be oblivious to the fact that Google Wallet even exists - it's almost as if Google doesn't give a crap in terms of marketing it (who knows why..)
It took me exactly 3 seconds at the local Whole Foods to pull out my phone, tap it with my finger on the finger print reader, and put it back in my pocket.
It takes me no more time to use Google Wallet.
HCE eliminates the need for a hardware secure element.
If you think that some software sandboxing is the equivalent of a "secure enclave" chip in terms of secure-ness, you're sadly mistaken.
I was under the impression that where phones have hardware (e.g. Nexus 5) it'll use it, and it provides emulation elsewhere so that Wallet can work across all Android devices with NFC, and the idea was to broaden support for the platform, not to say emulation is better or even preferred.
Also, I can think at least 10 times faster than I can type... so I could get more stuff done in the same amount of time.
Brain-computer demo (internal voice):
"Visit Slashdot"
"Fucking beta..."
"No no no, go back!"
"Damn, Amazon ads are creepy, I was just searching for a new stereo system!"
"no no no, I don't want to search for a stereo system, go back!"
"reads post explaining vulnerability that tricks brain-computer interface into issuing commands using your internal reading voice select all files permanently delete confirm"
"wait! fuck! nooooooooooooooooooooooo!!!!!!!!!!!"
Hi Warren,
I haven't really heard of you before but I thought those movies were okay. As someone currently thinking, "what kind of stupid question is this?", what kind of biscuit do you prefer with your tea?
Seems like something along the lines of Google Wallet or Apple Pay would be more secure, since they can require to be unlocked before processing NFC transactions. Something as simple as a pressure pad on a card (i.e. requiring it to be pressed while completing a transaction) could solve the vulnerability.
As soon as any government appoints a Czar, you know that they know bad things are going to happen.
Usually:
* The person has little actual power
* They are allocated minimal resources
* Decisions come from the people above
* Blame falls upon the Czar's shoulders
* Appointing a Czar makes it look like you're doing something, even though you don't actually have to know what you're doing
* Almost inevitably the Czar resigns or is fired later for being ineffective - because they were never actually there to do anything or even empowered to do anything
When you see a Czar being appointed you should immediately think, "they know the outcome here has a high probability of being very damaging politically, likely because they either don't have the answers and they know it, or the answers they have point to a very unpopular outcome".
That's not being cynical, it's just reality.
Can you elaborate on what the problems are? You described having a PC in each room... so I don't see what's difficult about uninviting one and inviting another when moving.
Sure. Imagine it's a recurring meeting that someone else owns, or a short-term meeting where you're not the owner and the owner is late or doesn't have their laptop with them, etc. How are you going to change the invitation list? You can't, and neither can anyone else on remote teams, so you're screwed until someone goes and creates a new meeting and re-invites everyone, then hope the Chromebox picks that up fast enough, or at all, because technically the meeting has already started. Oh, and then also hope that nobody else has already booked the room you want to use, but simply hasn't showed up.
These are just some of the real problems I've found.
If having a Czar will concentrate more power in their hands then a Czar is what they'll create.
Czar's are usually there to be completely ineffective and take the fall when side A politically leverages hindsight and/or the situation that they themselves have helped create against side B.
Don't be a Czar, it won't end well for you.
The proper solution for that problem is for the conference room PC to have its own account, which is invited to the hangout, rather than logging in with some individual's account. From a security perspective, having a device that lots of people log into is a bad idea; it's an ideal target for compromise, regardless of whether or not you use 2FA.
I'm aware of "the proper solution" from an administrative perspective, and maybe what you suggest does work at Google. However, there is a vast difference between a company the size of Google and, say, a startup where people just "take" rooms as needed, or you have to find a free room for something at short notice, and moving the conference from one room to another in a hurry becomes a pain. As I say, I've "experienced" the Chromebox for Meetings in the startup setting, and I'm sure it would be great _if_ you're a larger company, but it was "unpleasant" shall we say for me - in fact, you could tell it was not designed to handle exceptions very easily.
Google should recognize that there are many smaller companies than large ones and provide a convenient solution.
I don't see how fumbling around with USB sticks is much better.
I use a YubKey NEO-n. It's a tiny device, only extends from the USB port by a millimeter or so... just enough that you can touch it to activate it. I just leave it plugged into my laptop all the time, so there's no "fumbling with USB sticks", I just run my finger along the side of the laptop until it hits the key. It's extremely convenient.
That's okay for you on your laptop. When you go to a conference room with a e.g. a PC set up for conference calls, and someone needs to log in to pull up the hangout, it's a different story (don't even get me started on Chromebox for Meetings...).
Here, having a little dongle sitting in the middle of the desk connected to the main system via USB would provide an easy option to provide at least the 2nd factor auth, without anyone typing in codes or plugging in additional devices. Lots of people walk into a conference room with their phone in hand as it is.
Let me know when they start selling cheap NFC dongles so we can just tap our phone on them to login. I'm sure our company would buy a bunch. 2-factor makes logging in to conference systems a pain in the ass - everyone is always looking to the guy who doesn't use 2-factor to login already. I don't see how fumbling around with USB sticks is much better.
It would be nice if router logs showed suspicious ARP packets and/or declined to forward them except for specially privileged connections (e.g. via a flag in the access list). The router knows the addresses of users connected over WiFi, and it's extremely unlikely those WiFi users will be routes for other devices. This seems like a good measure in general to make MITM harder.
Stuff like this is exactly why strong cryptographic solutions should be woven into the fabric of the internet ASAP (e.g. content signing in this case). Agencies globally have become extremely abusive - spying, manipulating, defrauding,denying - and work against the basic infrastructure elements that would prevent this at every turn. They really bring it on themselves with crap like this.
“It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy,”
Maybe it is, when law enforcement isn't brazenly violating every single principle of personal privacy for all persons without redress. You got us here, Bush and Obama administrations. You. Not us. You.
I'm in no way a dashboard hater, but reports are great because:
* I can see them everywhere I can access my email. This is not always the case when a dashboard runs off an internal server.
* Getting an email in the morning is a reminder to check the data. If I have to remember to go to a dashboard I'll forget if I'm busy and could miss something important.
* Reports in my email are easily searchable without fiddling with date ranges in a console - assuming adequate history even exists since the latest time someone thought it would be a great idea to rebuild the dashboard.
Dashboards are great for sharing a realtime view but they aren't a replacement for reports. If you think they are, you probably seriously misunderstand your users.
It's more complicated than that.
Polygon-based engines support (and modern games heavily depend upon) things like:
* Dynamic lightling and shadows
* Deformable environments
* Transparency
* Reflections
* Fast collision detection
* AI route planning
Now go back and look at that demo video and tell us where you see those things.
Also, polygon based engines are still pretty efficient because of:
* Texture re-use
* Bump mapping to improve realism
* Shaders to implement things like motion blur, ambient lighting, etc.
* LOD maps
* Spatial partitioning
Laser mapping is cool because it snapshots a static environment at a moment in time. It would take a lot of effort to produce a polygon model ground-up with the characteristics you'd want for high performance in a modern game. But there appear to be numerous benefits over what has been demonstrated here so far. Perhaps a better approach (for games, at least) would be to work on a project that helps generate or enhance a polygon-based model from the mapping.
I've seen demos of what I believe to be this technology before, but what it seems to lack is any kind of interactivity with the environment/objects in the environment. From what I can tell in this latest video they've added an FPS handgun overlay and some poorly animated ferns.
The point is: Cool, you can render a nice point cloud. Can you actually do interesting things with it / what we want in most games or virtual environments, or can you simply render a nice point cloud?
The only way to back up and restore is by uploading your data to Google's cloud servers, where your data is much more likely to be purloined than if you had just left your device unencrypted in the first place.
As an Android fan, let me just say that these problems do not just stop with encryption. Unless you root your phone, you can't back it up properly because Google doesn't let you have access to your own files on your own f'ing device. Apparently nobody sees a problem in the fact that users are forced to make the decisions to either run stock or be able to access all their files. I'm sure it's to reduce piracy or something, but it's a nightmare. Unless your apps keep their data in an accessible folder or you let them keep all your settings in the cloud (if they even support that), just upgrading your handset to this years Nexus is going to mean data loss.
I get that it makes the security stronger, but Android badly needs some kind of super-user mode that makes the entire filesystem accessible to selected apps.
*unreasonable. Fatfinger moment..